Department of Defense Seeks Improved Patch Management Tech: Why You Should Care
On January 15, 2020, the Department of Defense (DoD), through its Defense Innovation Unit (DIU), issued an open call to vendors to fulfill a contract to help improve their technology and inventory management. According to the DoD, “The DoD’s current systems for inventory management are custom-built and do not interface with best of breed market solutions, do not efficiently identify assets, and do not provide an integrated view of vulnerability and patch prioritization across the network for each asset.”
The DoD’s custom iteration of patch management is not meeting its high standards. In the DoD’s words, the current method, “takes too much [time] to assess, test, and deploy patches, that fix newly identified vulnerabilities. This timeline must be shortened for success.”
Source: Defense Innovation Unit and Patch Management Platforms at SoftwareReviews, Accessed January 2020
Even a subsidiary of the DoD can struggle to make its proprietary software function at optimal efficiency. In this instance, the simple solutions could make things more effective. It may be easier to see what is available on the market rather than relying on in-house technology. Either as a replacement or an augmentation of your existing capabilities, consider the DoD’s approach. In an area where speed and accuracy are important, it makes sense to consider all your options
Our Take
Self-refection on your current state is always a good start. It is even better to make frequent reassessments of your capabilities to maintain a process of continuous improvements. A stagnant security system remains vulnerable to adaptive technology. The DoD recognizes the need for frequent updates to fix any gaps within their coverage, hence the call to vendors. A maturity assessment is always a relevant tool to make use of. It allows you to remain up to date with your security software and to gauge the progress you have made already.
Furthermore, the adoption of an off-the-shelf program from the DoD speaks well to the efficiency of the selected program. We’ll be following this story to see the selected vendor and to update you on the choice. While it may not be the best fit for your enterprise, adoption of a vendor by the DoD – an organization with low risk tolerance for security breaches – may provide your organization with example of high-standard evaluation criteria and metrics to use in your own product search.
Want to Know More?
Develop and Deploy Security Policies