Struggling with MTTP? Check Out Live Patching
In cybersecurity, metrics provide a way to measure cybersecurity performance and point to how successfully you’re defending your technology assets.
Mean time to patch, or MTTP, is a key indicator of cybersecurity success. MTTP is also one of the more difficult metrics to maintain: it’s tough to take things offline to patch, stakeholders don’t like the disruption, and there are limited tech staff resources to perform patching.
In this article, we’ll outline what MTTP is, why it matters so much, and point to one of the key tools that helps you to optimize MTTP.
What Is MTTP – and Why Does It Matter?
MTTP is the mean time (or average time) that lapses before a patch is applied. In other words, MTTP measures the period of time that elapses between when the vendor releases a patch and when the user applies the patch.
Why does this metric matter? Well, a vendor patch is usually rapidly released after the identification of a vulnerability, typically within days. If you apply the patch as soon as it is released, you leave a very small vulnerability window – limiting the opportunity for hackers to exploit the vulnerability.
However, this rarely happens. Usually, a long period lapses between the moment a patch is released by the vendor and when it is applied by the user. Depending on which report you read, the average MTTP can vary between 50 days and 150 days.
Hackers need time to build exploits and target victims. It can happen fast, but it may well only happen after the vendor patch is released. It’s usually not months and months, though.
In other words, optimizing MTTP really matters because an MTTP that’s low enough can mean that hackers never get the opportunity to exploit a vulnerability. An MTTP of 150 days…? Well, that’s just not a good idea.
MTTP Is a Tough Metric to Optimize
MTTP is an obvious metric to optimize for and, in fact, it’s a critical metric to optimize for given the tough state of the current cybersecurity landscape – but SecOps teams struggle to meet MTTP targets for a variety of practical reasons.
It takes time to patch, and there is a massive flow of vendor patches across the huge technology estates of large organizations. Consistently patching simply leads to a massive workload that often doesn’t have sufficient resources behind it.
But, assuming the resources were there, there is still a coordination problem because patching the usual way means that services need to go offline to apply the patch. This requires either a maintenance window or careful planning to maintain some level of (degraded) service.
Planning takes time and teams are most likely under-resourced too. The net result: MTTP targets are almost like a moon shot – an aspiring goal that teams just never achieve.
What Are Your Options with MTTP?
There are a few tools in the modern patch management arsenal. In theory, organizations could simply add more resources by deploying a bigger patching team, essentially throwing more money at the patching challenge. But resources are not that easy to come by – if they were, MTTP scores wouldn’t be an issue and hacks due to widely known vulnerabilities won’t be happening all the time.
Organizing yourself better can help. This can include more systematic patching combined with greater redundancy – and should reduce any performance-related disruption.
Another strategy is to identify and patch the most critical services first – but that might not be incredibly effective, because hackers often use lateral movement during an attack and it can be the least critical of services that enabled entry in the first place.
The solution: change the game completely with automation and by removing the need to restart services in order to apply a patch.
Step Up Your Patching Tech and MTTP Will Step Down
Live patching from TuxCare changes the patching picture. Thanks to live patching, you no longer need to reboot machines to apply a patch, so you minimize disruption and spend less time trying to set up maintenance windows.
And, because it’s automated, live patching means that your SecOps teams spend much less time patching – as patching requires fewer resources and it is able to be done faster.
In fact, when you live patch, you reduce the time between patch release and patch application to the bare minimum. For services covered by live patching, MTTP can come down to less than a day.
While you can’t live patch every piece of your technology environment, you can apply live patching to a range of components, including many enterprise Linux distributions, libraries, databases, and even virtual machine environments.
Introduce live patching into your workloads and you’ll significantly reduce MTTP across your entire technology estate.
Want to learn more about how to deploy automated live patching to minimize your MTTP? Schedule a quick conversation with one of our vulnerability patching experts.
CTA Button: Talk to an Expert