Patch management point solution. Platform. Patch Management Point Solution



Similar documents
2003 Desktop Software Distribution Magic Quadrant

CIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader

The PC life cycle configuration management Market Overview

How to Develop an Effective Vulnerability Management Process

SAN Management Software Magic Quadrant

Business Applications and Infrastructure Entwined

PLM Eclipses CPC as a Software Market

Don't Pay to Support CRM 'Shelfware'

NetIQ Chariot and Application Scanner for Application Performance Management

2003 Enterprise Backup/Restore Magic Quadrant

SIEM and IAM Technology Integration

Security and Identity Management Auditing Converge

How Deal Size Matters in IT Infrastructure Outsourcing (Executive Summary) Executive Summary

Magic Quadrant for Application Platform Suites, 2Q03

Troux Configuration Management Software

Job Scheduling Magic Quadrant Reflects New Challenges

8 Key Requirements of an IT Governance, Risk and Compliance Solution

Magic Quadrant for a Fading PKI Market, 2003

Defining the PLM Magic Quadrant by Criteria and Use. We provide the methodology used in developing our product life cycle management Magic Quadrant.

Toolkit: Reduce Dependence on Desk-Side Support Technicians

CA Virtual Assurance for Infrastructure Managers

Gartner Updates Its Definition of IT Infrastructure Utility

Clinical Decision Support: Core Capability of Evolving CPR

BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture

Management Update: The Cornerstones of Business Intelligence Excellence

IBM Tivoli Endpoint Manager for Lifecycle Management

Management Update: Gartner s Large-Enterprise HRMS Magic Quadrant for 2002

Patch Assessment Content Update Release Notes for CCS Version: Update

Management Update: The Eight Building Blocks of CRM

Key Findings. Recommendations

Oracle Business Intelligence Publisher. 1 Oracle Business Intelligence Publisher Certification. Certification Information 10g Release 3 (

IBM Tivoli Endpoint Manager for Lifecycle Management

The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools

SAP's MDM Shows Potential, but Is Rated 'Caution'

Q&A: The Many Aspects of Private Cloud Computing

Decision Framework, DF J. Holincheck. Application Service Provider Traditional Payroll/Benefits Outsourcing Business Process Outsourcing

Vertical Data Warehouse Solutions for Financial Services

Business Intelligence: The European Perspective

The Ten How Factors That Can Affect ERP TCO

The IFX Standard Opens the ATM and POS Channels

The Four "A's" of Information Security

COM A. White, K. Peterson, B. Lheureux

COM J. Woods, A. White, K. Peterson, M. Jimenez

X.509 Certificate Management: Avoiding Downtime and Brand Damage

Software asset management White paper. Improving IT service delivery through an integrated approach to software asset management.

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.

ORACLE OPS CENTER: PROVISIONING AND PATCH AUTOMATION PACK

Altiris Business Unit Review. Greg Butterfield Group President, Altiris Business Unit

Management Update: Gartner s Updated Help Desk Outsourcing Magic Quadrant

Modernizing enterprise application development with integrated change, build and release management.

CA Systems Performance for Infrastructure Managers

Total Configuration Management for Networked Devices. Gartner Interview...2. Software Distribution...4. Case Study...7. About matrix42...

Simplify security management in the cloud

IBM Tivoli Service Request Manager

Patch Management Marvin Christensen /CIAC

IBM Tivoli Endpoint Manager for Security and Compliance

IBM Maximo Asset Management Essentials

Patch Assessment Content Update Release Notes for CCS Version: Update

SpiritSoft (SpiritWave)

Vendor Classification

Understanding Vulnerability Management Life Cycle Functions

Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing

Why you need an Automated Asset Management Solution

Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users

Software License Management: 2012 Software License Management Benchmark Survey SOLUTION WHITE PAPER

HP-UX 11i software deployment and configuration tools

Red Hat Enterprise Linux and management bundle for HP BladeSystem TM

Incentive Compensation Management for Insurance

Disaster Recovery: Weighing Data Replication Alternatives

Oracle Desktop Virtualization

April 15, 2008 The Forrester Wave : Data Center Automation, Q by Evelyn Hubbert for IT Infrastructure & Operations Professionals

Best Practices for Password Strength

THE COMPLETE VIEWER FOR MS PROJECT. Deployment White Paper

HP Systems Insight Manager and HP OpenView

CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance

Research. Identity and Access Management Defined

HP Security Assessment Services

Transcription:

Markets, R. Colville, M. Nicolett Research Note 18 March 2003 Patch Management: Identifying the Vendor Landscape As the importance of patch management increases, it is important to understand the limitations and capabilities of the five classes of vendors that offer solutions. Core Topics Enterprise Management: Configuration Management Security and Privacy: Security Management Strategies and Processes Key Issues How will configuration management technologies and standards evolve? How will enterprises evolve their security strategies from their current states of neglect? Strategic Planning Assumption By year-end 2005, at least 60 percent of configuration management, vulnerability assessment, and policy compliance tools will have complete patch management capability (0.7 probability). There is nothing new about the need to manage the software that is deployed on servers and PCs. There is, however, a new appreciation of the risks associated with not applying the growing number of software patches. Enterprises have renewed their focus on the long-standing problem of patch management in an effort to reduce the exposure to mass outages or security breaches. Patch management is an area in which manual approaches have no chance of being effective. There is a specific set of functional requirements for patch management automation because of the following factors: a large number of patches and systems; the complicated interrelationships among patches, service packs and installed software; and the need for deployment speed. For more details on the functional requirements that are referenced in this research, see "Robust Patch Management Requires Specific Capabilities." The following classes of vendors offer tools that address various degrees of patch management: Patch management point solution Desktop configuration management Server provisioning and configuration management Platform Policy compliance and vulnerability assessment Patch Management Point Solution Patch management point solution vendors offer a new breed of tools to assist enterprises in the evaluation and installation of patches. Although patch management tools are focused on only one aspect of the overall configuration management problem, they provide the most-complete set of functions for resolving patch vulnerabilities in an automated fashion. Patch Gartner Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

management point solution vendors include Configuresoft (policy compliance and patch management), PatchLink, Shavlik Technologies, St. Bernard Software, Ecora and BigFix. Patch management point solution vendors provide a focused approach to the problem of managing patches across servers and desktops. The following tools have the capability to install any patch and offer specific differentiation for security patches: Patch Matching Reports The majority of patch management tools provide reports that list the patches that are needed by each server or PC, based on the installed software and system role. Patch Analysis Many of these tools offer the capability to analyze supersedence, prerequisites, co-requisites and issues related to the coexistence of a patch for one application in a system with other applications. Platform Support Most patch management vendors are Windows-centric, and a few also support Unix and Linux. Templates and Policies Some of these tools offer an enriched capability for templating. Models are used to determine which systems are out of patch compliance and what changes have occurred. Desktop Configuration Management The configuration management market is mature (some vendors have been around for more than 10 years) and includes more than a dozen vendors that focus on all sizes of enterprises. Enterprises primarily use configuration management tools to install and update applications and configuration settings across desktops. Examples of configuration management vendors/tools are: Altiris, Computer Associates International, IBM Tivoli, LANDesk Software, LSVi, Marimba, ManageSoft, Microsoft, NetSupport Solutions, Novell, Novadigm, OnDemand Software, ON Technology and Mobile Automation. This class of vendors offers tools related to software inventory, distribution and installation capabilities that can be applied to patch management. Enterprises that have installed these tools already have agents installed and processes defined for tool use. Many of these solutions offer scalable architectures across a multitude of platforms (for example, Windows, Unix and Linux). They offer a means to discover established systems, and some provide a policy-oriented approach for deploying content, applications, system settings and patches. They can leverage directory information and other feeds as a means of establishing specific target criteria. These vendors offer templates and bestpractice guidelines for deploying applications. 18 March 2003 2

