Skip to main content

Patch Management – Bitdefender TechZone

Abstract

Efficiently manage patches and secure your systems. Easily track, install, and schedule automatic patch scans, ensuring your software is up-to-date and protected from cyber threats.

Unpatched software creates security holes that can be used to compromise entire companies by cyber criminals. An unpatched operating system provides attackers with an easy path to remotely run commands or gain privileges on a system. With such access, an attacker could then create accounts with administrator privileges, install software, and view, change, or delete data. Equally as risky, applications with security vulnerabilities can lead to exploits that can also compromise the security, integrity, and even the reputation of a company. As a result, security teams cannot afford to leave operating systems and software unpatched. The responsibility of security teams to keep systems up-to-date has become more demanding of time and resources.

Security teams are faced with several different challenges involved in keeping operating systems and software up-to-date:

  • The increased frequency of operating system patches can be daunting to keep up with.

  • Operating system updates can sometimes be problematic and cause crippling issues to production environments

  • It’s difficult to keep track of installed software and available updates for those applications.

  • With different time zones and uptime requirements, it’s challenging to schedule patches during maintenance windows

  • Deploying patches to large environments can be slow and network bandwidth intensive.

GravityZone Patch Management offers a complete Operating System and application patching solution for Windows, macOS, and Linux environments.

Through scheduled patch scans, administrators can keep track of operating system updates, as well as software installed on the systems, and any available patches for those applications. GravityZone Patch Management allows setting up automatic, comprehensive maintenance windows to prevent workflow interruptions. It also enables the use of a patch caching server, thus significantly reducing patch install’s bandwidth utilization, and increasing the speed at which the patches are distributed to the endpoints.

GravityZone Patch Management

GravityZone’s Patch Management allows security teams to easily keep an inventory of available patches. It also allows fast patch installation and the option to ignore problematic patches.

Capabilities

GravityZone Patch Management is an add-on component that can be easily installed to systems through the GravityZone console’s simple package creation. Security teams can choose to also install the Patch Management Cache Server role to specific Windows or Linux systems. This role allows all relevant patches to be stored on the local network, which not only helps accelerate the deployment of patches, but also reduces the overall internet bandwidth needed for distributing patches and updates. If the patch caching server is unavailable, systems can be configured to fall back to downloading the patches from the manufacturer’s website.

GravityZone Patch Scanning

Once the Patch Management feature has been deployed, security teams can manually trigger patch scans on endpoints that can both scan for operating system updates, as well as available software patches. These patch scans can also be configured via GravityZone’s policies and configuration profiles. The available Smart Scan feature can automatically scan newly installed software for any available patches or updates. The completion of the patch scan will then populate the Patch Inventory.

GravityZone Patch Scanning

Using GravityZone’s Patch Management maintenance windows, security teams can schedule automatic patch scans and patch installs during convenient times so as to not impact productivity.

Comprehensive Patch Visibility

The Patch Inventory provides a complete view into any available Windows, macOS, or Linux patch. Through the Patch Inventory, security teams can sort patches by Operating System type, software manufacturer, patch category (security and non-security), and patch severity— patch severity includes: none, low, moderate, important, critical, and unassigned. Managed Service Providers and customers using a multi-tenant GravityZone console can also view available patches by managed company.

Patches can easily be searched for by patch name, Knowledgebase (KB) number, Common Vulnerabilities and Exposures number (CVE), Bulletin ID, and affected product.

Deploy Patches You Want, Ignore Problematic Patches

The Patch Inventory allows security teams to choose the updates and patches they want to deploy— and on what systems they want to deploy those patches.

From time to time, patches and updates will be released for the operating system or software that can be problematic. These updates can create conflicts with other software and become crippling to businesses. Problematic updates have been known to cause systems to crash, keep systems in a boot loop, destroy data, and more. With GravityZone Patch Management, security teams can choose to ignore such precarious patches, and selectively deploy them to test environments until they are deemed safe for installation in production environments.

Automatic Patch Scans & Deployments During Maintenance Windows

GravityZone Patch Management includes the ability to configure Maintenance Windows through its Configuration Profiles. These maintenance windows can define a specific date and time range when patch scans can be automatically triggered, and patches installed. Different maintenance windows can be assigned through GravityZone’s accessible policies. Security teams can specify the software they want automatically updated, down to the distinct version number.

Powerful Integration and Reporting

From the GravityZone dashboard, security teams can see a view of the network patch status – this allows immediate visibility into successful and unsuccessful patch installations for security and non-security patches. With a simple click into the Network Patch Status chart, security teams can access a detailed report of the patches and updates that were installed, have failed, or are pending installation. With just a few more clicks, patches can be deployed to the affected systems right from the report. There’s no need to fumble with different menus and interfaces to quickly deploy patches. The report can also be exported to a PDF or CSV file, or emailed to the configured GravityZone manager account.

GravityZone Patch Management Reporting

GravityZone Patch Management reports give detailed view into network patch status with several search and sorting options. The report can be exported in a number of different formats or emailed to the GravityZone account manager.

Integration with GravityZone Endpoint Detection and Response (EDR), provides the ability to immediately patch vulnerable software on systems where a threat was detected. Furthermore, Patch Management integrates with GravityZone’s Risk Management, allowing fast and immediate patching of potentially unsafe software. All of this functionality is delivered through the same management console.

GravityZone Patch Management takes the stress and complexity out of managing operating system updates and software patches. With the features outlined in this article, security teams can keep their systems up-to-date and help prevent cyberattacks from damaging their businesses

Recommended Content

To learn more about the technologies included in the Prevention layer we recommend reading the next article Risk Management.

More Resources

Bitdefender Patch Management official website: GravityZone Patch Management

Bitdefender Patch Management Datasheet: Bitdefender GravityZone Patch Management Datasheet