These days the challenge security teams face depends largely on the expertise and ability to understand those challenges and the threats you face. Even if we only rely on vulnerability management tools to give us a to-do-list and a priority, that prioritisation is generalised and not based on our IT environment specifics and actual risk from a cyber attack. This is where typical vulnerability management techniques and the usual reporting in tools fall over. In the cyber security world these translate to different ways of assessing risk for how to approach vulnerability management. Compare this to the average vulnerability management life-cycle of 4 – 6 weeks and we can see why prioritisation of patches can be critical.

Source: Forbes March 18, 2019 14:26 UTC