It is generally best practice to install patches that are released for the software you’re using because it will reduce the likelihood of a successful breach, ensure that your systems are up to date, and help you comply with regulatory requirements. However, that doesn’t mean that you should necessarily install a patch the moment it is released. Patches should be implemented strategically, taking into account the impact deploying a patch will have on your business operations and security posture.
Many organizations experience delays between detecting the vulnerability and actually remediating the vulnerability due to a lack of automation and tool communication between their vulnerability scanning tools and the tools used to deploy the update. modern vulnerability detection tools are beginning to incorporate the ability to remediate and deploy patches from the same system as detection, which can help make the pipeline much more efficient. Others without the capability to deploy patches are at least integrating with systems like Microsoft SCCM and HCL BigFix that are used to roll out updates. These tools will also integrate with popular ticketing systems such as Jira and ServiceNow to minimize the headache caused by transferring a detected vulnerability out for remediation.