Security Basics mailing list archives
Re: Third Party Patch Management
From: krymson () gmail com
Date: Wed, 25 Mar 2009 14:19:04 -0600
First, if you find a tool to do this for you, please share as I'm sure more than just me could possibly find it useful! There are two types of tools you could look for. 1) Deployment solutions. Something like Altiris or even GPO if you're not too large works great to roll out software to your systems. Altiris might be borderline overkill unless you're bumping up over 200 users. But if you can afford it is an awesome tool (and skill!) to have. The caveat is that *you* or your staff still need to find out when new patches or software versions are available, get them, test them, install them. 2) Update monitoring and inventory tools. I don't know any tools that do both update monitoring and deployment, so this is the next best niche, much like WSUS. I guess most of them end up being like GFI Languard where they need to have updates so they know what software versions are current, do a scan of your environment, and let you know when it finds something old. Then it is still up to you to package and deploy. You could get by with pairing a person who checks for new versions + deployment solution + inventory solution to tell you what version software is installed on systems. Still, that's going to be a decent amount of work no matter how you slice it. I know this can be argued, but if you have a very good process for hardware replacement, many pieces of software may be resilient enough to last until they are reinstalled with new hardware. This would be your own risk assessment, especially since even 3 years (laptops) may be too long for some issues... This decision gets better if you have decent IDS/IPS, web filtering, mail filtering, and reduced desktop rights for users, and even a process for your less savvy users (yay sales!) to "check in" with you for a manual/annual cleaning of their systems. <- snip -> With all the security updates to programs like Acrobat & Java, I am interested in how the community is handling patch management practically in small to medium sized organizations (50 to 200 computers). Microsoft Update Server works for Windows patches but will not handle third party patches. Microsoft System Center is nice but too expensive for this market. What solutions are you using and how effective are they? Thanks, Coop ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Third Party Patch Management Al Cooper (Mar 24)
- Re: Third Party Patch Management Noah . Lance (Mar 25)
- Re: Third Party Patch Management badz (Mar 25)
- Re: Third Party Patch Management fac51 (Mar 25)
- Re: Third Party Patch Management τ∂υƒιφ * (Mar 25)
- <Possible follow-ups>
- Re: Third Party Patch Management chmod1777 (Mar 24)
- Re: Third Party Patch Management Phil Bieber (Mar 25)
- Re: Third Party Patch Management krymson (Mar 25)
- Re: Re: Third Party Patch Management chmod1777 (Mar 26)
- Re: Third Party Patch Management aaaa (Mar 26)
- Re: Third Party Patch Management Phil Bieber (Mar 27)
- Re: Third Party Patch Management krymson (Mar 27)