Abstract
<jats:p>The purpose of the study is analysis of cyber threats exploiting vulnerabilities in network equipment due to untimely software updates, development of a process model for centralized update management that provides rapid response to emerging cyber threats in accordance with the requirements of regulatory documents and information security standards (FSTEC, GOST, ISO/IEC 27001/27002). The methodological basis of the study consists of an analysis of regulatory requirements and vulnerability management practices, a process approach (PDCA), as well as a set of scanning methods: SNMPv3 surveys for version and inventory control, authenticated SSH/CLI audit, checks for updates and compliance with policies. The results of the study. The results of the study. An original process model for centralized updating of network equipment software has been substantiated and described, built around the cycle «identification — prioritization — installation — verification» and integrated with cyber threat monitoring systems. The proposed approach is the first to combine the principles of centralized management with adaptive update prioritization based on current threat analysis, which significantly reduces response time to cyber-attacks and simplifies update management on distributed network resources. Research perspectives. Development is envisaged in terms of deep integration with SCAP/CMDB/SIEM and further automation of updates; application of the results in the public sector/CII requires formalized update installation plans and certification reports.</jats:p>