One platform. Secure, reliable and efficient support for protected systems
Security and reliability are two characteristics that are vital in the IT sector, that cannot be overlooked during basic everyday maintenance operations such as the regular installation of updates and patches. In a low grade, non-critical environment this kind of maintenance is normally done using a direct internet connection, via an imbedded software or various patch management applications. However, system maintenance gets more demanding when dealing with secure systems, or when remote administration is part of the network architecture. Here, systems are physically or logically separated from each other and as a consequence, have to be updated manually. Usually, this involves high-volume data transfers, which confronts the users with two issues: First of all, they will spend more time on the actual procedure and secondly, manual copy processes create potential sources for errors. It is in this environment that PATCH.works was designed to operate in.
The system consists of two modules, the Data Collection Service (DCS) in the low domain and the Data Distribution Service (DDS) in the high domain. Each of these are designed to simplify the organization of complex update and patch processes. Based on predetermined parameters, the DCS collects the updates that are required by the system. Once the required data has been collected, the DCS reaches out to the DDS via a secure network connection. PATCH.works can use a firewall, a DMZ or an implemented Cross Domain Solution (for example the infodas SDoT product line). The system provides the administrator with a complete overview of all the data to be
distributed, thus allowing them to release the data based on system requirements. Both modules are located in virtual environments in their respective domains.
This architecture ensures the isolation of the systems which need to be protected. PATCH.works uses hash and signature checks to guarantee the integrity of the data intended for distribution. Highly complex systems with different classification levels can be kept up to date with PATCH.works, even when they are operated in a standalone mode or in a closed network. For systems in restricted areas with requirements ranging from restricted to secret on a national level or similar classification levels, in a NATO or EU environment, the DCS can connect and support the DDS via a cross domain solution like the SDoT Security Gateway.
In the context of industrial sectors or in conjunction with critical infrastructures, PATCH.works supports secure operations and continuous availability of IT and OT systems. This means that critical areas remain protected during the update process even if they have been moved from a closed to an open system architecture.
Thus, as part of the system architecture, PATCH.works facilitates efficient update and patch processes while complaying with all applicable security standards. Updates can be collected from multiple open sources and then distributed without creating security risks or conflicts.
How does this work? The principle is really simple. PATCH.works continuously searches and collects updates. It does so based on a list of previously cleared providers (e.g. Microsoft), and then distributes them via secure connections. This enables systems with specific security requirements to use current and updated software, without breaching security.
2-step controlled system
n a first step, the administration of the different DCS and DDS component is done via a web-based portal that combines all system functions. In a second step the update installation takes place, either through autorization within an update service (e.g., WSUS) or they are installed manually by the administrator.
Software products supported by PATCH.works
- Commonly used operating systems like Windows, Linux, Debian, Red Hat (CentOS) and OpenSUSE
- Security Software (e.g., virus scanner updates)
- Commonly used applications & software (e.g., Adobe Acrobat, Mozilla Firefox, Google Chrome, Safari and Java Runtime)
- Other Microsoft Products
- Geoinformation & Weather applications
- Information on further software products supported upon request
- CERTBw Advisories (IDS/IPS)
SDoT Product Family