Lumension Guide to Patch Management Best Practices

Size: px
Start display at page:

Download "Lumension Guide to Patch Management Best Practices"

Transcription

1 Lumension Guide to Patch Management Best Practices With the sophistication and sheer volume of exploits targeting major applications and operating systems, the speed of assessment and deployment of security patches across your complex IT infrastructure is key to mitigating risks and remediating vulnerabilities. Here are the Lumension-recommended steps to cure your patch management headache. April 2012 WP-EN

2 Introduction Laying the Groundwork 1. Discover Assets 3 2. Agent Maintenance 4 3. Classify Value and Risk 8 4. Establish Workflow and Groups 8 5. Identify Test Groups Staff Training 14 Before Patch Tuesday 7. Schedule Resources Reserve Down-Time for Servers Watch for Pre-Announcements Confirm Reporting Up-to-Date Deploy missing updates and prerequisites 17 On Patch Tuesday 12. Study Vendor Information and Patch Tuesday Security Briefings Prioritize Potential Patches Change Control Staged Testing Installation of the Patches 22 After Patch Tuesday 17. Deployment History Calculate Time to Deploy Monitor for Compliance Checks and Balances Metrics Improvement 28 2

3 Introduction Patch and vulnerability management is a core component of your risk mitigation strategy. It is the first and last line of defense against existing and new exploits laying the foundation from which your AV and other security technologies work. As the sophistication and sheer volume of exploits targeting operating systems and major applications increases, the speed of assessment and deployment of security patches is key to mitigating risks and remediating vulnerabilities and reducing costs. In this best practice guide, we are going to take a deep dive into a best practice process for patch and vulnerability management, developed by Lumension over thousands of customer engagements. This process which is flexible and simple enough to be adapted into your environment revolves around the well-known monthly release of security updates from Microsoft known as Patch Tuesday, and includes: Laying the Groundwork for a Successful Patch Process Before Patch Tuesday On Patch Tuesday After Patch Tuesday Every company s Patch Management process is going to be a little bit different, but what s important about these best practices are: It s a repeatable cycle. It s based on calendar events in this case Microsoft s Patch Tuesday. It s iterative it can be tweaked based on what s learned from previous patch cycles. It s measureable. Documenting a process for the organization is really the best way to communicate the importance of patching your environment to the rest of the organization. In this best practice guide we chose to base the process on the well-known Patch Tuesday event, but you can align your patch process with other recurring IT tasks with equally effective results that works best for your organization. Laying the Groundwork This section is about gaining an understanding of the machines under management and preparing the Patch and Remediation process. At a high level, this means identifying the systems to be managed, defining the patch-roll out plan, and training the organization on the Patch and Remediation process. 1. Discover Assets Within Lumension Endpoint Management and Security Suite (L.E.M.S.S.), identify all hardware and software on the network and categorize them by platform, applications, depar tment, etc. In L.E.M.S.S., navigate to Discover > Assets 3

4 Follow the Discover Assets wizard to set up an Asset Discovery job. As a best practice, administrators will want to schedule a more frequent recurring scan to identify new endpoints that enter the network, then a less frequent scan as the number of machines under management stabilizes 2. Agent Maintenance Ensure that all endpoint assets in the network have been fully installed with an automated patch solution. Install new patch management agents where required, if this task has not yet been fully automated with a group policy, login script or other technique. Identify offline agents and last contact date either inside L.E.M.S.S. or by running the Endpoint Check-in report in Lumension Reporting Services (LRS), a free, integrated add-on to L.E.M.S.S. 4

5 You can either set up a recurring Asset Scan or an Asset Scan/Install Agents job. In L.E.M.S.S., navigate to Discover > Assets or Discover > Assets and Install Agents and follow the wizard to set up a recurring or onetime job. 5

6 We also recommend verifying agent availability and last check-in via LRS: Run the Asset Management report Endpoint Check-in in LRS. Select the desired date of last endpoint check-in ( Last Contact Date on or before ) typically your current date. The report displays the list of endpoints that have not checked-in with the server in a given timeframe. Ensure that agent communication is established with all the endpoints in your environment. Review endpoints that have not checked in recently and verify which endpoints need follow-up or attention prior to rolling out updates (training computers that are off vs. sales guy in field that needs to check in) 6

7 It may also be useful to verify the agent versions and operating systems of your endpoints through LRS, especially if you are planning to perform an upgrade to a newer version of L.E.M.S.S.: Run the Operational Report Agent Version and Operating System Distribution in LRS The report displays the mix of agent versions and operating systems in the endpoint environment, along with a detailed endpoint count. Ensure that all desired endpoints are listed, have the expected agent version(s) and communicate properly. 7

8 3. Classify Value and Risk Determine which systems are most critical to protect based on the assets housed and/or the function they provide. Define the level of risk by criticality of system and how prone it is to attack. Review your network topology and classify your assets by level of criticality. 4. Establish Workflow and Groups Determine ownership, permissions needed and responsibilities for threat identification, testing and remediation across security, IT and business units. Define correlating system groups. L.E.M.S.S. will predefine system groups based on desktops, servers, physical or virtual hardware, as well as operating systems. If more granular management is required, IT managers can create additional groups based on specific requirements, e.g. if servers are internet-facing, they may be grouped as high-risk but also as limited downtime. Use RBAC controls and set up permissions for desktop patch admin, server patch admin, as well as individuals who have reporting access only. Determine system ownership, uptime requirements, and patch windows for these machines. Define the patch cycle for different managed systems. Define users and roles within your organization and who needs access to which systems. On the Tools > Users and Roles page, select the Roles tab and either select and assign existing role(s) or create new roles. 8

