1 / 17

Spanish Tivoli User Group Desktop Patch Management

Spanish Tivoli User Group Desktop Patch Management. Gary R. Hamilton ( hamil gar@uk.ibm.com ) GRT - E MEA. Cost of Downtime Remediation time Impact to data integrity Lost credibility. Negative publicity Legal issues Stolen intellectual property. Size of Company (# of computers).

john-curtis
Download Presentation

Spanish Tivoli User Group Desktop Patch Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spanish Tivoli User GroupDesktop Patch Management Gary R. Hamilton (hamilgar@uk.ibm.com) GRT - EMEA

  2. Cost of Downtime Remediation time Impact to data integrity Lost credibility Negative publicity Legal issues Stolen intellectual property Size of Company (# of computers) Percentage of computers (moderate - major impact) Dollar Impact US Dollars ($) 55.0% $ 2,400,000 100k – 500k 50k – 95k 41.6% $ 4,228,000 33.8% $ 3,458,741 10k – 50k 5k – 10k 39.0% $ 1,452,288 1k – 5k 30.6% $ 474,847 500 – 1,000 19.8% $ 84,207 100 – 500 11.1% $ 79,863 Why Patch Automation?Let me count the ways Source: http://www.ntbugtraq.com

  3. Vulnerability Reported Worm/Virus Launch Security bulletin and Patch Release Patch Developed Patch reversed engineered Worm/Virus Code created Why Patch Automation?You are always behind the bad guys Security Patch Timeline Patch Exposure Timeline Increasing Probability of Attack Attack Critical Path for Remediation

  4. The Importance Of Proactive Patch AutomationAnd YOU have to do testing ** Patch Management Process Introduction, January 2004 http://www.microsoft.com/technet/security/topics/patchmanagement/secmod193.mspx#EFAA

  5. Microsoft Patch Severity Ratings * Free Guide to Security Updates, Jeffrey R. Jones http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint051204.mspx ** Medium Business Solution for Patch Management Plan, January 2005 http://www.microsoft.com/technet/itsolutions/smbiz/mits/pm/mit_pm_2.mspx#ECAA

  6. Customers need a Complete Patch Automation ProcessIn Twenty-four Hours? • Vulnerability Assessmentis concerned with auditing software in your production environment, evaluating potential security threats, vulnerabilities and non-compliances. Requires accurate inventory of IT Assets to assess exposures. • Patch identification & downloadmeans determining a reliable and timely source of information on software updates (e.g. Microsoft Software Update Service, Sun Solaris Patch Manager, IBM AIX Fix Delivery Centre, Linux Red Hat Network). • Patch testing & approvalmeans following a process to maintain strict control over what is being changed, which vulnerability the fix addresses, what services and applications are being impacted, rollback plans, and priority. Requires an approval process. • Prioritizationis necessary to decide how quickly a fix must be rolled out (is it critical for business? how wild is the threat?). Scheduling depends on the box role (server/desktop), on the need of reboot, on impact on network, provided services etc. • Change build is the actual installable unit (patch, or software package) we’ll use to roll out the fix. This activity depends on the size of the patch, on the deployment method, on the need of a reboot, etc.). • Change implementationis the actual deployment. It may depend on best practices such as network load analysis, end user notification, reboot planning according to Quality of Service requirements, (potentially disconnected) laptops management, etc. • Change reviewis the phase that allows for identification of improvements and fine tunings in the patch management process itself. 1. Vulnerability Assessment 2. Patch Identification and Download 3. Patch Testing and Approval 4. Change Prioritization and Scheduling 5. Change Build 6. Change Implementation 7. Change Review

  7. Data Center Automation LPAR Physical Servers VMware Software Distribution and Management (Branch Office – Departmental) Servers Software Distribution and Management (Pervasive – Mobile Client) Clients Clients - Pervasive Tivoli Configuration Manager 4.2.3 Appropriate if TCM or Framework installed • Tivoli Configuration Manager 4.2.3 • 1st Half 2005 * * All dates subject to change

  8. Tivoli Configuration Manager 4.2.3 Patch Automation • Utilizes existing TCMarchitecture, people skillsand software distributionmechanisms • Leverages MBSA scanner, mssecure.xml and QCHAIN • For this initial release • Requires additional Patch Server • TCM Activity Planner Scheduling Capability • International Support

  9. Patch Management Policy Region – Patch Queries

  10. “Patches Not Installed” Query

  11. Patch Acquisition Task Library

  12. Patch Queries – new MS04-019 query (Q842526)

  13. Windows Patches Profile Manager

  14. MS04-019 (Q842526) Software Package

  15. MS04-019 Activity Plan

  16. Microsoft Windows Update Tivoli Patch Server Internet Automated Patch Management IBM Tivoli Configuration Manager 4.2.3 Provides Seamless and Automated Patch Management Tivoli Configuration Manager TCM calls the Patch Server to automate downloading and auditing of patch utilities from Microsoft 1. 1 TCM discovers latest patch status and the Patch Server automates patch download 2. 2 The Patch Server automates building TCM software package and activity plans 3. 3 Distributed Servers and Clients Data Center Servers Mobile Clients TCM administrator releases activity plan and monitors status with reports 4. 4 4 4

  17. Questions

More Related