Patching Tools For Windows Server

[Edward]

ITteams must ensure that the software running on their managed infrastructure receives security patches and updates promptly to minimize application disruptions and security risks. The teams need comprehensive patching tools that fully automate the patch management process without adding undue complexity to their endpoint and network management responsibilities.

There are many products, and choosing one is no small task. Here are 12 patch management products chosen partly because of their popularity and because they represent diverse options that approach endpoint management differently. Comparing the different approaches can help to identify the types of features to look for in patch management software. The descriptions are based on vendor documentation. This list is not ranked and instead appears in alphabetical order.

Atera is a cloud-based remote monitoring and management platform that comes in separate versions for IT departments and managed service providers (MSPs). The platform provides services such as IT automation, custom scripting, network discovery, ticketing, reporting, real-time alerts and patch management. Administrators can automatically identify and deploy patches on macOS and Windows servers and workstations from a centralized interface. They can also reboot remote systems if necessary.

Atera can patch operating systems, applications and hardware drivers. It supports common third-party software such as Chrome, Zoom, Java, Dropbox, Microsoft Office and Adobe products. Administrators can create automation profiles for installing or updating patches at scale, while excluding specific patches when necessary. A single profile can also include other tasks along with patching, such as installing a software bundle, upgrading a Windows version or managing storage disks.

The Atera platform offers several comprehensive reports specific to patching. For example, administrators can generate a report based on Microsoft knowledge bases and then install missing patches with a single click directly from that report. Administrators can also view details about patch statuses and logged actions. Atera offers four subscription plans for the IT department version -- Professional, Expert, Master and Enterprise -- the first three of which are available as either monthly or annual subscriptions. The Enterprise plan requires a discussion with Atera's sales department. All four plans support patch management.

Automox is a cloud-native systems management platform that automates patching, compliance and configuration of local, remote and cloud-hosted endpoints. The platform supports Windows, macOS and Linux systems and provides a single console for managing OS and third-party application patching and updates. In addition, Automox can automatically inventory all hardware and software, according to the vendor, offering full visibility into both authorized and unauthorized applications installed on managed devices.

Automox can identify missing patches in the three operating systems and a wide range of applications. It provides native support for products such as Adobe Reader, Apple iTunes, Citrix Workspace App, Dropbox, Inkscape, Office 365, Notepad++, Slack and many more. Administrators can view pending patches and then approve or reject them. They can also access details about individual patches.

Automox allows administrators to create custom scripts that provide granular control over configuration and patch management processes. They can schedule patching for specific times or configure it to occur automatically every time a device connects to the internet. Automox also includes notification and reporting capabilities, which can be set up according to an organization's specific requirements. Automox is available in three subscription plans: Basic, for patch management; Standard, which adds endpoint management; and Pro, which augments the Standard package with multi-zone endpoint management, remediation and other advanced features.

GFI LanGuard is endpoint protection software that enables administrators to assess vulnerabilities and patch software on local and remote desktops, servers and virtual machines. Administrators can also scan their networks for missing patches and other vulnerabilities. LanGuard supports Windows, macOS and Linux devices, as well as third-party applications from over 50 vendors, including Adobe, Apple, Google, Microsoft, Mozilla, Oracle, VMware and many others.

Administrators can set up LanGuard to scan their networks automatically or perform scans on demand. They can also deploy patches from the central interface or deploy agents to individual machines that carry out the patching operations, thereby distributing the processing load. In addition, administrators can control which patches to install, automatically download missing patches and roll back patch updates if they encounter a problem.

LanGuard also provides a web-based reporting interface that lets administrators export reports to such formats as PDF, RTF or CSV. They can also schedule reports to be automatically sent by email. For large networks, administrators can deploy multiple LanGuard instances and generate aggregated reports based on data from those instances. GFI licenses LanGuard on an annual, per-node basis, with pricing dependent on the number of nodes and whether the product is purchased with other GFI products. The per-node price drops substantially at the 50- and 250-node thresholds.

ITarian is a cloud-based IT management platform for MSPs. It offers four primary services: remote monitoring and management, IT service management, service desk and patch management. The patch management feature supports both the Windows and Linux operating systems as well as over 400 third-party applications. Administrators can scan devices for missing patches and automate each stage of the patch management process, including patch downloads.

ITarian makes it possible to identify which endpoints contain vulnerabilities, tag those endpoints, and create policies for automatically deploying patches at scheduled times to specific endpoint groups. Administrators can create custom tags that they can use to organize endpoints according to business requirements. In addition, they can also deploy patches based on severity, vendor or type, and they can schedule deployments by time, group, computer or other criteria. Administrators can also test patches before approving them for deployment.

ITarian provides in-depth reports on the hardware, software and patch update history of managed devices. The central interface offers a single-pane view of endpoint statistics and patch statuses and identifies which endpoints contain vulnerabilities so they can be quickly patched. ITarian tracks and manages patches on endpoint systems in real time and provides reports about applied or missing patches, as well as failed deployments. Organizations can use ITarian for up to 50 endpoints for free. After that, subscription fees are on a per-device basis.

Kaseya VSA is remote monitoring and management software with features such as alerting, discovery, automation and patch management. Administrators can use the platform to deploy, update and patch Windows, macOS and Linux computers and third-party applications. VSA provides fully automated patch management, adopting a configurable, policy-driven approach that's location-independent and optimized for bandwidth. VSA uses agent-executed scripts to automate patching operations and other processes.

Administrators can also use scripts to automate software and patch deployment across all endpoints, whether on or off the network. Additionally, they can override patches and view patch histories. The policy-based approach helps standardize software maintenance through profiles, which enable administrators to manage patch approvals, scheduling and installation. In addition, administrators can prevent patches from being applied during certain time windows and deny specific patches to a subset of machines.

As part of the patch update process, administrators can schedule regular network scans and analyses to identify software vulnerabilities. VSA supports over 100 third-party applications out of the box, such as Adobe Acrobat Reader DC, Citrix Receiver, FileZilla Client, Inkscape, LibreOffice, Opera Browser, TeamViewer and many others. Administrators can patch endpoints across multiple locations and domains, including home-based user devices. Potential customers should contact Kaseya directly for information about product licensing.

ManageEngine Patch Manager Plus is a comprehensive patch management platform available as a cloud service or on premises. It provides automated patch deployment on Windows, macOS and Linux endpoints, with support for both server and desktop systems, including virtual machines and roaming devices. Patch Manager Plus supports over 850 third-party applications. Although most of these are Windows software, the platform can also handle many macOS and Linux applications.

Administrators can use the centralized web interface to scan endpoints to detect missing patches, as well as test patches before deploying them. ManageEngine also provides prebuilt, tested and ready-to-deploy packages to help simplify patching of third-party applications. In addition, administrators can customize deployment policies to meet their specific business requirements, and they can specify which installation and reboot options to perform on an endpoint when deploying a patch, software update or service pack.

Patch Manager Plus includes auditing and dynamic reporting capabilities to help analyze and fix vulnerabilities. The platform provides real-time patch management metrics that can be viewed through patch status dashboards and patch management reports. Patch Manager Plus is available in three editions: Free, Professional and Enterprise. The Free edition supports up to 20 workstations and five servers. The cost for the other two editions depends on the subscription plan and whether it is the on-premises or cloud edition. There are some feature differences between the two deployment options, but for the most part, they offer similar functionality.

3a8082e126