Managing patches across numerous workstations and servers is no easy task. But despite the grievances many IT professionals have with patch management (there are too many patches to keep up with, patches can fail during implementation, etc.), practicing patch management is critical. Without proper patch management, you’re exposing your company to hundreds of thousands of cyberattackers waiting to pounce on vulnerabilities. Plus, deploying updates and patches keeps all your software running smoothly, something all employees, from the C-suite on down, will appreciate.
There are many patch management tools on the market. Some platforms are free or offer free versions, but for enterprise use, that isn’t necessarily the best solution.
In my opinion, the best patch management software is by far SolarWinds® Patch Manager. This tool makes automating and managing patch updates easy by optimizing software performance and putting security front and center.
With SolarWinds Patch Manager, you’ll not only know what critical patches need to be implemented, but also have the power to schedule them across thousands of servers and workstations. The tool boasts robust reporting features to help you stay compliant. If you’re looking for a comprehensive, easy-to-use patch management software, look no further than SolarWinds Patch Manager.
Of course, whether you choose to go with a free patch management software or a paid version is up to you. Look at the size of your company, the applications you use, and the number of devices you service to find the right fit. Here’s a list of some of my favorites.
Patch Manager Plus is an automated patch management software from the team at ManageEngine. The tool provides businesses with a single interface, so you can easily keep your finger on the pulse of patching progress and tasks. It works across Windows, Mac, and Linux for both on-site and remote devices. You can even automate scans for missing patches, test and approve patches, customize schedule and deployment policies, and generate vulnerability reports. You can install Patch Manager Plus on your desktop or use the cloud version, depending on your business needs. This free patch management software provides up to 25 devices with patch management capabilities. Additional devices will include an additional cost.
For those looking for a free tool with patch management as part of a broader management platform, ManageEngine offers Desktop Central. Described as a “unified endpoint management solution,” this web-based tool helps manage desktops, servers, laptops, smartphones, and tablets from a single location. Its wide array of capabilities includes automated software, patch, and service pack installations, as well as desktop standardization through uniform configurations, such as wallpapers, shortcuts, and printer setups. Desktop Central is free for up to 25 computers, 25 mobile devices, and one technician. While it can be somewhat tricky to navigate at times, it’s a great tool for small businesses.
PDQ Deploy is a fan favorite within the IT industry. This free Windows patch management software lets you automatically deploy patches across multiple devices. Users love how extensive and efficient the tool is—deployments can install, uninstall, reboot, execute scripts, copy files, send messages, sleep, and more. How does it work? PDQ Deploy sends patch instructions and files to the specific computer, executes, monitors, and reports. The free patch management version of PDQ Deploy is powerful, but some companies choose to upgrade for additional features, like email notifications and scheduling capabilities.
Formerly known as Comodo ONE, Itarian is an open-source patch management software designed to help you automate patch management across all devices, even remote ones, so you never miss a beat. It streamlines processes to help you determine which patches are right for your business, quickly deploy patches, and manage deployments throughout their lifecycle.
This tool leverages the WSUS application program interface (API) to enable IT professionals to create software packages and publish their own updates to WSUS, thus allowing you to distribute updates for third-party programs like Adobe Reader, Flash, Firefox, Java, and Symantec Endpoint Protection. You can even use Local Update Publisher to monitor installation results. Just be forewarned—while this tool offers a fairly easy way to ensure updates and appropriate patches are in place, its simple setup has been known to have trouble pushing out a few existing updates.
Open PC Server Integration (OPSI) is an open-source patch management software from Germany. For small teams with limited budgets, OPSI can help with patch management. The software is great for updates across numerous Windows and Linux computers, and even lets you track the installation process. OPSI is under constant development, so it’s important to always make sure you’re using the latest version.
Putting Budget Behind Patch Management
While free patch management software abounds, if you’re looking for a software that will truly keep your company safe and streamline processes, then you need SolarWinds Patch Manager. Of all the patch management tools out there, free and paid, this one is my favorite.
SolarWinds Patch Manager makes it easy to perform third-party patch management across thousands of servers and workstations. The platform’s comprehensive dashboard provides a clear list of all available updates, highlighting the top 10 missing patches in your environment and categorizing them based on a critical level, date released, application type, and more. This makes it easy to prioritize your patches and quickly close the door on glaring vulnerabilities before an attacker strikes. When it’s time to deploy, you can manage patches with advanced scheduling and rebooting across servers and workstations, giving you complete control over when and where patches are installed.
