Patch Management: Problems and Benefits
Software update management is an essential and complex process. Timely and correctly managed updating optimizes security, regulatory compliance, availability, and capability. Haphazard software update management can cause security vulnerabilities, compatibility problems, sluggish or erratic performance, needless offline stretches, or unavailability of key functions. Patching involves more than occasional updates of an OS and applications for servers and endpoints. Firmware updates can be an essential for peripherals like printers and scanners, infrastructure appliances such as routers and wireless access points, and Internet-of-Things devices like alarms and health monitors.
Progent's Patch Management services can cover IoT devices such as sensors and robotics
The update process can pose a number of complications that can differ from one environment to the next. Resources that may require updating can be located on-premises, in a public or private cloud, mobile, or in the homes of remote workers. Environments may include any mix of Microsoft Windows, Linux, Apple, and Google operating systems and apps. Some patches can be installed programmatically and at scale using management tools such as Configuration Manager, Microsoft Intune, or Azure Automation Update Management. Others must be performed by hand. Updating for vital systems must be scheduled to avoid business disruption. In certain mission-critical systems, patches must be carefully tested before being applied to production.
Progent's managed services for patch management offer organizations of all sizes a flexible and affordable alternative for evaluating, validating, scheduling, implementing, and documenting updates to your dynamic information system. In addition to optimizing the safety and functionality of your information system, Progent's update management offerings free up time for your IT team to concentrate on strategic initiatives and tasks that return maximum business advantage to your network.
Patch management is a closed-loop activity critical to your risk management strategy
Progent's Software Update Management Activities
Progent provides regular and specialized service programs for software and firmware patching. These services allow you to outsource part or all of your company's software update management activity to an IT services firm with more than 20 years of experience delivering network design, deployment, and support to businesses of all sizes globally. Progent operates closely with your IT management team to define the scope of the services you require. Services available from Progent for software update include:
- Inventory system resources: This can cover key platforms like Microsoft Exchange and SQL, web-facing physical and virtual servers, desktops and mobile endpoints, security devices such as firewalls, and network infrastructure devices such as switches and wireless access points.
- Determine assets to be placed under management: Progent's experts will confer with your IT team to select which of your network assets you pick for ongoing software update management services. Progent offers a selection of standard service programs that target specific types of items and Progent can also provide custom programs to meet your particular requirements.
- Deploy patch management utilities: Progent is experienced with a wide range of software update platforms and patch tracking reporting systems. Available utilities include Azure Update for cloud-based resources, Microsoft Configuration Manager for on-premises entities, Microsoft Intune for mobile devices, IT Glue for documentation, plus a selection of modern AV products. Together, these tools enable you to automate and monitor patches for IT assets located in cloud environments, on-premises, on the road, at district offices, and in the houses of telecommuters.
- Analyze patch status and carry out risk analysis of uninstalled patches: For the most part, systems with up-to-date patching are more secure and stable than those subject to inconsistent updates. However, some software updates are hurried into production and carry the ability to disrupt essential business operations by causing compatibility problems, system instability, or unfamiliar changes to end-user experiences. Progent can assist clients to determine which patches carry a risk to your organization's IT environment, or which patches should be given a high priority because they block a major security attack. Progent's background providing patch management support can assist your organization to administer a protected computer system without compromising productivity.
- Create a patch management service program: Progent's team of consultants can assist in designing and managing a software update management program that fits your business requirements. Progent offers standard and specialized patch management programs and can help with both programmatic as well as manual patching. Progent can handle mission-critical assets exclusively, all updateable resources, or anything in between.
- Patch validation: Even the largest networks including Amazon AWS and Microsoft Azure have had widespread outages caused by updates that were not sufficiently tested before being rolled out to production systems. For businesses with no tolerance for service disruption, Progent can assist to develop pilot systems that allow you to make sure that the latest patches will not introduce stability problems for your network.
- Prioritize and schedule patches: Progent can help you to decide which updates should be implemented immediately and which can be delayed so as to reduce service interruption. Some worldwide regulatory standards, like the Payment Card Industry Data Security Standard, mandate that the most critical security patches be implemented inside a certain time period.
