Home / Galileo Discovery Center / Informational / Patch Management and CVE Release Policy for the Galileo On-Prem Appliance

Read Now

Patch Management and CVE Release Policy for the Galileo On-Prem Appliance

by | Feb 8, 2023 | Informational

We are committed to ensuring the security, reliability, and performance of our on-premises appliance, which is an integral part of our SaaS offering. Our patch management and CVE (Common Vulnerabilities and Exposures) release policies are designed to address potential security vulnerabilities and maintain the overall health of the appliance. Our process includes the following:

Patch Management

  • Timely Updates: We proactively monitor the components and dependencies of the appliance, including the underlying Linux operating system and open-source software such as Zabbix. As soon as security patches or updates are released, we strive to apply them promptly.
  • Scheduled Patch Cycles: Regular patch cycles are scheduled to minimize disruptions to your operations. These cycles are designed to ensure that patches are thoroughly tested and validated before being deployed to your on-premises appliance.
  • Testing and Validation: Prior to releasing any patch, our team rigorously tests it on a designated staging environment that mirrors the production setup. This testing process helps identify and mitigate any potential compatibility or performance issues.
  • Rollback Procedures: In the unlikely event that a patch causes unexpected problems, we maintain robust rollback procedures to swiftly restore the appliance to its previous state while we address the issue.
  • Vulnerability Scanning with Tenable: To enhance our patch management process, we leverage Tenable, a leading vulnerability management solution. Tenable allows us to perform regular scans of the appliance to identify vulnerabilities and weaknesses in both the underlying operating system and the third-party software components. Tenable’s comprehensive vulnerability database and scanning capabilities enable us to stay ahead of potential threats.

CVE Release Policy

  • CVE Monitoring: Our dedicated security team continuously monitors the CVE database and security mailing lists to stay informed about the latest vulnerabilities that may affect the components used in the appliance.
  • Assessment and Prioritization: When a new CVE is reported, our team promptly assesses the potential impact on the appliance. We prioritize addressing critical vulnerabilities and vulnerabilities that may have a substantial impact on the security or functionality of the appliance.
  • CVE Mitigation: Depending on the severity and complexity of a CVE, we aim to release a patch or mitigation within a reasonable timeframe. We understand the importance of addressing critical vulnerabilities promptly and will communicate any required actions on your end.
  • Communication: When we release patches or mitigations for CVEs, we maintain clear and transparent communication with our customers, providing detailed release notes and instructions on how to apply updates or mitigations.

Please note that our policies follow industry best practices to maintain the security and reliability of our on-premises appliance. We are committed to staying vigilant in our approach to patch management and CVE handling, with the added advantage of utilizing Tenable to enhance our vulnerability scanning and assessment capabilities.

If you have any specific requirements or need further details, please don’t hesitate to reach out to us, and we will be happy to accommodate your needs.

Related Articles

Cloud OptimizationInformational
Unleashing the Full Potential of FinOps: Going Beyond the Cloud

Unleashing the Full Potential of FinOps: Going Beyond the Cloud

FinOps is gathering steam for good reason. Runaway cloud costs are becoming a significant challenge for enterprise IT Leaders, particularly as they look to move legacy workloads to the cloud. FinOps promises an answer, but to get it right you're going to need to think both a bit bigger and a bit smaller.