Patch Management Systems: Evaluation Criteria and Capabilities
Shopping for a patch management system? Experts say you should look for these features.
By Mary Brandel
November 09, 2009 — Analysts and CISOs suggest putting the following considerations on your patch management shopping list. Also see the related in-depth How to Compare Patch Management Software.
Evaluation Criteria
The following are criteria to consider when choosing a patch management system:
- Range of operating systems supported (Microsoft, Unix, Linux, Mac OS, etc.)
- Range of applications supported (Adobe, Mozilla, RealNetworks, Apple, Java)
- Agent-based or agentless
- Types of real-time reporting available (patches deployed, when, by whom, to which endpoints, etc.)
- Scalability
- Ability to operate on low-bandwidth or globally distributed networks
- Ability to manage computers on or off the network
- Change control (ability to change settings back, pause deployments, etc.)
- Licensing options (subscription-based, perpetual or both)
- Ease of use
- Integration with other security and configuration management systems and capabilities
Range of Capabilities
A full-featured patch management system should do the following:
- Research: Receive information about new patches from vendors and push this information to the patch server.
- Asset discovery: Scan the network to produce a full inventory of IT assets, and provide flexible ways to group and classify these assets.
- Vulnerability assessment and prioritization: Identify vulnerabilities based on the specific endpoints in the environment and rank them in terms of which will have the most impact and which are most important to address.
- Remediation: Continuously deploy, monitor, detect and enforce patch management policies.
- Reporting: Provide real-time reports that satisfy the needs for auditing, compliance and management oversight.
Other stories by Mary Brandel
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
APPLICATION SECURITY ESSENTIALS
In-depth information on tools and strategies for writing secure code, finding vulnerabilities, and other critical application security issues
10 steps to secure browsing
Holistic patch management, browser settings, filtering, and other tactics
Vulnerability management: The basics
5 key tenets for making the most of vulnerability management efforts
Software security for developers
Building security in, from the requirements phase through deployment
Software security for app dev managers
Building and managing a software security program that pays off
How to use source code analysis tools
How to use web application vulnerability scanners
How to compare patch management software
Ranum: Does disclosure work?
Application Security Webcasts
- Distributed Database Security with Real-time Monitoring
- InfoSphere Warehouse Packs Demo
- DDoS Attacks and The Ostrich Mentality: How to avoid having a very large egg on your face when you are hit by a DDoS attack
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
Application Security White Papers
- Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios
- Establishing a Strategy for Database Security is No Longer Optional
- Cloud Computing for Midsize Business: Delivering Innovation and Efficiency
- Cloud Security: Who do you trust?
- Dispelling the Vapor Around Cloud Computing
- Strengthen Your Business with Cloud Computing
- Step right up and listen to the security barker
I've gotten some interesting feedback to yesterday's post about the security evangelist title, especially from a guy who gave himself the perfect title in an industry that often feels like a circus. Sean Jackson (@shunkydave on Twitter) sent me the following tweet: "Re: Evangelist, I'm now calling myself the Security Barker to my family and friends." - Is the title 'security evangelist' really that bad?
- Teenage hackers could be our last, best hope
More Salted Hash with Bill BrennerWhite Papers
Sponsored Links
