Go to content
logoNanitor
ALL

Cybersecurity

Exposure Management 101: Patch Intelligence

Derek Melber

Derek Melber

Chief Strategist

16.02.24

4 min read

Introduction

Patch intelligence is often one of the most dodged activities for most organizations. Patching has taught us over the years that often the patch might break things worse than the original issue. However, without patching our systems are exposed to a myriad of exploits and attack paths.  

Patch Prioritization  

Patching is a necessary task that can bring the entire IT department to a halt. There can be such a volume of patches to cover all platforms, devices, and hardware. Patching can be automated, but in most cases the patch can have such negative effects, it is best to keep things either in small automated bunches, or even use manual patching techniques.  

This is why patch priority is so important, so that the most critical patches can be addressed first, followed by patching that might only be for internal requirements.  

Combining Asset Priority with Patch Priority 

Combining asset and patch priority can make a radical difference in how long it will take to get all assets and the environment from a risky state to a more manageable secured environment.  

A solution that can give you a list of the highest priority patches on the highest value assets can save time and have the biggest impact in reducing risk due to required patches. Look at this example: 

Here is a list of all patches in this test environment (459): 

Patch management within the Nanitor dashboard

Now, looking at the assets that have a prioritization of at least 7, the patches reduce (445): 

Patch management within the Nanitor dashboard

Finally, focusing on the patches that are between 7.0 and 10.0 (164): 

Patch management within the Nanitor dashboard

Using this method, we reduced the total number of patches from 459 down to 164, which will take dramatically less time to deploy.   

Conclusion 

Patch intelligence has always been a task that IT teams have despised. The installation and fallout have always been something that technicians have wanted to avoid, leaving assets and the environment exposed. However, with a few simple filters on the overall data of patches and assets, the required patches that need to be deployed can be reduced to a more manageable level, but still reducing the overall security risk of the organization dramatically.