
By Jim Jackson
Patch management has always been time-consuming and arduous. But it gets done, at least to some degree, simply because patching is so crucial to a robust cybersecurity posture. Patch programs are rarely perfect though, and imperfect patching arguably enables successful cybersecurity breaches – it’s an ever-growing concern for countless IT teams.
Related: MSSPs shift to deeper help
Managed Security Service Providers (MSSPs) do their best to patch their client’s systems while also juggling a long list of other tasks associated with developing, monitoring, and maintaining their client’s overall security and compliance program.
The resources an MSSP can dedicate to patching are, however, limited: MSSPs operate within a fixed client servicing budget, and no client will accept being billed whenever a vulnerability needs to be patched.
To patch or not to patch?
It poses a huge conundrum for MSSPs: patching everything everywhere sounds like a great idea because, after all, a single failure to patch can lead to a breach. Thorough patching means secure client systems. But patching that thoroughly isn’t economical. Some vulnerabilities are more critical – and some systems are more central to operations than others.
There is a balance to strike, but choosing where to prioritize is a tough call. Absent a game-changing technology the best solution would be to simply throw more resources at the patching problem, but that would drive up costs for MSSPs which could lead them to become uncompetitive.