After this lesson, you will be able to: Describe the patch management lifecycle and the tradeoffs between automated and manual patching.
Patching looks easy ('just install the update') and is in fact one of the hardest operational disciplines in IT. This lesson covers the full patch lifecycle and the real-world tradeoffs that lead organizations to skip patches.
Discovery (vendor releases a patch + CVE), Triage (does this affect us? what's the risk?), Test (deploy to a non-prod environment first), Deploy (push to production in waves), Verify (rescan, confirm patch is installed and effective), Document (close the ticket, update inventory).
Patches break compatibility, old plugins, custom integrations, internal tools fail. Reboots cost money and customer trust on production systems. Vendor end-of-life, some software simply has no more patches. Prerequisite chains, patch B requires patch A, which requires a kernel rebuild, which requires a maintenance window. These are the reasons real environments lag months behind 'available' patches.
When you can't patch immediately: virtual patching at the WAF (block exploit attempts before they reach the vulnerable code), network segmentation (isolate the vulnerable host), configuration changes (disable the vulnerable feature), monitoring (detect exploit attempts and respond). These are not as good as patching but buy time when patching isn't possible.
Choose the response.
Sign in and purchase access to unlock this lesson.