BMC couples Patch Manager with eEye's vulnerability assessment tool

BMC Software is a company I’ve mentioned in this newsletter before. It has also appeared in the Identity Management newsletter – even in the old NetWare newsletter we published until late last year. But almost always BMC was listed among a group of companies involved in some niche, or standard or particular area that was the topic of that newsletter. Rarely did I talk about the company’s products, and that’s a shame.

Anyone running a Windows-based network, after all, needs to have a robust patch management system in place, such as the BMC Patch Manager (formerly Marimba Patch Management). It’s been a workhorse for a while, since it enables you to manage and deploy security and functional patches on desktops, laptops, PDAs, and servers. By automating the most critical patch management functions (patch collection, preparation, testing, staging, deployment, auditing), it can help you save time, improve response times, and reduce attack-related risks.

BMC Patch Manager is just one product within the BMC Closed-Loop Change and Configuration Management product suite that automate change request, authorization, implementation, and verification of any change requests according to user roles and corporate policies. And the company has just gone out and improved it.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

BMC Software is a company I’ve mentioned in this newsletter before. It has also appeared in the Identity Management newsletter – even in the old NetWare newsletter we published until late last year. But almost always BMC was listed among a group of companies involved in some niche, or standard or particular area that was the topic of that newsletter. Rarely did I talk about the company’s products, and that’s a shame.

Anyone running a Windows-based network, after all, needs to have a robust patch management system in place, such as the BMC Patch Manager (formerly Marimba Patch Management). It’s been a workhorse for a while, since it enables you to manage and deploy security and functional patches on desktops, laptops, PDAs, and servers. By automating the most critical patch management functions (patch collection, preparation, testing, staging, deployment, auditing), it can help you save time, improve response times, and reduce attack-related risks.

BMC Patch Manager is just one product within the BMC Closed-Loop Change and Configuration Management product suite that automate change request, authorization, implementation, and verification of any change requests according to user roles and corporate policies. And the company has just gone out and improved it.

BMC is now partnering with eEye Digital Security, a developer of endpoint security and vulnerability assessment software, to enable customers to identify, store, isolate, secure, and patch vulnerabilities in their IT infrastructure. According to Matthew Selheimer, BMC director of strategic marketing, to whom I spoke last week, eEye’s vulnerability assessment, when coupled with BMC’s patch management brings you a complete vulnerability management package. And vulnerability management is something we all should have, especially if it’s fairly well automated – and running 24/7.

According to Selheimer:

* Misconfigured systems are not detected by the patch management tool.
* Rogue machines enter the network and attack vulnerabilities in the network.
* Unpatched machines introduce vulnerability window for zero-day attacks.

But coupling the eEye tool with BMC’s patch manager yields a number of benefits:

* eEye’s vulnerability assessment tool will identify vulnerabilities, assess risks, and quarantine the offending systems.
* Incidents and RFCs [Requests for Comment] will be created to meet ITIL [IT Infrastructure Library], COBIT [Control Objectives for Information and related Technology] and other requirements.
* BMC Patch Manager will remediate unpatched machines.
* Patch Management + Vulnerability Assessment = Vulnerability Management.

It might not be a “marriage made in heaven,” but coupling the two could lead to you spending more time with your spouse, and less time monitoring threats and vulnerabilities.

Read more about software in Network World's Software section.