HP Insight Vulnerability and Patch Manager Software User Manual

Introduction 8

the need to recreate these tasks in multiple tools for vulnerability assessment and patch

management.

•

Comprehensive vulnerability assessment—Coverage of vulnerabilities reported in all leading

vulnerability databases ensures comprehensive assessment. Powered by PatchLink Security

Threat Avoidance Technology (STAT®) Scanner (the only Common Criteria Certified scanner),

the vulnerability assessment identifies vulnerabilities reported in the Common Vulnerabilities and

Exposures (CVE) list, the Federal Computer Incident Response Center (FedCIRC) vulnerability

catalog, the SANS Top 20 Internet Security Vulnerabilities list, the Computer Emergency

Response Team (CERT) advisories list, and the U.S. Department of Energy Computer Incident

Advisories Center (CIAC) bulletins.

•

Automated acquisition, scheduled deployment, and continous enforcement of patches:

○

Automatically collects new vulnerability updates and patches directly from vendor sources,

such as a vendor’s Web-based patch repository. Updates can be acquired outside the

firewall and imported into the patch repository in infrastructures where firewall policies

prevent HTTP and FTP downloads

○

Schedulable deployment, schedulable reboots after deployment, and checkpoint-restarts

ensure that patches are deployed with minimal impact on network resources and enable

patches to be managed from a central point.

○

Unique desired-state management automatically and continuously ensures that patches

remain applied in their proper state. If patches are corrupted in any way, they are

automatically reinstalled to bring the system to the desired level of patches.

The Vulnerability and Patch Management Pack

process

The following figure details the process for using Vulnerability and Patch Management Pack.