• No results found

Patch management point solution. Platform. Patch Management Point Solution

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Patch management point solution. Platform. Patch Management Point Solution"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Gartner

Markets, M-19-4562 R. Colville, M. Nicolett

Research Note

18 March 2003

Patch Management: Identifying the Vendor Landscape As the importance of patch management increases, it is important to understand the limitations and capabilities of the five classes of vendors that offer solutions.

There is nothing new about the need to manage the software that is deployed on servers and PCs. There is, however, a new appreciation of the risks associated with not applying the growing number of software patches. Enterprises have renewed their focus on the long-standing problem of patch management in an effort to reduce the exposure to mass outages or security breaches. Patch management is an area in which manual approaches have no chance of being effective. There is a specific set of functional requirements for patch management automation because of the following factors: a large number of patches and systems; the complicated interrelationships among patches, service packs and installed software; and the need for deployment speed. For more details on the functional requirements that are referenced in this research, see "Robust Patch Management Requires Specific Capabilities."

The following classes of vendors offer tools that address various degrees of patch management:

• Patch management point solution • Desktop configuration management

• Server provisioning and configuration management • Platform

• Policy compliance and vulnerability assessment Patch Management Point Solution

Patch management point solution vendors offer a new breed of tools to assist enterprises in the evaluation and installation of patches. Although patch management tools are focused on only one aspect of the overall configuration management problem, they provide the most-complete set of functions for resolving patch vulnerabilities in an automated fashion. Patch Core Topics

Enterprise Management: Configuration Management

Security and Privacy: Security Management Strategies and Processes

Key Issues

How will configuration management technologies and standards evolve? How will enterprises evolve their security strategies from their current states of neglect?

(2)

management point solution vendors include Configuresoft (policy compliance and patch management), PatchLink, Shavlik Technologies, St. Bernard Software, Ecora and BigFix.

Patch management point solution vendors provide a focused approach to the problem of managing patches across servers and desktops. The following tools have the capability to install any patch and offer specific differentiation for security patches:

• Patch Matching Reports — The majority of patch management tools provide reports that list the patches that are needed by each server or PC, based on the installed software and system role.

• Patch Analysis — Many of these tools offer the capability to analyze supersedence, prerequisites, co-requisites and issues related to the coexistence of a patch for one application in a system with other applications.

• Platform Support — Most patch management vendors are Windows-centric, and a few also support Unix and Linux. • Templates and Policies — Some of these tools offer an

enriched capability for templating. Models are used to determine which systems are out of patch compliance and what changes have occurred.

Desktop Configuration Management

The configuration management market is mature (some vendors have been around for more than 10 years) and includes more than a dozen vendors that focus on all sizes of enterprises. Enterprises primarily use configuration management tools to install and update applications and configuration settings across desktops. Examples of configuration management vendors/tools are: Altiris, Computer Associates International, IBM Tivoli, LANDesk Software, LSVi, Marimba, ManageSoft, Microsoft, NetSupport Solutions, Novell, Novadigm, OnDemand Software, ON Technology and Mobile Automation.

(3)

Unfortunately, most configuration management tools lack many functions that are required for patch management. To date, desktop configuration management vendors have approached patch management as "just another distribution." There is no imbedded knowledge of patch interrelationships, no patch inventory and a lack of patch analysis capabilities. For these reasons, configuration management tools are not optimized for patch management, and their use for this purpose is labor-intensive. To date, these vendors have demonstrated mixed success — less because of their capability and more because of the heterogeneity and complexity that exist across users' personal systems. The strength of this class of vendors lies in an installed base that has gone through the considerable effort of installing agents on a large number of desktop systems. There is a strong desire on the part of the current installed base to leverage the agent for related functions, such as patch management. We expect a number of desktop configuration management vendors to buy or build the technology to address patch management requirements.

Server Provisioning and Configuration Management

With elevated attention on the limited resources available for managing server configurations and the risks associated with server outages, a new set of vendors has emerged during the last 18 months that focuses on managing the provisioning and configuration of servers. Some desktop configuration management vendors have extended their capability to servers (see "Emerging Tools for Server Configuration Management"). Like desktop configuration management vendors, these vendors focus on discovery, deployment and reporting configurations, applications and system settings. They approach the patch problem as an extension of overall system configuration management. Although these vendors are taking a more holistic approach to each type of server (for example, Web servers, application servers and infrastructure servers), most look at patch management as "just another deployment."

Of these, vendors such as BladeLogic, Novadigm and Opsware offer specific capability for patch management, but they do so as a subset of their overall configuration management solution. Novadigm has extended its capability for servers and desktops. Emerging vendors will likely enhance their solutions organically or license technology from patch management vendors, while others will acquire patch management vendors.

Platform

(4)

complementary tools for patch management. The biggest limitation of these tools is that they are platform-specific, and each offers varying capability. Sun Patch Manager provides in-depth configuration comparisons and analysis for Solaris to determine which patches are necessary on which systems. Hewlett-Packard does in-depth dependency checking on HP-UX platforms, can deploy patches and offers a different tool for patch management on Proliant servers. Microsoft's approach to patch management is not as robust. Microsoft's Software Update Services does not do patch analysis and does not have robust system matching capability. Enterprises have the choice to leverage these tools, which are not cross-platform, by layering process and staff to ensure consistency. However, if patches are for applications (for example, Oracle) that are multiplatform, these tools will not suffice. Platform vendors will continue to enhance these tools as a means of offering more-reliable platforms.

Policy Compliance and Vulnerability Assessment

Vendors such as Symantec (Enterprise Security Manager), BindView (bv-Admin) and NetIQ (Security Manager) provide tools that can be used to evaluate security policy compliance, configuration and vulnerabilities. Although these tools can be used to identify systems that lack specific security patches, they typically lack functions in the areas of patch distribution and installation.

What to Do

(5)

References

Download now ( PDF - 5 Page - 41.31 KB )

Related documents

ADC Structured Cabling Solutions

The solution is comprised of high performance disconnection modules, user friendly cable management and innovative anti-snag patch cords.. It is the ideal cabling

PatchLink Vulnerability Management for Managed Services

PatchLink Update is a leading enterprise-level, security patch and vulnerability management solution that gives managed services providers an automated, cross-platform,

Implementing Security Patch Management

Want single flexible patch management solution with extended lev el of control to patch and update (+ distribute) all software. Customer

CENTRAL INDIANA TECH WORKFORCE STUDY EXECUTIVE SUMMARY

When it comes to developing the right talent for this sector, we need to predict industry needs, respond to the diversity of demand from companies, and equip talent with the

Satisficers and Maximizers: A Preliminary Examination of Maximization Tendencies and Slot-Machine Gambling

Overall, the results of the present study support the previous literature on the con- struct of maximization in choice behavior (e.g., Schwartz et al., 2002) by

Intrusion Detection and Threat Vectors Michael Arent EDS-Global Information Security

– Vulnerability management, patch management/vulnerability remediation, Vulnerability management, patch management/vulnerability remediation, security configuration

Electoral Commission. Auction # Patch Management Solution

Policy can be configured to allow updates to software and or the operating system that are deployed by a trusted updater (e.g. 3rd party patch management solution) Solutions

GE Measurement & Control. Cyber Security for Industrial Controls

The solution supports cyber security best practices such as centralized patch management, anti-virus/host intrusion detection updates, account management, logging and event