Effective security patch management is probably the number one security control

Effective security patch management is probably the number one security control that can have the greatest impact in your company. It is crucial that you have processes in place to ensure regular, timely, and enterprise-wide patching. Always first test patches on a pilot group, and be sure to include third-party apps. We still see folks concentrating on MS patch Tuesday. The trickiest part will be minimizing the excluding of systems, as owners and certain vendors will still make claims that you can break their apps. Isolate systems that cannot be patched effectively, utilizing VLANS and firewall rules. Long term, look to replace these systems whenever possible. Actually, contact the vendor of these systems directly to discuss; do not take App owners’ or System Admins’ word on the patch issue. Companies are much more responsive now to demands from InfoSec. Good luck!!