Automated Patch Management Service



Similar documents
Local Patch Management Update Service

DeltaV Guardian Support

DeltaV System Software Update Deployment

Endpoint Security for DeltaV Systems

Lifecycle Services for Syncade Logistics

Backup and Recovery. Introduction. Benefits. Best-in-class offering. Easy-to-use Backup and Recovery solution.

Smart Operations Management Suite

DeltaV Virtualization High Availability and Disaster Recovery

DeltaV System Health Monitoring Networking and Security

Batch Historian. Introduction. Benefits. Configuration-free, batch-based data collection. Reliable data retrieval through data buffering

Backup and Recovery. Backup and Recovery. Introduction. DeltaV Product Data Sheet. Best-in-class offering. Easy-to-use Backup and Recovery solution

DeltaV OPC.NET Server

DeltaV Virtual Studio

Backup and Recovery FAQs

DeltaV Logbooks. Benefits. Introduction. Minimize shift handover risk. Electronically document events, observations, and notes.

DeltaV Workstation Operating System Licensing Implications with Backup and Recovery

Backup and Recovery. Backup and Recovery. Introduction. DeltaV Product Data Sheet. Best-in-class offering. Easy-to-use Backup and Recovery solution

DeltaV Remote Client. DeltaV Remote Client. Introduction. DeltaV Product Data Sheet. Remote engineering and operator consoles

DeltaV Event Chronicle

How To Secure Your System From Cyber Attacks

Smart Card Two Factor Authentication

OpenEnterprise. Lifecycle Services

Plant Messenger Alert Reporting Service

DeltaV Virtual Studio

DeltaV Network Time Synchronization

Batch Analytics. Predicts end-of-batch quality. Detects process faults and provides reason for deviation so operations can take action in real time

OPC Mirror. OPC Mirror. Introduction. Product Data Sheet. Bi-directional data flow. Easy configuration. Fast data transfer. OPC Data Access compliant

OPC Data Access Server Redundancy

DeltaV v11 and v12.3 Supported Computers

Application Station Software Suite

Alarm Services. Introduction. Benefits. Alarm System Status Awareness. Increased operator efficiency. Regulatory and standards compliance.

Plantwide Event Historian

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Emerson Smart Firewall

Wireless Remote Video Monitoring

DeltaV Web Server. DeltaV Web Server. Introduction. DeltaV Product Data Sheet. Gives you a secure view of your process from your desktop PC

Patch Management Policy

The Evergreen DeltaV Process Automation System

DeltaV System Cyber-Security

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)

Base Station. Base Station. Introduction. DeltaV Product Data Sheet. Adaptable work environment. Scalable to suit your needs. Dedicated functional use

Client Security Risk Assessment Questionnaire

DeltaV Virtualization

Wireless Remote Video Monitoring

Windows Operating System Upgrade Kits

Altiris Client Management Suite

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Verve Security Center

ProfessionalPLUS Station Software Suite

LESSON Windows Server Administration Fundamentals. Understand Updates

Ovation Security Center Data Sheet

Best Practices for DanPac Express Cyber Security

At a Glance. Key Benefits. Data sheet. A la carte User Module. Administration. Integrations. Enterprise SaaS

GE Measurement & Control. Cyber Security for Industrial Controls

Industrial Security for Process Automation

ProfessionalPLUS Station Software Suite

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

Ovation Security Center Data Sheet

HP 3PAR Software Installation and Startup Service

ACI ON DEMAND DELIVERS PEACE OF MIND

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Managed Service Plans

Symantec Endpoint Protection Analyzer Report

Product Support Notice. FTP backup MSS to a Windows 2003 Server

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Smart Wireless Solutions. Intelligent Well Production Starts Here

The Personal Computer for DeltaV Wokstations

Best Practices for DeltaV Cyber- Security

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Service Catalog. it s Managed Plan Service Catalog

HP Data Replication Solution Service for 3PAR Virtual Copy

Computer System Security Updates

Process Miner (PM) Introduction. Search cross-lot data by product code, order numbers, and data parameters

Connecticut Justice Information System Security Compliance Assessment Form

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

IBM Tivoli Provisioning Manager V 7.1

Updating Your Skills from Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003 to Microsoft

Symphony Plus Cyber security for the power and water industries

Kaspersky Endpoint Security 10 for Windows. Deployment guide

S-series SQ Controller

Professional Station Software Suite

AMS Suite: Intelligent Device Manager

Operations Management and the Integrated Manufacturing Facility

I. General Database Server Performance Information. Knowledge Base Article. Database Server Performance Best Practices Guide

LHRIC Network Support - Additional Service Features

Wireless Field Data Backhaul

Cybersecurity Health Check At A Glance

How To Access Historical Data From The Deltav Oca History Server On A Pc Hda (Opc Hda) On A Microsoft Computer (Opca) Or Microsoft Microsoft Memory Card (Procedure) On An Ipc

Information and Communication Technology. Patch Management Policy

MSP Service Matrix. Servers

AMS Suite: Intelligent Device Manager with the DeltaV system

Upgrade Guide. Upgrading to EventTracker v6.0. Upgrade Guide Columbia Gateway Drive, Suite 250 Publication Date: Sep 20, 2007.

