Considerations for Patch Considerations for Patch Management – an RFPManagement – an RFP

• Extensive RFPExtensive RFP

• Pain in the ButtPain in the Butt

• 10 Minutes to tell you about it10 Minutes to tell you about it

• If you have to do this process –If you have to do this process –

• RFP in a box – can save you some time RFP in a box – can save you some time

• John@ais.ucla.eduJohn@ais.ucla.edu

• 310-267-4949310-267-4949

Copyright John DeGolyer 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

What are you After?What are you After?

• MicrosoftMicrosoft

• Enterprise, A.D., small departmentsEnterprise, A.D., small departments

• Multi- O.S.Multi- O.S.

• ApplicationsApplications

• Managed serviceManaged service

• Different tools – different situationsDifferent tools – different situations

Big Picture – Step backBig Picture – Step back

• Why is it failing?Why is it failing?

• Security – Band Aids on Broken TechSecurity – Band Aids on Broken Tech

• OS not built for these timesOS not built for these times

• Built to share information – Built to share information – “groupware”“groupware”

• Hippies in RedmondHippies in Redmond

• M.S. late to IP Ungerman BassM.S. late to IP Ungerman Bass

Security is changing - AgainSecurity is changing - Again

• Firewalls – port 80 attacksFirewalls – port 80 attacks

• NATS – “Brittle” accountabilityNATS – “Brittle” accountability

• VPN / Encryption – encrypts the attackVPN / Encryption – encrypts the attack

• Host Firewalls – render scanning Host Firewalls – render scanning uselessuseless

• Host IPS – Can’t find systemsHost IPS – Can’t find systems

• New attacks – traditional security New attacks – traditional security methods are failingmethods are failing

Our criteria?Our criteria?

• Yet another agent – Really “smart” Yet another agent – Really “smart” agentagent– Talks over NATTalks over NAT– ET calls homeET calls home– Reports informationReports information– Secure communicationsSecure communications– Reports vulnerabilitiesReports vulnerabilities– Safe configurationsSafe configurations– Comprehensive Enterprise viewComprehensive Enterprise view

The Best quality:The Best quality:

• Patching is an Art – not a sciencePatching is an Art – not a science

• 1% - 3% failure rate1% - 3% failure rate

• 1% sounds low until the 1% is your Dean1% sounds low until the 1% is your Dean

• Clones ? Not really – Dell buildsClones ? Not really – Dell builds

• Software 5% of project costSoftware 5% of project cost

• High Quality Saves timeHigh Quality Saves time

• Scaling – SQL licensing – gotchaScaling – SQL licensing – gotcha

• Per Server – Expensive over enterprisePer Server – Expensive over enterprise

What did we look at?What did we look at?What do we use?What do we use?

• PatchlinkPatchlink

• Bigfix – eEye remediation managerBigfix – eEye remediation manager

• St. BernardSt. Bernard

• EverdreamEverdream

• EcoraEcora

• CitidelCitidel

• ShavlikShavlik

• AlterisAlteris