Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

How Patch Management Closes Attackers’ Fastest Loophole


This article is part of Venturebeat’s special number, “Cyber ​​Standing PlayBook: walk the new threat period.” Read more Here is a special issue.

Crawling on patch kills more network and damaged more than any zero-day maintenance or advanced cyberattack.

The complexity kills – and carries a high price. Down-Rev (“download”) or has old patches with no patches) or no patches, how to ransomware, how to form information, and companies are not compatible. It is not an issue that a company will not be violated, but when they do not prioritize patch management.

Why so much security team dragged – and pay a high price

Let’s be honest about how the patches are accepted Security teams And throughout IT organizations: often the most department is entrusted to employees designated with their worldly duties. Why? Nobody wants to spend things often repeated and sometimes in a hand-intensely intensive, yet requires full attention to focus.

Most security and IT teams say venturebeat with confidence that pamping often away from more interesting projects. That is Consistent with Ivani Research We thought that majority of these and security experts (71%) and patches were excessive, difficult and time consuming.

Remote work and centralized areas make more complex, 57% of security experts said. In accordance with what the venture beat of the security teams, Ivanti acknowledged 62% of this and security leaders’ patch management is withdrawn to other positions.

The truth is that the device’s management and patch management are not kept for a while (years). Meanwhile, hostility Armed Language Models (LLS) and attack applications are engaged in improving their complete trade.

Not patch? It’s like taking the front door to unlock

Criminal waves, as a criminal, hole in the goalkeeper communities Use remote video cameras 24/7 for control. It is an open invitation for bandits to leave an unlocked house without a security system.

Last points are not the same as patch. Tell me: Any task that has been announced and pushed to the moving movement items, most likely will never be completely complete. By reading enemies, general weaknesses and exposure (juvenile), find a list of companies with these vulnerabilities and perform them by making them more sensitive targets.

Gartner often draws on patch in research and considers it part of weakness management. Their final study, Top 5 elements of the Effective Sensitivity Management“Many organizations are still missing or inefficient softenings or many organizations patched patches that result in inefficient softenings and increased risk.”

Mismanagement, the teams are starting to leave the patches and increasingly complex, difficult and secular tasks in the “good enough” textbook process. This worsen in the sailed teams. This type creates spaces that are mistakenly. When the old mantra “scan, patch, rescan”, enemies use AI and generative AI, the machine is not measured when the machine is used to scan target points to target targets.

Giqaom’s Radar for Unified Last Point Management (EM) The report later remains a significant problem with many vendors who have a significant problem, a sequential problem, a consistent application, device driver and firmware patching. Reporting urges the organization to think of how to enhance PATCH management as part of the extensive effort to automate and scalability of sensitivity management.

Why the traditional patch management fails in today’s threat landscape

In most organizations, Patch Management begins with the planned monthly periods that trust the static general weakness scoring system (CVSS) scores of violence to help prioritize weaknesses. Enemies move faster and create more complex threats, you can keep up with CVSS points.

Karl Triebes, Ivandi’s CPO explained: “Investigates for violence and a fixed monthly circulation, the ratings are considering unique business context, security gaps and developing threats.” In today’s fast-moving environment , Static scores cannot seize an organization’s Nuhanst Risk Profile.

The framework of Gartner combines active threatening data and active threatening information to direct advanced priority techniques and active critical techniques and active threat information and active threat information. ” According to the Gigaom, the majority says that most UME solutions leave OS patching, less “patches for third party applications, device drivers and firmware, device drivers and firmware,” enemies exploited.

Risk-based and durable patch management: An easier approach

Chris Goettl, Ivanti’s product management tool for the endpoint security, explained to Venturebeat: “Risk-based patch priority goes beyond the CVSS points, taking into account the active maintenance, threat and active critical.” Admission to the more dynamic approach to organizations are more effective than used CVSS points and reacts to real-time risks.

Triebes Extended: “Only these ratings are in the risk of non-employed organizations. These ratings are not considered in your own business context, security gaps and developing threats.” But the only priority is not enough.

Enemies can quickly arm the weaknesses in a few hours and have It proved that it was a genea makes it even more efficient than the past. Ransomware attackers find new ways Aramen the old weaknesses. After a monthly or quarterly patch period, organizations cannot keep up with a new trader pace.

Machine learning (ML) -BASED patch management systems have been able to prefer patches based on existing threats and business risks for a long time. Permanent care provides compliance with PCI DSS, HIPAA and GDPR, reduces the space between AI automation detection and response.

Gartner, “Glasses”, which rely on hand processes, delays a zero daily reaction and is actively used in poorly exploited weaknesses. “Organizations must go to automated patches to keep up with enemies.

Choose the right patch management solution

There is a lot of advantages to improve the long-term ML algorithms that are the basis of integrating Gen AI and the basis of automated patch management systems. All sellers who compete in the market have road maps that include these technologies.

This Gigaom radar for patch management Solutions Report The top patch highlights the technical strengths and weaknesses of management providers. Ivani, Canonical, Connection, Flexa, Syswone, Ninjaone, Syswone, Sysword, Sysward, Sysword, Sysword, Sysword, Sysword, Sysword, Sysword, Sysword, Sysword, Includes SYSWORD, SYSWORD, SYSWORD and TUIUM, AutoX, BMC customer management patches.

Gigaom Radar, seller solutions for a number of concentric rings, those closer to the center are judged for the higher total value. Attention, two Baltora – “Innovation” and “Innovation” and “Play” with “Innovation” and “PLATION PLATION” and “PLATION PLATION” and “PLATION PLATION” characterize “Plation Plation”.

Gartner recommends security teams to “risk-based priority and automated work flow tools to reduce time-to-patch” and each seller in this market reflects on road maps. A strong patch strategy requires the following:

  • Strategic Placement and Automation: Mapping critical assets and reducing hand errors by AI-based automation.
  • Risk-based prioritization: to focus on active exploited threats.
  • Centralized Management and Sustainable Monitoring: Strengthen the patch effort and ensure that real-time security is visible.

With alignment of patch strategies on these principles, organizations can reduce the workloads of teams and build a stronger cyber boat.

Patching Management: Measurement of success in real time

All vendors competing in this market have reached a level of performance and functionality with patch approval, testing and placement. By coordinating patching information with the real world operating activities, vendors are a reduction of time (MTTR) time to clean up customers.

The measurement of success is critical. Gartner recommends following the following (at least level):

  • Average time-to-patch (MTTP): average time to overcome weaknesses.
  • Patch coverage percentage: the ratio of patched assets relative to sensitive ones.
  • Reduction of the window: Time to eliminate elegance.
  • Risk Reduction Effect: The number of weaknesses of active operation before the start of events.

Automate patch management – or fall behind

Patching, after the completion of other higher tasks, only security teams are not security teams. A business must be the basis for being relieved from vibrant and potential threats.

Just put the sheep, the patch is in the heart of cyber sustainability. However, many organizations are leaving the sensitivities that are widely open to the AI, using the known sensitivity, and more and more open to the AI ​​to shoot faster than ever. Static CVSS scores proved that they could not continue and stable times have become more than an asset.

The message is simple: when it comes to patches, the satisfaction is dangerous – it’s time to make it a priority.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Stalemate among old enemies in the Theater of Dreams
Vergil Ortiz Jr., Israel comes to riyada ready to clash with Madrimov
Shakur Stevenson, which requires gratitude and humility from Floyd Schofield
BeterbIeye-Bivol 2 in Benavidz: A prelude for a mega battle?