How do you ensure patches are deployed in a timely fashion to reduce the number of vulnerabilities in your network and software to protect your organisations from ongoing threats?
We see many frameworks recommending a set number of hours or days to implement patches or in some cases see clients request set periods to deploy all patches by a set number of hours or days with no consideration of the usefulness or practicality or even effectiveness of the proposed patch.
Some environments are developed so that a lot of the internal network is not exposed to the internet. In this case the external ring of the network that is exposed to the internet is patched more aggressively than the internal environment.
Deploy patches using a risk-based approach.
As a business agree what an impact is and group them into bands.
Automatically update patches that do not require a reboot or service restart (this can be setup by your IT specialist).
Have the right skills sets in your team and agree how and when patches will be deployed based on your risk model.
Every time you delay a patch for business reasons it will be in the queue for later on. Do you have the staff to do this, what will be the priority when they begin implanting these patches?