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Unicenter Patch Management

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Course Syllabus. Maintaining a Microsoft SQL Server 2005 Database. At Course Completion

Patch and Vulnerability Management Program

Transcription:

Service Data Sheet Automated Patch Management Service Establishes elements for successful and proactive Automated Patch Management strategy for anti-virus signature screens, OS security patching and DeltaV distributed control system (DCS) hotfixes. Helps to ensure the availability and business continuity of DeltaV DCS. Reduces manual system administrative activity and delays associated with software updates. The Emerson Automated Patch Management Service is a combination of people, technology and best practices designed to automate the routine aspects of manual security software update deployment. Introduction Every month there are new Microsoft security updates, Symantec anti-virus updates and DeltaV DCS hotfixes that need to be acted upon. Emerson s Automated Patch Management Service provides an effective solution that address the five deployment steps identification of required Emerson-approved updates, acquisition of update executables, distribution to appropriate DeltaV DCS nodes, installation and compliance auditing. Benefits It is very common for the most critical security, anti-virus and application hotfix updates to go uninstalled for extended periods of time, or not be installed at all. Often the reasons are due to limited skilled resources and day-to-day judgment calls about what is more important; to either address an immediate need with a measurable business benefit or deploy the current batch of system software updates with their unknown and often un-quantified effect on system vulnerability. Experience has shown many of the disruptive events reported to the Emerson Global Service Center could have been avoided, had the relevant update been applied in a timely fashion. Automated Patch Management Service automates routine aspects of software update deployment for timely dependable implementation, while freeing staff to devote more time to your own business. For large systems, the savings can add up to hundreds of hours per year. Automated Patch Management Service identifies the appropriate security patches, tests them on DeltaV DCS and advises the customer on which DeltaV DCS hardware needs updating with which particular software patches. Cybersecurity Management Solutions Automated Patch Management is integral part of Emerson s Cybersecurity Management Solutions portfolio. A comprehensive cybersecurity solution consists of many different components; each one specific to reducing risks associated with various process control system entities. Cybersecurity Management is an integrated approach to finding the best cyber solutions to fit your current process control system and existing plant security policies and procedures.

Guardian WSUS Interface (GWI) An Emerson software application that periodically checks with the GSUDS Client for new DeltaV DCS hot fixes and the latest approval information for Microsoft security updates, and programmatically injects them into WSUS. It is typically located on the Downstream Server. Security Solutions Portfolio Cybersecurity Management solutions also cover: Disaster recovery Backup and recovery System health monitoring Smart firewalls Automated/Manual Patch Management Service Backup & Recovery Spare Parts Management Smart Firewalls w/ Intrusion Detection Software Smart Switches and Controller Firewalls Guarian Support DeltaV Upgrade Service Remediation Services On-site spare parts management Security consultation services Reduction of risks associated with the use of these solution components reduces the time spent on controllable issues and allows focus on other important day-to-day issues. Automated Patch Management Service Architecture Software service enablers are combined with Emerson s expert consultation and optional on-site commissioning to implement automated deployment capability for Microsoft Windows security updates, Symantec anti-virus updates and DeltaV DCS hotfixes. The software service enablers include: Guardian Software Update Delivery Service (GSUDS) Client an Emerson software application available for systems enrolled in Guardian Support service. It solicits system hot fixes and approval information for Microsoft security updates from Emerson via the Internet. Microsoft Windows Server Update Service (WSUS) version 3 or higher. A no-cost add-on to the Microsoft server operating system. Two instances of the WSUS application are required; one on an internet facing server (Upstream Server) to solicit security updates from Microsoft and a second located on a non-deltav DCS server (Downstream Server) on the DeltaV DCS control network, configured for a parent-child relationship. WSUS provides distribution, deployment and audit capabilities for Microsoft security updates and DeltaV DCS hot fixes. Symantec Live Update Administrator (LUA) A software application that solicits anti-virus updates from Symantec via the Internet, typically located on the Upstream Server. Symantec Endpoint Protection Manager (SEPM) A software application that deploys antivirus updates obtained by the LUA, located on the Downstream Server. Service Prerequisites Automated Patch Management Service prerequisites: DeltaV DCS set up as a domain, running DeltaV v9.3 software or higher. Enrollment in Guardian Support Service and annual purchase of the Automated Patch Management Subscription Service. A license to use Symantec Endpoint Protection Manager and clients (customer s responsibility). Support contracts from Symantec and Microsoft for WSUS and SEPM are recommended (customer s responsibility). A server class computer licensed for Microsoft Server 2008, to be installed as a non-deltav DCS node (Downstream Server) on the DeltaV DCS control network. An Internet accessible server class computer licensed for Microsoft Server 2008 (Upstream Server) to host applications that require Internet access. Customer-managed network infrastructure that allows the Downstream Server to securely access the Upstream Server. www.emersonprocess.com 2

