An add-on to Configuresoft's Enterprise Configuration Manager (ECM) is the Security Update Manager (SUM). Installation is complex and requires planning.

ECM collects and then stores Registry and security settings with other configuration details. The information is gathered from client-based agents which are polled according to a user-defined schedule. Information is stored on a SQL Server database and can be seen through the web interface or using the Crystal Reports facility.

The system is customizable, with access being possible from anywhere on the network. Parts of the system are distributed around the network to help balance loadings. SUM can download patches to a local server and these can be relayed to distribution servers so they are ready for deployment to any client or group of clients.

SUM gets its information and patches from the Microsoft XML Security Database and combines it with ECM's configuration database to determine vulnerabilities. Updates are downloaded regularly and prioritized. Each new patch is assessed by Configuresoft's Rapid Response Team (whose findings are usually made available in 12 hours).

The deployment process is wizard-controlled and flexible. For example, re-booting can be postponed after a patch is applied and if a patching attempt results in the computer hanging, SUM can kill the process and re-initialize the system.

Testing a new patch is done by targeting a baseline system in a group. ECM records registry entry changes and additions, affected DLLs and new files that appear. After assessing the impact, the administrator can devise rules to ensure the integrity of clients before the fix is rolled out.

The system does not include popular non-Microsoft applications. With a little more work to broaden the services, ECM with SUM could be a major contender.