9 Next, assign users to the selected role(s) from the Users tab. Set up your categorized assets in custom groups in L.E.M.S.S. On the Manage Groups page, click on Custom Groups. Navigate to View in the upper right corner and select Group Membership to create a custom group. Navigate to View in the upper right corner and select Endpoint Membership to assign endpoints to that group. Click on Manage to assign endpoints to that group. 9

10 Set Hours of Operation (HOP) for managed endpoints that require a specific patch window. On the Manage > Agent Policy Sets page, create a new agent policy and define the hours of operation. Then, apply that policy to specific endpoints or groups that require this HOP policy. 10

11 For machines managed over the WAN, it is recommended to set up a caching proxy per remote location to cache the package content. Deploy Lumension Caching Proxy 2.7 for Windows to a target machine in the remote location Create Agent Policy and set FastPath Servers Both Interval and Define Servers Manage > Agent Policy Sets > Select Create and Save when completed Apply Agent Policy to your custom group Manage Groups > Right-click on the group > Select Policies > Select Add > Select Agent Policy and click Save Note: Policy will not set until the next check-in to L.E.M.S.S. For more information on setting up a caching proxy please review the following resources: Best Practices Fast Path: KB article 523 Distribution Point (PDP) Does not Cache Large Deployment: KB article

12 5. Identify Test Groups Build a representative sample set of each type of machine based on steps 2 (Agent Maintenance) and 3 (Classify Value and Risk), in readiness for patch testing step 15 (Staged Testing). Make sure your test group includes a representative sample of platforms under management and includes a representative sample of applications in the environment, especially machines that have custom, in-house developed applications. As a best practice, at least one machine from each major group in the organization should be included in a test group. Once test groups have been identified, create custom groups for those test groups. On the Manage Groups page, click on Custom Groups. Navigate to View in the upper right corner and select Group Membership to create a custom group. 12

13 Navigate to View in the upper right corner and select Endpoint Membership, then click on Manage, select the desired endpoints and click Assign to assign these endpoints to that group. 13

14 6. Staff Training Train applicable staff on vulnerability monitoring and remediation techniques. At a minimum, administrators responsible for deploying Patch updates need to be trained in the Patch and Remediation application. As a best practice, there should be an internal resource for all employees to learn more about why it is important to keep machines in the organization fully patched. Use Lumension Learning resources to help build your internal staff training. Continued» 14

15 Before Patch Tuesday This section is about preparing the environment for the monthly patch deployment, including industry research on what is expected to be released by Microsoft and other application vendors and assess the impact of those planned releases to your managed machines. 7. Schedule Resources Allocate IT resources for Patch Tuesday while also integrating additional patch release schedules from thirdparty software, such as Adobe, Apple (ad hoc), Java and so forth. In addition, review the patching needs of any internally-developed applications and/or custom patches and consider deploying these patches as part of the monthly patch cycle. 8. Reserve Down-Time for Servers Reserve time slots to be able to deploy patch updates to any mission critical servers within 72 hours of the Patch Tuesday release. 9. Watch for Pre-Announcements Monitor security sites for pre-announcements of patches and discussion of vulnerabilities and possible zero-day exploits that they may address from sources such as Lumension Endpoint Intelligence Center (LEIC), Microsoft Security Response Center (MSRC), SANS Internet Storm Center, National Vulnerability Database (NVD), etc. In addition to reviewing vendor sites, we recommend setting up notifications within L.E.M.S.S. to receive an when new vulnerabilities have been replicated to L.E.M.S.S. 15

16 10. Confirm Reporting Up-to-Date Review last deployment reports via Lumension Reporting Services (LRS) and make sure all computers are being regularly scanned. Validate the L.E.M.S.S. application server is actively communicating with the global subscription service (GSS). To confirm recent deployments and ongoing scanning in LRS: Run the operational report Deployment Detail Select the group(s) that you are monitoring Review success/failure results (Patched and Complete %) To confirm communication with GSS in L.E.M.S.S.: 16

17 Go to the Tools > Subscription Updates page. Confirm that the Successful column shows true, indicating successful replication. If false is shown in any of the rows, troubleshoot to ensure replication. 11. Deploy missing updates and prerequisites Determine if your software is fully updated or if there are any missing Service Packs, hotfixes or rollups from prior months that are still outstanding. Remember that some patches won t install if you have missing prerequisites. Check that each machine in the defined group has received the latest Service Pack or update needed. To verify if your software is fully updated: In L.E.M.S.S., go to the Review > Software > Service Packs (Software Installers / Updates) page and investigate any missing service packs, hotfixes or rollups from prior months that 17

18 are still outstanding. Deploy missing updates: Deploy any missing updates directly from the page above by selecting the missing patches and clicking on Deploy. 18

