Table of Contents
Executive Summary .................................................................................................................vi
1. Introduction ...................................................................................................................... 1
1.1 Document Purpose and Scope .................................................................................. 1
1.2 Audience ................................................................................................................... 1
1.3 Document Structure .................................................................................................. 1
2. The Importance of Patch Management ........................................................................... 2
3. The Challenges of Patch Management ........................................................................... 3
3.1 Timing, Prioritization, and Testing.............................................................................. 3
3.2 Patch Management Configuration ............................................................................. 4
3.3 Alternative Host Architectures ................................................................................... 5
3.4 Other Challenges ...................................................................................................... 6
3.4.1 Software Inventory Management ................................................................... 6
3.4.2 Resource Overload ....................................................................................... 6
3.4.3 Installation Side Effects ................................................................................. 6
3.4.4 Patch Implementation Verification ................................................................. 6
3.4.5 Application Whitelisting ................................................................................. 7
4. Enterprise Patch Management Technologies................................................................. 8
4.1 Components and Architecture ................................................................................... 8
4.1.1 Agent-Based ................................................................................................. 8
4.1.2 Agentless Scanning ...................................................................................... 8
4.1.3 Passive Network Monitoring .......................................................................... 9
4.1.4 Comparison of Techniques ........................................................................... 9
4.2 Security Capabilities .................................................................................................. 9
4.2.1 Inventory Management Capabilities .............................................................10
4.2.2 Patch Management Capabilities ...................................................................10
4.2.3 Other Capabilities .........................................................................................10
4.3 Management Capabilities ........................................................................................ 10
4.3.1 Technology Security .....................................................................................10
4.3.2 Phased Deployment .....................................................................................11
4.
3.3 Usability and Availability ...............................................................................11
5. Metrics .............................................................................................................................12
List of Appendices
Appendix A— Security Content Automation Protocol (SCAP) Tutorial ..............................14
Appendix B— Summary of Recommendations ....................................................................16
Appendix C— Acronyms and Abbreviations ........................................................................18