How to Prioritize and Apply Patches
Every IT environment and cybersecurity strategy has vulnerabilities. To avoid damage or loss, organizations need to find and eliminate those vulnerabilities before attackers can exploit them.
Some of those vulnerabilities will be found and fixed by vendors, who will provide patches and updates for their products.
Other vulnerabilities cannot be patched and will require coordination between IT, cybersecurity, and app developers to protect those exposed vulnerabilities with additional resources that mitigate, or reduce, the risk of exploitation.
Regular and efficient execution of the following vulnerability and patch management stages can provide strong protection for organizations of all sizes:
Don’t want to handle it yourself? See also:
How to Find Vulnerabilities
Some vulnerabilities will be announced and other vulnerabilities need to be found through testing. However, every IT and cybersecurity team should designate specific people and processes to focus on detecting and managing vulnerabilities.
The first priority will be to collect the advertised vulnerabilities. Vendors will announce exploits and usually produce patches or mitigations for the vulnerability simultaneously.
Vulnerability detection teams need to monitor news feeds and vendor websites to act promptly because attackers move quickly. Mandiant’s research determined that:
- 42% of exploits occurred after a patch was issued
- 12% of exploits occurred within the week after the patch availability date
- 15% of exploits occurred within the month, but after the first week the patch was available
Of course, these will not be the only vulnerabilities that exist in the IT environment. Outdated or unpatched software is just one of the top seven types of vulnerabilities noted by Crowdstrike; the others are:
- Misconfigurations – Incorrect security settings can expose data or systems
- Unsecured Application Programming Interfaces (APIs) – attackers can use unsecured APIs to pull data, introduce code, and other types of attacks
- Zero-day Vulnerabilities – Extremely hard to detect; usually found by researchers
- Weak or Stolen User Credentials – compromised users, either from phishing attacks, reused…