Patch Management: Challenges and Solutions
Software update management is a vital and complicated process. Timely and properly managed patching optimizes security, regulatory compliance, uptime, and capability. Sporadic software update management can result in security gaps, compatibility problems, slow or inconsistent performance, unnecessary offline stretches, or unavailability of important features. Patching involves more than periodic updates of operating systems and apps for servers and user machines. Firmware patches can be a critical for peripheral devices such as printers and scanners, infrastructure appliances such as routers and wireless APs, and Internet-of-Things devices like sensors and robotics.
Progent's Patch Management programs can cover IoT devices such as alarms and robotics
The update task can present a range of challenges that can differ for various environments. Resources that could require updating can reside on site, in a public or private cloud, mobile, or in the homes of remote workers. Environments may support any combination of Microsoft Windows, Linux, Apple, and Google operating systems and apps. Some updates can be installed automatically and at scale with management tools such as Configuration Manager, Microsoft Intune, or Azure Automation Update. Other updates must be performed manually. Patching for vital resources must be scheduled to minimize business interruption. For certain line-of-business systems, patches must be thoroughly validated before being applied to production.
Progent's managed services for patch management offer businesses of any size a flexible and cost-effective alternative for assessing, testing, scheduling, applying, and documenting updates to your ever-evolving information network. Besides maximizing the safety and functionality of your network, Progent's patch management programs free up time for your in-house IT team to concentrate on strategic projects that deliver top business value to your information system.
Patch management is a closed-loop activity central to your risk management strategy
Progent's Patch Management Activities
Progent provides regular and custom service packages for software and firmware patching. These managed services allow you to outsource part or all of your patch management activity to a network support firm with over two decades of experience providing solution planning, deployment, and maintenance to companies of all sizes worldwide. Progent works closely with your network management team to determine the critical managed services you require. Services available from Progent for software update include:
- Discover network assets: This can include key applications like Microsoft Exchange and SQL Server, web-facing physical and virtual servers, workstations and mobile endpoints, security devices such as firewalls, and network appliances like switches and wireless access points.
- Identify resources to be placed under management: Progent will work with your IT team to identify which of your IT resources you choose for continuing software update management services. Progent offers a variety of regular service programs that cover certain classes of items and Progent can also provide custom programs to accommodate your unique needs.
- Deploy patch management tools: Progent is familiar with a broad selection of software update tools and update tracking reporting systems. Examples of tools include Azure Update for cloud-hosted assets, Microsoft Configuration Manager for local resources, Intune for mobile devices, IT Glue for IT asset documentation, as well as a selection of modern AV products. Combined, these tools enable you to automate and monitor patches for IT assets located in cloud environments, on site, on the move, at district offices, and in the houses of telecommuters.
- Analyze update currency and perform risk analysis of uninstalled updates: For the most part, systems with up-to-date patching are more protected and stable than those subject to sporadic updates. However, some patches are rushed into production and carry the potential to disrupt vital business operations by causing compatibility issues, system shutdowns, or unfamiliar alterations to user experiences. Progent can assist you to determine which patches carry a risk to your company's network, or which patches should be assigned a high priority because they defend against a major cybersecurity attack. Progent's experience with patch management services can assist you to administer a safe network without sacrificing business value.
- Pick a software update management service program: Progent's group of consultants can assist in devising and managing a software update management program that aligns with your particular needs. Progent offers standard and custom patch management programs and can help with both programmatic and manual patching. Progent can manage mission-critical resources only, all patchable assets, or anything in between.
- Patch testing: Even the biggest networks such as Amazon AWS and Azure have had widespread outages caused by software updates that were not thoroughly tested before being rolled out to live environments. For organizations with zero room for service disruption, Progent can assist to create pilot environments that permit you to make sure that the latest updates will not cause stability problems for your IT system.
