Panacea Update Manager

Operation and Information Technology professionals continually struggle to keep up with software security patches. To avoid unexpected breakages to software, engineers face the challenge of filtering the flood of operating system level updates based on validated lists from software vendors. In response, some gamble by installing all patches and hoping for the best, while others do not patch at all.

Panacea Update Manager is designed to automate the whole patch management process with the click of a button. One centralized server can maintain multiple client systems and ensure they are up to date and safe against the latest attacks and vulnerabilities.

Watch the introduction video for an overview of Panacea Update Manager, or continue reading below for more information including a video demo.

Panacea Update Manager has made the management of windows updates very simple. It can be cumbersome work to sift through Rockwell’s "Fully Qualified" windows updates list and apply them to each of our servers. Our SCADA system uses multiple versions of Windows server and each of those servers run Rockwell software. Being that we are a utility company, we understand the importance of maintaining operating systems to reduce security vulnerabilities. Along with blocking our servers from the internet, we have implemented the update manager to continue applying Rockwell-approved windows updates.

-Paul Mitchell
Municipal Authority of Westmoreland County

Panacea Update Manager can approve patches for a variety of automation platforms. For a complete list, click here.

Meet Panacea Update Manager

Patch deployment is an integral part of every Automation IT process. Patches can improve system performance, protect against cyber security threats, and correct problems in previously deployed system builds. However, managing patches for automation systems can be a time consuming and resource intensive process due to the effort required to research patch notes, verify vendor compatibility, deploy compatible patches, and test functionality.

The systems found in manufacturing environments feature combinations of a wide variety of automation platforms. As the size and quantity of these systems grow, the amount of time and resources required to manage deployment of newly released patches drastically increase. Complexity further increases on systems with multiple unique software packages, as the approved patches must be compatible with every vendor platform. As systems evolve towards hyper connected and distributed computer networks, patch management will continue to become more difficult and time consuming for engineering resources. Patch management efforts reduce the time available for engineering personnel to perform other tasks.

Patch management is a crucial pillar of every cybersecurity plan and a crucial step in securing our industrial infrastructure

Vendor-qualified Microsoft updates and antivirus definitions can be automatically and regularly deployed to the designated control network (CN) nodes with an automated update management system. To solve the problems associated with manual update management Panacea has released the Panacea Update Manager. Panacea Update Manager automatically manages Microsoft update deployments and can optionally include Symantec Endpoint Protection Manager (SEPM) to provide end point node security. SEPM is supported by most major automation platforms, SCADA software packages, and data historization systems.

Panacea Update Manager was designed to remain automation vendor agnostic and can handle Microsoft updates for multiple vendors. The software can be configured for a wide variety of systems that use different combinations of automation software on the same node or across multiple nodes and will work across multiple automation networks.

Currently, Panacea Update Manager supports most major automation and historian platforms. Future releases will expand upon the supported vendors list based on market research and client feedback.

Panacea Update Manager maintains a list of vendor-qualified updates for each client based on their Operating System and installed automation software. Vendor qualified updates are then approved and securely transmitted to the connected clients. The software ensures that only the vendor-qualified Microsoft updates are available to the designated clients on a pre-determined schedule.

Panacea Update Manager has two install types to support a variety of security preferences; one for systems connected to the Internet and one for systems that are on their own air gapped network and do not connect to the Internet. For online Panacea Update Manager installations the server connects to the Microsoft website via a secure connection to download the Microsoft updates and to the Panacea Secure Update Server to download the latest list of updates qualified by the various vendors. For offline Panacea Update Manager installations the server is not connected to the internet. Microsoft updates and the current list of vendor-qualified updates is provided by Panacea on a regular basis through an encrypted physical storage device.

Licensing is based on an annual subscription and depends on the installed base of automation software and number of clients. The software may be purchased as a standalone product to be deployed and configured by an internal group, or as a turnkey solution that includes configuration and deployment. Annually audited site licenses and an option to purchase the Panacea Update Manager with the Symantec Endpoint Management Software (SEPM) subscription are also available.


Requirements and testing documents are available for review at Panacea Technologies Inc.