To Patch or Not to Patch? 4 Steps to Effective Vulnerability Management with Security Intelligence

At the 2015 Qualys Security Conference (QSC) in Las Vegas, Jayson Jean, director of iDefense Vulnerability Intelligence, and Research Engineer Rohit Mothe, discussed the ways in which Verisign iDefense Security Intelligence Services have provided key context around public and zero-day vulnerabilities, and by association, helped customers make better-informed decisions around threat mitigation. A core concept discussed in their talk is that threat mitigation often starts with recognizing and prioritizing mitigation of software vulnerabilities.

Managing risk can require difficult decisions about what to patch or mitigate now, and what will have to wait. This is due to the fact that most businesses operate under a “resource-constrained” model and don’t have the staff or funds to patch everything immediately. But making these decisions accurately and quickly requires the context that security intelligence provides.