Patch Inventory

This inventory generated by the Precision agent provides the list of all missing patches sorted by severity for a single device or consolidated for a group of devices.

 Lists all missing patches for each device (OS and applications) sorted by severity
 Dynamically updated
 View per device or per group of devices
 Automatic assessment against Shavlik pre-tested patches knowledge base
 Up-to-date information on required patches
 Provides intelligence to prioritise, plan and target deployment

Patch Fingerprint Accuracy

Precision Patch Management relies on the Shavlik pre-tested patch knowledge base which not only supports Microsoft products but also widely distributed applications

 Crossed methods of file and registry detection and versioning are used to test if patches are really missing
 Ensures the highest level of accuracy in the detection of missing patches

Pre-Tested Patches

Precision Patch Management is designed to control and optimise patching process. By automating the detection of missing patches and their deployment this module helps to significantly reduce exposure to attacks and patch deployment costs. Different patching methods are available with Criston:

Baselining
 By introducing patch groups, Criston intends to simplify and automate the standard patching process. A patch group assigns one or more patches to a device or a group of devices

Tactical Patching
 Check missing patches on a specific device or a group of devices and deploy them

Dynamic Download
 Define specific criteria (release date, severity, product, languages) and all patches that match those criteria will be automatically downloaded and ready-to-deploy

Patch Deployment

Once the patch group (selected patches to deploy on selected devices) is created and activated, the deployment is done using the Precision software distribution module.

When deployment configuration is complete (scheduling, bandwidth management, safe reboot...) one custom package is automatically created for each patch. Packages deployment will start when scheduled and each device will receive the patches that it needs.

Safe Reboot

Precision Patch Management offers the most flexible reboot options available on the market today. Administrators can choose to reboot systems immediately after patch installation or at a specified date or time. If a user is logged in to the system at the time of the scheduled reboot, the administrator can choose to delay the reboot until the user logs off or until a specified date and time, whichever comes first. The administrator can also configure the reboot options to allow the users to either disable the reboot or postpone it.

The number and flexibility of these reboot options provides a ’Safe Reboot’ experience for both the administrators and the end-users.

Supported Vendors

Precision Patch Management relies on the Shavlik pre-tested patch knowledge base which not only supports Microsoft products but also widely distributed applications which are also presenting security breaches and have to be patched frequently such as: