Patch Management

as a Service

Stratejm has integrated with HCL BigFix (www.bigfix.com) to bring continuous patch compliance, visibility and enforcement to Customer. With software—and the threats against that software—constantly evolving, organizations need an effective way to assess, deploy and manage a constant flow of patches for the myriad operating systems and applications in their heterogeneous environments.

BigFix Patch gives organizations access to comprehensive capabilities for delivering patches for Microsoft Windows, UNIX, Linux and Apple Macintosh operating systems; third-party applications from vendors including Adobe, Mozilla, Apple and Java; and customer-supplied patches to endpoints—regardless of their location, connection type or status. Endpoints can include servers, laptops, desktops and specialized equipment such as point-of- sale (POS) devices, ATMs and self-service kiosks. In addition, online and offline virtual machines can be patched so that virtual and cloud environments have the same level of security as physical systems. The offline virtual machines are brought online in a secure environment where only BigFix has access to them, ensuring that patches can be applied before the endpoints are made available for use.

How it works

The power behind all BigFix functions is a unique, single-infrastructure approach that distributes decision-making out to the endpoints, providing extraordinary benefits across the entire solution family, with features that include:

Intelligent Agent

BigFix places an intelligent agent on each endpoint to perform multiple functions, including continuous self- assessment and policy enforcement—with minimal impact on system performance.

Reporting

The single, unified console built into BigFix orchestrates a high level of visibility that includes real-time and continuous reporting and analysis from the intelligent agent.

Capabilities

The scalable and lightweight BigFix architecture allows any agent to be configured as a relay between other agents and the console. This function enables the use of existing servers or workstations to transfer packages across the network, reducing the need for servers.

HCL Fixlet® Messages

The Fixlet Relevance Language is a published command language that enables users, business partners and developers to create custom policies and services for endpoints managed by BigFix solutions.

Approach

Stratejm’s approach is to apply the correct patches to the correct endpoints. BigFix helps us with our approach by automatically creating patch policies, called HCL Fixlet® messages, which wrap the update with policy information such as patch dependencies, applicable systems and severity level. An intelligent endpoint agent recognizes which patches are required for the machine on which it is installed based on the endpoint’s unique hardware, operating system, configuration settings, applications and installed patches. The agent then automatically retrieves and applies only the relevant updates for that specific endpoint.

Patch Management Process

BigFix Patch automates the entire patch management process and enhances security while saving organizations money, time and effort.

Research

BigFix acquires, tests, packages and distributes many patch policies directly for users, removing considerable patch management overhead. This largely automated process provides a consistent, high-quality patch in a timely manner.

Assess

The BigFix intelligent agent continuously monitors and reports the endpoint status, including patch levels, to a management server. This intelligent agent also compares endpoint compliance against defined policies, such as mandatory patch levels.

Remediate

An organization can quickly create a report showing which endpoints need updates and then distribute those updates to the endpoints within minutes. IT administrators can safely and rapidly patch Windows, Linux, UNIX and Mac operating systems with no domain-specific knowledge or expertise, and the solution stores audit information that tracks who ordered which updates to be applied to which endpoints.

Confirm

Once a patch is deployed, BigFix automatically reassesses the endpoint status to confirm successful installation and immediately updates the management server in real time. This step is critical in supporting compliance requirements, which require definitive proof of patch installation. With this solution, operators can watch the patch deployment process in real time via a centralized management console to receive installation confirmation within minutes of initiating the patch process. By closing the loop on patch times, organizations can ensure patch compliance in a way that is smarter and faster.

Enforce

The BigFix intelligent agent provides continuous endpoint enforcement and ensures that endpoints remain updated. If a patch is uninstalled for any reason, the agent can be configured to automatically reapply it to the endpoint as needed.

Report

Integrated web reporting capabilities allow end users, administrators, executives, management and others to view dashboards and receive up-to- the- minute reports. Dashboards and reports indicate which patches were deployed, when they were deployed, who deployed them, and to which endpoints. Special “click-through” dashboards show patch management progress in real time.