BMC Software is a company I’ve mentioned in this newsletter before. It has also appeared in the Identity Management newsletter – even in the old NetWare newsletter we published until late last year. But almost always BMC was listed among a group of companies involved in some niche, or standard or particular area that was the topic of that newsletter. Rarely did I talk about the company’s products, and that’s a shame.

Anyone running a Windows-based network, after all, needs to have a robust patch management system in place, such as the BMC Patch Manager (formerly Marimba Patch Management). It’s been a workhorse for a while, since it enables you to manage and deploy security and functional patches on desktops, laptops, PDAs, and servers. By automating the most critical patch management functions (patch collection, preparation, testing, staging, deployment, auditing), it can help you save time, improve response times, and reduce attack-related risks.

BMC Patch Manager is just one product within the BMC Closed-Loop Change and Configuration Management product suite that automate change request, authorization, implementation, and verification of any change requests according to user roles and corporate policies. And the company has just gone out and improved it.

BMC is now partnering with eEye Digital Security, a developer of endpoint security and vulnerability assessment software, to enable customers to identify, store, isolate, secure, and patch vulnerabilities in their IT infrastructure. According to Matthew Selheimer, BMC director of strategic marketing, to whom I spoke last week, eEye’s vulnerability assessment, when coupled with BMC’s patch management brings you a complete vulnerability management package. And vulnerability management is something we all should have, especially if it’s fairly well automated – and running 24/7.

According to Selheimer:

* Misconfigured systems are not detected by the patch management tool.
* Rogue machines enter the network and attack vulnerabilities in the network.
* Unpatched machines introduce vulnerability window for zero-day attacks.

But coupling the eEye tool with BMC’s patch manager yields a number of benefits:

* eEye’s vulnerability assessment tool will identify vulnerabilities, assess risks, and quarantine the offending systems.
* Incidents and RFCs [Requests for Comment] will be created to meet ITIL [IT Infrastructure Library], COBIT [Control Objectives for Information and related Technology] and other requirements.
* BMC Patch Manager will remediate unpatched machines.
* Patch Management + Vulnerability Assessment = Vulnerability Management.