Local Patch Management Update Service

Similar documents
Local Patch Management Update Service

Automated Patch Management Service

Endpoint Security for DeltaV Systems

DeltaV System Software Update Deployment

DeltaV Guardian Support

How To Secure Your System From Cyber Attacks

Backup and Recovery. Backup and Recovery. Introduction. DeltaV Product Data Sheet. Best-in-class offering. Easy-to-use Backup and Recovery solution

Backup and Recovery FAQs

Backup and Recovery. Backup and Recovery. Introduction. DeltaV Product Data Sheet. Best-in-class offering. Easy-to-use Backup and Recovery solution

Backup and Recovery. Introduction. Benefits. Best-in-class offering. Easy-to-use Backup and Recovery solution.

DeltaV System Health Monitoring Networking and Security

Verve Security Center

Windows Operating System Upgrade Kits

Batch Historian. Introduction. Benefits. Configuration-free, batch-based data collection. Reliable data retrieval through data buffering

Emerson Smart Firewall

DeltaV Event Chronicle

DeltaV Logbooks. Benefits. Introduction. Minimize shift handover risk. Electronically document events, observations, and notes.

Smart Operations Management Suite

DeltaV System Cyber-Security

Lifecycle Services for Syncade Logistics

DeltaV Remote Client. DeltaV Remote Client. Introduction. DeltaV Product Data Sheet. Remote engineering and operator consoles

Plantwide Event Historian

Best Practices for DanPac Express Cyber Security

DeltaV Workstation Operating System Licensing Implications with Backup and Recovery

DeltaV v11 and v12.3 Supported Computers

DeltaV Virtualization High Availability and Disaster Recovery

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Smart Card Two Factor Authentication

Best Practices for DeltaV Cyber- Security

Connecticut Justice Information System Security Compliance Assessment Form

Symantec Client Management Suite 8.0

Base Station. Base Station. Introduction. DeltaV Product Data Sheet. Adaptable work environment. Scalable to suit your needs. Dedicated functional use

OPC Data Access Server Redundancy

Ovation Security Center Data Sheet

Plant Messenger Alert Reporting Service

GE Measurement & Control. Cyber Security for Industrial Controls

DeltaV Web Server. DeltaV Web Server. Introduction. DeltaV Product Data Sheet. Gives you a secure view of your process from your desktop PC

Professional Station Software Suite

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Ovation Security Center Data Sheet

DeltaV Virtual Studio

Industrial Security for Process Automation

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

OPC Mirror. OPC Mirror. Introduction. Product Data Sheet. Bi-directional data flow. Easy configuration. Fast data transfer. OPC Data Access compliant

DeltaV OPC.NET Server

M-series MD Plus Controller

Wireless Remote Video Monitoring

Application Station Software Suite

Hope is not a strategy. Jérôme Bei

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013

DeltaV Executive Portal

The Evergreen DeltaV Process Automation System

Wireless Remote Video Monitoring

Maintenance Station Software Suite

OpenEnterprise. Lifecycle Services

McAfee Endpoint Protection Products

DeltaV Virtual Studio

DeltaV Event Chronicle

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

DeltaV Network Time Synchronization

Wireless Field Data Backhaul

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Symantec LiveUpdate Administrator. Getting Started Guide

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

The Personal Computer for DeltaV Wokstations

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)

Secure Software Update Service (SSUS ) White Paper

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

ProfessionalPLUS Station Software Suite

Operator Station Software Suite

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2

Wireless Mobile Workforce

Alarm Services. Introduction. Benefits. Alarm System Status Awareness. Increased operator efficiency. Regulatory and standards compliance.

ProfessionalPLUS Station Software Suite

Cyber Security for NERC CIP Version 5 Compliance

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Symantec Endpoint Protection Analyzer Report

Cisco Advanced Services for Network Security

DeltaV Virtualization

Symantec Client Firewall Policy Migration Guide

S-series SQ Controller

Configuring and Managing Microsoft System Center Essentials 2010

Information Technology General Controls And Best Practices

Host-based Protection for ATM's

Batch Analytics. Predicts end-of-batch quality. Detects process faults and provides reason for deviation so operations can take action in real time

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

M-series FOUNDATION Fieldbus I/O

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Implementing Endpoint Protection in System Center 2012 R2 Configuration Manager

Process Miner (PM) Introduction. Search cross-lot data by product code, order numbers, and data parameters

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

How To Manage A System Vulnerability Management Program

Test du CISM. Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais.

