In the wake of the recent Nimda virus, which followed closely on the heels of this summer's Code Red outbreak, you are no doubt tired of hearing that you need to be zealous about applying patches for known vulnerabilities to your various systems. You know it's important to keep up with these patches, but you can't exactly stop everything else you're doing.

This month CT Holdings, Inc. will begin beta testing a tool, code-named Hercules, which it says will help. Hercules works alongside vulnerability scanning tools to find potential trouble spots and then automates the process of downloading and applying the appropriate patches to client and server systems, says Steve Solomon, chairman and CEO of Dallas-based CT Holdings.

While more and more companies are performing vulnerability scans monthly or more, many can't get to all the repairs that the scans recommend, Solomon says. As a result, some fix only a certain percentage of the most serious vulnerabilities, while others address none at all.

"We're helping companies reduce their IT costs by offering a solution that takes human intervention out of it," he says.

Hercules consists of two main software components: an agent that runs on the client and software that runs on Windows NT, 2000 and XP servers. Each agent takes a profile of the client on which it runs. Working with data collected by a vulnerability scanner, the agent determines which updates each client needs and communicates this information back to the server. The server scours the Internet to find the requested updates, or takes them out of its own database of patches, and ships them to the agent, which then applies them to the client. Administrators can schedule remediation to occur during non-peak hours.

The agent can also be configured to lock down a client configuration so that end users can't remove the patches it applies, Solomon says.

Hercules works with vulnerability scanners from companies including Internet Security Systems, BindView, PGP Security and the Nessus Project.

Hercules will be part of CT Holdings' Citadel Technology line of security products, which also includes SecurePC 4.5. That product lets administrators create security policies for Windows machines designed to prevent users from making unauthorized configuration changes.

With its Hercules product, CT Holdings will compete against companies including St. Bernard Software and PatchLink Corp. St. Bernard's UpdateEXPERT (previously known as SPQuery) and the PatchLink Update product likewise conduct inventory on networked systems and automate the process of finding and applying appropriate patches. Both companies have a market lead on CT Holdings, as they have been selling their products since last year.

Pricing for Hercules has not yet been determined, but Solomon says it will involve some form of a subscription model based on the number of IP addresses per account.

www.citadel.com