Patch management involves updating systems, applications and products to eliminate security vulnerabilities.
Vulnerability management is used to find, classify and prioritize existing vulnerabilities and recommend measures to eliminate them. Such a measure can be a patch, for example.
Patch management thus presupposes vulnerability management. After all, it only makes sense to patch if existing vulnerabilities are known.
In addition, patch management usually only works in IT components, but not in industrial plants and control systems, for example.
Furthermore, a patch management system requires extensive and controlling admin intervention, since not every patch is useful or uncritical for the respective system. Often, new patches also bring new vulnerabilities that a patch management system does not detect.
Patch management is a useful complement to vulnerability management an, as these systems can in turn automate patching. Under certain circumstances, our vulnerability management can also provide information directly to a patch management system, so that patching can be performed directly on the basis of security-critical assessments.