CISOs still cautious about adopting autonomous patch management solutions

“Setting up a finely controlled patching process with an automated patching solution will avoid an issue similar to the CrowdStrike outage,” Michelle Abraham, research director for security and trust at IDC, said in an email, “because once the first subset of machines has problems with the patch, the process is halted until the issues are resolved.”

When choosing a patch management solution, infosec leaders should define their use cases (for example, do you need a solution that works with multiple operating systems); define their criteria for the product (what’s important: cost, ease of use, does it offer patch scheduling, learning curve, does it comply with regulations you need to follow, do you want a cloud-based solution, does the solution look after virtual machines and containers); and check with peers about their experience with the solution.

However, Ray Komar, Tenable’s vice-president of cloud and technology alliances, noted, the actual decision on a product may be made by the IT group; the CISO or infosec leader may only have input into the decision.