Patch Smarter, Not Harder

Patch smarter, not harder.
Lieuwe Jan Koning and ON2IT Field CTO Rob Maas break down why “patch everything now” isn’t a strategy, but a risk multiplier. In this session, they teach a practical patching strategy: know your assets, patch edge first, stage updates, and use Zero Trust segmentation to choke off exposure so you only patch what truly matters: fast, safely, and without outages.

• (00:00) - 01:11 - Intro
• (01:11) - - 02:28 - Reality check #1: Not everything can be patched
• (02:28) - - 05:02 - Reality check #2: Patches are scary
• (05:02) - - 08:45 - The solution: Patch in phases
• (08:45) - - 10:36 - How Zero Trust enables patch management
• (10:36) - - 11:23 - Prioritization matters
• (11:23) - - 14:50 - Patching tips and tricks
• (14:50) - - 16:21 - Guidelines for patching triage
• (16:21) - - 17:37 - Practical advice
• (17:37) - - END - Outro

Key Topics Covered

·       Why “patch everything immediately” fails; availability vs. security

·       Staged deployments and rollback safety for crown-jewel services

·       Zero Trust segmentation to reduce urgency and shrink attack surface

·       Priority signals that matter: asset criticality, exposure, KEV, CVSS

Related ON2IT content & explicitly referenced resources
ON2IT Zero Trust: https://on2it.net/zero-trust/
Threat Talks (site): https://threat-talks.com/
CVSS (FIRST): https://www.first.org/cvss/
CISA guidance – Citrix/NetScaler (Citrix Bleed example): https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed
Crowdstrike episode: https://youtu.be/IRvWVg1lSuo?si=f8Sj6WYG0KNxlkJD 

Click here to view the episode transcript.