IBM Endpoint Manager for Patch Management

Automatically manages patches to hundreds of thousands of endpoints

• Delivers patches to endpoints for Microsoft Windows, UNIX, Linux and Mac operating systems.
• Delivers patches to endpoints for third-party applications from vendors including Adobe, Mozilla, Apple and Java, along with customer-supplied patches.
• Supports a variety of endpoints. These include servers, notebooks, desktops and specialized equipment such as point-of-sale (POS) devices, ATMs and self-service kiosks.
• Supports patching of online and offline virtual machines including roaming devices using Internet connections so that virtual and cloud environments have the same level of security as physical systems.
• Can support up to 250,000 endpoints from a single patch management server.

Applies only the correct patches

• Creates patch policies using IBM Fixlet® messages, which wrap the update with policy information such as patch dependencies, applicable systems and severity level.
• Installs an intelligent endpoint agent on every endpoint. It recognizes which patches are required for that machine, then automatically retrieves and applies the needed updates.
• Deploys patches more efficiently, even over low-bandwidth or globally distributed networks.

Gives you greater visibility into patch compliance

• Automatically assesses the endpoint status once a patch is deployed.
• Confirms successful installation and updates the management server. This step supports compliance requirements, which require definitive proof of patch installation.
• Can help you establish, document and prove compliance with patch management processes. Supports compliance with government regulations, service level agreements (SLAs) and corporate policies.
• Provides proof of continuous compliance, which can help you pass audits and comply with regulations.
• Can enforce policies and help you quickly report on compliance to improve your organization’s audit readiness.

Provides near real-time visibility and control

• Provides integrated web reporting. This allows users, administrators, executives, management and others to view dashboards and receive reports showing patch management progress in near real time.
• Indicates which patches were deployed, when they were deployed, who deployed them and to which endpoints.
• Uses the intelligent agents to continuously monitor endpoint states, including patch levels, and report them to a management server.
• Compares endpoint compliance against defined policies, such as mandatory patch levels.

Can help reduce security risk

• Allows you to create reports showing which endpoints need updates, and then distribute those updates within minutes.
• Allows IT administrators to safely and rapidly patch Windows, Linux, UNIX and Mac operating systems with no domain-specific knowledge or expertise.
• Stores audit information that tracks who ordered which updates for application to specific endpoints.
• Automatically remediates problems related to previously applied patches.