Attackers are using AI to find and chain vulnerabilities faster than many organizations can patch, which changes the math on how infrastructure should be defended.

This session argues that patching is only one piece, and that durable defense comes from assuming compromise and limiting what an attacker can do next.

Using VMware Cloud Foundation (VCF), it works through a defense-in-depth sequence: making identity hard to compromise with VCF SSO, limiting lateral movement with network access control and the vDefend advanced service, gaining visibility through logging and detection, and de-risking patching with Live Patch so updates apply without downtime.

A closing theme ties it together: the process investments that make patching safe also make ransomware recovery, hardware failure, and human error survivable.