Patch Management: Problems and Solutions
Patch management is a critical and complex process. Timely and properly managed patching maximizes cybersecurity, compliance, uptime, and functionality. Haphazard software update management can result in security gaps, compatibility problems, sluggish or erratic responsiveness, excessive offline stretches, or unavailability of important features. Patching involves more than occasional updates of operating systems and applications for servers and user machines. Firmware updates can be a vital for peripherals like printers and scanners, network infrastructure appliances such as routers and wireless APs, and IoT devices such as sensors and robotics.
Progent's Software Update Management services can oversee IoT devices such as sensors and robotics
The update process can present a number of challenges that can differ for various environments. IT resources that may need patching can be on site, in the cloud, mobile, or in the homes of telecommuters. Environments may include a combination of Windows, Linux, Apple, and Google operating systems and apps. Some updates can be implemented automatically and at scale with management tools like Microsoft Configuration Manager, Intune, or Azure Update Management. Others must be implemented by hand. Patching for vital systems must be timed to avoid business disruption. For some mission-critical systems, updates must be carefully tested prior to being approved for production.
Progent's support services for patch management offer businesses of any size a versatile and affordable option for assessing, testing, scheduling, implementing, and documenting updates to your dynamic information network. In addition to optimizing the safety and functionality of your IT network, Progent's update management services free up time for your IT staff to focus on strategic initiatives and tasks that deliver maximum business value to your information system.
Patch management is a closed-loop process central to your risk management plan
Progent's Patch Management Processes
Progent provides standard and specialized service programs for patch management. These managed services permit you to outsource part or all of your company's patch management activity to an IT support organization with more than two decades of experience delivering solution planning, deployment, and maintenance to businesses of all sizes worldwide. Progent works in close conjunction with your IT management team to define the scope of the managed services you need. Programs offered by Progent for patch include:
- Discover network assets: This can cover business-critical platforms like Microsoft Exchange and SQL Server, web-facing physical and virtual servers, desktops and mobile endpoints, security devices like firewalls, and infrastructure devices like routers and wireless APs.
- Identify resources to be managed: Progent will work with you to determine which of your network assets you pick for ongoing software update management services. Progent provides a variety of regular service programs that cover specific classes of assets and Progent can also create specialized service programs to accommodate your unique requirements.
- Implement software update management utilities: Progent is familiar with a broad selection of patch installation platforms and patch inventory reporting systems. Available utilities include Azure Update Management for cloud-hosted resources, Microsoft Configuration Manager for local assets, Microsoft Intune for mobile computers, IT Glue for documentation, as well as an arsenal of modern AV products. Used together, these products enable you to automate and monitor patches for IT resources residing in public and private clouds, on-premises, on the move, at branch offices, and in the residences of at-home workers.
- Analyze update currency and perform risk assessment of missing updates: Generally, environments with current patching are more secure and stable than those with sporadic updates. However, occasionally patches are hurried into distribution and carry the potential to disrupt vital business processes by causing compatibility problems, system shutdowns, or confusing changes to end-user environments. Progent can help clients to assess which patches pose a risk to your organization's IT environment, or which patches should be given a high priority because they block a major security threat. Progent's experience with update management support can help your organization to maintain a secure computer system without sacrificing productivity.
- Create a software update management program: Progent's team of consultants can help in devising and administering a software update management service program that fits your business requirements. Progent offers pre-defined and specialized patch management programs and can assist with both programmatic as well as manual patching. Progent can handle mission-critical assets only, all updateable assets, or anything in between.
- Patch validation: Even the largest networks including Amazon AWS and Azure have had widespread outages that resulted from software updates that were insufficiently tested before being applied to production systems. For organizations with no room for downtime, Progent can assist to develop pilot systems that allow you to verify that new patches will not introduce reliability problems for your network.
- Prioritize and schedule updates: Progent can help you to determine which patches should be implemented immediately and which can be delayed in order to minimize service interruption. Some key industry standards, such as the PCI Data Security Standard, mandate that critical cybersecurity updates be implemented within a certain time period.
- Document update history and status: Progent's standard patch management programs include creating a centralized database for following the update level of every monitored resource. This simplifies the task of finding where updates can be found and includes release dates, related notes, and additional important information required for a comprehensive update management system.
- Debug update failures: Updates to some core items like an operating system or app server can result in unexpected compatibility or stability issues, particularly with outdated or home-grown software or older hardware. Progent has the scope of experience to help you to understand and resolve issues that may crop up as a result of deploying a patch.
Patch Management for Network Infrastructure Devices from Cisco and Other Providers
Software and firmware patches are frequently developed for network infrastructure appliances like firewalls, routers, wireless controllers, and Wi-Fi APs. These updates usually are designed to harden cybersecurity, add or fix functionality, or mitigate reliability issues. Managing patches for these network appliances can pose a hassle, especially in mixed-vendor networks and systems that have a combination of on-site data centers, telecommuters, regional offices, and cloud-based assets. Besides monitoring and acquiring the latest updates, network managers must make sure that network appliances have enough free disk space and that updates are transferred cleanly and operate properly.
Progent has provided advanced assistance for Cisco networking products for over two decades and also can provide technical guidance for devices from other top network companies such as Palo Alto Networks, Fortinet, and WatchGuard. Progent's services for patch management can assist your organization to consolidate your patching system to cover infrastructure appliances along with servers, endpoints, applications software, and IoT items.
Progent offers patch management expertise for network appliances from Cisco and other vendors
Progent's Regular and Custom Patch Management Programs
Progent has developed a variety of standard patch management plans that include scheduled backup, extensive reporting, and thorough documentation. Pricing is based on the type and quantity of entities covered. Additional services such as creating systems for initial patch validation are invoiced at time and material rates. Specialized packages are also offered and usually handle unusual hardware and/or apps.
PROACTIVE Server Software Update Management
On Premises or Private Cloud-hosted Server:
Microsoft Azure Cloud Servers Patch Management:
- Compliance scan of all Windows and Linux servers
- Update compliance assessment report for enrolled machines
- Scheduled Patching and Preventative Maintenance
- License & Resource reporting and management
- Managed Anti-Virus - Current AV system
- Initiate server backup once complete
- Additional Services Invoiced at time and material Rates
- IT Glue access management and asset documentation
On Premises or Virtual Workstation:
- ProSight Availability Tracking
- OS & Third Party Patch Management
- Scheduled Patching and Maintenance Maintenance
- Managed Anti-Virus - current AV system
- Hosted Anti-Spam - Spam Hero
- Additional Services Billed at time and material Rates
- IT Glue access management and resources documentation
BASIC Server Patch Management
Managed Patch both Physical and Virtual Servers:
On Premises or Virtual Workstation Patch Management:
Server or Workstation Security SLA - Add on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
PROACTIVE Network Device Patching
Internet Facing Hardware - Managed Devices (Security appliances, firewalls, routers):
Internal Network Hardware - Managed devices (wireless controllers, Wi-Fi access points, switches):
Network Device Security SLA - Add-on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
Initial Patching Process Additional Costs:
First-time updating will be subject to an extra cost for each server or network item to enable review and documentation of current update level and any other information needed for properly providing the patching services as defined above. If many patches are needed that demand additional work for the initial updating, Progent will provide any cost estimates above the normal update cost.
Other Services Offered:
Download the Software Update Managed Services Datasheet
For a datasheet about the features of Progent Patch Management Services, select:
Progent Patch Management Services Datasheet. (PDF - 330 KB)
Contact Progent about Patch Management Solutions
To learn additional information about Progent's patch management services, call Progent at 800-993-9400 or go to Contact Progent.