19 On Patch Tuesday This section outlines the steps to prioritize the Security Patches released by Microsoft and other application vendors and to deploy those patches out to the machines managed in your environment. 12. Study Vendor Information and Patch Tuesday Security Briefings Microsoft and other vendors provide webinars, alerts and comprehensive online information on all new Patch Tuesday updates. Lumension offers a monthly Patch Tuesday Security Briefing as well as other patching guidance on the Lumension Optimal Security Blog, the Lumension Patch Tuesday Alerts webpage and in the Patch Tuesday newsletter. Important information to consider when understanding the impact of Patch Tuesday on your environment includes: What is the bulletin severity rating? Is the vulnerability known / publicly disclosed at the time of release? Does the vendor know of any active exploits at the time of release? How easily can the vulnerability be exploited once the bulletin is been released? 13. Prioritize Potential Patches With the vendor information gathered in step 12 (Study Vendor Information and Patch Tuesday Security Briefings), use patch impact (Critical, Important, etc.), asset risk and value to prioritize your systems for patch testing and deployment. Understand the applicability and impact of deploying these patches to your environment, especially critical machines. When making this assessment, consider: 1. Threat Level; 2. Known Active Exploits in the Wild; 3. Risk of Compromise; 4. Consequences of Compromise. 19

20 To review the released Patch Tuesday patches and their applicability in your endpoint environment, we recommend you use LRS and run the report Patch Release by Vendor The report provides a high-level overview of the applicability of the released bulletins to your managed endpoints and groups. It reflects the severity of and expected workload for that month s Patch Tuesday release and the organization s patch status. When choosing your parameters, we recommend selecting all the criticalities and the first day of the month. The report will then display the number of vulnerability patches and content released by each vendor in the top section and the vulnerability patches and content applicable to your environment in the Applicable section directly below. 14. Change Control Follow any internal planning and approval processes for agreeing on patch deployment. This may include following different processes for the server side than for the desktop side. Some organizations will have different change control processes for desktop machines than for server machines due to high uptime requirements for servers or to limit reboot interruptions for desktop users. 20

21 15. Staged Testing Testing each patch is vital; automated deployment is very risky and not advised. Be certain to test the patch in each environment of your previously defined groups and deploy the patches in phases. In addition, before remediation, and especially if there is a lack of time or resources to perform a test on the patch before deploying it on a production system, there is great benefit in joining patch user forums and learning what experiences others have had in installing or using the patch. Deploy applicable bulletins to test groups configured in step 5 (Identify Test Groups) above. Ensure successful deployment before rollout to additional groups in the environment. Pay special attention to impact to custom-developed, internal applications, especially when deploying Java updates. 21

22 Lumension Guide to Patch Management Best Practices 16. Installation of the Patches Stage deployments by system groups and prioritization. Start with smaller, low-risk groups, and validate that no problems occur, and then work your way to larger and higher-risk areas of the network. As a best practice, and especially if your servers have a limited maintenance window, it is recommended to cache all the patch content before deployment. If deployments are scheduled off-hours, take advantage of Wake-on-LAN settings to wake up any powered-down endpoints and ensure that they receive the content. In L.E.M.S.S., go to the Review > Vulnerabilities > New Vulnerabilities page, select content applicable to your environment and cache the packages associated with those binaries by selecting the bulletins and clicking on the Update Cache button. 22

23 Go to the Manage Groups page under the Vulnerabilities view and filter for new critical bulletins. Deploy bulletins that are applicable to that target group. After successful deployment, move on to other groups in your patching plan. 23

24 After Patch Tuesday This section is about assessing the success of the Patch and Remediation deployments in your environment. 17. Deployment History Maintain accurate records of all patches deployed. Validate that any necessary reboot(s) occurred and/or that your endpoints don t require a reboot. To confirm recent deployments in LRS: Run the operational report Deployment Detail Select the group(s) that you are monitoring Review success/failure results (Patched and Complete %) 24

25 18. Calculate Time to Deploy Measure how long it takes to get all servers, desktops and laptops fully patched in your organization. This is a great metric to measure against. Remain vigilant for laptops and VPN-connected systems that may connect days (or weeks) after the initial deployment. Fully patched and time to deploy success metrics may be defined differently for different organizations depending on the mobility of the machines being managed, how often the machines are online, or the type of machines under management, such as desktop or server. To strategize and organize patch deployments to the appropriate endpoints and endpoint groups, use LRS as follows: Run the report Patch Tuesday Monitoring Report Select the group(s) that you are monitoring The report provides a summary of the patch status for a selected group of machines for the critical patches released in the selected Patch Tuesday cycle. Set the Auto Refresh parameter to monitor the progress of deployments on endpoints in near-real-time. 25

26 19. Monitor for Compliance Make certain that new or rebuilt systems are base-lined for their appropriate systems group. Monitor for removal of patches. Create or update an existing mandatory baseline for future deployments. Upon successful deployment of bulletin content, add bulletins to mandatory baseline policies. Go the Manage > Groups page Select the Mandatory Baseline View Click on the Manage button Select bulletins to add to the mandatory baseline Click on the Assign button 26

