Integrating & Automating Patch Management: 5 Ways Ivanti Can Help
Our technical teams at Ivanti ANZ have been speaking to customers about reducing their costs and manpower requirement for Patch Management over the past two years.
Typically, a Patch Management process spans multiple teams including, Security, IT ops, and Change Mgmt, all using differing technologies to achieve a successful outcome. For example:
- Patch research and tools such as Rapid 7, Qualys or Tenable for vulnerability scanning
- Service management for Change and CI tracking
- Manual health checking pre or post patching to ensure stability and success
- Deployment of patches both manual and automated
All of these elements are critical to achieving a Unified Automated and Integrated Patch Solution.
What’s the challenge?
Organisations find themselves reacting to a constant stream of information coming daily on threat feeds, patch releases, bulletins. This constant stream of information requires significant time, cost, and attention to manage effectively.
For many organisations ensuring they are secure and stable is not only a business requirement, but a legislative requirement. In Australia many find themselves accountable to implementing the ACSC Essential 8 security controls, 2 of which focus on vulnerability remediation.
The enemy to doing this, systems that don’t communicate, manual processes and no single source of truth.
5 Ways Ivanti Can Help
The breadth of capability and market wide integrations in the Ivanti platform allows us to deliver a truly integrated, and automated vulnerability management solution.
- Using Patch Intelligence we are able to provide customers threat data for thousands of patches, where you are vulnerable and if we have seen any stability issues caused by the patch that may affect you.
- We can integrate with your vulnerability management tool to import a list of CVEs and tell you the patches they correspond to, removing typical manual tasks.
- We can complete automated scans of Windows, Linux, Unix or Mac and drive the results straight to a change request in Ivanti Service Manager or your service management tool of choice.
- You go through the change & approval process, this then starts an automated routine.
- The automation & orchestration engine performs pre patch health checks, patches, reboots and checks health post patching returning all results to Service Manager. All results are then tied to the specific CI. So, if a machine has an issue IT can see that patches were recently deployed to it and the results of the health check.
Where’s the value?
This approach to continuous vulnerability management delivers a few key values to our customers:
- Better ROI from existing investments such as Rapid 7, Qualys or Tenable. Also better integration with Ivanti Service Management or your service management tool.
- Reduce manual effort from patch process leading to reduced costs.
- Better visibility of how patches affect your assets and reacting to issues to improve user experience.
- Automated health checks to highlight issues before users identify them and maximise user satisfaction and avoid downtime.
- Improved security posture by delivering patches faster to resolve known threats and vulnerabilities.
How can I get more information?
We have a short demonstration of the capability from the point of view of any IT worker. The key takeaways, they never have to leave the service management tool, they don’t need to know anything about patching and they can do everything from a browser or mobile phone app.
Please take a look and if you would like to know more contact anyone at Ivanti.