Your reliance on patch management as a solution to your risk management problems isn’t working. Tomorrow isn’t going to be any better. So, now what?
Our guest today, Willy Leichter, points out that the National Vulnerability Database has been tracking between 5,000 to 7,000 vulnerabilities every year; a figure that went up to about 20,000 a couple years ago, and where we're now seeing 10,000 to 15,000 per month. Trying to keep up with this trend from a patch management perspective as the sole means to eliminate vulnerabilities and mitigate risk to the business isn't scalable; it isn't feasible.
To overcome this growing challenge, you must first change your mindset, approaching it from a behavioral perspective—addressing the problem at its core (from inside the app) vs. putting a bandage on the symptom (endless patching). This problem becomes even more important to tackle when you start talking about legacy systems, critical systems, and policy-controlled systems connected to sensitive information, and that can't be updated for a variety of reasons.
Still, business marches on—technology marches on—security is always going to have to run fast to keep up. Most organizations accept that. But it can be daunting at times. Have a listen to this chat with Willy to get a different perspective on this problem. With any luck, you'll have a fighting chance to make it through tomorrow, and the next day, and the day after that without a serious problem with your apps.