- Document update history and status: Progent's regular patch management service programs include the creation of a centralized database for tracking the patch level of every monitored asset. This streamlines the task of locating where software, firmware, or driver updates can be found and includes release dates, related notes, and other useful information needed for a comprehensive update management solution.
- Debug patch failures: Patches to some key resources such as an operating system or app server can cause unexpected compatibility or reliability issues, especially with outdated or home-grown applications or older hardware. Progent has the scope of knowledge to assist you to identify and mitigate issues that may crop up due to implementing a patch.
Patch Management for Network Appliances from Cisco and Other Vendors
Software and firmware patches are frequently developed for network appliances like firewalls, routers, wireless controllers, and wireless APs. These updates typically are intended to harden security, enhance functionality, or mitigate reliability problems. Managing patches for these network infrastructure appliances can be a challenge, particularly in multi-vendor environments and networks that include a combination of on-premises data centers, telecommuters, branch offices, and cloud-hosted resources. In addition to monitoring and acquiring the latest updates, IT managers have to ensure that network infrastructure appliances have sufficient disk space and that patches are loaded uncorrupted and operate correctly.
Progent has provided high-end assistance for Cisco networking appliances for more than two decades and also offers technical guidance for products from other leading network companies including Palo Alto Networks, SonicWall, and WatchGuard. Progent's services for patch management can assist you to consolidate your patching system to cover network appliances along with physical and virtual servers, desktop and mobile endpoints, applications, and Internet-of-Things devices.
Progent offers software update management support for network appliances from Cisco and other vendors
Progent's Regular and Custom Software Update Management Plans
Progent has developed a variety of regular patch management plans that include scheduled backup, extensive reporting, and documentation. Pricing is based on the class and number of devices enrolled. Extra support such as creating environments for pre-installation software update piloting are invoiced at normal rates. Specialized plans are also offered and usually handle unusual devices and/or apps.
PROACTIVE Server Patch Management Services
Onsite or Private Cloud Server:
Microsoft Azure Cloud Servers Patch Management:
- Compliance scan of Windows and Linux servers
- Update compliance evaluation report for enabled machines
- Scheduled Patching and Maintenance Maintenance
- License & Resource reporting and management
- Managed Anti-Virus - Current AV system
- Initiate server backup once scanned
- Additional Support Invoiced at T&M Rates
- IT Glue access control and asset documentation
On Premises or Virtual Workstation:
- ProSight Availability Monitoring
- Operating System & 3rd Party Patch Management
- Scheduled Patching and Preventative Maintenance
- Managed Anti-Virus - current AV system
- Hosted Anti-Spam - Spam Hero
- Additional Support Billed at time and material Rates
- IT Glue access management and asset documentation
BASIC Server Patch Management
Managed Patch both Physical and Virtual Servers:
On Premises or Virtual Workstation Patch Management:
Server or Workstation Security Service-Level Agreement (SLA) - Add on service
Security Critical Patches - completed within 48 hours of Progent being notified - invoiced only when required
PROACTIVE Network Device Patching
Internet Facing Hardware - Managed Devices (Security appliances, firewalls, routers):
Internal Network Hardware - Managed devices (wireless controllers, Wi-Fi access points, switches):
Network Device Security SLA - Add-on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
Initial Patching Process Additional Costs:
First-time patching will have an extra cost for each server or network device to provide for review and recording of current update level as well as any more information needed for properly managing the ongoing patching as described above. If many patches are necessary that require additional time for the initial patching, Progent will present any cost estimates beyond the standard patching cost.
Other Services Available:
Download the Patch Management Services Datasheet
To download a datasheet about the features of Progent Patch Management Services, click:
Progent Software Update Managed Services Datasheet. (PDF - 330 KB)
Contact a Progent Expert about Patch Management Solutions
To learn additional information about Progent's software/firmware update management offerings, call Progent at 800-993-9400 or see Contact Progent.