Patch Management: Problems and Solutions
Patch management is a vital and complex process. Timely and correctly managed updating optimizes cybersecurity, compliance, availability, and functionality. Sporadic patch management can cause security vulnerabilities, compatibility issues, slow or erratic performance, excessive offline stretches, or unavailability of key functions. Patching involves more than periodic updates of operating systems and applications for servers and endpoints. Firmware updates can be an essential for peripheral devices such as printers and scanners, infrastructure appliances such as routers and Wi-Fi APs, and IoT devices such as alarms and health monitors.
Progent's Software Update Management services can oversee IoT devices like alarms and robotics
The update process can pose a number of complications that vary from network to network. IT resources that could require patching can reside on site, in a public or private cloud, mobile, or in the homes of telecommuters. Networks may include any mix of Microsoft Windows, Linux, Apple, and Google operating systems and apps. Some patches can be implemented programmatically and at virtually any scale with management tools like Microsoft Configuration Manager, Microsoft Intune, or Azure Update. Other updates must be implemented by hand. Patching for vital systems must be timed to minimize business interruption. In some mission-critical environments, updates must be thoroughly validated before being approved for production.
Progent's support services for patch management provide organizations of any size a versatile and cost-effective alternative for evaluating, testing, scheduling, implementing, and documenting software and firmware updates to your ever-evolving IT system. In addition to optimizing the safety and performance of your information system, Progent's update management services free up time for your in-house IT staff to focus on strategic projects that return maximum business value to your information system.
Patch management is a closed-loop process critical to your risk management plan
Progent's Software Update Management Activities
Progent offers standard and custom service packages for patch management. These services allow you to offload part or all of your company's software update management activity to an IT consulting firm with more than two decades of background providing network design, implementation, and support to companies of all sizes worldwide. Progent works closely with your network management team to determine the scope of the services you require. Programs available from Progent for software update include:
- Discover network resources: This can include business-critical platforms such as Exchange and SQL, web-facing physical and virtual servers, workstations and mobile endpoints, security devices such as VPN controllers, and infrastructure devices such as switches and wireless APs.
- Identify assets to be managed: Progent's experts will collaborate with you to select which of your network resources you choose for continuing software update management services. Progent offers a selection of regular service programs that cover specific types of items and Progent can also create specialized programs to accommodate your unique requirements.
- Implement patch management tools: Progent is experienced with a broad selection of patch installation tools and update tracking databases. Available utilities include Azure Automation Update for cloud-hosted assets, System Center Configuration Manager for on-premises assets, Microsoft Intune for mobile devices, IT Glue for documentation, as well as a selection of modern AV platforms. Used together, these tools enable you to deploy and track patches for IT resources residing in public and private clouds, on-premises, on the move, at district offices, and in the residences of at-home workers.
- Analyze update status and perform risk analysis of missing updates: For the most part, systems with up-to-date patching are more protected and stable than those subject to sporadic updates. However, occasionally patches are rushed into production and carry the ability to disrupt essential business processes by introducing compatibility problems, system instability, or confusing changes to end-user environments. Progent can assist you to assess which patches pose a risk to your organization's IT environment, or which updates should be assigned a high priority because they block a major cybersecurity threat. Progent's experience with patch management support can help your organization to administer a secure network without compromising business value.
- Pick a patch management program: Progent's team of consultants can help in designing and managing a software update management service program that aligns with your business and security needs. Progent can provide standard and specialized patch management programs and can help with both automated and manual patching. Progent can handle business-critical resources exclusively, all patchable assets, or somewhere in between.
- Patch testing: Even the world's largest networks including Amazon AWS and Microsoft Azure have experienced major outages caused by software updates that were not thoroughly tested before being rolled out to live environments. For organizations with zero room for service disruption, Progent can help create pilot systems that allow you to verify that the latest patches will not cause stability issues for your network.
