HP Insight Vulnerability and Patch Manager software 6.0 User Guide HP Part Number: 579547-001 Published: January 2010, First Edition
1 Introduction
HP Insight Vulnerability and Patch Manager is an all-in-one vulnerability assessment and patch management
tool integrated into HP Insight Control, simplifying and consolidating the proactive identification and resolution
of issues that impact server availability into one central console.
IMPORTANT: HP is phasing out the HP Vulnerability and Patch Manager software (VPM) from Insight
Control. Technical support will be offered based on the Technical Support and Upgrade offerings for HP
Insight Control sold through November 2009. HP Insight Control licenses include 1 year of Technical Support
& Update, which you can upgrade to 3, 4, or 5 years. Depending on the purchase date of Insight Control
licenses and technical support extension, support for Vulnerability and Patch Manager functionality will end
no later than November 2012.
Starting with the Insight software 6.0 DVD, Vulnerability and Patch Manger will no longer be available.
However, existing users of the vulnerability and patch management capabilities can upgrade to Vulnerability
and Patch Manger 6.0 by downloading the software and manually installing it on the CMS. You can
download the software from Software depot.
Vulnerability and Patch Manager features
• Combined vulnerability assessment and patch management—A single tool seamlessly combines the
assessment and the remediation of vulnerabilities, reducing operational complexity.
• Integration into Systems Insight Manager—Integration enables you to use existing functionality such as
discovery, identification, scheduling, role-based security, notification, and group-based actions,
eliminating the need to recreate these tasks in multiple tools for vulnerability assessment and patch
management.
• Comprehensive vulnerability assessment—Coverage of vulnerabilities reported in all leading vulnerability
databases ensures comprehensive assessment. Vulnerability assessment identifies vulnerabilities reported
in the Common Vulnerabilities and Exposures (CVE) list, the Federal Computer Incident Response Center
(FedCIRC) vulnerability catalog, the SANS Top 20 Internet Security Vulnerabilities list, the Computer
Emergency Response Team (CERT) advisories list, and the U.S. Department of Energy Computer Incident
Advisories Center (CIAC) bulletins.
• Automated acquisition, scheduled deployment, and continuous enforcement of patches:
Automatically collects new vulnerability updates and patches directly from vendor sources, such
as a vendor’s web-based patch repository. Updates can be acquired outside the firewall and
•
imported into the patch repository in infrastructures where firewall policies prevent HTTP and FTP
downloads.
• Scheduled deployment, scheduled reboots after deployment, and checkpoint-restarts ensure that
patches are deployed with minimal impact on network resources and enable patches to be managed
from a central point.
• Unique desired-state management automatically and continuously ensures that patches remain
applied in their proper state. If patches are corrupt, they are automatically reinstalled to bring the
system to the desired level of patches.
The following figure illustrates the Vulnerability and Patch Manager operation model.
Vulnerability and Patch Manager features 6