Contents:
Most breaches don’t start with a vulnerability nobody knew about. They start with one nobody patched in time.
Vulnerability exploitation is now the single biggest way attackers get into a network. It has overtaken stolen credentials for the first time in the 19-year history of Verizon’s Data Breach Investigations Report, with 31% of breaches now starting this way, up from 20% the year before.
In “AI didn’t break patching. It showed us patching was already broken,” I covered why that number is about to get worse. AI has made finding those vulnerabilities almost trivial, and a wave of new patches is coming as a result.
For security teams, the patch wave poses a distinct, looming problem. Specifically, the number of patches you have to deal with is likely to rise sharply over the next few months.
In this piece, I want to focus on solving that challenge. Specifically, how can you scale up the number of patches you install, without losing control over what gets installed, when, and in what order?
How the NCSC recommends responding to the patch wave
If the term ‘patch wave’ is new to you, here’s the short explanation. AI models like Claude Mythos 5 can now detect software vulnerabilities significantly faster than humans, and with a lower false positive rate.
As more and more tech companies get access to this model (or others like it), there’s going to be a huge wave of new software vulnerabilities being identified and patched.
This was the main topic of a recent blog post by the National Cyber Security Centre’s CTO, Ollie Whitehouse, who said organisations need to act now, since a wave of patches addressing decades of technical debt is coming.
The most important consequence of the patch wave is this. AI has made finding vulnerabilities trivial. Once, the number of vulnerabilities was limited by how quickly human researchers could identify them. Now, the bottleneck has moved to how quickly security teams can install them. The more patches we have, the more of a bottleneck this becomes.
So how do we get on top of this? In his NCSC blog, Whitehouse outlines three recommendations, and we’d add a fourth of our own.
- Where possible, take advantage of ‘hot patching’, patches that can be installed without requiring a full system shutdown. With the right tools, this can reduce the resources needed to install these patches to virtually nothing.
- Otherwise, automatic updates should be prioritised wherever possible. Again, the goal is to reduce the amount of manual work involved in installing patches as much as possible.
- When deciding which patches to install and when, you should start on the outside and work inwards. First, prioritise the external attack surface, anything connected to the internet, networks, or VPNs. Then, focus on cloud instances, and on-premises devices last.
- On top of that, we’d recommend a formal process to assess, identify, and prioritise the risk of patches. Using the MITRE ATT&CK framework and Common Vulnerability Scoring System (CVSS) scores is a good place to start here, but it’s not enough on its own. Check out our article on prioritising vulnerabilities to understand this in more detail.
Much of this advice boils down to using automation, wherever possible. In truth, this has been standard practice within the cybersecurity scene for some time. But that doesn’t necessarily mean everybody has made the transition.
Crucially, not all vulnerability management tools offer automated patching functionality, and there’s a lot of variation in the functionality offered by those that do.
Heimdal is the best possible defence against the patch wave
For the average security team, the patch wave creates a basic problem.
The number of available patches is about to increase, probably quite sharply. But for many, managing the number of patches you already have is already a challenge.
That’s exactly the gap Heimdal aims to close. Instead of piling more and more resources into your security team, we put automation at the core. With the right policies, this can make manual installation the exception, not the rule.
Before the patch wave, this kind of automation was a nice-to-have. But now, it’s difficult to see how security teams can manage over the coming months without either automation or extra staff. If you can’t justify the extra resource, that makes automation virtually non-negotiable.
So how does Heimdal put you back in the driver’s seat of vulnerability management? Here’s everything you need to know.
- Full OS support: Heimdal supports multiple operating systems, including Windows, macOS, and Linux. This means you can manage and install patches across all devices from a single unified dashboard.
- Patches across the whole environment: Heimdal enables you to manage vulnerabilities across networks, third-party software, and all major operating systems.
- Fast patching: Patches are available through Heimdal within four hours of release by the vendor.
- Uninstallable patches: You can also uninstall patches where necessary, if they cause downstream performance issues elsewhere in the IT environment.
- Third-party application support: We directly support more than 330 third-party applications across Windows, macOS, and Ubuntu/Debian, tested and updated continuously.
- Manage patches for custom applications: We can also help you manage patches that aren’t supported by Heimdal, through the same dashboard as those that are. This means you can still apply the same automations and installation policies to your custom or non-supported patches.
- CVE/CVSS mapping: Vulnerabilities are mapped to their corresponding CVE code and CVSS severity score. This makes it easier for you to diagnose the relative risk of vulnerabilities at scale.
- Cyber Essentials/NIS2: Heimdal is compliant with NIS2 and Cyber Essentials. We also give you the tools to benchmark your own compliance and work towards certification.
- Custom compliance reports: Heimdal also creates custom compliance reports to track every vulnerability identified and every patch installed. You can also toggle which framework the reports are for, including NIS2 or Cyber Essentials. Most importantly, you can build your own custom policies to decide who gets these reports, how often, and what information they should include.
How to stay on top of the patch wave
Heimdal’s principle for vulnerability management is simple. Automation is the default setting in the vast majority of cases.
But most importantly, we give you the tools to do this while still having full control over what gets patched and when. That’s why customisable policies are so important. It’s the difference between you keeping and losing control over your vulnerability management strategy.
If you want to find out more about our Patch Management, check out the main product page.
Otherwise, get in touch with our team for a pricing plan built around your environment.
