Security Update Manager (SUM), ECM's patch assessment and verification module, ensures continuous enterprise security for Windows platforms. SUM provides intelligent security patch assessment, remediation and verification and automatically alerts enterprises to security bulletins issued by Microsoft.

Using a comprehensive Configuration Management Database (CMDB), SUM instantly assesses entire networks to detect vulnerabilities and deploy required patches to all the target machines. By leveraging the vast repository of configuration information stored in the ECM database, users can quickly view the current configurations and patch status of the machines on their networks. Then, using remote patch distribution points and network administrative groups, enterprises can update their entire infrastructure using minimal bandwidth to machines--even inside a firewall-protected DMZ.

SUM supports delivery of security updates for over 100 Windows applications including Microsoft BackOffice, SQL Server, Exchange, Internet Explorer, and MDAC, to name a few. Also, SUM provides security remediation for Spanish, French and Danish Windows operating systems.

SUM's automated configuration change management and maintenance ensure that each machine conforms to the rigorous security and configuration settings defined by industry best practices and guidelines.

Patch Deployment is Just a Small Part of the Overall Compliance Process.
Patching alone does not secure an enterprise – proper system configuration is the most effective way to lower risk.

By leveraging the vast repository of configuration information in Configuresoft’s ECM CMDB, organizations can quickly conduct a pre-deployment assessment to ensure machines are configured correctly and minimum requirements are met prior to installing patches. This approach dramatically increases patch success rates in large enterprises and reduces the network bandwidth required to secure machines across the enterprise. Through ECM/SUM detailed assessment, exposure to enterprise vulnerability such as accounts without proper passwords, security services that are disabled or at the wrong version, and improper configuration settings are quickly identified and remediated. Once configured correctly, patches can be deployed natively with ECM/SUM or through third party tools like SMS or WSUS.

Assessment and Verification are Key; It’s Not Just About Pushing a Patch
To ensure first time success in patching Windows-based machines in your organization, SUM leverages assessment helpers developed by Configuresoft’s Center for Policy & Compliance. The Center researches and tests all Microsoft security packages prior to delivery and documents details on the actual files deployed and any configuration changes made to the system. SUM leverages the assessment helpers not only to determine which machines require patching (and avoid pitfalls that may inhibit effective patch deployment) but also to conduct a post deployment audit to ensure full compliance.

SUM Security Updates are generally available within 24 hours of Microsoft release and are automatically installed from the Configuresoft secure customer portal. After release, the SUM assessment helpers continue to provide protection by ensuring servers and workstations remain within full compliance. If a problem on the machine occurs due to the patch, ECM/SUM supports full patch rollback to the previous configuration state, thereby removing the risk associated with enterprise remediation.

Supercharging Your Existing Patching Solution
The keys to a good security remediation tool are coverage, speed and accuracy. Using ECM/SUM, enterprises can supercharge their existing patching solutions, improving performance in all three areas.

Using ECM/SUM together, organizations can quickly discover machines without patch and anti-virus clients installed. Once found, ECM/SUM can automatically install the missing service or application. If the client is found, it can quickly verify the service is at the correct version, that it is running and configured correctly.

ECM/SUM supports One-Click remediation from within compliance dashboards and charts, greatly simplifying the process between reporting and action. SUM assessment helpers provide independent auditing and verification of patch success.

 Related SUM Resources

Keeping the state of your enterprise known and configured correctly over time is not a trivial task. The dynamic nature of enterprises and the constant emergence of new vulnerabilities require the ability to balance IT Security and Operations compliance initiatives. The cost of failing to ensure the proper controls and patches are well known. For instance, it is estimated that the ‘Code Red’ virus cost organizations across the world $2.6 billion to control and remediate.

Why was ‘Code Red’ so successful in decimating over a quarter million servers, particularly when Microsoft pinpointed the potentially devastating effects of the virus and produced a patch for it more than a month before the first infections?

It's simple: IT departments just DO NOT have the tools and resources to immediately ensure every single application server in their enterprise is located, assessed and protected.