Focusing on the fact that traditional exercises are not competition to the ad-hoc techniques that we can combine. The lack of providers for the topic is clear, they hardly comply with management as a service (evaluation of patch impact, window management, app testing, rollback and workarounds, etc.), patch managers are expensive and also require maintenance, for now at least. Therefore, creativity and combinations (coupled with automation) are a light on the way. On the other hand, traditional techniques or “semi-annual photos” of vulnerabilities are not enough today. The number of updates and their mutation from low to critical that a CVE may have requires real-time monitoring, added to virtual patching and container playbooks or isolators. Increasingly needing a lubricated process in the management of changes and/or crises, a live risk matrix and mainly, an exclusive synergy between Security and Infrastructure