Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
Unpatched systems are a ticking time bomb. Fifty-seven percent of cyberattack victims acknowledge that available patches would have prevented breaches, yet nearly one-third admit failing to act, compounding the risk.
Ponemon research shows organizations now take an alarming average of 43 days to detect cyberattacks, even after a patch is released, up from 36 days the previous year. According to the Verizon 2024 Data Breach Investigations Report, attackers’ ability to exploit vulnerabilities surged by 180% from 2023 to 2024.
Chronic firefighting makes manual or partially automated patching overly burdensome, further pushing patching down teams’ priority lists.
Relying on manual or partially automated patching systems is considered too time-consuming, further reducing patching to the bottom of a team’s action item list. This is consistent with an Ivanti study that found that the majority (71%) of IT and security professionals think patching is overly complex, cumbersome and time-consuming.
When it comes to patching, complacency kills
Attackers aggressively exploit legacy Common Vulnerabilities and Exposures (CVEs), often ten or more years old.
A sure sign of how effective attackers’ tradecraft is becoming at targeting legacy CVEs is their success with vulnerabilities in some cases, 10-plus years old. A sure sign that attackers are finding new ways to weaponize old vulnerabilities is reflected in the startling stat that 76% of vulnerabilities leveraged by ransomware were reported between 2010 and 2019. The misalignment between IT and security teams compounds delays, with 27% lacking cohesive patch strategies and nearly a quarter disagreeing on patch schedules. One of the unexpected benefits of automating patch management is breaking the impasse between IT and security when it comes to managing the patch workload.
“Typically, on average, an enterprise may patch 90% of desktops within two to four weeks, 80% of Windows servers within six weeks and only 25% of Oracle Databases within six months from patch release date”, writes Gartner in their recent report, “We’re not patching our way out of vulnerability exposure.” The report states that “the cold, hard reality is that no one is out patching threat actors at scale in any size organization, geography or industry vertical.”
Ring deployment: proactive defense at scale
Every unpatched endpoint or threat surface invites attackers to exploit it. Enterprises are losing the patching race, which motivates attackers even more.
In the meantime, patching has become exponentially more challenging for security and IT teams to manage manually. Approximately a decade ago, ring deployment began to rely on Microsoft-dominated networks. Since then, ring deployments have proliferated across on-premise and cloud-based patch and risk management systems. Ring deployment provides a phased, automated strategy, shrinking attacker windows and breach risks.
Ring deployment rolls out patches incrementally through carefully controlled stages or “rings:”
Test Ring (1%): Core IT teams quickly validate patch stability.
Early Adopter Ring (5–10%): A broader internal group confirms real-world compatibility.
Production Ring (80–90%): Enterprise-wide rollout after stability is conclusively proven.
Ivanti’s recent release of ring deployment is designed to give security teams greater control over when patches will be deployed, to which systems and how each sequence of updates will be managed. By addressing patching issues early, the goal is to minimize risks and reduce and eliminate disruptions.
Ring deployment crushes MTTP, ends reactive patching chaos
Relying on outdated vulnerability ratings to lead patch management strategies only increases the risk of a breach as enterprises race to keep up with growing patch backlogs. That’s often when patching becomes cybersecurity’s endless nightmare, with attackers looking to capitalize on the many legacy CVEs that remain unprotected.
Gartner’s take in their recent report “Modernize windows and third-party application patching” makes the point brutally clear, showing how traditional patching methods routinely fail to keep pace. In contrast, enterprises embracing ring deployment are getting measurable results. Their research finds ring deployment achieves a “99% patch success within 24 hours for up to 100,000 PCs,” leaving traditional methods far behind.
During an interview with VentureBeat, Tony Miller, Ivanti’s VP of enterprise services, emphasized that “Ivanti Neurons for Patch Management and implementing Ring Deployment is an important part of our Customer Zero journey.” He said the company uses many of its own products, which allows for a quick feedback loop and gives developers insight into customers’ pain points.
Miller added: “We’ve tested out Ring Deployment internally with a limited group, and we are in the process of rolling it out organization-wide. In our test group, we have benefited from deploying patches based on real-world risk, and ensuring that updates don’t interrupt employee productivity–a significant challenge for any IT organization.”
VentureBeat also spoke with Jesse Miller, SVP and director of IT at Southstar Bank, about leveraging Ivanti’s dynamic Vulnerability Risk Rating (VRR), an AI-driven system continuously recalibrated with real-time threat intelligence, live exploit activity, and current attack data.
Miller stated clearly: “This is an important change for us and the entire industry. Judging a patch based on its CVSS now is like working in a vacuum. When judging how impactful something can be, you have to take everything from current events, your industry, your environment and more into the equation. Ultimately, we are just making wiser decisions as we are not disregarding CVSS scoring; we are simply adding to it.”
Miller also highlighted his team’s prioritization strategy: “We have been able to focus on prioritizing Zero-Day and Priority patches to get out first, as well as anything being exploited live in the wild. Using patch prioritization helps us eliminate our biggest risk first so that we can reduce our attack surface as quickly as possible.”
By combining ring deployment and dynamic VRR technology, Ivanti Neurons provides enterprises with structured visual orchestration of incremental patch rollouts. This approach sharply reduces Mean-Time-to-Patch (MTTP), accelerating patches from targeted testing through full deployment and significantly decreasing the exposure windows that attackers exploit.
Comparing Ivanti Neurons, Microsoft Autopatch, Tanium and ServiceNow: Key strengths and gaps
When selecting enterprise patch management solutions, apparent differences emerge among leading providers, including Microsoft Autopatch, Tanium, ServiceNow and Ivanti Neurons.
Microsoft Autopatch relies on ring deployment but is restricted to Windows environments, including Microsoft 365 applications. Ivanti Neurons expands on this concept by covering a broader spectrum, including Windows, macOS, Linux and various third-party applications. This enables enterprise-wide patch management for organizations with large-scale, diverse infrastructure.
Tanium stands out for its robust endpoint visibility and detailed reporting features, but its infrastructure requirements typically align better with resource-intensive enterprises. Meanwhile, ServiceNow’s strength lies in workflow automation and IT service management integrations. Executing actual patches often demands significant additional customization or third-party integrations.
Ivanti Neurons aims to differentiate by integrating dynamic risk assessments, phased ring deployments and automated workflows within a single platform. It directly addresses common enterprise challenges in patch management, including visibility gaps, operational complexity and uncertainty about vulnerability prioritization with real-time risk assessments and intuitive visual dashboards.
Transforming patch management into a strategic advantage
Patching alone cannot eliminate vulnerability exposure. Gartner’s analysts continue to stress the necessity of integrating compensating controls, including endpoint protection platforms (EPP), multifactor authentication, and network segmentation to reinforce security beyond basic patching.
Combining ring deployment with integrated compensating controls that are part of a broader zero-trust framework ensures security, allows IT teams to shrink exposure windows, and better manage cyber risks.
Ivanti’s approach to ring deployment incorporates real-time risk assessments, automated remediation workflows, and built-in threat management, directly aligning patch management with broader business resilience strategies. The design decision to make it part of Neurons for Patch Management delivers the scale enterprises need to improve risk management’s real-time visibility.
Bottom line: Integrating ring deployment with compensating controls and prioritization tools transforms patch management from a reactive burden to a strategic advantage.
