top of page

More Patch for Neurons

Patch for Neurons is a huge project - but I'll walk you through most of the key components, and the design rationalizations behind them.

The initial assumption was that the user would need to view their networks' patching states from three perspectives:

  • Software (the patching content)

  • Hardware (the machines being patched)

  • History (the results of those patching attempts). 

Research showed we were almost right - compliance was another aspect.  

< Back
patch_intelligence_-_sync_individual_patch.png

Patch Intelligence

The Patch Intelligence page is the gateway to learning about the patch content available on the market, from vendors and elsewhere.  

It gives the user the tools they need to find the patch content they need to resolve vulnerabilities without causing knock-on problems on the network - always a risk with patching.

It was actually a stand-alone product.  It happened to fit the "software" part of the patching triad - so we incorporated it into Patch for Neurons. 

Endpoint Vulnerability

This shows the user's environment from the hardware perspective - the state of "health" (in patching terms) across the network, and for any given machine in the network. 

 

This view gives the user the tools they need to find any patterns in patch deployment failures among machines on the network. 

epv_page__crawl_.png
deployment_history_1.png

Deployment History

Deployment History is the entry point for viewing the deployment logs.  This is a huge, complex task - rolling out five patches on a network of 10,000 devices will generate a minimum of 50,000 entries in the log, if everything goes perfectly.   

This page gives the users the filtering and dashboarding they need to focus in on problem deployments among the mass of data. 

Compliance Reporting

The three pages above covered the use cases we were aware of. 

But in our usability testing, customer feedback had a common refrain - "we need better reporting".  And when we pressed further, that means "better reporting on how compliant my network is". 

Learn more about . 

Compliance Report.png
Ring Ops _ Patches.png

Patch Settings Configuration

Once the content is selected and the deployment configured, the next step was to automate the process, so the network would keep itself patched.  

Patch Settings Configuration is a complex area allowing users to configure patching for Mac, Linux and WIndows systems, using any combination of:

  • Patch groups (as defined by a change management board)

  • Severity (as defined by content)

  • Risk scores (CVSS, VRR and eventually other scores)

Ring Deployment

Patching, done wrong, can be incredibly disruptive.  Having a robust testing process is vital.  

"Ring Deployment" allows users to test patches they same way any software is tested - starting with a small group of test devices and content, then rolling out to a group of "early adopters" for a fail-safe, and finally pushing the changes to the network at large.
 

This was a major effort, documented here. 

reboot_criticality_-_walk.png
< Back
bottom of page