Stop patching your machines.
Seriously. You know, patching is overrated. IBM releases an urgent security alert for their OS, and you can just ignore it. They don’t know shit. Red Hat releases a security update, saying that you need to apply it. Screw them, they’re morons. And Solaris would never have a security hole, so why would you need to patch it?
If you want to seem like you’re doing something, like, say, if an auditor is hanging around, subscribe them to the Red Hat Network. It’ll look good, and then you can watch as the number of errata for your systems climbs into the hundreds.
And managers, the single best way to impress me as a tech is to tell me that things like patching machines is taking too much of your group’s time, and it needs to stop. You are clever, and have definitely stumbled upon a deep well of lost staff time. If you do get hacked you get to rebuild all the hacked machines later, but that’s good because it doesn’t take long, and let’s you clean the servers up.
If you’re worried about not patching, remember that a firewall will also keep you completely safe. Firewalls are the only things that effectively block hackers, especially if they run Linux. My suggestion for firewalls is that you find one that is stable, plug it in, and forget it. Don’t bother with a support contract, either — it’s just a waste of money. Updates for firewall firmware (or the OS if it’s Linux) are just going to destabilize the equipment, because that’s how vendors make money. If you resist buying in to their support contract propaganda you’ll have all that extra money to do neat, cool things, and lots of time to do it in.