- Prioritize and schedule patches: Progent can help you to determine which updates should be implemented quickly and which can be delayed in order to reduce business interruption. Certain worldwide industry standards, like the PCI Data Security Standard, mandate that critical cybersecurity updates be installed inside a defined timeframe.
- Document update history and status: Progent's regular update management service programs include creating a centralized database for following the patch level of every monitored resource. This streamlines the task of finding where patches can be downloaded and specifies patch release dates, related notes, and other useful information needed for a comprehensive update management system.
- Fix patch failures: Patches to some key entities like an OS or app server can cause unforeseen compatibility or stability issues, most commonly with outdated or custom applications or older hardware. Progent has the breadth of experience to assist you to identify and mitigate problems that may appear as a result of applying an update.
Software Update Management for Network Appliances from Cisco and Other Vendors
Software and firmware patches are frequently released for network appliances like firewalls, routers, switches, and wireless APs. These patches typically are designed to improve cybersecurity, add or fix features, or mitigate stability and compatibility issues. Managing updates for these network infrastructure appliances can be a hassle, particularly in mixed-vendor environments and networks that have a mixture of on-premises data centers, telecommuters, branch offices, and cloud-based assets. In addition to tracking and acquiring updates, network managers must verify that infrastructure appliances have enough disk space and that updates are transferred cleanly and work correctly.
Progent has provided high-end support for Cisco infrastructure products for more than two decades and also can provide technical guidance for products from other leading vendors including Palo Alto Networks, SonicWall, and CheckPoint. Progent's services for patch management can assist you to consolidate your software update solution to include network appliances along with physical and virtual servers, endpoints, applications software, and Internet-of-Things items.
Progent can provide patch management support for infrastructure appliances from Cisco and other vendors
Progent's Standard and Specialized Patch Management Programs
Progent has developed a range of standard patch management packages that include backup, extensive reporting, and documentation. Cost is based on the class and quantity of entities covered. Additional services such as creating systems for pre-installation software update validation are invoiced at time and material rates. Custom packages are also offered and usually handle unique hardware and/or apps.
PROACTIVE Server Software Update Management
On Premises or Private Cloud-hosted Server:
Microsoft Azure Cloud Servers Patch Management:
- Compliance scan of all Windows and Linux servers
- Update compliance assessment report for enrolled machines
- Scheduled Patching and Preventative Maintenance
- License & Resource reporting and management
- Managed Anti-Virus - Current AV system
- Initiate server backup once complete
- Additional Services Invoiced at T&M Rates
- IT Glue access management and resources documentation
Onsite or Virtual Workstation:
- ProSight Availability Monitoring
- OS & Third Party Patch Management
- Scheduled Patching and Maintenance Maintenance
- Managed Anti-Virus - current AV system
- Hosted Anti-Spam - Spam Hero
- Additional Support Billed at T&M Rates
- IT Glue access control and resources documentation
BASIC Server Patch Management
Managed Patch both Physical and Virtual Servers:
On Premises or Virtual Workstation Patch Management:
Server or Workstation Security Service-Level Agreement (SLA) - Add on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
PROACTIVE Network Device Patching
Internet Facing Hardware - Managed Devices (Security appliances, firewalls, routers):
Internal Network Hardware - Managed devices (wireless controllers, Wi-Fi access points, switches):
Network Device Security Service-Level Agreement - Add-on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
Original Patching Event Extra Costs:
First-time patching will be subject to an additional cost per server or network item to enable review and documentation of current update level and any other information required for properly providing the patching services as described previously. If multiple patches are needed that demand additional work for the initial updating, Progent will present any estimates beyond the normal update cost.
Other Services Available:
Download Progent's Software Update Managed Services Datasheet
For a datasheet about the features of Progent Patch Management Services, click:
Progent Patch Management Services Datasheet. (PDF - 330 KB)
Talk to a Progent Expert about Software/Firmware Update Management Solutions
To learn more about Progent's software/firmware update management services, call Progent at 800-993-9400 or see Contact Progent.