• United States



Contributing Writer

Patch Management Systems: Evaluation Criteria and Capabilities

Nov 09, 20092 mins
Application Security

Shopping for a patch management system? Experts say you should look for these features.

Analysts and CISOs suggest putting the following considerations on your patch management shopping list. Also see the related in-depth How to Compare Patch Management Software.

Evaluation Criteria

The following are criteria to consider when choosing a patch management system:

  • Range of operating systems supported (Microsoft, Unix, Linux, Mac OS, etc.)
  • Range of applications supported (Adobe, Mozilla, RealNetworks, Apple, Java)
  • Agent-based or agentless
  • Types of real-time reporting available (patches deployed, when, by whom, to which endpoints, etc.)
  • Scalability
  • Ability to operate on low-bandwidth or globally distributed networks
  • Ability to manage computers on or off the network
  • Change control (ability to change settings back, pause deployments, etc.)
  • Licensing options (subscription-based, perpetual or both)
  • Ease of use
  • Integration with other security and configuration management systems and capabilities

Range of Capabilities

A full-featured patch management system should do the following:

  • Research: Receive information about new patches from vendors and push this information to the patch server.
  • Asset discovery: Scan the network to produce a full inventory of IT assets, and provide flexible ways to group and classify these assets.
  • Vulnerability assessment and prioritization: Identify vulnerabilities based on the specific endpoints in the environment and rank them in terms of which will have the most impact and which are most important to address.
  • Remediation: Continuously deploy, monitor, detect and enforce patch management policies.
  • Reporting: Provide real-time reports that satisfy the needs for auditing, compliance and management oversight.