Manage Linux Patching with Qualys VMDR

Eran Livne

Last updated on: December 20, 2022

As attacks on infrastructure continue to increase, security teams are looking to go beyond detection and response by eliminating the root cause of the attacks — unpatched vulnerabilities. With the majority of production systems running Linux, IT teams have been looking for a single, efficient patch workflow that covers Linux as well as Windows patching.

With this release, Qualys Patch Management, available as part of Qualys VMDR, expands its support from patching only Windows-based devices to supporting both Windows- and Linux-based devices for patching the OS and third-party applications.

Patch Management Challenges

Organizations are overwhelmed with large numbers of vulnerabilities in their infrastructure and often struggle to remediate them at scale due to a lack of integration between vulnerability management and patch management point solutions. Patch management vendors treat patches as software updates and not as content to remediate vulnerabilities, which results in IT teams manually mapping vulnerabilities to the patches required to remediate them.

The disconnection between vulnerabilities and patches reinforces a siloed approach that keeps security teams responsible for vulnerabilities from working effectively with their IT counterparts responsible for patching. This process is error-prone and can lead to unpatched vulnerabilities.

Patch management is too often specific to the operating system, leading to one set of tools and processes for Windows, one for Linux, one for Mac, and so on. The lack of consistent tools slows down the patching process further, lengthening mean time to remediation and leading to increased risk.

An Integrated Solution for Windows and Linux

To address these challenges, Qualys is extending Patch Management to patch vulnerabilities on Linux systems. Qualys delivers a single integrated solution to automatically detect, prioritize and remediate vulnerabilities for both Microsoft and Linux devices using the same lightweight Qualys Cloud Agent. Qualys’ one platform, one agent strategy makes efficient use of resources on patching targets and provides a unified view of vulnerability and patching status in a single pane of glass.

With a single toolset covering the VM lifecycle from vulnerability to patch, security and IT teams now have a common language. With a clear mapping of vulnerabilities to patches, teams can work together and avoid delays caused by miscommunication or disagreement on required remediations, leading to faster mean time to remediation. With a common workflow for Windows and Linux patching, IT teams can efficiently patch across their heterogeneous environments.

For the many organizations that don’t have automated patching processes on Linux and currently patch manually, Qualys Patch Management lists available patches and makes it easy to create and run patch jobs and monitor their progress.

Qualys Patch Management enables efficient “mass” patching workflows for both Windows and Linux platforms, as well as patch workflows for more complex multi-tiered systems typical for Linux-based applications.

Highlights

Linux patching capabilities support:

  • Common workflow for Linux and Windows patch management
  • Selection and deployment of patches to Linux systems on demand
  • Patch deployment on a schedule during a maintenance window
  • Automatic system reboot, if reboot is required
  • Review of patch deployment status, including monitoring of successes and failures

How it Works

To start a Linux patch workflow, navigate to the Patch Management app and open the Linux Patch tab. In this tab, they can review the list of Linux patches, select the patches they want to deploy and add them to a patch job.

Linux patch jobs are very similar to Windows patch jobs and can be run on demand, at a scheduled time, or during a defined maintenance window. The Linux patch job can also be configured to control the reboot of the Linux device in case a reboot is needed.

In the Linux Jobs Tab, users can view all the Linux jobs, their progress and the patch installed and failed statuses. In case of a failed patch, a full failure report is available in the Qualys console.

Patch Management for Linux Beta

Sign up for the Qualys Patch Management for Linux Beta to efficiently remediate vulnerabilities and patch your Windows and Linux systems.

Webinar

Learn how vulnerability management and IT patching teams are cooperating via a single, efficient patch workflow for Linux and Windows. Join the webinar on May 5, 2021 at 10am Pacific: Up the Patch Game: Unified Patch Management for Windows and Linux.

Show Comments (4)

Comments

Your email address will not be published. Required fields are marked *

    1. If you do not have a Qualys username, then choose “No” when prompted for “Do you already have an account?” during the sign up process.