
			Download \| Contact \| Privacy Policy

			1-800-782-3762


• Home

Patch Management



	- Features and Benefits

	- System Requirements

	- Data Sheet (.pdf)

	- Importance of Patching

	- Supported OS Patches

	- Supported Application Patches

	- Supported Mozilla Firefox Patches

	- Proprietary Patch Database

	- Advantages of UpdateEXPERT Premium

	- Advantages of UpdateEXPERT Premium Over Windows WSUS

	- Wake on LAN

	- Multi-User Rights & Roles

	- Working with Multiple Policies

	- Event Email Notification

	- Dependency Viewer

	- Reporting

	- Maintaining Secure Systems

	- Installing UpdateEXPERT

	- What are Leaf Agents?

	- Deploying Optional Leaf Agents

	- Working without Leaf Agents

	- Examples of Supported Leaf Agents

	- Managing Machines in a Disconnected Network

	- Application Patch Deployment

	- System Vulnerability

	- Microsoft Updates

	- Microsoft Patches

	- Custom Patch Deployment

	- Linux and Firefox Patching

	- Premium vs. Standard



Settings Management

• Flash Demo

• Contact Us

Software Patch Management Security

Advantages of UpdateEXPERT Premium Over Windows WSUS

Although Microsoft's Windows Server Update Services (WSUS) is a free utility designed to support Microsoft patch deployment, it has disadvantages that should make you think twice about relying on it to meet your software patch management security requirements. Many of the problems you can encounter with WSUS are associated with its reliance solely on RPC protocols:

The Windows RPC-based protocols have the following drawbacks.

Security - While RPC performs authentication checks, it does not encrypt the data transferred or protect it from outside tampering. Therefore, a malicious user connected to your network could see everything you can and alter your instructions to compromise the system.
Integrity - Networks frequently have transmission errors, but these errors are often corrected transparently by the protocols involved. This error correction comes at the expense of extra information sent across the LAN. While RPC has the capability of doing this type of correction, it is currently not used for system services.
Scalability - When information about a machine is desired, that machine must be contacted, resulting in a flurry of network traffic due to the overhead of authentication.
Flexibility - The ports used for system RPC communication cannot be changed. Supporting sophisticated network configurations in a secure manner can be difficult.

St. Bernard Software

To address these issues and others, we created UpdateEXPERT Premium software patch management security solution using the following architecture:

Console - This component is the GUI front-end for UpdateEXPERT Premium software patch management security. It is used to perform management functions and display network information via the Master Agent.
Master Agent - Located on a designated machine, this component provides a central data repository for all Consoles as well as performing network administration tasks. It can manage all selected machines via Windows RPC calls and the optional client software (Leaf Agent).
Leaf Agents (optional) - Located on managed machines, this optional client software performs all machine management tasks locally on a machine once installed and takes the place of the RPC method. By performing the tasks locally, it eliminates the need for any of the aforementioned ports and services.
Installer Service - Performs all patch installations. Our new Installer Service substitutes the Microsoft Scheduler service for enhanced reliability.
Multiple Master Agents - Connect to multiple master agents at the same time, and the tasks involving machines across master agents are correctly distributed to the master agents, and collected at the console.
SecurityEXPERT - Enables you to create security policies through the use of templates. Verifies security settings on all managed machines are in compliance with company policy.

These components communicate using a custom protocol for encryption and authentication, which is built from publicly reviewed cryptographic algorithms and NT Authentication. A single TCP/IP connection is established over user-configurable ports and used for all communication between agents and the consoles. Communications to the Installer Service use local or remote Named Pipes as appropriate and use a secure protocol.

The agent architecture allows UpdateEXPERT Premium software patch management security to manage machines without the use of the RPC-based protocols (identified above), allowing it to work on networks where those protocols are disabled because of security concerns.

The agent architecture allows the network traffic to be minimized. Information about a machine is cached at the Master Agent. Leaf Agents detect when that information needs to be changed, and they update the Master Agent. Displaying this information on the UpdateEXPERT Premium Console does not require it to be transmitted directly from the machine being managed.

In UpdateEXPERT Premium software patch management security, we added the ability to support multiple Master Agents from a single Console.

If you're ready to get current pricing for UpdateEXPERT Premium Patch Management, you can get a quick quote now. If you're not quite ready to become an UpdateEXPERT customer, we offer a free trial of UpdateEXPERT.

Software Patch Management Security Home







	Software Patch Management Security Home \| Patch Management \| Company \| Contact \| More Info \| Download Copyright® 2001-2006 St. Bernard Software. All rights reserved. UpdateEXPERT is a software patch management security solution for deployment and managing of feature / service pack updates and to install patches.