Asset and Patch Management as a Service

The risks of poor asset and patch management:

Asset and patch management are often systems administration weak spots due to constrained resources and lack of automation. Your systems may be operating with well-known malware and malicious software entry points, leaving your company exposed to:

  • System degradation resulting from unauthorized network resource usage.

  • Serious data theft or destruction


Included in our Service:

Monitoring of assets and attributes according to client asset list.

  • Asset Maintenance:

    • Automatic discovery and updates of asset changes in our best of breed CMDB (Configuration Management DataBase).

    • Full integration into your change management process (including CAB attendance).

  • Patch Management:

    • Full management of patches for assets designated by the client with patching cycle and maintenance window tailored to your needs.

    • All patches follow a full test cycle (QA, Limited Prod, Production and workstations) with follow-up monitoring following patch deployment and roll-back as required.

  • Reporting:

    • Report of device down / unreachable at time of Patching

    • Report also includes a list of patches that were recorded as; installed but failed, did not install, and installed successfully

    • Report of all tickets opened related to changes to asset or patch management


Typical (Monthly) Patch Cycle

We tailor the patch cycle to your needs. The following patch cycle describes the services Qi supplies for a typical monthly scenario that works for many of our clients:

Week 1 (aligned with MS Patch Tuesday):

  • Review of all newly found patches, identify critical and/or security updates

  • Review most recent vulnerability scan results associated with the in-scope servers and identifies any outstanding critical or high vulnerabilities which should be addressed.

  • Submit Change Request, to Change Advisory Board (CAB) for approval, attend CAB meeting to answer questions, validate approvals.

  • Once approvals are obtained, configure the appropriate patch schedule in the patching solution.

Week 2

Patches are automatically deployed to non-production “test” systems. A series of agreed-to activities are performed on key systems prior to and post-patch deployment to ensure the newly-installed patch(es) have no negative impact on the server or its associated applications.

Week 3

Patches are further deployed to a small group of “pilot” systems (either staging systems, non-critical production or IT systems) assuming no issues were detected post patch deployment in Week 2.

Week 4

All approved patches are deployed to the outstanding servers and monitored for successful deployment. Assuming all patches deploy smoothly, Qi will create a monthly patch report summarizing all patches deployed during the period.


Initial on-boarding

Qi provides a full set of planning and discovery services during the on-boarding process:

  • Review current network diagrams.

  • Perform one-time discovery scan of the entire environment.

  • Document scan findings.

  • Push Agents to all assets found on the network.

  • Validate all Assets attributes.

  • Aid client in updating network diagrams, where required.

  • Create run-books for SOC MSS.

  • Upload assets into Qi’s CMDB and produce an asset list for all systems within client’s environment.

  • Setup Patch Management schedule.

  • Run initial patch schedule.