A key component of patch management is the intake and vetting of information regarding both security issues and patch release - you must know which security issues and software updates are relevant to your environment. An organization needs a point person or team that is responsible for keeping up to date on newly released patches and security issues that affect the systems and applications deployed in its environment. This team can also take the lead in alerting administrators and users of security issues or updates to the applications and systems they support and use. A comprehensive and accurate asset management system can help determine whether all existing systems are accounted for when researching and processing information on patches and updates. Visualnet Media Patch Management Service acts as your expert in-house team that can guide and run your patch Management Program from our multi-point facilities..
An organization should also have relationships with their key operating system, network device, and application vendors that facilitate the timely release and distribution of information on product security issues and patches. Visualnet Patch Management Service has these relationships in place and can assist you with both Microsoft and non-Microsoft Security patch updates. See our Supported products list
Regular audit and assessment helps gauge the success and extent of patch management efforts. In this phase of the patch management program, you are essentially trying to answer two questions:
1. What systems need to be patched for any given vulnerability or bug?
2. Are the systems that are supposed to be updated actually patched? ?
The audit and assessment component will help answer these questions, but there are dependencies. Two critical success factors are accurate and effective asset and host management. Often, these related goals of asset and host management are addressed by a single product, such as with Tivoli, Unicenter, or SMS. The major requirement for any asset management system is the ability to accurately track deployed hardware and software throughout the enterprise, including remote users and office locations. Ideally, host management software will allow the administrator to generate reports (e.g. all clients without a given hot fix, all versions of particular applications) that will be used to drive the effort toward consistent installation of patches and updates across the organization. Visualnet Media Patch Management Service incorporates a host management component that can take over this complex tracking.
System discovery and auditing are also components of the audit and assessment process. While asset and host management systems can help you administer and report on known systems, there are likely a number of systems that have been either unknowingly or intentionally excluded from inventory databases and management infrastructures. System discovery tools can help uncover these systems and assist in bringing them under the umbrella of formal system management and patch compliance. Organizations typically use either their own discovery and assessment mechanisms or one of the various managed vulnerability assessment tools. Regardless of the tools used, the goal is to discover unknown systems within your environment and assess their compliance with organization update and configuration guidelines. The Visualnet Media Security Agent software that is installed can track and audit all your Servers and Workstations. We not only audit the systems for connectivity but also audit the IP addresses (Both Local and Mobile Workers). and we also audit all the software and hardware in each system.
While the audit and assessment element of your patch management program will help identify systems that are out of compliance with your organizational guidelines, additional work is required to reduce non-compliance. Your audit and assessment efforts can be considered 'after the fact' evaluation of compliance, since the systems being evaluated will typically be already deployed into production. To supplement post-implementation assessment, controls should be in place to ensure that newly deployed and rebuilt systems are up to spec with regard to patch levels.
System build tools and guidelines are the primary enforcement means of ensuring compliance with patch requirements at installation time. As new patches are approved and deployed, build images and scripts should be updated so that all newly built systems are appropriately patched, and associated build documentation should be updated to reflect these changes. In addition to updates to build tools and documentation, operational procedures must exist to facilitate ongoing compliance of newly built systems. If an engineering team typically builds servers (e.g. with the base operating system and applications) and a separate operations team then assumes management of the system, a process must exist to funnel operational changes back to the build and engineering stage of the system lifecycle. These modifications are most ideally and suitably handled via an enterprise-wide change management system. Any new patches and updates that are approved and installed by operations should also be integrated by the engineering team into new builds, with the change management system providing both an appropriate audit trail and suitable procedural guidelines for this implementation. Our service can give your company this important data to make informed decisions on your new systems whether you are building or buying them.