On patch patrol, armed with third-party tools
- By Johanna Ambrosio
If you're ready to go shopping for patch management tools, here are a few things to keep in mind before you begin:
Many vendors sell tools that can do patch management, but those tools aren't necessarily optimized for it. For example, Novell's network management suite ZENworks can push patches around a network, but "it takes time to create and package the patches," says Ed Bailey, an IT director at the University of Florida in Gainesville. The message: Look around your shop to see if something you already have may fit the bill; patch management may be a piece of an application you own.
Make a decision early about whether you're going to go with an agent-based or agent-less product. Both have drawbacks and benefits. Agents can provide much more information about the client being patched. Agent-less products are generally easier to implement and work with. For enterprises that have deployed wireless or mobile devices or are planning to, agents are the only realistic way to manage them, experts say.
Phebe Waterfield, a security and patch-management expert at the Yankee Group, says many of the packages offer similar functionality, but for her money, PatchLink provides a significant value-add because it tests all patches in its own center to catch any major problems before it makes the patches available to customers.
If you're primarily a Microsoft shop, there's some good news for you. Microsoft is providing a more robust patch product, called Windows Update Services, free to customers. It handles patches for Microsoft's products running on servers and networked PCs.
Johanna Ambrosio is a freelance writer based in Marlborough, Mass., specializing in
technology and business. Contact her at firstname.lastname@example.org.