The Emerson Automated Patch Management Service is a combination of people, technology and best practices designed to automate the routine aspects of manual security software update deployment. Sample WSUS Control Panel for deployment and audit of security updates. www.emersonprocess.com 3

Sample WSUS Control Panel for deployment and audit of security updates. Operational Characteristics Group policy or individual computer settings dictate how often each DeltaV DCS application station and workstation contacts the Downstream Server for new updates, and what action to take when a new update is available. These settings require careful consideration. In a typical service deployment; anti-virus updates are scheduled for automatic download and installation according to a schedule; Microsoft security updates are automatically downloaded according to a schedule with local computer notification that an update is ready to install; and DeltaV DCS hotfixes are only downloaded and installed upon request. Automated Patch Management Services While some customers prefer to design, install and start-up their own solutions and simply use the Automated Patch Management subscription service to provide the downloaded metadata, Emerson also offers services to help our customers integrate Automated Patch Management into their IT infrastructure through evaluation, design and implementation. These services include: Automated Patch Management Evaluation Emerson will work with the customer to evaluate their request for services. The evaluation will: Define the scope of work to be performed. Analyze the system architecture desired and any high level technical considerations requested. www.emersonprocess.com 4

Define any testing that may be required to future validate the overall system architecture and configuration desired. Provide an Evaluation Report outline the customer request, considerations, and Emerson s recommendations. Automated Patch Management Detailed Design Based on the findings from the Patch Management Evaluation, this optional service will develop a proposed architecture, detailed configuration, and policies to test and verify proper functioning of the proposed Patch Management system. The detailed design phase may include: System staging based on the customers desired system architecture and configuration. This pre-work will determine the best configuration and installation processes to be used on site. Equipment to be used in the plant can be provided by the customer for system staging. Detailed consultation regarding the newest features and enhancements contained in the new versions of Guardian Update Delivery Service, Windows System Update Service, Symantec Endpoint Protection, and the Guardian WSUS Interface. An outline of the testing procedure to be performed. Complete test reports outlining notable system behavior and installation and configuration issued found. A detailed roadmap indicating any site installation and configuration prerequisites required. Testing of any desired system modification identified during the Evaluation phase. Automated Patch Management Implementation Based on the findings of the evaluation and detail design, Emerson will work with the customer to install, configure and implement Patch Management. Upon completion, a implementation report will be provided to the customer. Automated Patch Management Annual Subscription Service Automated Patch Management Service requires a subscription based feed from Emerson that will provide the WSUS metadata feed through the prerequisite Guardian Software Update Delivery Service. Customers deploying the IT infrastructure for Automated Patch Management without the use of Emerson services can purchase Consultation hours if assistance is required. Automated Patch Management Project Support Support for the Automated Patch Management infrastructure including WSUS and SEPM applications can be provided (if needed) through your local Emerson support representative or via a bank of consulting hours which are outside from standard Guardian Support contract. Furthermore, questions related to the day-to-day maintenance and administration of this solution will also be handled out of the bank of hours as the customer will be responsible for these activities. www.emersonprocess.com 5

Ordering Information This subscription service requires a current DeltaV DCS Guardian Support Contract covering the System IDs at a given plant site be in place. Description 1-Year Cybersecurity, Automated Patch Management; for Small Systems less than 5,000 DSTs 1-Year Cybersecurity, Automated Patch Management; for Medium Systems from 5,000 DSTs to 19,999 DSTs 1-Year Cybersecurity, Automated Patch Management; for Large Systems 20,000 DSTs or greater 1-Year Renewal for Cybersecurity, Automated Patch Management; for Small Systems less than 5,000 STs 1-Year Renewal for Cybersecurity, Automated Patch Management; for Medium Systems from 5,000 DSTs to 19,999 DSTs 1-Year Renewal for Cybersecurity, Automated Patch Management; for Large Systems 20,000 DSTs or greater Model Number VE9117SM VE9117ME VE9117LG VE9117SM-RENEW VE9117ME-RENEW VE9117LG-RENEW To learn how comprehensive Cybersecurity Management Services address your cybersecurity needs, contact your local Emerson sales office or representative, or visit www.emersonprocess.com. Emerson Process Management Asia Pacific: 65.777.8211 Europe, Middle East: 41.41.768.6111 North America, Latin America: +1 800.833.8314 or +1 512.832.3774 www.emersonprocess.com 2015, Emerson Process Management. All rights reserved. The Emerson logo is a trademark and service mark of Emerson Electric Co. DeltaV is a mark of one of the Emerson Process Management family of companies. All other marks are the property of their respective owners. The contents of this publication are presented for informational purposes only, and while every effort has been made to ensure their accuracy, they are not to be construed as warranties or guarantees, express or implied, regarding the products or services described herein or their use or applicability. All sales are governed by our terms and conditions, which are available on request. We reserve the right to modify or improve the designs or specifications of our products at any time without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information