Patch management software and deployment for small to medium-sized businesses

Security patches are additional pieces of software developed to address security vulnerability (and other problems) in software packages; they address flaws and often enable additional functionality. Left un-patched, these flaws can be exploited by an outside malicious entity in order to gain access to your network and the sensitive data contained therein. Once compromised, an un-patched computer on a network can then be used as a portal to infect and take control of other computers. There has been a significant increase in worms, Trojans, viruses and hacker attacks that target known vulnerabilities on un-patched systems. Having an effective patch management software and patch management policy in place is the first line of defense for networks of any size.

Patch management is an important part of every IT administrator's responsibility.  To maintain a secure network, one must ensure that the latest security patches and operating system service packs are installed network-wide. Patch management software also plays a part in adhering to the most recent compliance regulations such as the Sarbanes-Oxley Act and HIPAA, which require enterprises to maintain control of their information assets.

An effective patch management process involves not only the discovery of software vulnerabilities but also the subsequent patch deployment to the multiple computers on the network. IT administrators understand the effects that un-patched computers can have on a network.  Because they also fully recognize the challenge of ensuring network-wide protection, an easy-to-administer patch management software solution has quickly become the tool of choice for IT administrators.

Automatic patch deployment should not be a haphazard process but should follow a pre-set policy based on a patch deployment cycle.

  • Detect - Use patch management software to scan for missing security patches. Detection should be automated and should trigger the patch management process.
  • Acquire - If the vulnerability is not addressed by the security measures already in place, download the patch for testing.
  • Test - Install the patch on a realistic operational environment to ensure that the security fixes are suitable and do not compromise your system.
  • Deploy - Allow patch deployment to the other computers on the network. Review this deployment to ensure its success with minimum impact on system users.
  • Maintain - Subscribe to notifications that alert you to vulnerabilities as they are reported. Once a new security patch is available, the process is started again.

Automatic patch deployment helps to support technical best practices; meaning patch deployment is no longer a daunting and time consuming job. An automated patch management system reduces the time and money spent dealing with vulnerabilities and protecting the system against attacks. A good system will track multiple machines and deploy the required security patches. Having a solution to manage patches ensures that the business is constantly secure against the threats inherent in operating system and application software. An ounce of prevention, in this case, will save you untold time and money wasted trying to implement several pounds of cure.

Most major attacks tend to occur in the hours immediately following the release of a security patch, as those are the moments when organizations will be detecting, acquiring, testing and deploying the patch, therefore the system will be in a particularly vulnerable state. The common method used by attackers, upon immediate release of a security patch, is for them to reverse engineer the patch in as little time as possible, identify the vulnerability and subsequently develop and release exploit code, thus hitting organizations at their weakest moments.

A good patch management policy requires a strategic plan, outlining what patches should be applied to which systems at what specific time. It also requires the process to be repeated at intervals to catch and defend against new vulnerabilities and threats which occur everyday.

GFI LanGuard™ offers small to medium-sized business IT administrators an easy-to-administer automatic patch management solution.  We will help you to secure your network faster and more effectively. GFI LanGuard integrates seamlessly with WSUS server. Combining both WSUS and GFI LanGuard allows IT administrators to download and automatically deploy patches and OS Service Packs from Microsoft in all 38 languages but additionally deploy patches to ISA Server installations, machines running Windows NT and deployment of third party software patches and software (which WSUS does not). It also provides customizable reports of scans performed across the whole network including applications and resources. GFI LanGuard is a cost-effective and scalable patch management solution, specifically  tailored and priced for the SMB market.

GFI LanGuard links

Awards and reviews

Previous Next