Patch management

Use patch management functionality to:

• Install OS-level and application level updates
• Approve patches manually or automatically
• Install patches on-demand and according to a schedule
• Precisely define which patches to apply by different criteria: severity, category, and approval status
• Perform pre-update backup in order to prevent possible unsuccessful updates
• Define the reboot option to be applied after patch installation

Cyber Protect introduces peer-to-peer technology to minimize network bandwidth traffic. You can choose one or more dedicated agents that will download updates from the Internet and distribute them among other agents in the network. All agents will also share updates with each other as peer-to-peer agents.

How it works

You can configure either automatic or manual patch approval. In the scheme below, you can see both automatic and manual patch approval workflows.

1. First, you need to perform at least one vulnerability assessment scan by using the protection plan with the Vulnerability assessment module enabled. After the scan is performed, the lists of found vulnerabilities and available patches are composed by the system.
2. Then, you can configure the automatic patch approval or use manual patch approval approach.

3. Define how to install patches – according to a schedule or on-demand. On-demand patch installation can be done in three ways according to your preferences:

   • Go to the list of patches (Software management > Patches) and install the necessary patches.
   • Go to the list of vulnerabilities (Software management > Vulnerabilities) and start the remediation process which includes patch installation as well.
   • Go to the list of devices (Devices > All devices), select the particular machines that you want to update, and install patches on them.

You can monitor the results of the patch installation in Dashboard > Overview > Patch installation history widget.