Some companies see cybersecurity as a cost center. We see things a little different. LEARN MORE >

attention Experiencing a Breach?
Contact Us
CISO Solutions

Our seasoned Chief Information Security Officers bring strategic guidance to your leadership team, helping you right-size your cybersecurity operations.

Managed Cybersecurity

A full suite of manage solutions from our US-based Security Operations Center (SOC)—staffed 24x7x365 by a full team of experienced analysts.

Incident Response

You can count on our IR team to contain the damage from a cyberattack, investigate the origins of the breach and build better protections for the future.

Why Inversion6

With an abundance of solutions and providers, the task of choosing the right option is critical and can sometimes be overwhelming.

Contact Us
About
Insights
Resources
Events
News
BLOG

Turning Security Debt into a Solid Foundation with Patch Management

How Inversion6 Helped a Global Manufacturer Close 500+ Vulnerabilities and Start Building a Security Program for the Future.

Patch management case study — manufacturer closed 515 vulnerabilities
LISTEN TO THE AUDIO OVERVIEW

By Craig Burland, Chief Information Security Officer, Inversion6  |  Published 04/27/2026

93%
Critical Findings Closed
78%
High Findings Closed
515
Weaknesses Remediated

Key Results

  • 515 weaknesses remediated across identity, Active Directory, legacy services, and patch management over five months.
  • Critical findings dropped from 321 to 23 — a 93% reduction.
  • High findings dropped from 214 to 48 — a 78% reduction.
  • Sprint-based remediation model with a 10-person cross-functional working group meeting semi-weekly.
  • Outcome: A repeatable patch management discipline with governance, prioritization, and cross-functional ownership — not just a one-time cleanup.

The Client

A large, globally distributed manufacturer with complex Windows infrastructure and a broad operational technology (OT) footprint. The company had accumulated significant security debt and internal teams lacked the bandwidth and tooling to systematically identify, prioritize and close vulnerabilities at scale.

Periodic patching efforts existed in name—but without formal policy, recurring governance or risk-based prioritization, the program had no real teeth.


The Challenge

An automated penetration testing assessment surfaced what the organization already suspected: the environment carried a dense concentration of exploitable weaknesses across identity, Active Directory, legacy services, and patch management.

Many of the findings mapped directly to attacker playbooks in active use — credential relay, NTLM coercion, credential dumping and lateral movement through misconfigured AD trust paths.

In other words, the risk was real, present and measurable.


The Approach

Inversion6 partnered with the client’s internal teams and a third-party technology partner to design and execute a structured, sprint-based remediation program.

Over five months, a core working group of ten people — spanning security, IT operations and leadership — met on a semi-weekly cadence to govern progress, resolve blockers and sustain momentum.

“One of the most important things we did, in addition to reducing risk, was share experiences about what worked — how to engage other teams, how to talk about priorities and how to develop repeatable processes. Building a patching program takes discipline, conviction and leadership. It’s an absolute grind.”
— Craig Burland, CISO, Inversion6

Three Principles Anchored the Engagement

  1. Risk-based prioritization — Critical and High findings drove the work queue using severity, exploitability and business exposure.
  2. Tooling as a forcing function — The team used automated penetration testing to validate real, exploitable risk and verify remediation.
  3. Leadership engagement — Decision-makers participated directly, eliminating delays and organizational friction.

Inversion6 provided the strategic framing, technical expertise and program leadership to keep the engagement focused and moving.


What the Assessment Revealed

Risk ThemeRepresentative FindingsBusiness Risk
Identity & AuthenticationWeak credentials, password spray exposure, local admin abuseUnauthorized access, lateral movement
NTLM & AD HardeningNTLM relay, SMB signing disabled, poisoning attacksDomain-wide compromise
Legacy ServicesAnonymous FTP, Telnet, insecure servicesExpanded attack surface
Privilege EscalationAD misconfigurations, credential dumpingFull enterprise takeover
Patch & SecretsRCE vulnerabilities, exposed keysPersistent attacker access


Results

Over 5 sprints, the team closed 515 weaknesses — including 93% of Critical and 78% of High findings.

Critical findings dropped from 321 to just 23. High findings fell from 214 to 48.

Beyond the numbers, the organization gained something more important: a functioning patch management discipline with governance, prioritization and cross-functional ownership.


What’s Next

The tactical wins of this engagement are a foundation, not a finish line.

The remaining backlog and future findings will require sustained effort and a shift from project-based remediation to a long-term program.

  • Formal patch management policies and SLAs
  • Hardening standards across identity and infrastructure
  • Dedicated resources and tooling
  • Continuous vulnerability scanning
  • Threat intelligence integration

Without these, environments inevitably backslide.

The goal is a program that continuously finds and closes vulnerabilities before attackers exploit them.

Need to Tackle Your Own Backlog?

Whether you're dealing with years of security debt or building for the future, Inversion6 can help you move forward with structure, speed and measurable results.

Learn More

Services

Partners

Why Inversion6

Insights

© Inversion6 |

All Rights Reserved

| info@inversion6.com |

216.535.4100

| Privacy Policy | Sitemap