- Prioritize and schedule patches: Progent can assist you to determine which patches should be implemented immediately and which can be postponed in order to minimize business interruption. Certain key industry standards, such as the PCI Data Security Standard, mandate that the most critical cybersecurity patches be installed within a defined timeframe.
- Document update history and status: Progent's standard patch management programs include the creation of a centralized knowledge base for following the patch level of every monitored asset. This simplifies the job of locating where software, firmware, or driver updates can be found and includes release dates, related notes, and additional useful data required for a comprehensive patch management system.
- Debug patch failures: Updates to some core items such as an OS or application server can cause unexpected compatibility or stability problems, most commonly with legacy or home-grown software or older devices. Progent has the breadth of knowledge to assist you to understand and mitigate problems that may appear as a result of deploying a software update.
Patch Management for Network Appliances from Cisco and Other Providers
Software patches are regularly released for network appliances such as firewalls, routers, switches, and wireless access points. These patches typically are designed to improve cybersecurity, enhance functionality, or correct reliability problems. Managing patches for these network infrastructure devices can pose a hassle, particularly in mixed-vendor networks and networks that have a mixture of on-premises data centers, telecommuters, regional offices, and cloud-based resources. Besides tracking and accessing the latest updates, IT managers have to make sure that infrastructure appliances have sufficient disk space and that patches are transferred cleanly and operate correctly.
Progent has delivered advanced help for Cisco infrastructure appliances for over twenty years and also can provide technical guidance for devices from other leading network companies such as Palo Alto Networks, SonicWall, and CheckPoint. Progent's services for patch management can help you to consolidate your patching solution to cover infrastructure appliances along with physical and virtual servers, endpoints, apps, and Internet-of-Things devices.
Progent can provide software update management expertise for network appliances from Cisco and other leading vendors
Progent's Regular and Custom Patch Management Services
Progent has developed a range of standard patch management packages that include scheduled backup, extensive reporting, and documentation. Pricing is based on the class and quantity of entities covered. Extra support including building environments for pre-installation software update piloting are billed at time and material rates. Specialized packages are also available and typically handle unusual devices and/or apps.
PROACTIVE Server Patch Management Services
On Premises or Private Cloud-hosted Server:
Azure Cloud Servers Patch Management:
- Compliance scan of all Windows and Linux servers
- Update compliance evaluation report for enrolled machines
- Scheduled Patching and Preventative Maintenance
- License & Resource reporting and management
- Managed Anti-Virus - Current AV system
- Begin server backup once scanned
- Additional Support Invoiced at time and material Rates
- IT Glue access control and asset documentation
On Prem or Virtual Workstation:
- ProSight Availability Monitoring
- Operating System & 3rd Party Patch Management
- Scheduled Patching and Preventative Maintenance
- Managed Anti-Virus - current AV system
- Hosted Anti-Spam - Spam Hero
- Additional Services Billed at T&M Rates
- IT Glue access management and resources documentation
BASIC Server Patch Management
Managed Patch both Physical and Virtual Servers:
On Premises or Virtual Workstation Patch Management:
Server or Workstation Security Service-Level Agreement (SLA) - Add on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
PROACTIVE Network Device Patching
Internet Facing Hardware - Managed Devices (Security appliances, firewalls, routers):
Internal Network Hardware - Managed devices (wireless controllers, Wi-Fi access points, switches):
Network Device Security SLA - Add-on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
Original Patching Process Extra Costs:
Initial updating will have an extra cost for each server or network device to provide for review and documentation of current patch level and any other information required for properly managing the ongoing patching as defined previously. If many updates are needed that demand extra work for the initial updating, Progent will provide any estimates above the standard patching cost.
Additional Services Offered:
Download Progent's Patch Management Services Datasheet
To download a datasheet about the features of Progent Software Update Managed Services, click:
Progent Patch Management Services Datasheet. (PDF - 330 KB)
Talk to Progent about Software/Firmware Update Management Solutions
To find out additional information about Progent's patch management services, call Progent at 800-993-9400 or visit Contact Progent.