Patch Management: Problems and Solutions
Software update management is a critical and complicated task. Prompt and properly managed patching optimizes security, regulatory compliance, uptime, and functionality. Sporadic patch management can result in security vulnerabilities, compatibility issues, slow or erratic responsiveness, needless downtime, or loss of key functions. Patching entails more than occasional updates of an OS and applications for servers and endpoints. Firmware patches can be a vital for peripheral devices like printers and scanners, network infrastructure appliances like routers and wireless APs, and Internet-of-Things (IoT) devices like sensors and health monitors.
Progent's Software Update Management services can cover IoT devices such as sensors and health monitors
The patching task can pose a number of challenges that vary from one environment to the next. Assets that may need patching can be located on site, in a public or private cloud, mobile, or in the offices of telecommuters. Networks may include a mix of Microsoft Windows, Linux, Apple, and Google operating systems and applications. Some patches can be installed automatically and at virtually any scale using tools like Microsoft Configuration Manager, Microsoft Intune, or Azure Automation Update Management. Other updates must be performed manually. Patching for vital systems must be scheduled to minimize business interruption. In some line-of-business environments, patches must be carefully tested prior to being applied to production.
Progent's managed services for software and firmware patch management offer organizations of any size a versatile and affordable solution for assessing, validating, scheduling, applying, and documenting updates to your dynamic information network. In addition to maximizing the safety and performance of your IT network, Progent's patch management offerings open up time for your IT staff to concentrate on strategic initiatives that deliver maximum business value to your information system.
Patch management is a closed-loop lifecycle central to your risk management plan
Progent's Software Update Management Processes
Progent offers regular and custom service programs for software and firmware patching. These services permit you to outsource a portion or all of your software update management tasks to a network consulting organization with more than 20 years of background providing solution design, implementation, and support to companies of all sizes globally. Progent operates in close conjunction with your network managers to define the scope of the managed services you need. Programs available from Progent for patch include:
- Inventory network assets: This can cover business-critical applications such as Microsoft Exchange and SQL Server, web-facing physical and virtual servers, workstations and mobile endpoints, security appliances like firewalls, and network devices like routers and Wi-Fi access points.
- Select resources to be managed: Progent will collaborate with you to identify which of your network resources you choose for ongoing software update management services. Progent offers a variety of standard service programs that target certain types of items and Progent can also create custom programs to meet your unique requirements.
- Deploy software update management tools: Progent is experienced with a broad range of software update tools and patch inventory reporting systems. Available tools include Azure Automation Update Management for cloud-based assets, System Center Configuration Manager for on-premises resources, Microsoft Intune for mobile computers, IT Glue for documentation, plus an arsenal of advanced anti-virus platforms. Together, these products enable you to automate and monitor patches for network resources located in public and private clouds, on-premises, on the road, at district offices, and in the houses of at-home workers.
- Determine patch status and perform risk assessment of uninstalled updates: For the most part, systems with up-to-date patching are more secure and dependable than those subject to inconsistent updates. Still, occasionally software updates are rushed into production and carry the ability to disrupt vital business operations by introducing compatibility problems, system instability, or confusing alterations to user experiences. Progent can help you to assess which updates carry a risk to your organization's network, or which patches should be given an urgent priority because they defend against an imminent security attack. Progent's experience with update management services can assist you to administer a secure network without compromising business value.
- Create a software update management service program: Progent's group of consultants can help in designing and administering a patch management service program that aligns with your business needs. Progent offers pre-defined and custom patch management service programs and can assist with programmatic and manual updating. Progent can manage business-critical assets exclusively, all patchable assets, or somewhere in between.
- Patch testing: Even the largest networks including Amazon AWS and Microsoft Azure have experienced widespread outages caused by software updates that were insufficiently tested before being rolled out to production environments. For businesses with no room for downtime, Progent can help create pilot systems that allow you to verify that new updates will not cause stability issues for your network.
- Prioritize and schedule updates: Progent can help you to determine which patches should be performed immediately and which can be delayed so as to reduce business disruption. Certain key industry standards, like the Payment Card Industry Data Security Standard, mandate that the most critical cybersecurity updates be installed inside a defined time period.
