TRACKING THE AVERAGE TIME TO PATCH
In the past we have discussed prioritizing vulnerabilities, and the importance of eliminating mistakes from the patching process. Today, we discuss a more basic question: Is your vulnerability and patching process good enough?
Obviously there is no catch all answer. The size of an organization, the type of data it handles, the size of the security team, and the amount of resources available all impact the organizations acceptable level of risk. To answer the “good enough” question, security teams must first be able to answer: How effective is our vulnerability detection and patch management process right now, and how does that align with our acceptable level of risk?
Overwhelmingly, organizations are unable to quantitatively answer the first question. Even organizations with a well-established process are often unable to report how long the process takes, how often it succeeds, and how often the process fails.
The best start to answering these questions is by tracking a simple metric: average time to patch. While the average time to patch is by no means the only indicator of a successful vulnerability and patch management process, tracking the average time a vulnerability exists in your environment from detection until it is completely patched provides a meaningful metric that is understandable to both the security team and to management.
Once the average time to patch is determined, the security team and management can decide if the process needs to improve, what may be slowing the process, and what steps could be taken to improve. The bottom line is if you cannot quantify how well a process is working, you cannot determine whether it needs to improve. For vulnerability and patch management, tracking the average time to patch is the place to start.
AristotleInsight is a big data security analytics solution implementing the UDAPE model. The solution collects, links, and organizes security data in order to establish baselines, conduct user behavior analysis, recognize anomalies, and detect advanced persistent threats.