Patch-management
   HOME

TheInfoList



Click Here for Items Related To - Patch-management
OR:
Patch-management on:   [Wikipedia]   [Google]   [Amazon]

Patch management is concerned with the identification, acquisition, distribution, and installation of patches to
systems A system is a group of interacting or interrelated elements that act according to a set of rules to form a unified whole. A system, surrounded and influenced by its environment, is described by its boundaries, structure and purpose and is exp ...
. Proper patch management can be a net productivity boost for an organization. Patches can be used to defend against and eliminate potential vulnerabilities of a system, so that no
threats A threat is a communication of intent to inflict harm or loss on another person. Intimidation is a tactic used between conflicting parties to make the other timid or psychologically insecure for coercion or control. The act of intimidation fo ...
may exploit them. Problems can arise during patch management, including buggy patches that either fail to fix their problem or introduce new issues. Patch management tools help orchestrate all of the procedures involved in patch management.


Description

''Patch management'' is defined as a sub-practice of various disciplines including
vulnerability management Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be ...
(part of
security management Security management is the identification of an organization's assets i.e. including people, buildings, machines, systems and information assets, followed by the development, documentation, and implementation of policies and procedures for pr ...
), lifecycle management (with further possible sub-classification into
application lifecycle management Application lifecycle management (ALM) is the product lifecycle management (governance, development, and maintenance) of computer programs. It encompasses requirements management, software architecture, computer programming, software testing, ...
and
release management Release management is the process of managing, planning, scheduling and controlling a software build through different stages and environments; it includes testing and deploying software releases. Relationship with processes Organizations that ...
),
change management Change management (CM) is a discipline that focuses on managing changes within an organization. Change management involves implementing approaches to prepare and support individuals, teams, and leaders in making organizational change. Change mana ...
, and
systems management Systems management is enterprise-wide System administration, administration of distributed systems including (and commonly in practice) computer systems. Systems management is strongly influenced by network management initiatives in telecommunic ...
. The practice is broadly concerned with the identification, acquisition, distribution, and installation of patches to
systems A system is a group of interacting or interrelated elements that act according to a set of rules to form a unified whole. A system, surrounded and influenced by its environment, is described by its boundaries, structure and purpose and is exp ...
. Some definitions of patch management are as a software-level practice, while others are as a systems-level process:
software Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications. The history of software is closely tied to the development of digital comput ...
, drivers, and
firmware In computing Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, h ...
.


Cost–benefit analysis

While reserving time for patching takes up enterprise resources, there are balancing factors which can make proper patch management into a net productivity boost for an organization. Up-to-date systems often perform more efficiently, less costly, with less errors, less
security risks In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environ ...
, and better user workflow. Additionally, compliance with changing local and federal regulations are more likely to be satisfied.


Relation to security management

Patches can be used to defend against and eliminate potential vulnerabilities of a system, so that no
threats A threat is a communication of intent to inflict harm or loss on another person. Intimidation is a tactic used between conflicting parties to make the other timid or psychologically insecure for coercion or control. The act of intimidation fo ...
may exploit them; therefore, patch management can be considered a sub-discipline of vulnerability management. Effective patch management is an essential element of a broader vulnerability management lifecycle, which involves continuous processes of identifying, evaluating, prioritizing, and remediating security weaknesses across systems and applications. Every patchable device in a system presents an
attack surface The attack surface of a software environment is the sum of the different points (for " attack vectors") where an unauthorized user (the "attacker") can try to enter data to, extract data, control a device or critical software in an environment. Ke ...
that must be secured.


Challenges

There are a multitude of problems that can arise during patch management. A common issue is buggy patches, which either fail to fix their problem or introduce new issues. Another issue is deployment synchronization, since various subsystems may receive instructions to update at different times. Similarly, the difficulty of patch management across many devices may grow at an uncontrollable rate depending on organizational size. One prominent demonstration of the challenges facing proper patch management was the buggy Falcon Sensor patch by
CrowdStrike CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of seve ...
which caused one of the worst IT outages of all time.


Implementations

A patch management tool (alternatively patch manager, patch management system, patch management software, or centralized patch management) help orchestrate all of the procedures involved in patch management. Tools can be in-house (applied locally by local administrators), or external, as with
managed service providers Managed services is the practice of outsourcing the responsibility for maintaining, and anticipating need for, a range of processes and functions, ostensibly for the purpose of improved operations and reduced budgetary expenditures through the ...
(applied externally by a provider).


Patch management software

*
Intel Active Management Technology Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitor ...
, used with
Intel vPro Intel vPro technology is an umbrella marketing term used by Intel for a large collection of computer hardware technologies, including VT-x, VT-d, Trusted Execution Technology (TXT), and Intel Active Management Technology (AMT). When the vPro ...
technologies, has features like scheduling, upgrade verification, and remote management; implementing patches along with
unified endpoint management Unified endpoint management (UEM) is a class of software tools that provide a single management interface for mobile, PC and other devices. It is an evolution of, and replacement for, mobile device management (MDM) and enterprise mobility manageme ...
. * Windows Update for Business,
System Center Configuration Manager Microsoft Configuration Manager (ConfigMgr) is a systems management software product developed by Microsoft for managing large groups of computers providing remote control, patch management, software distribution, operating system deployment, an ...
, and
Windows Server Update Services Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program and network service developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hot ...
offer control over patch deployment, with features enabling testing, scheduling updates, and setting custom configurations on Windows platforms.


Managed service providers

* ManageEngine Patch Manager *
SolarWinds SolarWinds Corporation is an American company that develops software for businesses to help manage their networks, systems, and information technology infrastructure. It is headquartered in Austin, Texas, with sales and product development offi ...
Patch Manager * Automox * Atera *
Kaseya Kaseya Limited ( ) is a company headquartered in Miami that develops software for network monitoring, system monitoring, and other information technology applications. It is majority-owned by Insight Partners and owns the naming rights to the Kas ...
VSA


References

{{DEFAULTSORT:Patch management Information technology management Configuration management System administration