Automated patch management to help reduce patch cycle times from days and weeks to hours or minutes
IBM BigFix Patch provides an automated, simplified patching process that is administered from a single console. It provides real-time visibility and enforcement to deploy and manage patches to all endpoints – on and off the corporate network.
Clients have reported seeing more than 98 percent first-pass patch success rates. The solution not only increases the effectiveness of the patch process, but it cuts operational costs and reduces patch cycle times.
IBM BigFix Patch:
- Provides automated patch management to hundreds of thousands of endpoints for multiple operating systems and applications – regardless of location, connection type or status.
- Applies only the correct patches required by the endpoint.
- Gives you greater visibility into patch compliance with flexible, real-time monitoring and reporting.
- Provides real-time visibility and control from a single management console.
- Proactively reduces security risk by streamlining remediation cycles from weeks to hours.
Provides automated patch management to hundreds of thousands of endpoints
- Patches 90+ OS types and versions including Microsoft Windows, UNIX, Linux and Mac operating systems.
- Delivers patches to endpoints for third-party applications from vendors including Adobe, Mozilla, Apple and Java, along with customer-supplied patches.
- Supports a variety of endpoints. These include servers, notebooks, desktops and specialized equipment such as point-of-sale (POS) devices, ATMs and self-service kiosks.
- Supports patching of online and offline virtual machines, including roaming devices using Internet connections so that virtual and cloud environments have the same level of security as physical systems.
- Can support up to 250,000 endpoints from a single management server.
Applies only the correct patches
- Creates patch policies using IBM Fixlet® messages, which wrap the update with policy information such as patch dependencies, applicable systems and severity level.
- Uses an intelligent agent on every endpoint to enforce and assess patch compliance. It recognizes which patches are required for that machine, then automatically retrieves and applies the needed updates.
- Deploys patches more efficiently, even over low-bandwidth or globally distributed networks.
Gives you greater visibility into patch compliance
- Automatically assesses the endpoint status once a patch is deployed.
- Confirms successful installation and updates the management server. This step supports compliance requirements, which require definitive proof of patch installation.
- Helps to establish, document and prove compliance with patch management processes. Supports compliance with government regulations, service level agreements (SLAs) and corporate policies.
- Provides proof of continuous compliance, which can help you pass audits and comply with regulations.
- Can enforce policies and help you quickly report on compliance to improve your organization’s audit readiness.
Provides real-time visibility and control
- Provides integrated web reporting. This allows users, administrators, executives, management and others to view dashboards and receive reports showing patch management progress in real time.
- Indicates which patches were deployed, when they were deployed, who deployed them and to which endpoints.
- Uses the intelligent agents to continuously monitor endpoint states, including patch levels, and reports them to a management server.
- Compares endpoint compliance against defined policies, such as mandatory patch levels.
Proactively reduces security risk
- Allows you to create reports showing which endpoints need updates, and then distribute those updates within minutes.
- Allows IT administrators to safely and rapidly patch Windows, Linux, UNIX and Mac operating systems with no domain-specific knowledge or expertise.
- Automatically remediates problems related to previously applied patches.
IBM BigFix Patch resources