Executive Summary:

The number of standalone patch management packages is dwindling as companies merge and combine product lines. Evaluate 11 enterprise patch management products to decide which solution is right for your environment.


As vendors consolidate previously separate IT administrative functions (e.g., patch management and virus protection) into one inclusive solution, patch management products and services are quickly becoming components of larger systems configuration and management solutions. Examples of inclusive solutions include Microsoft’s System Center and CA’s Unified Service Model. A result of this market shift is that the number of standalone patch management packages is dwindling as companies merge and combine product lines—such as the merger of Patch- Link and SecureWave to form Lumension Security— and as larger companies acquire smaller providers of system components—such as Symantec’s acquisition of Altiris. This Buyer’s Guide lists 11 products that manage enterprise OS and application patching. Many of these solutions also address other IT concerns, such as security, Help desk, and asset management.

Essentials
Advances in patch management technologies and features continue, even as company names change. Client agents, subscription services, and vulnerability assessment functionality are now commonplace. Broad platform support has expanded to include Red Hat Enterprise Linux, Sun Solaris, Novell NetWare, and HP-UX. Most solutions offer some language support, especially with the burgeoning Chinese influence in technology markets. In this guide, English isn’t listed as a supported language unless it’s the only language the product supports.

Subscription services and application patching are the new market battlegrounds. Subscription services offer weekly or monthly OS and application patch bundles. You can configure the agent to download a patch bundle customized to your platforms and application library. Patches are verified and tested before they reach your system. In addition, many solutions notify you if patches are missing, or if your system has any security vulnerabilities.

Application patching is expanding beyond OS repair to include some of the biggest names in enterprise software, including Adobe Acrobat and Adobe Flash, Citrix ICA, NetWare, and Sun Java. Even consumer programs are entering the mix with patches for Mozilla’s Firefox browser and Apple’s iTunes. (Heaven help the admin who forgot to download and install the latest patch for the CEO’s iPod!)

Essential features that are included in every product listed in this Buyer’s Guide are patch verification and testing, deployment failure alerts, scan history retention, and Microsoft Office patching. The next frontiers include virtualization and the mobile workforce. Patch management systems will need to identify missing patches on virtual systems, whether they’re virtual OSs or virtual applications, then distribute the appropriate patches to those virtual systems. For mobile applications, some products already support BlackBerry Server; and as smart phones and PDAs become more prevalent, enterprise users will require patching for email, Web, and file access.

Have a Plan
Securing your infrastructure is only getting harder. IT administrators are responsible for managing increasing numbers and types of platforms, devices, and applications. With these new assets come more opportunities for software cracks and even more patches. According to the CA Content Update Service, Microsoft alone released 379 patches from August 2006 through August 2007.

Don’t put yourself in the position of having to deploy a quick fix or simply slap on the latest OS band-aid when you face a data center meltdown. Research patch management options now, think long term, and develop a plan. Consider the following questions:

  • Does the solution support all of your OSs?
  • Does it patch applications?
  • Will it scan and report missing patches?
  • Will it roll back if the installation causes problems?
  • Do you want a subscription service that delivers patch bundles to client agents?
  • Do you need vulnerability and compliance assessment and reporting?

You have numerous choices in selecting a software patching system. If you have the time, use it to make a choice that will fit your needs now and well into the future. In two or three years when your IT friends are scrambling to patch 50 PCs on a Friday night, and your system management solution finished the same project at noon, as well as completed an antivirus scan and deployed a new software package, you can kick back and enjoy the benefits of planning ahead.

Click here to see the Buyer's Guide Table.