Community in read only mode June 18 & 19
This community will be set in READ ONLY mode for a while on Tuesday June 18 into Wednesday June 19 while we import content and users from our Micro Focus Forums community site. MORE INFORMATION

Patching is simple – what’s your excuse?

Micro Focus Contributor
Micro Focus Contributor
0 0 951

Blog post by 
Neelima Chaudharie
Specialist IE

As mundane as this might seem, patching is as important as risk management. It should be treated as a risk management exercise. Patches improve the performance of a system and contain data to update, fix, and improve the installed software.

In recent years, the threat landscape has changed significantly. Zero day attacks are negligible. It is the old, unpatched vulnerabilities that are at risk. Estimates show that attackers use well known vulnerabilities for which patches have been available for as long as a year ago.

Patching gap – the time between patch availability and patch application – shouldn’t be long. However, the bitter truth is, many organizations barely stay ahead to fix their most critical vulnerabilities. The question that arises here is, why does it take an organization so long to apply patches? Why do they stake it all to let their sensitive data be at risk?

Reasons could be:

  • Sheer volume of patches rolled out by OS vendors
  • Limited number of resources available
  • To avoid the possibility of system downtime
  • Risk that some patches may introduce new vulnerabilities
  • Notion that patching is a manual time-consuming process capable of disrupting a fully functional system

Therefore, many organizations deliberately delay patching, not realizing that they are sitting on a ticking time bomb. Numerous patches are rolled out by OS vendors but, not all patches are relevant for an organization’s need.

Data Center Automation (DCA) offers a simple solution enabling you to select patches from the list and apply them to your data center. This is done in 6 simple steps:dca arrows.JPG

  1. Download and import patch and CVE metadata into DCA.
  2. Create a list of patches you need based on the applicability scope and add them to a static patch bundle.
  3. Create a policy with the Measurement Service Level Objective (MSLO) and Remediation Service Level Objective (RSLO) defined. MSLO and RSLO specify the frequency (in days) for scanning and remediation based on the maintenance window defined.
  4. Attach the static patch bundle to this policy.
  5. Attach this policy to a resource group. This ensures only the resources that are a part of this resource group get the patch updates.
  6. Run a patch scan or a patch remediation job, alternatively wait for the scan to run based on the maintenance window defined.

In conclusion, DCA static patching is simple, making an administrator’s life stress-free. It allows you to:

  • Pick and choose patches based on priority or remediation need.
  • Automatically schedule scan and remediation as soon as the maintenance window, MSLO, and RSLO are defined.

For more information on product features and technical guides, visit the DCA customer documentation.

For more information on what’s new in DCA, use cases, product discussions, idea exchanges, videos and blogs see the ITOM Practitioner Portal.

Tags (1)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.