Panda Patch Management
Reduce the risk and complexity of managing vulnerabilities in systems and third-party applications
Panda Security is now a part of WatchGuard Technologies, please visit our WatchGuard Technologies website to learn more about this product!
Overview:
It is time to change this trend with Panda Patch Management
Panda Patch Management is a user-friendly solution for managing vulnerabilities in operating systems and third-party applications on Windows workstations and servers. It reduces the attack surface, while at the same time strengthening your organization’s prevention and containment capabilities.
The solution does not require any new endpoint agents or management consoles, as it is fully integrated with all of Panda Security's endpoint solutions.
It also, provides centralized, real-time visibility into the security status of software vulnerabilities, missing patches, updates and unsupported (EOL3) software, inside and outside the corporate network, as well as easy-to-use and real-time tools for the entire patch management cycle: from discovery and planning to installation and monitoring.
Figure 1: Patch Management organization status - main dashboard
Figure 2: Available patches - Patch Management
Vulnerabilities: A Latent Risk
Unpatched operating systems and third-party software provide the perfect breeding ground for attackers and exploits. These threats can take advantage of vulnerabilities for which patches have been available weeks, or even months before the breach.
The massive disclosure of vulnerabilities, such as those exposed by the Shadow Brokers or WikiLeaks, with detailed instructions on how to compromise systems and applications, enables a growing number of cybercriminals to launch attacks.
The digital transformation is making it increasingly difficult to reduce the attack surface, due to the growing number of users, devices, systems and third-party applications that require updates.
At least five common operational issues frustrate vulnerability management (VM) programs:
- Vulnerability discovery is a long process. However, response must be immediate in the event of an incident.
- Companies are decentralized, employees are not continuously connected to the corporate network. On-premise VM tools do not cover these scenarios.
- Most VM tools require another specific agent on endpoints that are already overloaded.
- The Microsoft VM tool does not allow organizations to carry out centralized, unified updates of third-party applications.
- Other security solutions that offer patch management do not correlate detection with vulnerable endpoints to speed up response and mitigation of the attack.
Features:
Panda Patch Management provides all necessary tools to manage the security and updates of the operating system and third-party applications from a single console:
Discovery:
- Single-panel view with real-time information of all vulnerable computers, pending patches and unsupported (EOL3) software, with their remediation status.
- Detailed information about pending patches and updates, details of relevant security bulletins (CVE), as well as computer and computer group information, and more. Available actions:
- Filter and search for patches based on criticality, computer, group, application, patch, CVE and status.
- Ability to take actions directly on computers: restart, install now or schedule.
- Unattended scanning for pending updates, in real time or at periodic intervals (3, 6, 12 or 24 hours).
- Notification of pending patches in exploit detections. Ability to launch installations immediately or schedule them from the console, isolating the computer if required.
Patch and update planning and installation tasks:
- Configurable by criticality.
- On specific endpoints and groups.
- Immediate, scheduled for one-time execution or for repeated execution at regular intervals (date/ time).
- Ability to control computer restarts and set exceptions.
- Rollback to uninstall a patch that may cause an unexpected conflict with an existing configuration.
Endpoint and update status monitoring, via:
- Dashboard and actionable lists.
- High-level and detailed reports.
- Lists of updated computers, computers with pending updates with errors.
Granular management based on groups and roles with different permissions:
- Role-based visibility into vulnerable computers, patches and Service Packs.
Centralized control over updates, patches and software:
- Ability to disable Windows Update and centrally manage operating system updates.
- Ability to exclude specific patches by version and by type.
- Capacity to exclude software (e.g: Java).
Benefits:
Within a single user-friendly solution, Panda Patch Management allows you to:
- Audit, monitor and prioritize operating system and application updates. The single-panel view offers centralized, up-to-the-minute and aggregated visibility into the security status of the organization with regard to vulnerabilities, patches and pending updates of systems and hundreds of applications.
- Prevent incidents, systematically reducing the attack surface created by software vulnerabilities. Handling patches and updates with easy-to-use, real-time management tools that enable organizations to get ahead of vulnerability exploitation attacks.
- Contain and mitigate vulnerability exploitation attacks with immediate updates. The Panda Adaptive Defense 360 console, in conjunction with Patch Management, allows organizations to correlate detected threats and exploits with vulnerabilities. Response time is minimized, containing and remediating attacks by immediately pushing out patches from the web console. Affected computers can be isolated from the rest of the network, preventing the attack from spreading.
- Reduce operating costs.
- Panda Patch Management does not require you to deploy new endpoint agents or update any existing agents, simplifying management and avoiding workstation and server overload.
- Minimizes patching efforts as updates are launched remotely from the cloud-based console. Additionally, installation is optimized to minimize errors.
- Provides complete, unattended visibility into all vulnerabilities, pending updates and EOL3 applications immediately after activation.
- Comply with the accountability principle, integral to many regulations (GDPR, HIPAA and PCI). This forces organizations to take the appropriate technical and organizational measures to ensure proper protection of the sensitive data under their control.
Panda Patch Management augments the preventive, detection and response capabilities of Panda Security's endpoint solutions by enabling a robust implementation of the Adaptive Security Architecture1
1 Gartner: “Designing an Adaptive Security Architecture for Protection from Advanced Attacks”, Neil MacDonald, Peter Firstbrook
System Requirements:
Find the installation requirements for Panda Patch Management for Windows.
Security Solutions
The following solutions allow the installation of Panda Patch Management:
- Panda Endpoint Protection on Aether Platform
- Panda Endpoint Protection Plus on Aether Platform
- Panda Adaptive Defense on Aether Platform
- Panda Adaptive Defense 360 on Aether Platform
Supported Operating Systems
Workstations
- Windows XP SP3 (32 bits)*
- Windows Vista (32 and 64-bit)
- Windows 7 (32 and 64-bit)
- Windows 8 (32 and 64-bit)
- Windows 8.1 (32 and 64-bit)
- Windows 10 (32 and 64-bit)
- Windows 2003 (32, 64-bit and R2) SP2 and higher*
- Windows 2008 (32 and 64-bit) and 2008 R2
- Windows Small Business Server 2011, 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server Core 2008, 2008 R2, 2012 R2 and 2016
Hardware Requirements
- Processor: Pentium 1 Ghz.
- RAM: 1 Gbyte.
- Free space in disk for the installation: 650 Mbytes.
*The Windows XP SP3 and Windows server 2003 SP2 computers require a computer with the cache/repository role installed in the same network segment to be able to report and install the pending patches. A Windows XP SP3 or Windows server 2003 SP2 with the assigned cache/repository role will not be able to download patches either.
Documentation:
Download the Panda Patch Management Datasheet (.PDF)