Patch Manager
Overview

Limit System Vulnerabilities with Automated Software Patching

With hackers increasing their efforts to exploit vulnerabilities in Windows-based systems, software patching and updating has become a major management headache. And when those systems are on the front lines of your business—critical to your operations, but away from your IT resources—the problems are compounded. How do you distribute a large patch without interfering with mission-critical network traffic such as credit card authorization? How do you ensure a patch is fully delivered to a laptop or other device in the field that is only intermittently connected to the network?

As part of Afaria optimized for operations in a WAN limited bandwidth environment, Patch Manager is a sophisticated patch management system that can rapidly close security exposures for increased availability of business systems on the front lines. Its ability to operate over a Wide Area Network means you can send patches to remote and intermittently connected devices without negatively affecting other applications running on your network. And its scalability means you can patch hundreds, even thousands, of systems without missing a beat.

Such a system allows you to:

• Manage the utilization of bandwidth to your remote sites, so critical business processes such as credit card authorization aren’t compromised
• Gain visibility into and do a baseline assessment of system vulnerabilities
• Deploy and verify deployment of patches to close those vulnerabilities
• Automate the process of determining which patches are available from Microsoft, and then retrieving the necessary patches from the Microsoft Web site

Weaknesses of Manual Solutions

With a manually oriented solution, an enterprise never has an accurate view of the vulnerability of its systems, so the correct patch may not be deployed. In addition, companies have little or no visibility into whether or not the patches were successfully applied to all the intended systems. As a result, security holes may be missed entirely, leaving the enterprise vulnerable to attack.

Although Microsoft provides some patch and update services, reporting and correlation of vulnerabilities is lacking, making it difficult for an administrator to target groups of machines for specific patches. As few enterprises have a completely homogeneous computing environment, they spend valuable resources sending patches to systems that do not need them. And because Microsoft’s Software Update Services server does not provide a mechanism for scheduling patch deployment, patches are broadcast just as they’re ready to send, possibly interrupting critical business operations on the front lines.

Automated Patch Distribution and Installation

Patch Manager is a logical extension to other Afaria systems management capabilities, providing an increased level of intelligence and automation for managing Microsoft updates to your Windows-based desktops, laptops and servers. With Patch Manager, you can:

• Control patch updates to Windows based machines. Patch Manager automates vulnerability assessment and centralization of results, isolates patches for testing, and schedules patch distribution and installation.
• Deploy new patches to a test environment. Patch Manager makes it easy to deploy patches to your test machines before approving them for deployment to your production environment.
• Stage and test patches prior to distributing to production environments. Patch Manager stores retrieved patches in a database and allows the administrator to view the patches before distributing them.
• Automate the process of retrieving patches from the Microsoft Web site. Patch Manager allows you to schedule receipt of the available patch list and then select only those patches you wish to download.
• Automate the process of assessing vulnerabilities on supported Windows machines. Patch Manager uses the Microsoft Baseline Security Analyzer to perform local assessments, capture the results in a central location, aggregate the results across machines, and dynamically create groups with common vulnerabilities.
• Obtain each machine’s patch installation status. Patch Manager offers basic patch installation status logging.

Whether your systems reside on fixed machines at remote sites or on field-based mobile devices that may connect to a variety of ISPs, they can be exposed at multiple points to security attacks. With Patch Manager, you can more effectively defend against system vulnerabilities that compromise your company’s security.

 

Afaria Components

• Antivirus & Firewall Manager
• Backup Manager
• Configuration Manager
• Document Manager
• Inventory Manager
• License Manager
• OneTouch
• Patch Manager
• Remote Control
• Security Manager
• Session Manager
• Software Manager
• SMS Integration

Resources

• Product Brochure
• Component and Feature Client Support