Method, apparatus, and program product for autonomic patch deployment based on autonomic patch risk assessment and policies

US 8,261,353 B2
Filed: 06/02/2008
Issued: 09/04/2012
Est. Priority Date: 08/02/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method for automatic patch deployment, the method comprising:

receiving, by a hardware processor, a patch to be installed for a software component on an endpoint device;

receiving, by the hardware processor, a risk assessment for the patch identifying a level of risk for installing the patch on the endpoint device, wherein the risk level is a probability that installing the patch into the application will result in a hang of the endpoint device or require a reboot of the endpoint device, and wherein the risk level is based on activity information from a monitor of the endpoint device, wherein the activity information is a percentage of resources of the endpoint device being used;

identifying a policy that is applicable to the patch from a policy storage, wherein the policy is applicable to the patch based on a service level agreement for the software component and a geographical location of where the patch is to be applied;

retrieving, by the hardware processor, a policy; and

deploying, by the hardware processor, the patch according to the level of risk and the policy.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automatic patch deployment system is provided that deploys a patch according to an assessed risk and a policy. The policy may specify actions to be taken to deploy the patch for different categories of risk. The automatic patch deployment system receives a patch notification, an assessment of the risk, and the policy and deploys the patch accordingly. For example, installation of a patch may be indefinitely delayed for high risk patches, rescheduled for medium risk patches, or installed immediately for low risk patches.

38 Citations

View as Search Results

20 Claims

1. A computer implemented method for automatic patch deployment, the method comprising:
- receiving, by a hardware processor, a patch to be installed for a software component on an endpoint device;
  
  receiving, by the hardware processor, a risk assessment for the patch identifying a level of risk for installing the patch on the endpoint device, wherein the risk level is a probability that installing the patch into the application will result in a hang of the endpoint device or require a reboot of the endpoint device, and wherein the risk level is based on activity information from a monitor of the endpoint device, wherein the activity information is a percentage of resources of the endpoint device being used;
  
  identifying a policy that is applicable to the patch from a policy storage, wherein the policy is applicable to the patch based on a service level agreement for the software component and a geographical location of where the patch is to be applied;
  
  retrieving, by the hardware processor, a policy; and
  
  deploying, by the hardware processor, the patch according to the level of risk and the policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the level of risk is one of high, medium, or low.
  - 3. The method of claim 2, wherein deploying the patch includes delaying installation of the patch and notifying an administrator if the level of risk is high.
  - 4. The method of claim 2, wherein deploying the patch includes installing the patch when the software component is idle if the level of risk is medium.
  - 5. The method of claim 2, wherein deploying the patch includes installing the patch immediately if the level of risk is low.
  - 6. The method of claim 1, wherein the policy is retrieved from a policy file.
  - 7. The method of claim 6, wherein the policy file is an extensible markup language file.

8. An automatic patch deployment system comprising:
- a managing server comprising a hardware processor executing computer usable program code, wherein the managing server receives a patch to be installed for a software component on an endpoint device and receives a risk assessment for the patch identifying a level of risk for installing the patch on the endpoint device, wherein the risk level is a probability that installing the patch into the application will result in a hang of the endpoint device or require a reboot of the endpoint device, and wherein the risk level is based on activity information from a monitor of the endpoint device, wherein the activity information is a percentage of resources of the endpoint device being used;
  
  a policy engine that identifies one or more policies for the patch, wherein the policy is identified based on a service level agreement for the software component and a geographical location of where the patch is to be applied and sends the one or more policies to the managing server,wherein the managing server deploys the patch at the endpoint device according to the level of risk and the one or more policies.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The automatic patch deployment system of claim 8, wherein the level of risk is one of high, medium, or low.
  - 10. The automatic patch deployment system of claim 9, wherein deploying the patch includes delaying installation of the patch and notifying an administrator if the level of risk is high.
  - 11. The automatic patch deployment system of claim 9, wherein deploying the patch includes installing the patch when the software component is idle if the level of risk is medium.
  - 12. The automatic patch deployment system of claim 9, wherein deploying the patch includes installing the patch immediately if the level of risk is low.
  - 13. The automatic patch deployment system of claim 8, wherein the policy is retrieved from a policy storage.

14. A computer program product comprising:
- a non-transitory computer usable medium having computer usable program code for automatic patch deployment, the computer program product including;
  
  computer usable program code for receiving a patch to be installed for a software component on an endpoint device;
  
  computer usable program code for receiving a risk assessment for the patch identifying a level of risk for installing the patch on the endpoint device, wherein the risk level is a probability that installing the patch into the application will result in a hang of the endpoint device or require a reboot of the endpoint device, and wherein the risk level is based on activity information from a monitor of the endpoint device, wherein the activity information is a percentage of resources of the endpoint device being used;
  
  computer usable program code for identifying a policy that is applicable to the patch from a policy storage, wherein the policy is applicable to the patch based on a service level agreement for the software component and a geographical location of where the patch is to be appliedcomputer usable program code for retrieving a policy; and
  
  computer usable program code for deploying the patch according to the level of risk and the policy.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer program product of claim 14, wherein the level of risk is one of high, medium, or low.
  - 16. The computer program product of claim 15, wherein the computer usable program code for deploying the patch includes computer usable program code for delaying installation of the patch and notifying an administrator if the level of risk is high.
  - 17. The computer program product of claim 15, wherein the computer usable program code for deploying the patch includes computer usable program code for installing the patch when the software component is idle if the level of risk is medium.
  - 18. The computer program product of claim 15, wherein the computer usable program code for deploying the patch includes computer usable program code for installing the patch immediately if the level of risk is low.
  - 19. The computer program product of claim 14, wherein the policy is retrieved from a policy file.
  - 20. The computer program product of claim 19, wherein the policy file is an extensible markup language file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hirsave, Praveen Prasanna Kumar, Ramachandran, Puthukode G., Troche, Edmund, Tsai, Minto
Primary Examiner(s)
SHAN, APRIL YING

Application Number

US12/131,562
Publication Number

US 20080263534A1
Time in Patent Office

1,555 Days
Field of Search

717/172, 717/173, 717/177, 717/178, 726/25, 713/152
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 43/0817 by checking functioning

Method, apparatus, and program product for autonomic patch deployment based on autonomic patch risk assessment and policies

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method, apparatus, and program product for autonomic patch deployment based on autonomic patch risk assessment and policies

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links