27 20. Checks and Balances Review the Effectiveness of Patch Tuesday Remediations report in LRS to validate the deployment. To review the patch progress and effectiveness of deploying Patch Tuesday remediations and to understand the security posture and vulnerability compliance of the enterprise for Patch Tuesday patches released by Microsoft for the selected patch cycle, use LRS as follows: Run the report Effectiveness of Patch Tuesday Remediations Report Select the group(s) that you are monitoring The report provides an executive overview of the Patch Tuesday deployment status while also allowing drill-throughs to operational endpoint details. 27

28 21. Metrics Improvement Modify system settings, distribution parameters and so forth to further optimize the system for next month s updates. WAN optimization, polling frequency and minimizing the patches being detected can all help further optimize performance. Look for computers that did not receive updates at all or those that took unusually long to receive updates. Go the Manage > Groups page Identify any endpoints that are offline and/or have not been remediated. Troubleshoot the endpoints to determine why endpoints were not updated and modify deployments accordingly 28

29 About Lumension Security, Inc. Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, Antivirus and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Texas, Florida, Washington D.C., Ireland, Luxembourg, Singapore, the United Kingdom, and Australia. Lumension: IT Secured. Success Optimized. More information can be found at Lumension, Lumension Patch and Remediation, Lumension Vulnerability Management, IT Secured. Success Optimized., and the Lumension logo are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners. Global Headquarters 8660 East Hartford Drive, Suite 300 Scottsdale, AZ USA phone: fax: Vulnerability Management Endpoint Protection Data Protection Compliance and IT Risk Management 29

Lumension Endpoint Management and Security Suite

Lumension Endpoint Management and Security Suite Lumension Endpoint Management and Security Suite Patch and Remediation Module Evaluation Guide July 2012 Version 1.1 Copyright 2009, Lumension L.E.M.S.S:LPR - Table of Contents Introduction... 3 Module

More information

Closing the Antivirus Protection Gap

Closing the Antivirus Protection Gap A comparative study on effective endpoint protection strategies May 2012 WP-EN-05-07-12 Introduction Corporate economic concerns have put increased pressure on already limited IT resources in recent years

More information

Lumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation

Lumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation Lumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation Version 7.0 SP1 Evaluation Guide September 2010 Version 2.4 Copyright 2010, Lumension, Inc. Table of Contents Lumension Endpoint

More information

Practical Patch Compliance

Practical Patch Compliance Practical Patch Compliance Relieving IT Security Audit Pain, From the Data Center to the Desktop Microsoft s System Center Configuration Manager doesn t handle every aspect of Linux/UNIX and third-party

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

Lumension Endpoint Management and Security Suite Patch and Remediation 7.0 Service Pack 1 Migration Guide

Lumension Endpoint Management and Security Suite Patch and Remediation 7.0 Service Pack 1 Migration Guide Lumension Endpoint Management and Security Suite Patch and Remediation 7.0 Service Pack 1 Migration Guide Planning your migration with Service Pack 1 This document provides guidance for customers who plan

More information

Federal Cyber Security Outlook for 2010

Federal Cyber Security Outlook for 2010 Federal Cyber Security Outlook for 2010 National IT Security Challenges Mounting How well prepared are IT professionals within U.S. government agencies to respond to foreign cyber threats? Will government

More information

Think Your Anti-Virus Software Is Working? Think Again.

Think Your Anti-Virus Software Is Working? Think Again. Think Your Anti-Virus Software Is Working? Think Again. As attacks proliferate, anti-virus software can t keep up. Fortunately, there s a better way. We ve been so bombarded by computer viruses, worms,

More information

Northwestern University Dell Kace Patch Management

Northwestern University Dell Kace Patch Management Northwestern University Dell Kace Patch Management Desktop Patch Management Best Practices Table of Contents: 1. Audience 2. Definition 3. Patch Approaches 4. Guidelines for Review, Test, and Deploy 5.

More information

Why Free Patch Management Tools Could Cost You More

Why Free Patch Management Tools Could Cost You More Why Free Patch Management Tools Could Cost You More Selecting the right solution can save your organization time and money By KACE & Lumension Table of Contents 1.0 Introduction... 3 2.0 Point Patching

More information

Lumension Endpoint Management and Security Suite

Lumension Endpoint Management and Security Suite Lumension Endpoint Management and Security Suite Platform Evaluation Guide July 2012 v1.2 Copyright 2012, Lumension Table of Contents Lumension Endpoint Management and Security Suite... 1 Platform Evaluation

More information

How PatchLink Meets the Top 10 Requirements for Enterprise Patch and Vulnerability Management. White Paper Sept. 2006

How PatchLink Meets the Top 10 Requirements for Enterprise Patch and Vulnerability Management. White Paper Sept. 2006 How PatchLink Meets the Top 10 Requirements for Enterprise Patch and Vulnerability Management White Paper Sept. 2006 Introduction It happens, five, ten, twenty times a month: A hardware or software vendor

More information

Novell. ZENworks Patch Management Design, Deployment and Best Practices. Allen McCurdy Sr. Technical Specialist amccurdy@novell.

