Leveraging the OESIS Catalog for Centralized Patch Management

The OESIS Framework is a cross-platform, modular software development kit (SDK) that enables technology vendors to build advanced endpoint security products. It reduces development time and cuts maintenance and support costs, allowing our partners to focus on implementing business logic around our solutions.

Over the last 20 years, OPSWAT has compiled a catalog of compliance data and merged it with the National Institute of Standards and Technology (NIST) database to provide comprehensive vulnerability results for the OESIS Patch Management module.

Understanding the OESIS Framework

The OESIS framework's modular design empowers developers to create customizable solutions that provide compliance, application removal, vulnerability assessment, malware detection, and data protection capabilities.

Designed to enable development teams, the OESIS endpoint security SDK is well-documented, configurable, lightweight, and customizable. It integrates into solutions built with all popular programming languages. It also supports Windows, Mac OS, Linux, Android, and iOS mobile platforms. OPSWAT built the OESIS system architecture with native support for the industry-standard JSON data exchange format, enabling easy interoperability with existing server and endpoint systems.

Understanding the Framework

OESIS Patch Management Module

Let’s take a closer look at the OESIS platform’s Patch Management modules. In particular, we’ll drill down into how vendors use the comprehensive, server-side vulnerability catalog we recently released to improve their endpoint security solutions.

Of the many components available in OESIS, one of the most popular is Vulnerability Assessment and Patch Management (VAPM). OESIS VAPM enables the partner’s application to discover and patch vulnerabilities in third-party and native OS applications.

It is a single interface that assesses hundreds of endpoint applications such as Adobe Acrobat, Mozilla Firefox, Zoom Client, and many more, searching for vulnerabilities and automatically patching them.

OESIS VAPM supports multiple versions of Windows and macOS operating systems, detecting over 25,000 common vulnerabilities and exposures, or CVEs. OPSWAT updates the catalog multiple times a day to make it easy to discover and patch endpoint vulnerabilities.

Discovering Unpatched Programs with OESIS Catalog

The OPSWAT Vulnerability Catalog is a key new feature of OESIS VAPM. The catalog reduces the complexity needed to maintain a database of applications and files to patch.

The Vulnerability Catalog provides vulnerability detection for hundreds of applications and the ability to automatically patch them. The catalog includes download links for patch content. If the content is not available, it provides instructions to help users to know how to patch the application on their computer.

The catalog data can be merged with existing server-side, third-party inventory data to allow for server-side vulnerability detection, removing the need to run a scan on the endpoint while also drastically reducing the bandwidth required for endpoint to server communication. A server-side scan also allows outdated or disconnected computers to report vulnerabilities.

We’ve put together a short video showing the Catalog feature in action:

With the OESIS SDK Detect Products feature and endpoint installers, it is possible to quickly integrate the product into a management system and reduce the effort required to perform traditional vulnerability scanning and patch management on endpoints.

Other OESIS features

Anti-Keylogger prevents keyloggers from accessing keystrokes

Anti-Keylogger prevents keyloggers from accessing keystrokes and confidential data such as passwords and personal identifiable information.

Anti-Screen Capture stops unauthorized screen capture

Anti-Screen Capture stops unauthorized screen capture or recording by users, malware, and third-party applications.

Advanced Malware Detection detects threats missed by antimalware engines

Advanced Malware Detection detects threats missed by antimalware engines; provides broad BYOD support.

AppRemover removes software applications without user intervention

AppRemover removes software applications without user intervention – including password-protected or corrupted/incomplete installations.

Removable Media Protection protects against threats from USB drives, CDs, DVDs, and other peripheral devices

Removable Media Protection protects against threats from USB drives, CDs, DVDs, and other peripheral devices.

Build advanced endpoint security products for your organization. Contact us more information.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.