Scaling Patch Management in Cloud-Native DEVSECOPS Environments with SIEM

The study discusses the topicality of Security Information and Event Management (SIEM) telemetry to the management of the magnitude of patching control on cloud-native DevSecOps stacks with Kubernetes, containers, and micro services. Similarly, operationally cloud-native patching is a more complex task compared to server patching because immutable infrastructure requires restart image rebuild-and-redeploy cycles, a setting of auto scaling produces rapid inventories churn, and multi-clouds deployments, leave clusters in non-homogenous versions and configuration of individual nodes. In the meantime, exploitation timing has fallen to a disruptive mismatch of actual attacker velocity and enterprise patch time. It develops and verifies a patch management model that uses SIEM that includes the discovery of assets, vulnerability intelligence enrichment, CI/CD and Gitops coordination, SIEM analytics, and an automated feedback loop escalating the corrective action along with indications that it was exploited. A baseline CVSS-only prioritization model under exploit-attempt telemetry, and known indicators of exploited vulnerabilities tested on an experimental basis compare and contrast the model against a SIEM-enhanced model. Findings show a realistic growth in patch velocity and compliance to the aggregate Mean Time to Patch decreasing to 6.1 days (versus 12.4 days) and Yesterday to Patch (versus 8.6 days) and compliance. Scalability testing establishes the high patch—throughput and reliability of deployment to high volumes of workload. The present results endorse the SIEM-based prioritization as a measurable.