July 05, 2022 / LA / Reading time: 3 min

Hardening vs. patching: Expert talk with Klaus Jochem

Industrial IT Security – a topic that was often ignored a few years ago has developed over time into one of the central areas of Industry 4.0. The best way to secure production systems and ensure a reliable production process now occupies entire departments.


In this expert talk, we shed light on the topic of “hardening vs. patching” together with our interview partner Klaus Jochem and address the following questions:

  • Do you need both in production environments, or is one sufficient?
  • Would it be enough to define an application whitelisting and set rules without continuing to patch?
  • And what is the panacea for making industrial IT systems more secure in production?


A look at their CVs shows that both interview partners know what they are talking about. Klaus Jochem can look back on more than 30 years of professional experience in the field of IT security in the manufacturing industry and now works as an independent IT security consultant for companies in the manufacturing and CRITIS sectors. Peter Lukesch, COO of ondeso, worked for a long time as an IT security officer in a NATO task force and as an officer in the German Air Force and was also responsible for IT security in office and production environments as an IT director.


Here you can find the recording:
(German only)


By loading the video, you agree to YouTube's data processing.
Learn more

Load video


Would you like a little preview?

According to Klaus Jochem, hardening is one of the “most fundamental measures of all”. So what does hardening mean? System hardening is a term for a process in which applications and IT systems are reconfigured to protect against attacks. This can mean turning off outdated protocols or implementing new access policies.

Application whitelisting is also one of the possible measures, but according to Jochem, it “has a limit of effectiveness” and “as soon as you have a lot of individual systems […] the workload can increase immeasurably. But if patching is not possible, then application whitelisting, at least at network boundaries, i.e., at points where malware flies in, would be a very good approach to at least be able to block software there.” And if patching is possible, then patch management planning is of great importance, freely following the motto: “prior proper planning prevents poor performance.”

And we at ondeso are also being asked more and more frequently “What is the panacea for making industrial IT systems more secure in production?” After almost 12 years of company history and countless customer projects later, our answer is this: Unfortunately, there is no panacea, but through the combination and targeted use of a wide variety of measures, the attack surfaces can be significantly reduced. You can find more information in the video of the expert talk.


Any questions?

If you would like to learn more about the implementation of the various measures, tailored to your company, please contact us or send us a message!


Software & Update Distribution

Integrate installations and updates into the ongoing operation of your production.


About ondeso

Here you can learn more about our company and our expertise as a pioneer and market leader.



Here you will find an overview of our products and solutions.


Contact us

Would you like to learn more? Do not hesitate to contact us, we will be happy to help you.