Implementing and Managing Patch and Configuration ManagementBy Mike Rothman
If you recall back to the Endpoint Security Management Buyer’s Guide, we identified 4 specific controls typically used to manage the security of endpoints, and broke them up into periodic and ongoing controls. That paper helped you identify what was important and guided you through the buying process. At the end of that process you face a key question – what now? It’s time to implement and manage your new toys, so this paper will provide a series of processes and practices for successfully implementing and managing patch and configuration management tools.
In this paper, we break the implementation process into four major steps:
Prepare: Determine which model you will use, define priorities among users and devices, and build consensus on the processes to be used. You will also need to ensure all parties involved understand their roles and will accept responsibility for results – including not only security scanning and monitoring functions, but also the operations folks in charge of remediating any issues.
Integrate and Deploy Technology: Next you will determine your deployment architecture and integrate with your existing infrastructure. We cover most integration options – even if you only plan on a limited deployment (and no, you don’t have to do everything at once). This involves not just setting up the endpoint security management platform, but also deploying any required agents to manage devices.
Configure and Deploy Policies: Once the pieces are integrated you can configure initial settings and start policy deployment. Patch and configuration management policies are fundamentally different, so we will address them separately.
Ongoing Management: At this point you should be up and running. Managing is all about handling incidents, deploying new policies, tuning and removing old ones, and system maintenance.
In this paper we went into each step in depth, focusing on what you need to know to get the job done. Implementing and managing patch and configuration management doesn’t need to be intimidating, so we focus on what you need to know to make progress with quick value, within a sustainable process.
We thank Lumension Security for licensing this research, and enabling us to distribute it at no cost to readers.
Direct Download (PDF): Implementing and Managing Patch and Configuration Management