Virtual Patching for Endpoint Security
Centralize patching for a faster endpoint update process
In today’s IT security environment, zero-day vulnerabilities require a fast response. SolarWinds® Patch Manager offers a flexible, scalable platform that allows you to deploy pre-tested patches typically in minutes across tens of thousands of systems, including virtual environments. Use the dashboard to view the latest available patches, top ten missing patches, and the general health of your environment. Patch Manager also allows you to easily address the cybersecurity risk of having many virtual machines (VMs) deployed across your network. You can automatically download and deliver updates for popular third-party software, including VMware. Patch Manager lets you inventory your VMs and simplifies the process for patch research, scheduling, reporting, and more.
Automatically patch even powered-off machines
With Patch Manager, you can help ensure that dormant virtual endpoints don’t pose a threat once they are powered back on. Admins can use the centralized Patch Manager interface to keep VMs up to date with the rest of their machines without initializing a remote desktop session. Simply use a WSUS folder or group to manage all VMs while controlling access. With the Wake-on-LAN feature, Patch Manager can update all managed VMs at once, even those that are powered off. You can use the platform to verify that the patching was successful, then reboot or power off the machine.
Quickly address urgent security vulnerabilities
Virtual patching involves addressing security holes now and fixing code later. With Patch Manager, you can take advantage of pre-tested patches to implement deep security virtual patching more quickly. View device status and vulnerabilities through the platform and address risks typically in minutes instead of weeks. Patch Manager also provides built-in reports that give you in-depth insights into your patch status and compliance. VM sprawl becomes a security issue when virtual updates fall by the wayside, but Patch Manager helps ensure that VMs are protected, shielding your entire network. By addressing managed VMs from a consolidated viewpoint, you can head off risks more quickly. Use the step-by-step guide to patch all virtual machines, and even force a refresh of group policies across environments.
Schedule patching according to your timeframe
Patch Manager gives you complete control of the patching process across both virtual and physical machines. Be proactive about patching to meet maintenance timeframe requirements, and address zero-day vulnerabilities as soon as possible. You can mass update physical and virtual machines, run on-demand updates, or set scheduled updates in advance. Patch Manager integrates with WSUS and Microsoft Update Agent, so you can automatically update patches according to custom schedules. Create custom patching schedules for individual machines or multiple target nodes grouped by operating system, IP range, or custom criteria. You can also group and schedule patches according to date released, critical level, and more.
Build package deployment scenarios
With Patch Manager, it’s easy to identify the virtual endpoints that need to be patched and build appropriate deployment packages. Creating and implementing before-and-after scenarios helps ensure complicated patches like Oracle Java will deploy successfully to both physical and virtual endpoints. You can set specific actions to help ensure success for VM patch installation, including stopping or starting services or running scripts at certain points in the process. Patch Manager makes this possible without requiring you to use complicated scripts or System Center Updates Publisher (SCUP).
Get More on Virtual Patching
What is virtual patching?
Typically, virtual patching refers to implementing temporary security patches in order to prevent attacks on known vulnerabilities. This form of patching allows admins to keep a system running until they can test and implement a more complete solution. Virtual patching can also refer to patching and updating that is performed over virtual machines and endpoints.
How does virtual patching work?
When it comes to addressing urgent security issues, virtual patching solutions work by implementing a security policy enforcement layer that prevents the exploitation of a known vulnerability. A virtual patch for endpoint does not address the vulnerabilities within the underlying code, but functions as a stopgap to prevent imminent attacks.
For patching across virtual machines, the process is similar to patching physical machines. The admin must first back up the system, potentially by taking “snapshots,” a useful feature embedded in the virtual environment. The admin can also easily test patches by cloning a live system in a virtual testing environment. For installing and rebooting, admins can use high-availability virtual configurations to minimize downtime and end-user issues.
What are the benefits of virtual patching?
For OS and application vulnerabilities, the window between discovery and exploitation has begun to narrow. That means admins have less time than ever to address security risks. By leveraging virtual patching solutions, it’s possible to implement an effective temporary solution that prevents attacks on a known vulnerability. It’s hardly ever possible for admins to immediately edit the source code for all affected endpoints, but virtual patching allows them to implement a scalable solution, provide intrusion prevention for critical systems that can’t be taken offline, and reduce the risk of causing conflicts within libraries or support code files.
Virtual machines also present a unique risk to IT environments. Centralized, automated patching for VMs provides a way to manage VM sprawl, catch risks on overlooked VMs, and prevent security issues when dormant VMs come back online.
How does Patch Manager support virtual patching for endpoint solutions?
Patch Manager allows admins to head off the exploitation of known vulnerabilities by reducing the patching process from weeks to typically minutes. Admins can quickly deploy patches to both physical and virtual Windows desktops and servers. The patches are pre-built and pre-tested so that you don’t have to spend time testing them yourself. With ready-to-go patches from vendors like Adobe, Apple, Mozilla, Oracle, and Google, admins can address zero-day vulnerabilities with deep security virtual patching.
What other patching features does Patch Manager have?
Among other endpoint security features, Patch Manager offers integrations with Microsoft WSUS and SCCM, updates on current patch statuses, pre-built and pre-tested packages, and comprehensive compliance reports.
Related Features and Tools
Other SolarWinds Tools to Help Ensure Security:
- SolarWinds Security Event Manager
- SolarWinds Access Right Manager
- SolarWinds Identity Monitor
- SolarWinds Virtualization Manager
Related Features:
What is virtual patching?
Typically, virtual patching refers to implementing temporary security patches in order to prevent attacks on known vulnerabilities. This form of patching allows admins to keep a system running until they can test and implement a more complete solution. Virtual patching can also refer to patching and updating that is performed over virtual machines and endpoints.
Help ensure security across your network with rapid virtual patching
Patch Manager
- Leverage pre-tested patches to close security gaps more quickly.
- View patch status and vulnerabilities on the unified dashboard.
- Schedule patches across physical and virtual machines.
Starts at $2,187
Subscription and Perpetual Licensing options available