What's the Difference Between Patching and Updates?

Patching vulnerabilities is essential for front-line defense, yet unpatched vulnerabilities remain a leading cause of data breaches. An overwhelming majority of people – including security professionals – tend to delay or put off updating or patching their systems. Survey data suggests that eight out of 10 CISOs and CIOs have postponed a patch simply because it would be inconvenient. Failure to patch is compounded by the fact that system updates are often regarded as “unimportant” by other employees. This could not be further from the truth.

While it is true that all patches are updates, not all updates are patches.

Further, not all vulnerabilities are fully resolved in a single patch; sometimes multiple patches are needed. Patching and performing system updates are both important, but knowing the difference can help you ensure critical vulnerabilities are resolved.

Understanding Updates

Software updates are issued by vendors for a variety of reasons. These can include fixes for performance bugs, new features and other improvements. “Updates” is a broad term that covers a lot of ground. But people don't update their software as much as they should. While many updates contain security fixes, there is no shortage of reasons why people skip out on updating their systems.

To many people, “updates” are just those annoying pop-up windows that appear on their computers or phones. Others have had bad experiences with updates, such as malfunctions or slower processing. These turn-offs can be especially hard to reckon with in an office environment; no one wants to be the guy  slowing the business down. That's part of why so many CISOs and CIOs admit to postponing updates. Even when it comes to patching for vulnerabilities, security professionals are often put between a rock and a hard place when other business units don't grasp the importance of cybersecurity.

While you may be able to postpone fixes for performance bugs, patches are another story.

Patches, and Why Patching Is Important

While general software updates can include lots of different features, patches are updates that address specific vulnerabilities. Vulnerabilities are “holes” or weaknesses in the security of a software program or operating system. Malicious actors can then use code to exploit these vulnerabilities – unless, of course, you patch for it. Patches minimize your attack surface and protect your system against attackers.

“While general software updates can include lots of different features, patches are updates that address specific vulnerabilities.”

Even though patching vulnerabilities is vital for good cyber hygiene, far too few organizations take action when necessary. That's why 60 percent of data breaches are traced back to unpatched vulnerabilities. In late May, Microsoft issued multiple warnings about the necessity of patching for BlueKeep, a critical vulnerability discovered earlier in the month. Even the NSA has issued warnings about BlueKeep's potential threat, and yet, experts say not enough people are patching for it. Estimates suggest around a million machines on public Internet remain vulnerable.

Patching vulnerabilities in a timely manner may be what saves you from a breach. Automated patch management solutions can make the process of patching for vulnerabilities more streamlined – and help ensure that updates are deployed to every device in your network. Maintaining good cyber hygiene practices is essential for minimizing your attack surface and keeping breaches at bay.

About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Demo Automox to see how you can recapture more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.


Dive deeper into this topic