The National Cybersecurity Center of Excellence (
NCCoE) has released two new final publications on enterprise patch management. The guides, from
NIST (National Institute of Standards and Technology), may help MSSPs and MSPs as they seek to further mitigate vulnerabilities and associated end-customer risks.
The two NIST documents, initially
offered as drafts in November 2021, surfaced in April 2022 as:
Vulnerability Mitigation and Patch Management: Timely Response Required
Aligning patch management with vulnerability management remains a major priority for MSPs, MSSPs and the end-customers they serve. Among the reasons:
The average time between a vulnerability disclosure and patch availability is approximately nine days, according to Mandiant research.While the majority of the observed vulnerabilities are zero-days, 42 percent of vulnerabilities are exploited after a patch had been released. For those non-zero-day vulnerabilities, there was a very small window (often only hours or a few days) between when the patch was released and the first observed instance of attacker exploitation, Mandiant noted. Patch Management Software Market Forecast
Amid that backdrop, the patch management software market will have a compound annual growth rate (CAGR) of 10.59% from 2020 through 2025,
Technavio forecasts. Within the MSP software market, most of the major RMM (remote monitoring and management) software companies have patch management tools available for service providers.