|
|
The PatchQuest patch management solution, comprises of a four-stage, distributed architecture. There are four primary components that constitute the setup :
The External Patch Crawler resides at the AdventNet site and repeatedly probes the internet to draw vulnerability information from various security sources - mainly advisories from the RedHat Network, Debian websites & bulletins from the Microsoft website.
Patch download, assessment for patch authenticity and testing for functional correctness is also carried out at this site. The final analysis and data are correlated to obtain a consolidated vulnerability database which serves as a baseline for vulnerability assessment in the enterprise. The modified vulnerability database is then published to the Central Patch Repository for further use. The whole process of information gathering, patch analysis and publishing the latest vulnerability database occurs periodically.
The Central Patch Repository is a portal in the AdventNet site, which hosts the latest vulnerability database that has been published after a thorough analysis. This database is exposed for download by the PatchQuest Server situated in the customer site, and provides information required for patch scanning and installation.
PatchQuest Server is located at the enterprise (customer site) and subscribes to the Central Patch repository, to periodically download the vulnerability database. It scans the devices in the heterogeneous enterprise network - either remote scanning or in conjunction with the PatchQuest agent - checks for missing and available patches against the comprehensive vulnerability database, downloads and deploys missing patches and service packs, generates reports to effectively manage the patch management process in your enterprise. All these actions can be initiated from a universally accessible, web-based administration console in a few simple clicks.
The PatchQuest Agent is a light-weight software that is installed in a target machine. It acts as a worker to carry out the patch management operations as instructed by the PatchQuest server. The agent-based mode of patch management is an option that you can adopt, based on your enterprise network infrastructure set-up and requirements. It is an optional component that can be employed in target machines that are locked down or behind a firewall (or) to manage systems in present remote geographical locations where a dedicated network tunnel is not feasible (HTTPS mode).
Patch management using PatchQuest is primarily a four-step process.
System addition & discovery
Systems can be managed using an agentless or agent-based approach or a combination of both.
To facilitate managing machines remotely (agentless), computers have to be first added to the PatchQuest setup. The addition of systems can be done one by one or by specifying an IP range from the web interface to the server. Appropriate credentials need to be supplied for each system.
For Windows operating systems, Windows APIs are used to login remotely and to query the system details. CLI APIs over SSH or Telnet protocols are used to log into Linux machines to manage them remotely. Unix commands are executed to identify the distribution type, release number and kernel version after a successful login attempt by applying the login credentials provided.
If the agent-based mode is adopted, a light-weight agent needs to be installed in the target machines. Agents are used to manage mobile computers and machines that are locked down behind a DMZ. The agents intimate their status and other machine details, automatically to the server.
Patch assessment or scanning
At the user’s request, the PatchQuest server opens one or more sessions to a remote system to begin a patch assessment of each system or instructs the PatchQuest agent that has been installed on the target device to carry out the assessment. Using a comprehensive database consolidated from Microsoft's bulletins, Red Hat errata and Debian advisories, the scanning mechanism checks for the existence and state of the patches by performing file version checks, registry checks and checksums. The vulnerability database is periodically updated with the latest information on patches, from the Central Patch Repository. The scanning logic automatically determines which updates are needed on each client, taking into account the operating system, application, and update dependencies.
On successful completion of an assessment, the results of each assessment are returned and stored in the server database. The scan results can be viewed from the web-console. The missing patches for a particular computer can be selected and used to generate a 'deployment list' which will be used as input for the patching mechanism.
Patch download and deployment
On selecting the patches to be deployed, you can a trigger a download or a deploy request. At first the selected patches are downloaded from the internet and stored in a particular location in the PatchQuest server. Then they are pushed to the target machines remotely, after which they are installed sequentially. In the agent mode, the PatchQuest agents take care of pulling the patches and installing them thereafter. A rescan of the target machines in question results in validating if the installations were successful.
Reporting
The information on the entire patch management process in your enterprise is presented in the form of comprehensive reports via the centralized web console. The status and summaries of the different activities namely assessment, download and deployment and others like compliance and audit information are provided in the form of tables and graphs, which assist the system administrators and IT Managers to make a well-informed security decisions.
|
|