Best of 2006: Patch management

December 16, 2006

Keeping up with software security and other patches is now a top priority for firms of all sizes.

Patch management products are more than just a handy application for automating patching across the enterprise. Patch management products need to work across different OS systems from a variety of vendors. Threats are not restricted to the Microsoft environment, and many organizations have embraced other OS platforms.

Patch management applications should take up as little bandwidth as possible in order to perform their functions as efficiently as possible. Agentless products need to be bandwidth-efficient in the way they scan and remediate target systems, and we were pleased to see that CPU usage flexibility was evident.

The products should also provide the administrator with as much information as possible about what the patch fixed and, when possible, how.

Patching cannot be the be-all and end-all of security. It can only help mitigate against known threats. As a result, it should be used as part of an overall strategy that encompasses securing the endpoint and detecting anomalous behavior before it manifests itself in a full-blown attack.

Any product that shines a light on your corporate infrastructure can help show up weaknesses. So use them not only to catch up, but also to spot problems and fix them before the next hit.

BEST BUY
Product:
PatchLink Update
Vendor: PatchLink
Verdict: An excellent enterprise patch management system.
Website: www.patchlink.com  

RECOMMENDED
Product:
NetChk Protect
Vendor: Shavlik
Verdict: A solid choice for medium-sized organizations. Extremely intuitive interface makes it easy to use.
Website: www.shavlik.com  

prestitial ad