What is Enterprise Patch Management?
What is Enterprise Patch Management (a.k.a. the application of software security updates according to NIST SP 800-40r4)? The National Institute of Standards and Technology (NIST) just released Report 800-40r4: Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology. [...]
LAPSUS$: The New Extortion Group Causing a Scene
A new threat actor group is behind an infamous wave of attacks impacting companies like Microsoft, Nvidia, Okta, and most recently Globant, among others. LAPSUS$, tracked as DEV-0537 by Microsoft, is relatively less sophisticated than other hacking and extortion groups [...]
Cybersecurity Transformations Since the Russia/Ukraine Conflict
In the past few days since the Russia/Ukraine conflict, there have been some changes in the cybersecurity landscape. Below are some of my personal observations from our Ransomware Recovery business unit. I am curious if other incident response professionals, ransomware [...]
Ransomware Attacks Trending Towards Mid-Sized Targets
Last year, there was considerable evolution in terms of ransomware trends and techniques. In the US, and abroad, we saw many high-impact attacks being carried out against critical infrastructure entities. These highly disruptive and highly publicized attacks brought increased pressure [...]
Ransomware Attack: Should I Contact the FBI and Law Enforcement?
If your company was hit with ransomware, you might be wondering if you should contact the FBI after a ransomware attack, or other law enforcement. The quick answer is mostly yes, but with important caveats to consider. Because of the [...]
What to Expect from Your Cyber Breach Insurance Policy
The last two years have been a bloodshed for cyber breach insurers. From 2016 through 2019, the payouts on each dollar of cyber breach insurance billed ranged from $0.43 to $0.48. In other [...]
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
