Essential Guide

How to hone an effective vulnerability management program

A comprehensive collection of articles, videos and more, hand-picked by our editors
Q

Valuable third-party patch deployment software, tools

Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your enterprise.

Could you advise me on the best third-party (free or commercial) patch deployment software, either from personal or professional experience?
Without knowing a little more about the network you're managing, it is difficult to recommend specific patch deployment software. Do you manage a heterogeneous network that is running a variety of different operating systems such as Windows, Linux and Mac? Do you deploy virtual machines or run non-standard applications? These types of issues will affect what type of patch deployment software you need.

If you have a Microsoft-based infrastructure, you will probably find that Microsoft's free WSUS (Windows Server Update Services) is the easiest way to keep your software up to date. However, if you run customized software or non-Microsoft applications, such as Adobe Reader and Mozilla Firefox, then WSUS will not be sufficient because it won't be able to help you patch these third-party applications.

Although Microsoft's System Center Configuration Manager (SCCM) isn't free, it can handle updates from other software vendors as well as updates for your own internal custom applications, plus bios and firmware for popular hardware vendors. It also gives you better targeting, delegation and reporting than WSUS. If you need to meet particular compliance standards or requirements, then the reporting capabilities of your patch management tool will be a factor in your choice of product, as you need to be able to show the patch status of your network.

For thorough and accurate reports, you'll find it hard to beat Corporate Software Inspector (CSI) from Denmark-based Secunia ApS. It provides a highly detailed software inventory, including both programs and plugins, mapped to security alerts and available updates. CSI can automatically repackage security updates and patches and push them to SCCM, checking that they are applied correctly and all systems are fully compliant.

If you have a limited budget, another free Windows-based patch management software is IT.Shavlik.com a SaaS-based application that is free for managing patch rollouts for up to 10 servers or workstations. If you have a heterogeneous network running different operating systems, then your choice of tool is more limited and you will likely have to pay for a more comprehensive commercial tool.

Well-known names in this field are LANDesk Software Inc.'s Patch Manager, a subscription service that automates vulnerability assessment and patch management throughout a heterogeneous network, and Lumension Security Inc.'s Vulnerability Management Solution aimed at complex, highly distributed environments.

I would recommend only using one tool for auditing -- scanning the network to see what's installed and what's needed -- as there can be inconsistencies between reports from different tools. It can be difficult to maintain consistency across your network if different segments are using different tools. Before you pay for patch management software, be sure you really need the additional features it offers over and above those of the free ones, as you will have to find the budget for training administrators unfamiliar with any new tools.

This was first published in February 2011

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

How to hone an effective vulnerability management program

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close