Unfortunately, most configuration management tools lack many functions that are required for patch management. To date, desktop configuration management vendors have approached patch management as "just another distribution." There is no imbedded knowledge of patch interrelationships, no patch inventory and a lack of patch analysis capabilities. For these reasons, configuration management tools are not optimized for patch management, and their use for this purpose is laborintensive. To date, these vendors have demonstrated mixed success less because of their capability and more because of the heterogeneity and complexity that exist across users' personal systems. The strength of this class of vendors lies in an installed base that has gone through the considerable effort of installing agents on a large number of desktop systems. There is a strong desire on the part of the current installed base to leverage the agent for related functions, such as patch management. We expect a number of desktop configuration management vendors to buy or build the technology to address patch management requirements. Server Provisioning and Configuration Management With elevated attention on the limited resources available for managing server configurations and the risks associated with server outages, a new set of vendors has emerged during the last 18 months that focuses on managing the provisioning and configuration of servers. Some desktop configuration management vendors have extended their capability to servers (see "Emerging Tools for Server Configuration Management"). Like desktop configuration management vendors, these vendors focus on discovery, deployment and reporting configurations, applications and system settings. They approach the patch problem as an extension of overall system configuration management. Although these vendors are taking a more holistic approach to each type of server (for example, Web servers, application servers and infrastructure servers), most look at patch management as "just another deployment." Of these, vendors such as BladeLogic, Novadigm and Opsware offer specific capability for patch management, but they do so as a subset of their overall configuration management solution. Novadigm has extended its capability for servers and desktops. Emerging vendors will likely enhance their solutions organically or license technology from patch management vendors, while others will acquire patch management vendors. Platform Operating-system and platform vendors (for example, Sun Microsystems, Hewlett-Packard, Linux, IBM and Microsoft) offer 18 March 2003 3

complementary tools for patch management. The biggest limitation of these tools is that they are platform-specific, and each offers varying capability. Sun Patch Manager provides indepth configuration comparisons and analysis for Solaris to determine which patches are necessary on which systems. Hewlett-Packard does in-depth dependency checking on HP-UX platforms, can deploy patches and offers a different tool for patch management on Proliant servers. Microsoft's approach to patch management is not as robust. Microsoft's Software Update Services does not do patch analysis and does not have robust system matching capability. Enterprises have the choice to leverage these tools, which are not cross-platform, by layering process and staff to ensure consistency. However, if patches are for applications (for example, Oracle) that are multiplatform, these tools will not suffice. Platform vendors will continue to enhance these tools as a means of offering more-reliable platforms. Policy Compliance and Vulnerability Assessment Vendors such as Symantec (Enterprise Security Manager), BindView (bv-admin) and NetIQ (Security Manager) provide tools that can be used to evaluate security policy compliance, configuration and vulnerabilities. Although these tools can be used to identify systems that lack specific security patches, they typically lack functions in the areas of patch distribution and installation. What to Do For some enterprises, patch management will be an extension of an established deployment of configuration management infrastructure. IS organizations will have to layer manual processes, staffing and testing to their configuration management tools to compensate for their lack of specific patch management automation. Although we expect configuration management vendors to eventually offer a critical mass of patch management automation, configuration management tools alone will not suffice. Policy compliance and vulnerability assessment tools can be used to provide patch analysis functions. Enterprises that deploy server provisioning tools will benefit from the patch management capabilities that these products provide; however, most of this class of vendors does not address desktop patch management. For enterprises that are looking for a focused solution specific to security patches, emerging patch management vendors will offer the most complete capability. Bottom Line: Enterprises should try to leverage configuration management infrastructures for patch distribution and installation. In doing so, enterprises will require processes that 18 March 2003 4

leverage patch analysis functions from policy compliance and vulnerability assessment tools. Platform vendor tools may suffice in the Unix environment. For enterprises that do not have configuration management automation, patch management vendors must be considered because today's security environment requires enterprises to be good at patching, or they will risk losing business. 18 March 2003 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information