But that’s not all. What I love is how these functions allow you to extend the capabilities of WSUS, because relying on WSUS alone won’t cut it. You need to effectively schedule patches and report on their status and inventory. The same can be said for SCCM. SolarWinds Patch Manager allows you to view the details of third-party software patches, determine the status of endpoints managed by SCCM, and deploy pre-tested, pre-built third-party updates. SolarWinds Patch Manager offers a robust reporting component, making it easy to demonstrate patching and compliance to auditors.
It takes this in-depth level of automated patch management to keep applications running efficiently and, most importantly, to provide an extra layer of protection against cyber threats. If you’re serious about patch management, I recommend giving the SolarWinds free patch management trial a go.
What Is Patch Management?
It doesn’t matter who you are, patch management is a must for any IT team, large or small. The best way to understand patch management is to think of a Band-Aid. A skinned knee exposes the body to infection, so you cover it for protection, right? Vulnerabilities abound within the software world that can expose companies to malware and other forms of “cyberinfections.” Updating your software with the latest patches repairs these vulnerable areas so you’re protected from attackers looking for an easy in.
The Power of Patch Management
In theory, patch management should be simple. Identify the patch you need, implement it, and trust that all known vulnerabilities will be fixed. Unfortunately, it isn’t always easy. A 2018 Ponemon study found many organizations aren’t able to protect against known vulnerabilities as well as they think they can. In fact, 57% of survey respondents who reported a breach said they were attacked due to a vulnerability for which a patch was available but not applied.
Patch management is often a complex beast that requires skill, insight, and, most importantly, help. Don’t be afraid to reach for a third-party patch management software—it will not only save you time but protect your company from looming cyberattackers.
Many IT teams aren’t as patched as they should be because they’re lacking a few key things:
- Clarity: Patching only works if you know where it’s needed. You need visibility into your environment to understand what systems and applications exist, and whether they’re patched. Network scans, firewall logs, and penetration testing are all important vulnerability management tools for locating any weak points your company may have. You should use these tools on a regular basis and consider automating them if possible.
- Speed: We all like to dream about a patch being implemented on the day it’s released. But all too often, never-ending to-do lists, staffing shortages, and the complexities of segregated responsibilities and duties push patches days, weeks, and more past their release date. Without a tool to provide a clear view into all critical patches and track when they’ve occurred, it’s easy for even big-ticket items to slip through the cracks.
- Prioritization: In a world where cyberattacks are on the rise, just about any patch for an identified vulnerability is critical. But despite the need to pretty much patch everything ASAP, prioritizing is essential. Many vendors follow a standard method of denoting how important a patch is. I recommend turning to this as a guide. Do a little extra digging to determine if identified vulnerabilities have the potential to be exploited on servers, applications, networks, or other systems. Assessing the level of risk will help you know which patch to tackle first.
Some IT professionals may question the value of a patch management tool because software often comes with its own update services. This is a bad mentality to have if you want to truly protect your company. Yes, Microsoft is equipped with Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM). But these update services leave other software, like Adobe or Flash, out to dry. Many third-party software updates like these also require employees to be connected to the internet and accept the update installation notification. Users who don’t understand the implications will simply ignore these prompts—over and over.
Deploying a patch management software alleviates many of the manual to-dos associated with the patching process and help you:
- Identify new, critical patches
- Schedule and deploy patches across devices
- Track a patch’s progress
- Maintain compliance for auditors and internal stakeholders alike
- Keep your software running smoothly and securely
A Quick Recap
Whether you’re a small nonprofit or a major corporation, patch management must be incorporated into any IT team’s strategy. Patch management repairs vulnerabilities that, if left unattended, can allow attackers to strike and put your entire system in jeopardy. Relying solely on the updates associated with many software won’t cut it. You need a third-party tool to provide visibility into all vulnerabilities, help you prioritize patches, and quickly implement the most critical ones.
Free and open-source patch management tools are great for smaller companies looking to scratch the service of patch management. But if you’re responsible for hundreds to thousands of remote and on-site servers and devices, a little spend can go a long way. SolarWinds Patch Manager lets you automate, manage, and monitor patch updates with ease. For most IT professionals, this would be my number one choice.
With New Technology File System (NTFS) permissions inheritance, even system administrators don’t always have a full picture of access rights throughout their file directory. That all can change with the right NTFS permissions reporter. These tools help IT professionals
gain visibility into access rights across their network, manage permissions, and prepare compliance reports. Look at my list and find the best reporter for you.
Ransomware encrypts files and presents companies with a mountain of meaningless text, paralyzing their ability to operate successfully. Luckily, there are countless tools out there to help you monitor and manage the users and programs within your system, so you can help keep your company’s files, devices, and money safe. Here’s a few of my favorites.