1300 002 001
Follow Us  —Fb. /Lk. /X. /Ig.

Glossary

Patch management

The discipline of applying security and stability updates to operating systems and applications promptly, on a defined schedule, with reporting on what's done and what's outstanding.

Patch management is the operational discipline of getting security updates onto every endpoint and server, quickly and verifiably. It’s unglamorous and load-bearing: a huge share of real-world compromises exploit known vulnerabilities that had patches available for months.

What “good” looks like

  • An inventory of every asset - you can’t patch what you don’t know exists.
  • A defined patching cadence per asset class, agreed with the business so maintenance windows don’t surprise anyone.
  • Out-of-band patching for actively-exploited vulnerabilities, faster than the normal cycle.
  • Verification - patches reported as installed are confirmed on the asset, not assumed from the deployment tool.
  • Reporting - patch compliance per asset, time-to-patch per vulnerability class, exceptions documented with risk owners.

How the Essential Eight tracks it

Two of the eight strategies are explicitly patch-related, and the maturity model puts a clock on them:

  • Patch applications - ML1 patches internet-facing applications within two weeks; high-risk vulnerabilities within 48 hours. Higher maturity levels tighten the windows further.
  • Patch operating systems - same pattern, same tightening curve.

How Symsafe runs patch management

Patch management is part of every managed-IT engagement. Workstations and servers are patched on a documented cadence per client, monitored centrally, and reported monthly with patch-compliance percentages and outstanding high-severity vulnerabilities. Out-of-band patching is triggered by ACSC alerts and vendor advisories for actively-exploited issues.

— Related services

← Back to glossary