Tool Analyzes Patches

Determines security changes to be made.

The new Radia Patch Manager applies a policy-based model to the process of updating security patches across servers, workstations and mobile devices. It will initially support Windows servers but will quickly follow up with support for a variety of Unix platforms, officials said.

"We take a life-cycle approach to discover what is and isnt there, whos at most risk, take action to do something about it and maintain it at a steady state," said Joseph Fitzgerald, chief technology officer and co-founder of the Mahwah, N.J., company.

The tool automates the range of patch management functions from patch acquisition, impact analysis and vulnerability assessment to deployment and ongoing patch compliance with policies so devices remain configured correctly.

The tool is intended to help enterprises close the gaps in patch availability, testing and deployment.

"Most enterprises are six months behind in patches. They favor stability over vulnerability until theres a big problem," said Fitzgerald. "We help determine the impact, figure out which groups would be affected, so that if you have the SQL Slammer patch installed on 10,000 servers but only used on 2,000, we can identify that."

Radia Patch Manager automates:
  • Patch acquisition
  • Impact analysis
  • Vulnerability assessment
  • Deployment
  • Patch compliance
  • Device configurations
Radia Patch Manager can obtain and import patches from a variety of sources, including Microsoft Corp.s patch site, third-party vendor media, shared drives or other sources, Fitzgerald said. It automatically downloads patches, hot fixes and security packs to a repository inside the enterprise firewall for analysis and deployment.

Rather than blindly installing a new patch, the tool examines the patch to "derive all the bits its going to change and use that to cross-reference other applications that are using those bits as well as other patches, so we can see whats really going to be changed. We can get great information about whats going to be affected," said Fitzgerald.

According to analysts, ensuring security and stability requires that patch management be a part of an overall layered approach to IT security. The correct approach should include strong perimeter protection, administration and security configuration management.

Although it is integrated with the Radia Management Suite of change and configuration management software tools, Novadigm also intends to offer the patch manager as a stand-alone product.

Radia Patch Manager will be available at the end of the month for Windows platforms. A new release adding support for HP-UX, IBM AIX, Sun Microsystems Inc.s Solaris and Linux is due by the end of September.

Prices start at $35 per desktop and $100 per server.