Novell. ZENworks Patch Management Design, Deployment and Best Practices. Allen McCurdy Sr. Technical Specialist amccurdy@novell. Novell ZENworks Patch Management Design, Deployment and Best Practices Steve Broadwell Sr. Solutions Architect sbroadwell@novell.com Allen McCurdy Sr. Technical Specialist amccurdy@novell.com Agenda General

More information

Dell KACE K1000 System Management Appliance Version 5.4. Patching and Security Guide

Dell KACE K1000 System Management Appliance Version 5.4. Patching and Security Guide Dell KACE K1000 System Management Appliance Version 5.4 Patching and Security Guide October 2012 2004-2012 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without

More information

Patch Management Reference

Patch Management Reference www.novell.com/documentation Patch Management Reference ZENworks 11 SP3 February 2014 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,

More information

Installing and Administering VMware vsphere Update Manager

Installing and Administering VMware vsphere Update Manager Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document

More information

Patch Management Reference

Patch Management Reference Patch Management Reference ZENworks 11 www.novell.com/documentation Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically

More information

Devising a Server Protection Strategy with Trend Micro

Devising a Server Protection Strategy with Trend Micro Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper Trend Micro, Incorporated» A detailed account of why Gartner recognizes Trend Micro as a leader in Virtualization and Cloud

More information

Printed and bound in the United States of America. First Printing

Printed and bound in the United States of America. First Printing PUBLISHED BY Microsoft Press A division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright 2015 by Microsoft Corporation All rights reserved. No part of the contents of

More information

Patch Management. Picking the Low-Hanging Fruit. Why fixing third-party application vulnerabilities is at

Patch Management. Picking the Low-Hanging Fruit. Why fixing third-party application vulnerabilities is at Patch Management Picking the Low-Hanging Fruit Why fixing third-party application vulnerabilities is at the core of sound information security and how to make sure patch management is optimizing your security

More information

Devising a Server Protection Strategy with Trend Micro

Devising a Server Protection Strategy with Trend Micro Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper» Trend Micro s portfolio of solutions meets and exceeds Gartner s recommendations on how to devise a server protection strategy.

More information

Vulnerability Management ROI Calculator User Guide. v2.0 Monday, September 29, 2008. www.lumension.com. Copyright 2008, Lumension Security

Vulnerability Management ROI Calculator User Guide. v2.0 Monday, September 29, 2008. www.lumension.com. Copyright 2008, Lumension Security Vulnerability Management ROI Calculator User Guide v2.0 Monday, September 29, 2008 Copyright 2008, Lumension Security www.lumension.com Vulnerability Management ROI Calculator Overview The Lumension Security

More information

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1 Quick Install Guide Lumension Endpoint Management and Security Suite 7.1 Lumension Endpoint Management and Security Suite - 2 - Notices Version Information Lumension Endpoint Management and Security Suite

More information

Scanless Vulnerability Assessment:

Scanless Vulnerability Assessment: Scanless Vulnerability Assessment: Skybox Security whitepaper July 2014 1 Overview Vulnerability scanning, or the process of identifying a list of known security gaps in the network environment, is the

More information

UP L04 Introduction to 3 rd Party Patching Using the 4A Model Hands-On Lab

UP L04 Introduction to 3 rd Party Patching Using the 4A Model Hands-On Lab UP L04 Introduction to 3 rd Party Patching Using the 4A Model Hands-On Lab Description The objective of this course is to introduce students to the various concepts of 3rd party patching. Students will

More information

ALTIRIS Patch Management Solution 6.2 for Windows Help

ALTIRIS Patch Management Solution 6.2 for Windows Help ALTIRIS Patch Management Solution 6.2 for Windows Help Notice Altiris Patch Management Solution 6.2 2001-2006 Altiris, Inc. All rights reserved. Document Date: February 13, 2007 Protected by one or more

More information

User Guide. Lumension Endpoint Management and Security Suite Patch and Remediation 8.0

User Guide. Lumension Endpoint Management and Security Suite Patch and Remediation 8.0 User Guide Lumension Endpoint Management and Security Suite Patch and Remediation 8.0 Lumension Endpoint Management and Security Suite: Patch and Remediation - 2 - Notices Version Information Lumension

More information

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide Altiris Patch Management Solution for Windows 7.5 SP1 from Symantec User Guide The software described in this book is

More information

Patch Management SoftwareTechnical Specs

Patch Management SoftwareTechnical Specs Patch Management SoftwareTechnical Specs 1. Scalable: a. The PMS (Patch Management Software)must be scalable(can grow as network grows). b. The PMSmust be able to support more than 10k nodes from a single

More information

HP Server Automation Enterprise Edition

HP Server Automation Enterprise Edition HP Server Automation Enterprise Edition Software Version: 10.0 User Guide: Server Patching Document Release Date: June 13, 2013 Software Release Date: June 2013 Legal Notices Warranty The only warranties

More information

Closing the Vulnerability Gap of Third- Party Patching

Closing the Vulnerability Gap of Third- Party Patching SOLUTION BRIEF: THIRD-PARTY PATCH MANAGEMENT........................................ Closing the Vulnerability Gap of Third- Party Patching Who should read this paper IT Managers who are trying to manage

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide The software described in this book is furnished

More information

Patch Management Reference

Patch Management Reference www.novell.com/documentation Patch Management Reference ZENworks 11 SP4 November 2015 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,

More information

AV Management Dashboard

AV Management Dashboard LabTech AV Management Dashboard AV MANAGEMENT DASHBOARD... 1 Overview... 1 Requirements... 1 Dashboard Overview... 2 Clients/Groups... 2 Offline AV Agents... 3 Threats... 3 AV Product... 4 Sync Agent Data

More information

Symantec's Continuous Monitoring Solution

Symantec's Continuous Monitoring Solution Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................

