Can the Heartbleed security bug be stopped? Is antivirus software “dead”? How will Microsoft (MSFT) fully patch the Internet Explorer (IE) security vulnerability?

Several questions top this week’s IT security stories for managed service providers (MSPs) to watch, which means it should be a busy week for IT security news across the globe.

Meanwhile, as more MSPs search for ways to manage their IT security risks, various solutions are available to help them control these problems. Many MSPs could make notable investments in IT security solutions in the near future, especially since new IT security threats are affecting MSPs every day.

Here’s a look at four IT security stories for MSPs to watch this week:

Heartbleed lives on
The Heartbleed security vulnerability was discovered last month, but this bug continues to affect users. Errata Security said last week it found more than 300,000 servers that were still vulnerable to Heartbleed. Have you checked all your customers’ servers?

“Last month, I found 1 million systems supporting the ‘heartbeat’ feature (with one-third patched). This time, I found 1.5 million systems supporting the ‘heartbeat’ feature, with all but the [300,000] patched. This implies to me that the first response to the bug was to disable heartbeats, then later, when people correctly patched the software, heartbeats were re-enabled,” Errata’s Robert Graham wrote in a May 8 blog post.

Heartbleed will continue to affect MSPs “as long as a vulnerable version of OpenSSL is in use.” However, numerous online tools are available to detect Heartbleed-vulnerable websites, including a free online service from Qualys and Heartbleed vulnerability assessments from CloudPassage with CloudPassage Halo.

Symantec declares antivirus software “dead”
Last week, Brian Dye, senior vice president of Symantec (SYMC) Information Security, told The Wall Street Journal that he believes antivirus software is “dead” and “doomed.” Symantec also unveiled Symantec Managed Security Services – Advanced Threat Protection (MSS-ATP) and Symantec Advanced Threat Protection Solution, both of which are designed to help Symantec customers stop IT security breaches.

According to Dye, his company is expanding its focus from prevention to detection and response to better support its customers.

“Network security alone isn’t going to solve the problem. Adversaries are targeting all control points from the gateway to email to the endpoint. Organizations need security across these control points working together, with incident response capabilities and global information intelligence, to beat the bad guys. Symantec is bringing that powerful arsenal to market,” Dye said in a prepared statement.

Kaspersky Lab Chief Executive Officer Eugene Kaspersky, however, disagrees with Dye’s assertion that antivirus software is “dead.” In fact, Kaspersky told The Inquirer that he feels antivirus software is “alive and kicking.”

Another patch for the Microsoft IE security bug
Microsoft said it stopped the IE security flaw earlier this month, but announced it also will release a new security update regarding the security bug tomorrow. This update, however, will not affect Windows XP users.

“Our existing policy remains in place, and as such, Microsoft no longer supports Windows XP. We continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1,” a Microsoft spokesperson told Threatpost.

Adobe (ADBE) plans to release a security bulletin tomorrow for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh as well.

New research on the impact of shadow IT
Skyhigh Networks released the third edition of its quarterly Cloud Adoption and Risk Report on May 7, and the report highlighted the impact of shadow IT.

Researchers found an average organization typically uses 24 different file sharing services and 91 different collaboration services, which researchers claimed “not only impedes collaboration and leads to employee frustration, but also results in greater risk.” In addition, researchers said malware is a pervasive threat that can affect organizations of all sizes.

“The malware problem is alive and well, as 29 percent of organizations had anomalous cloud access indicative of malware. In addition, 16 percent of organizations had anomalous cloud access to services that store business critical data, introducing an even higher level of risk,” Skyhigh Networks said in a prepared statement.

Dima Kumets, Product Manager at OpenDNS, told MSPmentor that malware is written to generate profits quickly by extracting credit card numbers, banking information or pieces of data useful for identity theft. With malware, Kumets noted “the data leakage begins immediately,” and if MSPs are unprepared, malware can cause serious financial damage.

What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at [email protected].