Many IT admins who manage Windows-based environments have been following the same routine on the second Tuesday of each month for many years. On that day, Microsoft releases a batch of security updates (patches) for their operating systems and other software products. Each of these patches contain fixes for one or more vulnerabilities that have been identified and ranked by the Common Vulnerabilities and Exposures (CVE) system.
Applying all patches may be complicated and that is why prioritization is required. You must look at the criticality of the patches to your business and operations. You have to validate that your business workloads are not affected in any way by the patches. Finally, you have to identify maintenance windows when you can bring down the production workloads minimizing the impact on your business.
DCA is an automated patch management solution meant to simplify patch delivery in heterogeneous data centers.
DCA scans for the risk state of the data center against policies using the vulnerability content available. This way, it makes it easy to determine what patches can be applied safely. With DCA, the SME can create security policies for patching, and author policies for target resources to determine when resources should be scanned and remediated to maintain SLOs.
To automate maintenance schedules, SLOs are used in combination with maintenance schedules. A scan is scheduled and executed depending on the measurement SLO, maintenance schedule configuration, subscription time, and the load on DCA at the scheduling time. An SLO defines the frequency of the job while a maintenance schedule defines the opportunity for running the job. The decision about when to patch is important, but often overlooked. It is recommended to patch at the earliest point in time where the cost to patch is less than or equal to the cost not to patch. For example, the risk to unpatched systems -- and the potential cost in downtime and recovery -- increases dramatically once an exploit is publicly available.
Finally, through the risk dashboards, DCA gives you complete visibility over the patch status of your systems. The actionable, drill-down dashboard in DCA shows risks by severity, key events, age of vulnerabilities, and resources affected.
Automated patching tools like DCA are vital for the modern Security Operations teams responsible for an ever growing IT infrastructure with limited financial resources.
Here's a simple use case that describes the steps required to perform the patching of RHEL 7 resources.
For more information on product features and technical guides, visit the DCA customer documentation.
For more information on what’s new in DCA, use cases, product discussions, idea exchanges, videos and blogs see the ITOM Practitioner Portal.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.