Syntax, Inc.

Patch Management

In every vulnerability assessment Syntax, Inc. conducts, we routinely find that neither servers, nor workstations are patched regularly. The number one reason for not patching servers is concerns about destabilizing the production environment. Workstations, on the other hand, go unpatched due to the shear number and location of these devices. It is our opinion that the risk of widespread compromise due to delinquent patching is substantially higher than the potential loss of productivity due to patch side effects. We believe critical updates must be installed as soon as they become available.

How can this be accomplished? By designing and implementing an intelligent and pseudo automated patch management system. This requires an understanding of server resources, workflow and critical paths. In order to be effective, the patching system must provide granular options based on the nature of the device and its role. For instance, servers have to be sub-divided based on role (terminal servers, messaging, print and file), with unique patching rules appropriate to each server role.

Syntax, Inc. leverages our cumulative field experience working with complex server environments, along with our knowledge of granular policy to design and implement a solid patch management system.