Virtual Patching and why this method can balance your patching cycles

I have been in various companies and they all have there own system on how they update and patch servers, workstations. One common denominator are out of band patching. Some will allow them to be out of date for 1-2 weeks. But the more agreesive will do out of band patching/scanning to confirm this is mediated.

One thing I would like to suggest is virtual patching solutions to reduce the attack surface.

Malware bytes offers a Anti-exploit kit for virtually patching these software bugs.

Trend Micro also offers a more exspensive IPS module for there Deep security end point protection. They also have a anti-threat exploit stand alone which only does that.

Most hackers already know you will patch on patch tuesday or shortly after and when there are out of band vulns. that show up critical they will target large companies that dont fix these glaring issues. Virtual patching will instanting protect your end points.