By Mark Ward
BBC News online technology correspondent
Vulnerabilities in networks are leaving firms open to attack
Relentless attacks by viruses, web worms and malicious hackers are forcing companies to react faster than ever to computer security problems.
The rapidly narrowing time between the discovery of a vulnerability and its exploitation by computer vandals leaves companies little time to react.
Some are turning to tools that work like anti-virus scanners and regularly comb networks for vulnerabilities.
If left open these holes could be used as a conduit by malicious hackers or rogue programs seeking to steal data, delete it or wreak other damage.
Last year more than 4,000 security vulnerabilities were discovered in the popular software packages used by millions of companies to conduct some of their business via the web.
Many malicious hackers use automatic tools to patrol the net and find companies doing a bad job of patching their systems against attack.
Many firms find it impossible to keep up with the huge number of security updates and have struggled to keep their networks and software free from loopholes.
"Haphazard patch management will definitely cost you money," said Brad Johnson of security firm TruSecure.
The struggle to keep up has meant that many firms have fallen victim to vulnerabilities that have long been known about.
In January 2003 the Slammer worm wrought havoc on the net, despite it exploiting a loophole first noticed in May 2002.
Even Microsoft had failed to apply the software patch that would have protected it against Slammer.
In a bid to keep up with the vulnerabilities some firms are turning to scanning tools that regularly travel the network of their company, interrogating all the machines on it to find out which ones are home to which vulnerabilities.
"Our biggest problem is knowing what we do not know," said Paul Simmonds, Director of Global Information Security for chemicals giant ICI.
Mr Simmonds said he was responsible for security across ICI's 330 sites across the world and safeguarding the computers of more than 36,000 users.
One of the biggest problems he faced, said Mr Simmonds, was simply knowing which versions of what software was in use across ICI's global network.
He said that ICI had now started using a scanning tool made by US firm Qualys that scans the ICI network for loopholes.
Before now firms with large networks would only scan for vulnerabilities every quarter or year because of the time it took to carry out a comprehensive survey.
By contrast, said Mr Simmonds, tools produced by companies such as Qualys can be used weekly or daily.
Now, he said, ICI was able to treat vulnerabilities like viruses and regularly scan to find out if they had to react to the latest security warning.
"We used to be able to update virus definitions once a month," said Mr Simmonds, "then it was once a week and now it is within 30 minutes of a new one being detected."
Knowing whether ICI had to react quickly or not at all made a big difference said Mr Simmonds.
"ICI is in the business of making chemicals," he said, "everything else is an overhead."