Optimizing the patch management process - Help Net Security

Optimizing the patch management process - Help Net Security

In this podcast recorded at Black Hat USA 2019, Jimmy Graham, Senior Director of Product Management at Qualys, discusses the importance of a tailored patch management process.



Security obviously will have some say in a patch management process because a lot of patching is security driven, but patching is beyond just security, there’s also stability performance updates that have to be taken into account.

Here’s a transcript of the podcast for your convenience.


Hi, my name’s Jimmy Graham and I’m the Senior Director of Product Management for vulnerability management and patch management at Qualys, and in today’s podcast we’re going to be talking about optimizing the patch management process.


You hear a lot about the vulnerability management lifecycle, we talk about it a lot at Qualys, how asset inventory feeds into vulnerability management. Then you prioritize those vulnerabilities, and then you patch.


Patch management process


And while patch management does get some input from vulnerability management, patch management really needs to be its own cyclical process. Vulnerability management should not be the only way that the patch management processes is engaged. It needs to really stand on its own. You have a new patch release. You prioritize the patch. You test and deploy that patch. You report on the patch deployment. You then audit that with VM and then you clean up.


And when I say clean up, that might mean going back and patching outliers. That might mean taking feedback from vulnerability management such as, we see this specific patch missing pervasively across the entire environment, to help you tune your patch m ..