A compliance level refers to the percentage of computer devices that have been successfully patched or otherwise re mediated such that they are no longer vulnerable. Setting a reasonable goal for compliance levels is often a difficult concept. At first glance, a completely patched environment (100%) would appear to be a realistic goal.
With sheer number of vulnerabilities on the rise, the main objective of organizations is to ensure 100% patch compliant status of all managed endpoints. Patch Manager Plus helps achieve 100% patched and compliant status through a constant cycle of endpoint evaluation and remediation. When an endpoint is detected to be non-compliant with a patching policy, the platform automatically acts to bring the endpoint back into compliance and logs the activity - all of which can be automated with Patch Manager Plus.
Patch compliance management involves:
Patch Manager Plus provides a compliance policy called system health policy that can be used to define standards that identify if systems are non-compliant. The system health policy is used as a baseline to define the health status of managed systems.
How to define the System Health Policy?Generally, patches are released with varying severities ranging from Low to Critical. Based on these patch severities, Patch Manager Plus classifies the system into three categories to quickly identify the health status of the systems in the network. Based on the severity of the missing patches, the systems are categorized as Healthy, Vulnerable, and Highly Vulnerable. The default health policy is as below:
Patch Manager Plus also allows you to customize the health status of your systems by selecting the patch severity levels i.e. the number of missing patches, for various health states.
Thus by pre-defining system health policy, Patch Manager Plus maintains and monitors the patch compliance by detecting all vulnerable systems in the network and by deploying the right patch fixes to re-mediate the vulnerabilities.
An automated patch management system can assist in keeping your environment fully patch compliant i.e fully patched at all times. By enabling this automation of patch management process, Patch Manager Plus ensures that endpoints are compliant with latest version of software and that their missing updates are patched always. Patch automation involves scanning systems for missing patches, creating automated deployment tasks to vulnerable systems, effectively deploying the right patches to the systems and finally collect information if the entire enterprise is patch compliant or not. Thus automated patch deployment eases the process of maintaining patch compliance i.e if each system in the enterprise environment has the appropriate patches installed.
The different patch reports demonstrate patch compliance across endpoints by monitoring and reporting the vulnerability and patch status of each system. Automated email alerts for new updates, missing patches and failed deployments let administrators see which systems are non-compliant. It is possible to define patch compliance checks with the help of missing patches and vulnerable systems report.
Dynamic patch reports let administrators easily discover which devices are non compliant w.r.t patching and quickly re-mediate vulnerabilities.