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Closing the Antivirus Protection Gap

2012 Endpoint Security Best Practices Survey

Symantec Virtual Machine Management 7.1 User Guide

Transcription:

Service Data Sheet Local Patch Management Update Service Establishes successful and proactive patch management strategy Tailored patch management service Defined scheduling helps ensure the availability and business continuity of DeltaV DCS The Emerson Local Patch Management Update Service is a combination of people, technology and security best practices designed to ensure the availability of DeltaV DCS, maintain business continuity and reduce your system administrative activities. Introduction Every month there are new Microsoft security updates, Symantec anti-virus updates and DeltaV distributed control system (DCS) system hotfixes that need to be acted upon. Emerson s Local Patch Management Update Service provides an effective delivery solution that address the five deployment steps identification of required Emerson-approved updates, acquisition of update executables, distribution to appropriate DeltaV DCS nodes, installation and compliance auditing. It is very common for the most critical security, anti-virus and application hotfix updates to go uninstalled for extended periods of time, or not be installed at all. Often the reasons are due to limited skilled resources and day-to-day judgment calls about what is more important; to either address an immediate need with a measurable business benefit or deploy the current batch of system software updates with their unknown and often un-quantified effect on system vulnerability. Benefits Establishes successful and proactive patch management strategy: Emerson s Patch Management Update Service delivers the routine aspects of software update deployment for timely dependable implementation, while freeing plant staff to devote more time to your own priorities. For large systems, this time savings can add up to hundreds of hours per year. The Local Patch Management Update Service identifies the appropriate security patches required for DeltaV DCS and schedules updates to the DeltaV DCS hardware in a routine fashion common to your plant s policies and procedures for security patching.

Tailored patch management service: Security patch management and hotfixes are essential to your system s security and availability. this service can be tailored to your site s work practices and resource-load to ensure these critical updates are deployed consistently. Defined scheduling helps ensure the availability and business continuity of DeltaV DCS: Emerson tests and approves Microsoft Windows security updates and antivirus signature files on a regular basis. Experience has shown many of the disruptive events reported to the Emerson Global Service Center could have been avoided, had the relevant security update or hotfix been applied in a timely fashion. ASSESS SOLVE IMPROVE Cyber Assessments Security Solutions Periodic Audits Cybersecurity Assessments Basic Cybersecurity Assessment & Report Advanced Cybersecurity Assessment & Report Cybersecurity remediation analysis & recommendations Cybersecurity Solutions Automated/Manual Patch Management Services (WSUS & antivirus) Application Whitelisting Security Information & Event Management (SIEM) DeltaV ACN Network Security Monitor Backup & Recovery Smart Firewalls, Smart Switches and Controller Firewalls DeltaV Upgrade Services Cybersecurity Remediation Services Periodic Audits Annual or semi-annual follow-up audit Reviews adherence to previous assessment results/remediation Reviews cybersecurity real-world changes and suggests any remediation necessary to protect from these changes Local Patch Management Update Tiered Services Suite Emerson offers a multi-tiered approach to the application of Microsoft security patching, Symantec antivirus signature screen updates and DeltaV DCS hotfix installations. Full Manual Service: Utilizing Emerson certified local service resources, this service provides a scheduled monthly (or quarterly) visit to your site in order to manually deploy the required security patches and antivirus signature screen updates on each DeltaV DCS node requiring these updates. Our service will determine what Emerson-approved patches are required for which network nodes, deploy those patches, install and commission them as appropriate. A Guardian Support service contract is not needed for this service. Assisted Manual Service: Also utilizing Emerson certified local service resources, this service level provides a scheduled monthly (or quarterly) visit to your site in order to deploy the required security patches and antivirus signature screen updates on each DeltaV DCS node requiring these updates. We will determine what Emerson-approved patches are required for which network nodes, deploy those patches, install and commission them as appropriate. A Guardian Support service contract is not needed for this service. This service can also include the installation of local server(s) for the automatic downloading of the Microsoft (WSUS) monthly patches and/or the downloading of the Symantec Live Update Administrator (LUA) and monthly upkeep of these server(s). If hardware is required, this can be added at the time on initial service and will be quoted as at additional cost. This service also includes the manual transfer and downloading of the Emerson-approved Symantec signature screen onto each appropriate network node. Retrieval of the approved Symantec signature screen would come from the on-site Symantec server running the LUA platform. The customer is responsible for the purchase of appropriate licenses from Symantec; however, the Emerson service personnel will deploy these Symantec signature screens. www.emersonprocess.com/cybersecurity 2