More information

Dell KACE K1000 Management Appliance. Patching and Security Guide. Release 5.3. Revision Date: May 13, 2011

Dell KACE K1000 Management Appliance. Patching and Security Guide. Release 5.3. Revision Date: May 13, 2011 Dell KACE K1000 Management Appliance Patching and Security Guide Release 5.3 Revision Date: May 13, 2011 2004-2011 Dell, Inc. All rights reserved. Information concerning third-party copyrights and agreements,

More information

Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager

Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager July 2013 Deepti Madhu Krishnaprasad K Deploying Dell OpenManage Server Administrator on

More information

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE TRIPWIRE PURECLOUD TRIPWIRE PureCloud USER GUIDE 2001-2015 Tripwire, Inc. All rights reserved. Tripwire and ncircle are registered trademarks of Tripwire, Inc. Other brand or product names may be trademarks

More information

Managed Antivirus Quick Start Guide

Managed Antivirus Quick Start Guide Quick Start Guide Managed Antivirus In 2010, GFI Software enhanced its security product offering with the acquisition of Sunbelt Software and specifically its VIPRE product suite. Like GFI Software, Sunbelt

More information

Microsoft Forefront Endpoint Protection 2010 Evaluation Guide

Microsoft Forefront Endpoint Protection 2010 Evaluation Guide Forefront Endpoint Protection 2010, the next version of Forefront Client Security, enables businesses to simplify and improve endpoint protection while greatly reducing infrastructure costs. It builds

More information

VMware vcenter Update Manager Administration Guide

VMware vcenter Update Manager Administration Guide VMware vcenter Update Manager Administration Guide Update 1 vcenter Update Manager 4.0 This document supports the version of each product listed and supports all subsequent versions until the document

More information

The Top 10 Requirements for Effective Enterprise Patch and Vulnerability Management. White Paper April 2006

The Top 10 Requirements for Effective Enterprise Patch and Vulnerability Management. White Paper April 2006 The Top 10 Requirements for Effective Enterprise Patch and Vulnerability Management White Paper April 2006 Keeping up with the steady flow of new patches being released for both platforms and applications

More information

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Vulnerability Manager IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk

More information

Data Sheet: Archiving Altiris Client Management Suite 7.0 from Symantec Deploy, manage, secure, and troubleshoot

Data Sheet: Archiving Altiris Client Management Suite 7.0 from Symantec Deploy, manage, secure, and troubleshoot Deploy, manage, secure, and troubleshoot Overview The cost of a PC is only a small part of its total cost. Nearly 80 percent of the total cost of owning a client system goes toward the support and maintenance

More information

Q A F 0 3. ger A n A m client dell dell client manager 3.0 FAQ

Q A F 0 3. ger A n A m client dell dell client manager 3.0 FAQ DELL CLIENT MANAGER 3.0 FAQ dell client manager 3.0 FAQ Do i need to license dell client manager standard edition? 2 What are the system requirements and prerequisites for installation? 2 When installing

More information

Release Notes for Websense Email Security v7.2

Release Notes for Websense Email Security v7.2 Release Notes for Websense Email Security v7.2 Websense Email Security version 7.2 is a feature release that includes support for Windows Server 2008 as well as support for Microsoft SQL Server 2008. Version

More information

Vulnerability Scanning and Patch Management

Vulnerability Scanning and Patch Management Vulnerability Scanning and Patch Management Vulnerability Scanning and Patch Management Security vulnerabilities remain amongst the most disruptive and damaging types of problem experienced in real-world

More information

Integrated Threat & Security Management.

Integrated Threat & Security Management. Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate

More information

CA Vulnerability Manager r8.3

CA Vulnerability Manager r8.3 PRODUCT BRIEF: CA VULNERABILITY MANAGER CA Vulnerability Manager r8.3 CA VULNERABILITY MANAGER PROTECTS ENTERPRISE SYSTEMS AND BUSINESS OPERATIONS BY IDENTIFYING VULNERABILITIES, LINKING THEM TO CRITICAL

More information

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9) Nessus Enterprise Cloud User Guide October 2, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Enterprise Cloud... 3 Subscription and Activation... 3 Multi Scanner Support... 4 Customer Scanning

More information

Shavlik Patch for Microsoft System Center

Shavlik Patch for Microsoft System Center Shavlik Patch for Microsoft System Center User s Guide For use with Microsoft System Center Configuration Manager 2012 Copyright and Trademarks Copyright Copyright 2014 Shavlik. All rights reserved. This

More information

Kaseya 2. User Guide. Version 7.0. English

Kaseya 2. User Guide. Version 7.0. English Kaseya 2 Patch Management User Guide Version 7.0 English September 3, 2014 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS

More information

Patch Management Table of Contents:

Patch Management Table of Contents: Table of Contents: Manage Machines Manage Updates Patch Policy Configure Patch Parameters 153 Chapter 5 - Sadjadi et al. Introduction As new operating system and software updates are released in an ever

More information

Data Sheet: Endpoint Management Altiris Client Management Suite 7.0 Deploy, manage, secure, and troubleshoot

Data Sheet: Endpoint Management Altiris Client Management Suite 7.0 Deploy, manage, secure, and troubleshoot Deploy, manage, secure, and troubleshoot Overview The cost of a PC is only a small part of its total cost. Nearly 80 percent of the total cost of owning a client system goes toward the support and maintenance

More information

Patch Management Best Practices

Patch Management Best Practices Patch Management Best Practices What is Patch Management? Patch management is the practice of reviewing, understanding, testing, deploying and reconciling the deployment state for software product updates.

