How Good is Your Current Patch Manager?

Application vulnerabilities pose a significant danger to any organisation. And most of us are at a point where we realise that.

But it’s not enough to know there’s a defence in place. Whether you’re using a bespoke patch management platform or relying on how your own processes come together, it’s important to understand how well you’re doing.

You’ve taken steps to protect your network. But are you really protected?

To find out, consider these four key areas.

1 – How big is the vulnerability database?

Fundamentally, the secret to protecting your network against application vulnerabilities is knowing whenever they occur. With your Microsoft software, it’s easy – just one vendor to keep track of for several of your most critical applications.

But when it comes to third-party software – where the majority of application vulnerabilities are discovered – there are potentially thousands of different vendors to watch.

An automated system will draw on a database of known application vulnerabilities. And the bigger that database is, the better.

Flexera Software’s Advisory and Vulnerability database is the biggest of its kind, covering more than 20,000 applications from third-party vendors. That’s more than anybody else in the industry.

2 – Does your system give you actionable intelligence?

Of course, it’s not just the quantity of information that matters. It’s what it can do to help you secure your network.

A complete threat advisory should tell you:

  • The attack vectors that attackers could exploit the vulnerability from
  • The impact of a successful exploit on your infrastructure
  • How you can mitigate your risk using a patch

Armed with that information, you don’t just know that a vulnerability exists – you know the steps you should take to close the threat vector quickly and efficiently.

So you can be alerted to vulnerable applications, and start taking action right away.

3 – Can you assess criticality and prioritise your patching?

While it’s a good mentality to fix all application vulnerabilities as soon as possible, the reality isn’t quite that easy. As you juggle all your responsibilities, some patches will naturally be applied before others.

An effective patch management system should make you aware of how critical each individual vulnerability is. For the most part, that combines the likelihood of a successful exploit with the potential consequences.

Vendors usually offer their own criticality ratings but, in an attempt to reduce support burdens, these tend to be consistently high.

Flexera Software gives you the advantage of vendor ratings and Flexera Software’s own independent rating, all in the same place. Based on that score, you can apply the most critical patches first to protect your most dangerous points of weakness.

4 – What is your current patch manager missing?

With a suitably sized database, actionable intelligence, and insight into the criticality of different vulnerabilities, a patch management system is theoretically effective.

Written by