What is the most effective control for addressing zero-day vulnerabilities?

Patching management is the most effective control for addressing zero-day vulnerabilities because it involves the timely application of software updates provided by vendors. When a zero-day vulnerability is discovered, developers often work to issue patches that rectify the security flaws. By implementing a robust patch management strategy, organizations can quickly deploy these updates across their systems, thereby mitigating the risks posed by known vulnerabilities.

While employee training on security policies is important for overall security awareness, it does not directly address vulnerabilities in the software itself. Network segmentation helps reduce the attack surface but does not specifically patch vulnerabilities. Intrusion detection systems can alert organizations about potential breaches or attacks but do not prevent the exploitation of zero-day vulnerabilities. Therefore, patching management stands out as the most proactive and direct method for protecting against the threats posed by these specific types of vulnerabilities.