More information

Kaseya Server Instal ation User Guide June 6, 2008

Kaseya Server Instal ation User Guide June 6, 2008 Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's

More information

Complete Patch Management

Complete Patch Management Complete Patch Management Complete - Flexible Unique In- Depth Secunia CSI 7 Corporate Software Inspector Take control of the vulnerability threat and optimize your IT security investments. The Secunia

More information

HP Client Automation Standard Fast Track guide

HP Client Automation Standard Fast Track guide HP Client Automation Standard Fast Track guide Background Client Automation Version This document is designed to be used as a fast track guide to installing and configuring Hewlett Packard Client Automation

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

Sophos Cloud Migration Tool Help. Product version: 1.0

Sophos Cloud Migration Tool Help. Product version: 1.0 Sophos Cloud Migration Tool Help Product version: 1.0 Document date: June 2015 Contents 1 About the Sophos Cloud Migration Tool...4 2 How does Sophos Cloud differ from on-premise management?...5 3 How

More information

IBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide

IBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation

More information

Securing the Microsoft Environment Using Desktop Patch Management

Securing the Microsoft Environment Using Desktop Patch Management Securing the Microsoft Environment Using Desktop Patch Management Published: February 2009 In an enterprise organization such as Microsoft, it's mission critical to maintain a secure environment by keeping

More information

Total Protection for Compliance: Unified IT Policy Auditing

Total Protection for Compliance: Unified IT Policy Auditing Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.

More information

Unicenter Patch Management

Unicenter Patch Management Unicenter Patch Management Best Practices for Managing Security Updates R11 This documentation (the Documentation ) and related computer software program (the Software ) (hereinafter collectively referred

More information

Track-It! 8.5. The World s Most Widely Installed Help Desk and Asset Management Solution

Track-It! 8.5. The World s Most Widely Installed Help Desk and Asset Management Solution The World s Most Widely Installed Help Desk and Asset Management Solution Key Benefits Easy to use! Gain full control of your IT assets, hardware and software Simplify software license management Save

More information

LANDesk Management Suite 9.0. Getting started with Patch Manager

LANDesk Management Suite 9.0. Getting started with Patch Manager LANDesk Management Suite 9.0 Getting started with Patch Manager DOWNLOAD PATCH CONTENT TO THE CORE SERVER INTRODUCTION This document is intended to assist LANDesk Management Suite administrators with implementing

More information

Virtual Patching: a Proven Cost Savings Strategy

Virtual Patching: a Proven Cost Savings Strategy Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes

More information

3 Strategies to Protect Endpoints from Risky Applications

3 Strategies to Protect Endpoints from Risky Applications 3 Strategies to Protect Endpoints from Risky Applications Though most organizations have invested considerable time and effort in improving their endpoint risk management processes, many of them are ill-equipped

More information

Intelligent Whitelisting:

Intelligent Whitelisting: Intelligent Whitelisting: An Introduction to More Effective and Efficient Endpoint Security The volume and sophistication of malware is skyrocketing, and traditional anti-virus approaches are struggling

More information

Patch Management. Module 13. 2012 VMware Inc. All rights reserved

Patch Management. Module 13. 2012 VMware Inc. All rights reserved Patch Management Module 13 You Are Here Course Introduction Introduction to Virtualization Creating Virtual Machines VMware vcenter Server Configuring and Managing Virtual Networks Configuring and Managing

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013 Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager Install Guide Idera Inc., Published: April 2013 Contents Introduction to the Idera SQL Diagnostic Manager Management

More information

NMS300 Network Management System

NMS300 Network Management System NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate

More information

Tutorial. Patch Management

Tutorial. Patch Management Tutorial Patch Management 2011 DeskCenter Solutions AG Table of Contents 1. Introduction...3 2. Software deployer...4 2.1 Preparing the software deployer...4 2.2 Configuring software deployers...4 3. Central

More information

Citrix EdgeSight Administrator s Guide. Citrix EdgeSight for Endpoints 5.3 Citrix EdgeSight for XenApp 5.3

Citrix EdgeSight Administrator s Guide. Citrix EdgeSight for Endpoints 5.3 Citrix EdgeSight for XenApp 5.3 Citrix EdgeSight Administrator s Guide Citrix EdgeSight for Endpoints 5.3 Citrix EdgeSight for enapp 5.3 Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior

More information

INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET)

INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 3,

More information

PROTECTION & CONTROL. Unified. Lumension Security provides proactive endpoint protection and control through best-of-breed policy-based solutions.

