By Ty Tyra, guest blogger
Let’s examine the importance of proactive and consistent vulnerability management and patching process.
Conduct Consistent Vulnerability Scanning and Patching
Organizations are doing a better job of patching these days, but according to the Verizon 2016 Data Breach Investigations Report, malicious actors still are successfully targeting older vulnerabilities that a consistent vulnerability management program likely would have addressed. In other words, if you patch a critical vulnerability within a day of it being released, but you haven’t consistently identified vulnerabilities and applied other patches during the previous eight months, are you really adequately protecting yourself? The goal is to be proactive and steady over the long haul and only reactive when a critical patch suddenly is required to address a significant threat to your environment.
Consistent, regular vulnerability scans and patching of identified weaknesses are much more important than being able to quickly respond to the release of a single critical patch, according to the report. Slow and steady wins the race. Prioritizing the patching of systems based on specific threats to an organization and your definition of your most critical assets is key, also. To paraphrase the report, when patching, make sure you’re patching the right things based on the risk tied specifically to your organization and its assets.