Continuously monitor the release of patches by various vendors / OEMs, advisories issued by CERT-in and other similar agencies and expeditiously apply the security patches as per the patch management policy of the bank. If a patch/series of patches is/are released by the OEM/manufacturer/vendor for protection against wellknown/well publicised/reported attacks exploiting the vulnerability patched, the banks must have a mechanism to apply them expeditiously following an emergency patch management process.

All the patch information are collected from vendor sites and is fed into the patch database after a thorough analysis and this patch database is then synchronized with the Patch Manager Plus server.

By using automated patch management feature, A to Z of patch management process is automated- from synchronizing the vulnerability database, scanning all machines in the network to detect missing patches, deploying the missing patches and also providing periodic updates on patch deployment status. Using this feature, zero day vulnerabilities can also be patched. Automatically test and approve patches in a test bed before rolling them out to business critical environments.

Follow a documented risk-based strategy for inventorying IT components that need to be patched, identification of patches and applying patches so as to minimize the number of vulnerable systems and the time window of vulnerability/exposure.

Patch Manager Plus helps in deploying patches across every major device operating systems-Windows, Mac, Linux and over 500 third party applications. The patching solution also includes driver updates for various components.

Periodic scanning the IT assets in the network to identify vulnerable systems and applications.

Put in place systems and processes to identify, track, manage and monitor the status of patches to operating system and application software running at end-user devices directly connected to the internet and in respect of Server operating Systems/Databases/Applications/Middleware, etc.

Patch Manager Plus' Automate Patch Deployment (APD) feature provides system administrators the power to deploy missing patches automatically.

Dedicated deployment policies can be configured for all types of devices with the ability to turn on devices for applying patches during non-productive hours, to prevent reboot during business hours or for mission critical devices like servers and to shut down after patching/update.

Some illustrative metrics include coverage of anti-malware software and their usage percentage, patch latency, extent of user awareness training, vulnerability related metrics, etc.

Patch Manager Plus provides comprehensive, interactive insights and infographics which can be used to comb through vast amount of device data to identify devices missing patches that address vulnerabilities. Additionally, there are reports that help delve into critical updates, install statuses, failed updates, and more.