Patch Management

The Business Problem

The pace of discovery of new security vulnerabilities continues to accelerate, while the time between vulnerability discovery and emergence of malware to exploit them is shrinking. Industry analysts indicate that most successful cyber attacks occur by exploiting known vulnerabilities for which remediation is already available, but not yet installed on at-risk computers. It’s not that IT departments are lax in their defense, it’s that hackers move so quickly to exploit newly discovered weaknesses. For example, the August 13, 2005 “Zotob” worm significantly impacted large financial, manufacturing, media, and other global businesses by targeting a vulnerability for which Microsoft had released a patch less than 5 days previously.

As Zotob, Blaster, Sasser and other global data security emergencies demonstrated, organizations run significant business, service, help desk cost and data theft risks if they lack a comprehensive patch management program that can quickly and effectively address critical vulnerabilities before hackers take advantage of them, and keep them protected through continuous, ongoing enforcement.

The BigFix Solution

BigFix Enterprise Suite Patch Management, in conjunction with the BigFix Enterprise Suite platform provides a comprehensive security patch management solution for distributed, multiplatform networks.

• Provides a centralized real-time (seconds and minutes), view of patch compliance status of an entire enterprise to enable IT departments to make informed priority setting and action decisions
• Enables administrators to meet high service level expectations through real-time detection, remediation and verification of patch status
• Simplifies targeting and deployment through pre-packaged, pre-tested security patches
• Enforces policy-defined patch baselines on endpoint devices, even when not connected to the enterprise network, to insure that mobile and remote computers maintain patch compliance wherever they roam
• Provides roll-back (for patches that support uninstall), to provide a safety net in the event that a patch triggers unintended consequences in the network
• Insures that only authorized administrators can apply patches, and that patches are authentic through built-in Public Key Infrastructure (PKI) security and secure hash validation of patch packages
• Provides a full audit trail of patching actions and patching steps taken on every computer
• Provides ongoing continuous enforcement of patch compliance through policy-based automation

Buying Guide

BigFix Enterprise Suite Patch Management—Comprehensive security patch management for Windows, Unix, Linux, and Mac OS X.

• Single solution for Microsoft operating systems in 14 world languages, Microsoft applications, Unix, Linux, and Macintosh OS X
• Detects and remediates corrupt Windows patches for improved security and accurate patch compliance

BigFix Enterprise Suite platform—The highly scalable, real-time foundation for BigFix configuration management and security solutions. The BigFix Enterprise Suite platform is a prerequisite to BigFix Patch Management

Find Out More