Effective vulnerability assessment and security patch management are critical to defend a computer network against malicious code, and is useful for other reasons, such as efficient update of software. Current networks detect and eradicate malicious code using a centralized repository and server. However, current malicious code, such as, worms and other malware, are able to infect machines by bypassing a centralized device using peer-to-peer transmissions. The malicious code propagates undetected through the computing network allowing the code to surreptitiously infect machines at a very rapid pace. Organizations may be unable to keep up with many of these malicious code outbreaks once they have penetrated their internal networks. Furthermore, if the centralized server suffers a system failure, any services rendered by that server may come to an abrupt end.
The Top Patch invention is a method and system for distributing patches to network nodes in a peer-to-peer network. A plurality of network nodes may be designated as “server” nodes. Each server node may be assigned to manage software patch distribution for a different zone, where each zone may include a different plurality of network nodes. Upon detecting a node in a zone to be a node in need of an update, a patch may be received from a patch source at the server node in the same zone as the node in need of the update. The patch may be transferred from the server node to the node in need of the update. The patch may be used to update the node in need of an update.
More technical detail is available for discussion under NDA.