Skip to Main Content
Effective Vulnerability Management
book

Effective Vulnerability Management

by Chris Hughes, Nikki Robinson
April 2024
Intermediate to advanced content levelIntermediate to advanced
288 pages
7h 33m
English
Wiley
Content preview from Effective Vulnerability Management

2Patch Management

Any good patch management program consists of automatic and  manual patching processes and techniques. Given the dynamic nature of infrastructure, it should be a continuous process of evaluating what's working, what's being patched, and what's missing. Without a strong vulnerability management program, systems can become outdated or reach EOL. Similarly, without a scheduled and regimented plan, systems will be left vulnerable for days, weeks, or longer to zero-day vulnerabilities like what happened at MOVEit or SolarWinds.

Foundations of Patch Management

Despite all the industry buzz about the latest flashy zero-day vulnerability, malicious actors are regularly targeting “vintage vulnerabilities”—vulnerabilities with existing patches that are known to be exploited in the wild (www.rezilion.com/blog/report-vintage-vulnerabilities-never-go-out-of-fashion). This is due to the fact that, despite being known to be exploited and having existing patches, organizations still struggle with remediation capacity, on average only being able to remediate 1 out of 10 new vulnerabilities per month. Figure 2.1 displays the layers of patch management activities that would take place in any IT infrastructure, whether cloud or on-premises.

Each organization must determine what patch management process will work best for them, but the basics include a comprehensive inventory; maintenance windows, tools, or processes to automate patching; and processes for reboots or taking ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Practical Vulnerability Management

Practical Vulnerability Management

Andrew Magnusson

Publisher Resources

ISBN: 9781394221202Purchase Link