For more than a decade, our approach to patching and vulnerability management for IBM QRadar SIEM centered around Update Packs (formerly known as Fix Packs). These comprehensive updates, typically coming once a quarter, bundled a wide range of fixes and improvements. While this model served us well, the evolving threat landscape and the increasing velocity of disclosed vulnerabilities demanded a more agile response.
Over the past two years, we’ve transformed how we deliver security updates, and we want share what’s changed and why it matters.
Interim Fixes: Accelerating Security Response
Historically, Interim Fixes were reserved for urgent, high-priority issues, a surgical intervention when something couldn’t wait for the next Update Pack. But starting in 2023, we began using Interim Fixes as a tool in our vulnerability management program. These are now our primary vehicle for delivering rapid security updates, with a focus on operating system-level vulnerabilities. Security fixes delivered via Interim Fixes are rolled into the next Update Pack, ensuring continuity.
Because our product is delivered as a hardened appliance, we own the entire OS stack. That’s a benefit to our customers who can avoid patching of third-party components and dependency juggling. That also means we take full responsibility for every CVE that touches the OS, regardless of whether it’s exploitable in our context.
Our goal: deliver OS-level security fixes as fast as practical following the IBM PSIRT Processes influenced by the FIRST framework. These are typically released monthly, subject to need. This ensures our customers benefit from a minimized attack surface and reduced noise in vulnerability scans, without waiting for the next Update Pack.
Why Are We Doing This
- Faster Remediation: Interim Fixes allow us to respond to emerging threats much quicker rather than waiting for the next scheduled Update Pack.
- Reduced Risk: By patching proactively, even for non-exploitable vulnerabilities, we reduce the potential for future exploit chains and provide clean scans to customers.
- Less Operational Overhead: Our appliance model means you don’t have to manage OS patching. We do it for you.
- Demonstrated Commitment: Despite recent changes in our product portfolio, this product remains actively maintained and continuously improved.
How Does This Impact You as a Customer
- Update Packs: These will remain the primary vehicle for feature enhancements and broader fixes and will contain the security fixes from previous Interim Fixes as well.
- Regular Interim Fixes: Focused, security-driven updates delivered approximately once a month. Security fixes are always announced via our Security Bulletins. We encourage you to subscribe to stay informed as soon as updates are released.
- Transparent Communication: We’re working to make our release strategy more visible and predictable, so you can plan with confidence.
Bottom Line
Security is not a static goal, it’s a continuous process. Our shift to a more agile, responsive vulnerability management model reflects our commitment to protecting your environments and earning your trust every day. If you’re already a customer, we hope this gives you even more confidence in your investment. If you’re evaluating us, know that security is not just a feature. It’s the foundation of everything we build.
To make the most of these faster, more frequent updates, be sure to check out our blog post on parallel patching. It’s designed to help you deploy Interim Fixes and Update Packs even more efficiently.