Assisted Manual Service for Guardian Support Customers: Also utilizing Emerson certified local service resources, this service level provides a scheduled monthly (or quarterly) visit to your site in order to deploy the required security patches and antivirus signature screen updates on each DeltaV DCS node requiring these updates. We will determine what Emerson-approved patches are required for which network nodes, deploy those patches, install and commission them as appropriate. A Guardian Support service contract is needed for this service. This service deliverable is two-fold: a review of the system s Guardian Dashboard and deployment of necessary OS Security, Symantec antivirus patches and/or DeltaV DCS hotfixes. This service also includes the manual transfer and downloading of the Emerson-approved Symantec signature screen onto each appropriate network node. Retrieval of the approved Symantec signature screen would come from the on-site Symantec server running the LUA platform. The customer is responsible for the purchase of appropriate licenses from Symantec; however, the Emerson service personnel will deploy these signature screens. This service can also include the installation of local server(s) for the automatic downloading of the Microsoft (WSUS) monthly patches and/or the downloading of the Symantec Live Update Administrator (LUA) and monthly upkeep of these server(s). Local Patch Management Update Services Description Full Manual Service: This Patch Management Update Service is a scheduled site-based service, delivered by your local Emerson service representative and includes the following services: Deployment of Appropriate Microsoft Security Updates: Determination of the required Emerson-approved Microsoft security patches needed for each device type. Scheduled deployment, installation and commissioning of each identified patch for each node. Emerson will supply required Microsoft patches. Deployment of Appropriate Symantec Antivirus Signature Screen Updates: Determination of the Emerson-approved Symantec antivirus signature screen needed for each device type. Scheduled deployment of the selected Symantec antivirus signature screens for each device. File must be locatable on the customer Symantec server. Assisted Manual Service: This Local Patch Management Update Service is a scheduled site-based service, delivered by your local Emerson service representative and includes the following services: Includes services necessary to set-up communications between the Microsoft WSUS website and the Symantec antivirus website. Separate quotation for required server is also available Deployment of Appropriate Microsoft Security Updates: Determination of the required Emerson-approved Microsoft security patches needed for each device type. Scheduled deployment, installation and commissioning of each identified patch for each node. Emerson will supply required Microsoft patches. Deployment of Appropriate Symantec Antivirus Signature Screen Updates: Determination of the Emerson-approved Symantec antivirus signature screen needed for each device type. Scheduled deployment of the selected Symantec antivirus signature screens for each device. File must be locatable on the customer Symantec server. Assisted Manual Service for Guardian Support Customers: This Local Patch Management Update Service is a scheduled site-based service, delivered by your local Emerson service representative. Generally, the service is two-fold: a review of the system s Guardian Dashboard status and deployment of necessary OS Security, Symantec antivirus patches and/or DeltaV DCS hotfixes installation. The Guardian Support Dashboard Review focuses on several key tiles: System Profile - Provides system content information relative to your DeltaV DCS including last update information. { Knowledge Based Articles (KBA s) Provides important insight into the update status and requirements of KBAs associated with your DeltaV DCS. www.emersonprocess.com/cybersecurity 3

Microsoft Update Compatibility Provides important MS security update compatibility information about your DeltaV system including last update information. Lifecycle Status - Provides important lifecycle information by node name and Emerson model number for all DeltaV DCS devices. Deployment of Appropriate Security Updates: Determination of the required Emerson-approved Microsoft security patches needed for each device type. Scheduled deployment, installation and commissioning of each identified patch. Determination of the required Symantec antivirus signature screens needed for each device type. Scheduled deployment of the Emerson-approved Symantec antivirus signature screens for each device. File must be locatable on the customer Symantec server Deployment of Appropriate DeltaV DCS Hotfixes: Determination of the uninstalled DeltaV DCS hotfixes needed. Scheduled deployment, installation and commissioning of each identified hotfix. Service Prerequisites Full Manual Local Patch Management Update Service prerequisites: A license to use Symantec Endpoint Protection Manager and clients (customer s responsibility) and installed and operational Symantec LUA connection to the Symantec website. An Internet accessible server class computer licensed for Microsoft 2008 (Upstream ) to host Symantec application. Assisted Manual Local Patch Management Update Service prerequisites: Installed and operational Microsoft WSUS connection to the Microsoft website. A license to use Symantec Endpoint Protection Manager and clients (customer s responsibility) and installed and operational Symantec LUA connection to the Symantec website. An Internet accessible server class computer licensed for Microsoft 2008 (Upstream ) to host applications that require Internet access. Assisted Manual for Guardian Support Customers Local Patch Management Update Service prerequisites: Installed and operational Microsoft WSUS connection to the Microsoft website. Each system ID must be enrolled in Guardian Support Service contract A license to use Symantec Endpoint Protection Manager and clients (customer s responsibility) and installed and operational Symantec LUA connection to the Symantec website. An Internet accessible server class computer licensed for Microsoft 2008 (Upstream ) to host applications that require Internet access. Local Patch Management Update Service Architecture Software service enablers are combined with Emerson s expert consultation and optional on-site deployment capability for Microsoft security updates, Symantec anti-virus updates and DeltaV DCS hotfixes. The software service enablers may include: Microsoft Windows Update Service (WSUS) version 3 or higher. A no-cost add-on to the Microsoft server operating system installed on a customer supplied upstream server. Symantec Live Update Administrator (LUA) a software application that solicits anti-virus updates from Symantec via the Internet, typically located on a customer supplied server. Guardian Software Update Delivery Service (GSUDS) Client an Emerson software application available for systems enrolled in Guardian Support service. It solicits system hot fixes and approval information for Microsoft security updates from Emerson via the Internet. (Required only for the Assisted Manual for Guardian Support Customers option.) www.emersonprocess.com/cybersecurity 4

