Vulnerability Management is only Good if We Patch

Patching endpoints is like backups, if you never test backups, there is another part in the process to make it work. Many IT groups in organization are reasonably good at log management. Some may even use a SAAS to do the IR. But log management is not a prevention, it is a post event tool. It is vulnerability management (VM) which is the good defense. VM is not just finding the holes in systems. It is taking the action of applying patches. Some organization (Okay most of us) have a schedule when we patch systems and apply fixes to apps. There are some that have figured out how to push out in real time automatically. But, others still are monthly, even quarterly.

The monthly/quarterly model is kind of a leftover from the old physical server and desktop days. It is driven by fear of ITB interruption to business. And a lack of in house staff to test or respond to all the things VM finds. Many IT teams have thousands of Linux servers, but, lack the tools or staff to fix every vulnerability. And as the song says monies tight and nothings free. And it is even harder in these do more with less (staff).

But, nonetheless, Vulnerability management with the taking action on the security holes and keeping applications, systems, and computers up to date is the best thing to get right and be functional at. The more we reduce the attack surface, the less places things can happen.

And one side point. No one monitoring solution can and will look at every things running around in our networks. That is true even is we are paying vendor to do that. We still need to understand our environment and preform threat hunting.