Automated patch management to help reduce patch cycle times from days and weeks to hours or minutes. IBM BigFix Patch provides an automated, simplified patching process that is administered from a single console. It provides real-time visibility and enforcement to deploy and manage patches to all endpoints – on and off the corporate network.

Clients have reported seeing more than 98 percent first-pass patch success rates. The solution not only increases the effectiveness of the patch process, but it cuts operational costs and reduces patch cycle times.

IBM BigFix Patch:

  • Provides automated patch management to hundreds of thousands of endpoints for multiple operating systems and applications – regardless of location, connection type or status
  • Applies only the correct patches required by the endpoint
  • Gives you greater visibility into patch compliance with flexible, real-time monitoring and reporting
  • Provides real-time visibility and control from a single management console
  • Proactively reduces security risk by streamlining remediation cycles from weeks to hours

Provides automated patch management to hundreds of thousands of endpoints

  • Patches 90+ OS types and versions including Microsoft Windows, UNIX, Linux and Mac operating systems
  • Delivers patches to endpoints for third-party applications from vendors including Adobe, Mozilla, Apple and Java, along with customer-supplied patches
  • Supports a variety of endpoints. These include servers, notebooks, desktops and specialized equipment such as point-of-sale (POS) devices, ATMs and self-service kiosks
  • Supports patching of online and offline virtual machines, including roaming devices using Internet connections so that virtual and cloud environments have the same level of security as physical systems
  • Can support up to 250,000 endpoints from a single management server

Applies only the correct patches

  • Creates patch policies using IBM Fixlet® messages, which wrap the update with policy information such as patch dependencies, applicable systems and severity level
  • Uses an intelligent agent on every endpoint to enforce and assess patch compliance. It recognizes which patches are required for that machine, then automatically retrieves and applies the needed updates
  • Deploys patches more efficiently, even over low-bandwidth or globally distributed networks

Gives you greater visibility into patch compliance

  • Automatically assesses the endpoint status once a patch is deployed
  • Confirms successful installation and updates the management server. This step supports compliance requirements, which require definitive proof of patch installation
  • Helps to establish, document and prove compliance with patch management processes. Supports compliance with government regulations, service level agreements (SLAs) and corporate policies
  • Provides proof of continuous compliance, which can help you pass audits and comply with regulations
  • Can enforce policies and help you quickly report on compliance to improve your organization’s audit readiness

Provides real-time visibility and control

  • Provides integrated web reporting. This allows users, administrators, executives, management and others to view dashboards and receive reports showing patch management progress in real time
  • Indicates which patches were deployed, when they were deployed, who deployed them and to which endpoints
  • Uses the intelligent agents to continuously monitor endpoint states, including patch levels, and reports them to a management server
  • Compares endpoint compliance against defined policies, such as mandatory patch levels

Proactively reduces security risk

  • Allows you to create reports showing which endpoints need updates, and then distribute those updates within minutes
  • Allows IT administrators to safely and rapidly patch Windows, Linux, UNIX and Mac operating systems with no domain-specific knowledge or expertise
  • Automatically remediates problems related to previously applied patches