PROTECTION & CONTROL. Unified. Lumension Security provides proactive endpoint protection and control through best-of-breed policy-based solutions. Unified PROTECTION & CONTROL Lumension Security provides proactive endpoint protection and control through best-of-breed policy-based solutions. putting security in a positive light putting security in

More information

Altiris Patch Management Solution for Windows 7.1 from Symantec Release Notes

Altiris Patch Management Solution for Windows 7.1 from Symantec Release Notes Altiris Patch Management Solution for Windows 7.1 from Symantec Release Notes Altiris Patch Management Solution for Windows 7.1 from Symantec Release Notes The software described in this book is furnished

More information

NetBrain Security Guidance

NetBrain Security Guidance NetBrain Security Guidance 1. User Authentication and Authorization 1.1. NetBrain Components NetBrain Enterprise Server includes five components: Customer License Server (CLS), Workspace Server (WSS),

More information

EML-09 Keeping Operating Systems and Applications up to date with Patch Management 7.1

EML-09 Keeping Operating Systems and Applications up to date with Patch Management 7.1 EML-09 Keeping Operating Systems and Applications up to date with Patch Management 7.1 Description Maintianing consistant and current patch status is a critical part of any security strategy. In this lab,

More information

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015 QualysGuard WAS Getting Started Guide Version 4.1 April 24, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.

More information

IBM Tivoli Provisioning Manager V 7.1

IBM Tivoli Provisioning Manager V 7.1 IBM Tivoli Provisioning Manager V 7.1 Preparing for patch management in a small environment 2011 IBM Corporation Welcome to the training module for Tivoli Provisioning Manager version 7.1, preparing for

More information

MSP Center Plus Features Checklist

MSP Center Plus Features Checklist Features Checklist Your evaluation is not complete until you check out top vendors and the price. Here is a list prepared based customer queries. Features General Easy web interface with admin, technician,

More information

Lumension AntiVirus. Best Practice Implementation Guide

Lumension AntiVirus. Best Practice Implementation Guide Lumension AntiVirus Best Practice Implementation Guide This document provides a best practice workflow to act as a guide for administrators when implementing L.E.M.S.S.: AntiVirus 23/Dec/2013 Version 1.0

More information

AllianceIT Managed Services

AllianceIT Managed Services AllianceIT Managed Services confidence predictability productivity focus Uncertainty is a business killer. To be successful, companies have to know that their critical IT systems will be available on demand

More information

System Center Configuration Manager 2007

System Center Configuration Manager 2007 System Center Configuration Manager 2007 Software Distribution Guide Friday, 26 February 2010 Version 1.0.0.0 Baseline Prepared by Microsoft Copyright This document and/or software ( this Content ) has

More information

WHITEPAPER Map, Monitor, and Manage Distributed Applications in System Center 2012

WHITEPAPER Map, Monitor, and Manage Distributed Applications in System Center 2012 WHITEPAPER Map, Monitor, and Manage Distributed Applications in System Center 2012 The Challenge: Managing Distributed Applications in System Center 2012 System Center 2012 gives IT Operations managers

More information

CLOUD SECURITY FOR ENDPOINTS POWERED BY GRAVITYZONE

CLOUD SECURITY FOR ENDPOINTS POWERED BY GRAVITYZONE CLOUD SECURITY FOR ENDPOINTS POWERED BY GRAVITYZONE Quick Start Guide for Partners Cloud Security for Endpoints powered by GravityZone Quick Start Guide for Partners Publication date 2013.10.28 Copyright

More information

WHITE PAPER. iet ITSM Enables Enhanced Service Management

WHITE PAPER. iet ITSM Enables Enhanced Service Management iet ITSM Enables Enhanced Service Management iet ITSM Enables Enhanced Service Management Need for IT Service Management The focus within the vast majority of large and medium-size companies has shifted

More information

7.5 7.5. Spotlight on Messaging. Evaluator s Guide

7.5 7.5. Spotlight on Messaging. Evaluator s Guide 7.5 Spotlight on Messaging 7.5 Evaluator s Guide 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

Managing non-microsoft updates

Managing non-microsoft updates Managing non-microsoft updates With Microsoft s System Center Configuration Manager secunia.com 1 How to patch all your programs directly in Microsoft System Center 2012 A common perception is that System

More information

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with

More information

Managed Service Plans

Managed Service Plans Managed Service Plans www.linkedtech.com 989.837.3060 989.832.2802 fax Managed Information Technology Services System downtime, viruses, spy ware, losses of productivity Are the computer systems you rely

More information

Foglight 1.0.0.0. Cartridge for Active Directory Installation Guide

Foglight 1.0.0.0. Cartridge for Active Directory Installation Guide Foglight 1.0.0.0 Cartridge for Active Directory Installation Guide 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described

More information

Software Vulnerability Assessment

Software Vulnerability Assessment Software Vulnerability Assessment Setup Guide Contents: About Software Vulnerability Assessment Setting Up and Running a Vulnerability Scan Manage Ongoing Vulnerability Scans Perform Regularly Scheduled

More information

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Desktop Activity Intelligence

Desktop Activity Intelligence Desktop Activity Intelligence Table of Contents Cicero Discovery Delivers Activity Intelligence... 1 Cicero Discovery Modules... 1 System Monitor... 2 Session Monitor... 3 Activity Monitor... 3 Business

More information