Method and system for patch management
First Claim
Patent Images
1. A method for updating and maintaining current operating information on a processor-based target device, the method comprising the steps of:
- discovering current operating information associated with the target device;
comparing the current operating information associated with the target device with updated operating information retrievable from a database;
identifying at least one patch applicable to the discovered current operating information associated with the target device;
determining if the at least one identified patch has been applied on the target device and, if necessary, applying the at least one identified patch on the target device; and
entering an updated patch status of the target device in the database.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for patch management. The method and system automatically determines a set of patches applicable to a target device and initiates transfer, if necessary, to the target device and records which patches if any, have been transferred to the target device. The method and system also automatically distributes patches to a target device based on policy, state and management data. The method and system allow patches to be automatically acquired and managed for patch gap, patch vulnerability and patch security compliance.
-
Citations
40 Claims
-
1. A method for updating and maintaining current operating information on a processor-based target device, the method comprising the steps of:
-
discovering current operating information associated with the target device;
comparing the current operating information associated with the target device with updated operating information retrievable from a database;
identifying at least one patch applicable to the discovered current operating information associated with the target device;
determining if the at least one identified patch has been applied on the target device and, if necessary, applying the at least one identified patch on the target device; and
entering an updated patch status of the target device in the database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for updating and maintaining current operating information on a processor-based target device, the method comprising the steps of:
-
discovering current operating information associated with the target device;
transferring the current operating information associated with the target device to a second device;
comparing the current operating information associated with the target device with updated operating information retrievable from a database by the second device;
identifying at least one patch applicable to the current operating information associated with the target device;
forwarding the at least one identified patch from the second device to the target device;
determining if the at least one identified patch has been applied on the target device and, if necessary, applying the at least one identified patch on the target device;
generating an updated patch status on the target device;
sending the updated patch status to the second device; and
using the second device to enter the updated patch status of the target device in the database. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system for updating and maintaining current operating information on a processor-based target device, the system comprised of:
-
means for discovering current operating information associated with the target device;
means for transferring the current operating information associated with the target device to a second device;
means for comparing the current operating information associated with the target device with updated operating information retrievable from a database by the second device;
means for identifying at least one patch applicable to the current operating information associated with the target device;
means for forwarding the at least one patch from the second device to the target device;
means for determining if the at least one patch has been applied on the target device and, if necessary, applying the at least one patch on the target device;
means for generating an updated patch status on the target device;
means for sending the updated patch status to the second device; and
means for using the second device to enter the updated patch status of the target device in the database.
-
-
18. A system for updating and maintaining current operating information on a processor-based target device, the system comprised of:
-
at least one target device configured to receive a patch; and
a second device configured to perform a database look-up to identify at least one patch applicable to the at least one target device, the second device capable of sending to the at least one target device a list of the at least one patch applicable to the at least one target device and receiving from the at least one target device an updated message regarding the patch status of the at least one target device. - View Dependent Claims (19, 20, 21)
-
-
22. The system of clam 21, wherein the administrator can query the database when the target device is not in communication with the second device.
-
23. A method for updating and maintaining current operating information on a processor-based target device, the method comprised of:
-
discovering current operating information associated with a target device;
comparing the current operating information against a desired state of information, for the target device to determine, based on policy data associated with the target device, whether at least one patch needs to be applied to the target device;
transferring the desired state of information to the target device;
having a target agent compare the desired state of information to the current operating information in order to identify if at least one patch should be applied to the target device;
sending a patch list from the target agent to a second device requesting at least one patch that should be applied to the target device;
forwarding the at least one patch from the second device to the target device; and
applying the at least one patch to the target device. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
-
30. A data processing system for updating and maintaining current operating information on a processor-based target device, the data processing system comprised of a component for:
-
discovering current operating information associated with the target device;
comparing the current operating information associated with the target device with updated operating information retrievable from a database;
identifying at least one patch applicable to the current operating information associated with the target device;
determining if the at least one patch has been applied on the target device and, if necessary, applying the at least one patch of the target device; and
entering an updated patch status of the target device in the database. - View Dependent Claims (31, 32)
-
-
33. A computer readable medium having computer executable instructions for performing a method comprising:
-
discovering current operating information associated with the target device;
comparing the current operating information associated with the target device with updated operating information retrievable from a database;
identifying at least one patch applicable to the current operating information associated with the target device;
determining if the at least one patch has been applied on the target device and, if necessary, applying the at least one patch on the target device; and
entering an updated patch status of the target device in the database. - View Dependent Claims (34)
-
-
35. A method for managing patches for software., comprising:
-
automatically acquiring a plurality of patches from a plurality of vendors for a plurality of software products;
automatically discovering current operating information associated with a plurality of target devices;
automatically completing a vulnerability assessment for the acquired plurality of patches using the discovered current operating information associated with the plurality of target devices;
automatically completing an impact analysis for applying the acquired plurality of patches to the discovered current operating information for the plurality of target devices;
automatically deploying the plurality of patches to the plurality of target devices based on policy-based information, wherein the policy-based information includes in-part, information from the vulnerability assessment and the impact analysis; and
automatically installing the deployed plurality of patches on the plurality of target devices. - View Dependent Claims (36, 37, 38, 39, 40)
-
Specification