Patch Early, Patch Often.
Continuous monitoring and detection is designed to rapidly determine and report the current state of system vulnerabilities. Some typical reactions from systems owners are: “We are too busy to patch right now” “It might break something” “We are not really a target or there is not really a way into our network” Based upon the assumption that there may be some resistance to adopting an aggressive stance, discuss how you might anticipate some talking points that would defuse these arguments. -On the question of disrupting systems during patching, is this a real issue or are vendors better now? – If it is a real issue, how can we best determine if a patch will break something in advance of moving into the production environment? – How should proprietary software be handled that needs operating systems to be held at a specific version number to run properly? This would stop you from patching the OS. – On the question of not being a target, is this a valid defense? Are there any networks that are impenetrable? What sorts of arguments could be made to counter these statements?