Pitching patch: Configuresoft

Configuresoft's response emphasized the Enterprise Configuration Manager (ECM) and Security Update Manager (SUM) suite's strength as a configuration management and automated patch management product, turning the issue, correctly, into one of overall vulnerability management. While the company's proposal for patch management wasn't the strongest for our requirements, Configuresoft's overall approach was on point.

Configuresoft crafted its own version of what it deduced was our requirements (in addition to addressing our specific requirements). To some extent, we found this helped focus on big picture issues, but our overall sense was that this enabled Configuresoft to define the problem in its terms and tailor the solution to its strengths.

Following this line, Configuresoft -- like most respondents -- provided no real plan for our company, leaving us to "imagine, if you will" how its deployment would look and work. Configuresoft's agents give it tremendous flexibility for security policy setting and automated remediation through the central database. ECM allows the creation of custom templates to assess and remediate any app—a plus. It also allows for highly granular grouping of devices for remediation, though this is probably of more value to larger, more complex organizations.

Configuresoft uses a DCOM-based agent, using RPC, known for its vulnerabilities, to communicate, but it encrypts all communications with AES over HTTPS.

The company's response on the issue of mobile users and satellite offices was a mixed bag. Configuresoft mentioned distribution points that sounded like local caches to reduce WAN bandwidth, but what they are and how they work was unclear. A plan tailored to our company and a good diagram would have helped.

<<Return to Pitching patch

This was last published in May 2005

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.