Академический Документы
Профессиональный Документы
Культура Документы
April 2012
WP-EN-04-17-12
Introduction
Laying the Groundwork
1. Discover Assets
2. Agent Maintenance 4
3. Classify Value and Risk
12
14
15
15
16
17
On Patch Tuesday
12. Study Vendor Information and Patch Tuesday Security Briefings 19
13. Prioritize Potential Patches
14. Change Control
20
21
19
24
27
28
Introduction
Patch and vulnerability management is a core component of your risk mitigation strategy. It is the first and
last line of defense against existing and new exploits laying the foundation from which your AV and other
security technologies work. As the sophistication and sheer volume of exploits targeting operating systems
and major applications increases, the speed of assessment and deployment of security patches is key to
mitigating risks and remediating vulnerabilities and reducing costs.
In this best practice guide, we are going to take a deep dive into a best practice process for patch and vulnerability management, developed by Lumension over thousands of customer engagements. This process
which is flexible and simple enough to be adapted into your environment revolves around the well-known
monthly release of security updates from Microsoft known as Patch Tuesday, and includes:
1. Discover Assets
Within Lumension Endpoint Management and Security Suite (L.E.M.S.S.), identif y all hardware
and sof t ware on the net work and categorize them
by platform, applications, depar tment, etc.
Practical Steps:
In L.E.M.S.S., navigate to Discover > Assets
3
2. Agent Maintenance
Ensure that all endpoint assets in the network have been fully installed with an automated patch solution.
Install new patch management agents where required, if this task has not yet been fully automated with
a group policy, login script or other technique. Identify offline agents and last contact date either inside
L.E.M.S.S. or by running the Endpoint Check-in report in Lumension Reporting Services (LRS), a free,
integrated add-on to L.E.M.S.S.
The report displays the list of endpoints that have not checked-in with the server in a given
timeframe.
Ensure that agent communication is established with all the endpoints in your environment.
Review endpoints that have not checked in recently and verify which endpoints need follow-up or
attention prior to rolling out updates (training computers that are off vs. sales guy in field that needs
to check in)
Run the Operational Report Agent Version and Operating System Distribution in LRS
The report displays the mix of agent versions and operating systems in the endpoint environment,
along with a detailed endpoint count.
Ensure that all desired endpoints are listed, have the expected agent version(s) and communicate
properly.
Practical Steps:
Review your network topology and classify your assets by level of criticality.
Practical Steps:
Determine system ownership, uptime requirements,
and patch windows for these machines. Define the
patch cycle for different managed systems.
Next, assign users to the selected role(s) from the Users tab.
Set up your categorized assets in custom groups in L.E.M.S.S.
On the Manage Groups page, click on Custom Groups.
Navigate to View in the upper right corner and select Group
On the Manage > Agent Policy Sets page, create a new agent
policy and define the hours of operation.
10
For machines managed over the WAN, it is recommended to set up a caching proxy per remote
location to cache the package content.
Deploy Lumension Caching Proxy 2.7 for Windows to a target machine in the remote location
Create Agent Policy and set FastPath Servers Both Interval and Define Servers
Manage > Agent Policy Sets > Select Create and Save when completed
Note: Policy will not set until the next check-in to L.E.M.S.S.
For more information on setting up a caching proxy please review the following resources:
Best Practices Fast Path: KB article 523
Distribution Point (PDP) Does not Cache Large Deployment: KB article 231
11
Practical Steps:
Once test groups have been identified, create custom groups for
those test groups.
12
13
6. Staff Training
Train applicable staff on vulnerability monitoring and remediation techniques. At a minimum, administrators
responsible for deploying Patch updates need to be trained in the Patch and Remediation application. As a
best practice, there should be an internal resource for all employees to learn more about why it is important
to keep machines in the organization fully patched.
Practical Steps:
Use Lumension Learning resources to help build your internal staff training.
Continued
14
7. Schedule Resources
Allocate IT resources for Patch Tuesday while also integrating additional patch release schedules from thirdparty software, such as Adobe, Apple (ad hoc), Java and so forth. In addition, review the patching needs of
any internally-developed applications and/or custom patches and consider deploying these patches as part
of the monthly patch cycle.
Practical Steps:
In addition to reviewing vendor sites, we recommend setting up email notifications within L.E.M.S.S. to
receive an email when new vulnerabilities have been replicated to L.E.M.S.S.
15
Practical Steps:
To confirm recent deployments and ongoing scanning in LRS:
Run the operational report Deployment Detail
Select the group(s) that you are monitoring
Review success/failure results (Patched and Complete %)
To confirm communication with GSS in L.E.M.S.S.:
16
Practical Steps:
To verify if your software is fully
updated:
17
18
On Patch Tuesday
This section outlines the steps to prioritize the Security Patches released by Microsoft and other application
vendors and to deploy those patches out to the machines managed in your environment.
19
Practical Steps:
To review the released Patch Tuesday patches and their applicability in your endpoint
environment, we recommend you use LRS and run the report Patch Release by Vendor
The report provides a high-level overview of the applicability of the released bulletins to your
managed endpoints and groups. It reflects the severity of and expected workload for that months
Patch Tuesday release and the organizations patch status.
When choosing your parameters, we recommend selecting all the criticalities and the first day of the
month. The report will then display the number of vulnerability patches and content released by each
vendor in the top section and the vulnerability patches and content applicable to your environment in
the Applicable section directly below.
20
Practical Steps:
D eploy applicable bulletins to test groups configured in step 5 (Identify Test Groups) above.
Ensure successful deployment before rollout to additional groups in the environment.
Pay special attention to impact to custom-developed, internal applications, especially when deploying
Java updates.
21
Practical Steps:
In L.E.M.S.S., go to the Review >
Vulnerabilities > New Vulnerabilities page,
select content applicable to your environment
and cache the packages associated with
those binaries by selecting the bulletins and
clicking on the Update Cache button.
22
23
Practical Steps:
To confirm recent deployments in LRS:
Run the operational report Deployment Detail
Select the group(s) that you are monitoring
Review success/failure results (Patched and Complete %)
24
Practical Steps:
To strategize and organize patch deployments to the appropriate endpoints and endpoint groups, use
LRS as follows:
Set the Auto Refresh parameter to monitor the progress of deployments on endpoints in near-real-time.
25
Practical Steps:
Upon successful deployment of bulletin content, add bulletins to
mandatory baseline policies.
26
Practical Steps:
To review the patch progress and effectiveness of deploying Patch Tuesday remediations and to
understand the security posture and vulnerability compliance of the enterprise for Patch Tuesday
patches released by Microsoft for the selected patch cycle, use LRS as follows:
27
Practical Steps:
Go the Manage > Groups page
Identify any endpoints that are offline and/or have not been remediated.
Troubleshoot the endpoints to determine why endpoints were not updated and modify deployments
accordingly
28
Lumension, Lumension Patch and Remediation, Lumension Vulnerability Management, IT Secured. Success Optimized., and the Lumension logo are trademarks or registered trademarks of Lumension Security, Inc. All other
trademarks are the property of their respective owners.
Global Headquarters
8660 East Hartford Drive, Suite 300
Scottsdale, AZ 85255 USA
phone: +1.480.970.1025
fax: +1.480.970.6323
www.lumension.com
Vulnerability Management | Endpoint Protection | Data Protection | Compliance and IT Risk Management
29