Product OverviewThe deluge of security patches is overwhelming to any organization that still adopts manual patch management processes. The most viable solution is to implement an automated software that is easy to use, accurate and is available at a breakthrough price.
AdventNet SecureCentralTM PatchQuest is an automated, patch management software for distributing
and managing patches, security hotfixes and updates across heterogeneous networks comprising
of Windows, Red Hat Linux and Debian Linux systems, in just a few simple clicks.
Architecture
PatchQuest patch management solution, comprises of a four-stage, distributed architecture.
There are four primary components that constitute the setup.
Ease of installation
No prerequisite software installations
required
Policy based scans
Scan machines based on custom criteria
(policies) - schedules, machine-group
based to name a few
Accurate patch validation
Checking for correctness and
completion of patch installation by
verifying file change details, registry
change details & checksum values of
patches identified
Handling of obsolete /
superceded patches
Appropriate detection and display of
patches that are no longer valid as
well as patches that can be replaced
with higher patch versions
Multiple patch deployments
Deployment of more than one patch
in a single machine as well as a
single patch to be installed
simultaneously in multiple machines
4 Step process
S - System addition and discovery
P -Patch assessment or scanning
P - Patch download and deployment
R - Reporting
Remote reboot options
Ability to specify and control reboot
of the machine after single and multiple
patch installations
Software Inventory tracking
Detection of software installed
in all client machines
Secure mode of communication
Encrypted data transfer between
server and target machines
Intelligent alerting features
E-mail messages sent for completion,
abortion, other failures, for different
tasks like scanning, patch download
and patch installation
Audit information
Recording audit information of various
tasks done
External Patch Crawler
- Resides at the AdventNet site
- Repeatedly probes the internet to draw vulnerability information from various security
information sources - mainly vendor websites
- Carries out lpatch assessment - downloads and tests patches for authenticity and functional
correctness
- Correlates assessment data and derives a consolidated vulnerability database in file format
- Publishes this database to the Central Patch Repository so that it serves as a baseline for
vulnerability assessment, providing information required for patch scanning and installation
- Periodically performs the information gathering, patch analysis and publishing processes
Central Patch Repository
- Portal that resides at the AdventNet site
- Hosts the latest baseline vulnerability database, published from the External Patch Crawler
- Exposes this database to the PatchQuest Server (at different customer sites) for download
PatchQuest Server
- Resides at the customer site or enterprise
- Subscribes to the Central Patch Repository, to periodically download the latest vulnerability
database
- Manages patch management operations in the enterprise from a central point
- scans the devices in the heterogeneous enterprise network - either remote scanning
or in conjunction with the PatchQuest agent
- checks for missing and available patches against the comprehensive vulnerability
database
- downloads and deploys missing patches and service packs
- generates reports to present a perspective of the patch management process in your
enterprise
- Allows patch management operations to be initiated and controlled from a universally
accessible, web-based administration console in a few simple clicks
PatchQuest Agent
- Is a light-weight software that facilitates the agent-based mode of patch management
- Is optional and can be installed in a target machine which is locked down, and behind a
firewall
- Acts as a worker to carry out the patch management operations as instructed by the
PatchQuest Server
- Allows for flexibility in patch management, based on the enterprise network infrastructure
set-up and requirements
Patch management using PatchQuest is primarily a four-step process.
System addition and discovery
Systems can be managed using an agentless or agent-based approach or a combination of
both.
To facilitate managing machines remotely (agentless), computers have to be first added to
the PatchQuest setup. The addition of systems can be done one by one or by specifying an
IP range from the web interface to the server. Appropriate credentials need to be supplied for
each system.
For Windows operating systems, Windows APIs are used to login remotely and to query the
system details. CLI APIs over SSH or Telnet protocols are used to log into Linux machines to
manage them remotely. Unix commands are executed to identify the distribution type, release
number and kernel version after a successful login attempt by applying the login credentials
provided.
If the agent-based mode is adopted, a light-weight agent needs to be installed in the target
machines. Agents are used to manage mobile computers and machines that are locked down
behind a DMZ. The agents intimate their status and other machine details, automatically to the
server.
Patch assessment or scanning
At the user's request, the PatchQuest server opens one or more sessions to a remote
system to begin a patch assessment of each system or instructs the PatchQuest agent that
has been installed on the target device to carry out the assessment. Using a comprehensive
database consolidated from Microsoft´s bulletins, Red Hat errata and Debian advisories, the
scanning mechanism checks for the existence and state of the patches by performing file
version checks, registry checks and checksums. The vulnerability database is periodically
updated with the latest information on patches, from the Central Patch Repository. The
scanning logic automatically determines which updates are needed on each client, taking into
account the operating system, application, and update dependencies.
On successful completion of an assessment, the results of each assessment are returned
and stored in the server database. The scan results can be viewed from the web-console.
The missing patches for a particular computer can be selected and used to generate a
"deployment list" which will be used as input for the patching mechanism.
Patch download and deployment
On selecting the patches to be deployed, you can trigger a download or a deploy request. At
first the selected patches are downloaded from the internet and stored in a particular location
in the PatchQuest server. Then they are pushed to the target machines remotely, after which
they are installed sequentially. In the agent mode, the PatchQuest agents take care of pulling
the patches and installing them thereafter. A rescan of the target machines in question results
in validating if the installations were successful.
Reporting
The information on the entire patch management process in your enterprise is presented in
the form of comprehensive reports via the centralized web console. The status and summaries
of the different activities namely assessment, download and deployment and others like
compliance and audit information are provided in the form of tables and graphs, which assist
the system administrators and IT Managers to make well-informed security decisions.
|