- Document patch history and status: Progent's standard update management service programs include the creation of a centralized knowledge base for tracking the update level of every subscribed resource. This simplifies the job of finding where updates can be found and specifies patch release dates, related notes, and other useful data required for a comprehensive update management system.
- Troubleshoot patch problems: Patches to some core entities like an OS or application server can cause unexpected compatibility or reliability issues, especially with legacy or home-grown software or older devices. Progent has the breadth of knowledge to assist you to identify and mitigate issues that may crop up due to implementing an update.
Software Update Management for Network Infrastructure Appliances from Cisco and Other Providers
Software patches are frequently released for infrastructure appliances like firewalls, routers, switches, and Wi-Fi APs. These updates usually are intended to harden security, enhance functionality, or correct reliability problems. Managing updates for these network infrastructure devices can pose a challenge, particularly in mixed-vendor networks and networks that have a combination of on-premises data centers, at-home workers, regional offices, and cloud-based resources. Besides tracking and acquiring updates, IT managers have to verify that network infrastructure appliances have enough free disk space and that updates are loaded uncorrupted and work properly.
Progent has delivered high-end assistance for Cisco networking appliances for over two decades and also can provide expertise for devices from other leading vendors including Juniper, Fortinet, and CheckPoint. Progent's end-to-end services for software update management can assist you to expand your patching system to cover network appliances along with physical and virtual servers, desktop and mobile endpoints, apps, and IoT items.
Progent can provide software update management expertise for network devices from Cisco and other leading vendors
Progent's Standard and Custom Software Update Management Services
Progent offers a range of standard software update management packages that include backup services, reporting, and thorough documentation. Cost is determined by the class and number of devices enrolled. Additional services such as creating systems for initial patch testing are invoiced at time and material rates. Specialized plans are also offered and typically handle unique devices and/or applications.
PROACTIVE Server Patch Management Services
On Premises or Private Cloud Server:
- ProSight Performance Monitoring
- Critical Application Maintenance - Exchange, SQL, etc.
- Scheduled Patching and Preventative Maintenance
- License & Asset reporting and management
- Managed Anti-Virus - Current AV system
- Initiate Server backup once complete
- Additional Support Billed at time and material Rates
- AIX Scan - Active Directory and report yearly
- IT Glue access control and asset documentation
Azure Cloud Servers Patch Management:
- Compliance scan of all Windows and Linux servers
- Update compliance assessment results for enabled machines
- Scheduled Patching and Preventative Maintenance
- License & Asset reporting and management
- Managed Anti-Virus - Current AV system
- Initiate Server backup once complete
- Additional Support Billed at time and material Rates
- IT Glue access control and asset documentation
On Prem or Virtual Workstation:
- ProSight Availability Monitoring
- OS & 3rd Party Patch Management
- Scheduled Preventative Maintenance
- Managed Anti-Virus - current AV system
- Hosted Anti-Spam - Spam Hero
- Additional Support Billed at T&M Rates
- IT Glue access control and asset documentation
BASIC Server Patch Management
Managed Patch both Physical and Virtual Servers:
On Premises or Virtual Workstation Patch Management:
Server or Workstation Security SLA - Add on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
PROACTIVE Network Device Patching
Internet Facing Hardware - Managed Devices (Security appliances, firewalls, routers):
Internal Network Hardware - Managed devices (wireless controllers, Wi-Fi access points, switches):
Network Device Security Service-Level Agreement - Add-on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
Initial Patching Process Additional Costs:
Initial updating will be subject to an additional cost per server or network device to enable review and documentation of current update level and any other documentation necessary for properly managing the patching services as described previously. If multiple updates are needed that demand additional time for the first-time updating, Progent will present any cost estimates above the standard update cost.
Other Services Available:
Download the Software Update Managed Services Datasheet
To download a datasheet describing Progent Patch Management Services, select:
Progent Software Update Managed Services Datasheet. (PDF - 330 KB)
Talk to Progent about Software/Firmware Update Management Services
To find out additional information about Progent's software/firmware update management offerings, call Progent at 800-993-9400 or see Contact Progent.