Instant response times with BigFix Patch Management

According to Zion Market Research, the global cyber security market was valued at $105.45 billion in 2015, is expected to reach $181.77 billion in 2021, and is anticipated to grow at a CAGR of 9.5% between 2016 and 2021. That said, if even one of the world’s technology conglomerates was equipped to provide a one-stop, foolproof security and compliance solution, we would not see statistics like this.

There is a high chance the majority of vendors of your endpoint operating systems may not be the best choice for your compliance/ security needs – a fact that is amply demonstrated by security conferences and vendor showcases. Your choice of tool for reacting to today’s cyber security threats must, therefore, have a ‘separation of duties.’ However, there are serious impediments in achieving this. The key points from a technical evaluation perspective are:

• Using Background Intelligent Transfer Service (BITS) to manage bandwidth from endpoints to server | Ineffective bandwidth throttling (relies on network card speed instead of available bandwidth measurement) -- A large patch or series of patches prevent users from running many applications on less than stellar network connections
• Patching proving to be a big inconvenience and seriously impacting productivity – Multiply that by the hundreds or thousands of users in an enterprise | Patch Day’ becomes a low productivity day with patches taking hours to deploy on busy endpoints
• Continuously ensuring management service is in tip-top shape owing to its functional and reporting criticality | Safeguarding it from instability and malware attacks to ensure continuous compliance reporting and endpoint determination
• Ensuring machines are part of Active Directory (AD); their connections to AD are not degraded by software failure or high network latency

How BigFix Patch helps your business

• Provides an automated, simplified patching process that is administered from a single console
• Provides real-time visibility and enforcement to deploy and manage patches to endpoints— on and off the corporate network
• Increases patch process effectiveness | Delivers more than 98 percent first-pass patch success rates
• Significantly reduces operational costs and patch cycle times (from weeks and days to hours or minutes)
• Keeps endpoints secure

BigFix Patch: Key features

• Provides automated patch management
• Applies only the correct patches
• Offers greater visibility into patch compliance
• Delivers real-time control from a single console
• Proactively reduces security risks

Achieving instant response times

• Supports up to 250,000 endpoints from a single management server
• Patches more than 90 OS types to deliver patches to endpoints for third party applications
• Supports a variety of endpoints: physical and virtual servers, laptops, desktops, POS devices, ATMs and self-service kiosks
• Streamlines remediation cycles from weeks to hours or minutes
• Creates reports showing which endpoints need updates | Distributes updates within minutes
• Allows IT administrators to safely and rapidly patch Windows, Linux, UNIX and Mac OSs with no domain-specific knowledge or expertise
• Automatically remediates problems related to previously applied patches

Best Practices for BigFix Patch

• Ensure compression utilities and patch required for compliance exist on all target endpoints
• Leverage a relay to cache content closer to endpoints being updated | The cache at endpoints speeds up process(es)
• Ensure BigFix root server and relays have enough space to cache packages
• Ensure there are less number of components in baseline for best performance | Avoid running multiple baselines from same site on same endpoint
• Allow adequate time for a Fixlet (using the multiple-package installation method) to complete all transactions | Refresh status on endpoints before individual deployment
• Ensure repositories registered on endpoints contain target packages plus all required dependency packages
• Do not include multiyear Fixlets and Fixlets with packages in different repositories
• Test patches through released Fixlets before installing them on endpoints | Helps identify all possible conflicts before deploying on production
• Have a strong backup and recovery plan in place while patching

Cyber criminals may not care if you are compliant, but they sure will figure out if you’re not patched. Be smart and keep your end points up-to-date, it’s a win for security and compliance.