Everdream's Everdream Patch Management is unique from the considered vendors because it's a fully managed service. While automated patch products present a strong case for ROI, the appeal of offloading this whole headache to an MSSP is undeniable. The trade-off, as with all managed security services, is the loss of local control and, ultimately, trust in the provider.
This may be a viable option for our small hypothetical company, but it's not the best option for larger organizations (though Everdream's response says it has a large customer with more than 40,000 desktops in 26 countries).
Everdream left us pretty much in the dark as to why it was the best solution for us. Its re-sponses were generally of the "we can do this" variety, with general descriptions rather than specific recommendations and implementation details.
The service uses a host agent, which checks in with the Everdream Control Center daily to update information. There are two options for patch distribution: a custom package that's pretested, and a standard SUS deployment, which gives the company more local control and the ability to conduct its own testing.
Everdream will also create custom software/patch packages, but this comes at an extra price, either folded into monthly fees or as a one-off. Its desktop exception reporting includes Windows 9.x, though full scanning is limited to XP.
Everdream's proposal failed to explain how it discovers or validates patches. Everdream says its agent needs only a Web connection over a 56K dialup connection, but wasn't clear on its support for various bandwidths. Lack of a "plan" left us guessing as to how it would address the problem of supporting remote and satellite office users.
Dig Deeper on Security Resources