Third-party patch management tools

For many administrators, getting third-party help to manage patches and updates is no longer an option; it's a requirement. In a big organization (a thousand seats or more), managing patches for every single machine, whether a desktop or a server, is not something you can do by hand -- not even at the departmental level.

Microsoft has its own product for deploying updates -- Windows Software Update Services -- which is available for free and uses the pre-existing Automatic Updates component on target computers as a remote agent to deploy updates. It also supports a fairly broad variety of Microsoft products, such as Office, Exchange Server and SQL Server. It is, however, far from the only solution available.

Of the many third-party programs in this space, I've written at length before about Gravity Storm Software's Service Pack Manager, now in revision 7.1. This program caught my attention as being one of the very first third-party applications to do patch management in any form. When installed, you can scan your local network, enumerate each machine on it, and compare the computer's manifest against Microsoft's own recommended list of patches and updates for each detected OS. The program uses an agentless architecture, so there's nothing to install on the target machines; it's a very lightweight and direct way to

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information security management for the midmarket Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Gartner: Vetting security of third-party partners in five steps Locking down security in the move to electronic medical records Security and risk management in the midmarket Identity and access management planning guide for the midmarket Information systems management for the midmarket CIOs share advice on doing more with less Get smart about patching security vulnerabilities A CIO's advice for implementing single sign-on solutions Risk management for the midmarket Using key risk indicators to sell your information security program Gartner: Vetting security of third-party partners in five steps Security and risk management in the midmarket Identity and access management planning guide for the midmarket Get smart about patching security vulnerabilities Log management tool saves big on network fixes, integrates with IPS Unified communications: Securing access to OCS Disaster recovery and business continuity planning: Know the risks Database security: Who should have access? San Francisco network lockup justifies CIO fears Security tools for the midmarket IT security spending a bright spot in '09, with more growth predicted Security and risk management in the midmarket Identity and access management planning guide for the midmarket A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Unified communications: Securing access to OCS Unified communications security: How safe is it? Database security: Who should have access? San Francisco network lockup justifies CIO fears

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

patch a Windows-only environment quickly and effectively -- provided that's all you need.

However, the program's biggest strength is also one of its weaknesses: it's almost exclusively Microsoft-centric. It focuses on finding updates to Windows and many Windows Server systems, such as SQL Server or ISA Server, but it will not track patches for non-Microsoft products. For that, you would need something like Ecora Patch Manager 4.0, a slightly more sophisticated patch management application which encompasses not only Microsoft patches but third-party products as well.

Ecora has a slightly more flexible design than SPM: it can operate in both agent and agentless modes -- in other words, if you're better served by actually having a patch-management agent present on the machines to be patched, you can do that. It also supports a broader range of platforms (including non-Windows machines) than SPM, lets you roll back patches as long as there's support for rollback with the patches in question, and is slightly cheaper: $25 per node, as opposed to a starting price of $33 per node for SPM. If you want to try them out yourself, there's good news in both cases: each program has a free 30-day trial.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!