Full Manual Internet Level 4 - Local LAN Historian Data Level 3 - Patch Management Symantec Anti-virus Live Update Administrator (LUA) Receive Level 3 - DMZ Layer Emerson will pre-prepare in advance, determining which files are needed for transfer to the individual DeltaV devices. Pro Plus Application Operator We will manually transfer the required files to a CD, portable disk or USB thumb drive and then manually load, install and commission files onto each device to be updated. Level 2 - ACN Manually Distribute, Install and/or Reboot, as appropriate Typical Full Manual Local Patch Management Update Service Deployment Architecture. Internet Assisted Manual Level 4 - Local LAN Historian Data Level 3 - Patch Management Symantec Anti-virus Live Update Administrator (LUA) Microsoft WSUS (Parent) Receive Level 3 - DMZ Layer Pro Plus Application Operator Automate the customer s downloading process from the appropriate external websites in order to have all the required files located on their common server. We will prepare in advance, which devices require which file updates, download, deploy and commission all devices for the customer. Level 2 - ACN Manually Distribute, Install and/or Reboot, as appropriate Typical Assisted Manual Local Patch Management Update Service Deployment Architecture. www.emersonprocess.com/cybersecurity 5

Assisted Manual with Guardian Internet Level 4 - Local LAN Historian Receive Data Level 3 - Patch Management Symantec Anti-virus Live Update Administrator (LUA) Microsoft WSUS (Parent) Guardian Support Contract DeltaV KBA with.bat files Level 3 - DMZ Layer Utilize the batch files to deliver the required software updates. Pro Plus Application Operator Manually transfer/download the required files to a CD, portable disk or USB thumb drive and then manually load, install, and commission files onto each device to be updated. Level 2 - ACN Manually Distribute, Install and/or Reboot, as appropriate Typical Assisted Manual for Guardian Support Local Patch Management Update Service Deployment Architecture. www.emersonprocess.com/cybersecurity 6

Ordering Information This service requires a current DeltaV DCS Guardian Support Contract covering the System IDs at a given plant site be in place. Local Patch Management Update Service Full Manual Support Local Patch Management Update Service Assisted Manual Support Description Local Patch Management Update Service Assisted Manual Support for Guardian Support Customers Model Number Please Contact Your Local Emerson Sales Office Please Contact Your Local Emerson Sales Office Please Contact Your Local Emerson Sales Office This product and/or service is expected to provide an additional layer of protection to your DeltaV system to help avoid certain types of undesired actions. This product and/or service represents only one portion of an overall DeltaV system security solution. Emerson does not warrant that the product and/or service or the use of the product and/or service protects the DeltaV system from cyber-attacks, intrusion attempts, unauthorized access, or other malicious activity ( Cyber Attacks ). Emerson shall not be liable for damages, nonperformance, or delay caused by Cyber Attack. Users are solely and completely responsible for their control system security, practices and processes, and for the proper configuration and use of the security products. To learn how comprehensive Cybersecurity Management Services address your cybersecurity needs, contact your local Emerson sales office or representative, or visit www.emersonprocess.com/cybersecurity. Emerson Process Management Asia Pacific: 65.6777.8211 Europe, Middle East: 41.41.768.6111 North America, Latin America: T 1 (800) 833-8314 or 1 (512) 832-3774 www.emersonprocess.com/cybersecurity 2016, Emerson Process Management. All rights reserved. The Emerson logo is a trademark and service mark of Emerson Electric Company. The DeltaV logo is a mark of one of the Emerson Process Management family of companies. All other marks are the property of their respective owners. The contents of this publication are presented for informational purposes only, and while every effort has been made to ensure their accuracy, they are not to be construed as warrantees or guarantees, express or implied, regarding the products or services described herein or their use or applicability. All sales are governed by our terms and conditions, which are available on request. We reserve the right to modify or improve the design or specification of such products at any time without notice.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information