Patch management alone leaves your business unprotected. Here’s why.

According to the Flexera Vulnerability Review, 17,147 software vulnerabilities were discovered in 2016. The number of ‘highly critical’ vulnerabilities grew from 13% to 18%, a worrying upward trend that suggests the threat is getting bigger every day.

With a threat on this scale, effective software vulnerability management and patch management should be obvious. Keeping your applications safe is as essential as your firewall and antivirus software. But while many IT teams understand the necessity of patching, that’s just part of the picture.

Truly effective cyber security doesn’t stop – or start – with patching. Keeping data and systems safe means prioritising a more comprehensive approach to vulnerabilities.

What effective patch management can do to eliminate vulnerabilities

The Microsoft Security Intelligence Report tells us that the number of times a vulnerability is exploited grows exponentially, reaching a peak around two months after disclosure. It’s obvious, then, that fast and effective patching can dramatically reduce your exposure.

Much has been done to encourage regular patching of first-party software, like Microsoft’s attempts to make the release of updates predictable and structured through Patch Tuesday. Many organisations bring their third-party patching into the same structured model, packaging and deploying third-party patches whenever they’re available.

Patch management – whether manual or automated – can ensure that available patches are applied as soon as possible. This reduces the period of exposure to a potential breach. However, patch management doesn’t solve the wider software vulnerability problem.

Where patch management alone falls short

Effective patch management depends on a number of prerequisites. Long before applying a patch, IT teams need:

  • To know all the third-party software on the network
  • To know a vulnerability exists
  • To prioritise which patches and updates should be deployed first

What’s more, patch management depends on a patch being available. When so many organisations continue to use End of Life software, that’s not always a realistic expectation.

Packaging and deploying patches is the final step in a process. Software vulnerability management is the series of steps that get you to that point.

How software vulnerability management helps

Forget patches for a moment – software vulnerability management is concerned with every vulnerability, regardless of whether a patch is actually available.

When it is vulnerabilities that pose the threat, that seems like a more sensible place to start.

Effective software vulnerability management helps you take stock of all the applications on your estate, then get alerted to known vulnerabilities. Crucially, these alerts are accompanied by practical intelligence that explains the nature of the vulnerability and rates its criticality.

As a result, you can build a more accurate picture of your current risks and make more informed decisions about the areas where your software is vulnerable and, yes, how you might eventually patch.

Written by