Taking care of patches

SecurityProfiling Inc. has a simple, four-step model for taking care of patches: You install a SysUpdate OnSite Server, put client programs on each workstation on the network, plug the Anti-Vulnerability Management Console into a Microsoft Corp. Windows workstation, and you're ready to go.

Once we had the management console installed on a workstation, we connected remotely to the vendor's servers and started an update to our Microsoft Desktop Engine database. It only took about three minutes to update our database of patches.

We liked the simple interface for configuring security policies. SysUpdate is relatively undemanding of hardware resources. Small and even midsize organizations should not have to buy expensive servers.

We liked the granular control that the Anti-Vulnerability Management Console gave us over each workstation group's enforced patch, software and settings templates. And we also liked the use of the Microsoft Management Console (MMC) for the Anti-Vulnerability Management Console, the software's administration program. Use of this interface greatly reduces the learning curve for this product.

For all its ease of use, there are a few things we would have liked to see in SysUpdate. For starters, we would have liked to see some integration with Microsoft's Active Directory.

It's also worth noting that on more than one occasion, when the management workstation became low on resources, the Anti-Vulnerability Management Console crashed. We consider this event to be merely a caution not to overload the management workstation. The OnSite servers and clients were stable, so this should not affect production.

Finally, we disagree with SysUpdate's use of plain HTTP rather than secure and encrypted HTTPS for communication across the Internet between the customer's OnSite servers and the vendor's remote-update servers. Fortunately, all communications between the OnSite server and the clients used strong encryption.

Deploying SysUpdate

The SysUpdate servers can each support 10,000 clients. But when implementing this product in the real world, the physical layout of your local- and wide-area networks will come heavily into play. Cost and complexity will grow in direct proportion to the number of remote locations in the network.

If you have a large, heterogeneous network, this product may not fit your organization. Given the layout and organization of the Anti-Vulnerability Management Console, we have serious reservations about whether it can scale to meet the needs of a network consisting of 10,000 or 25,000 computers.

Nevertheless, we must qualify our criticism by saying that, compared to other patch-management products we have evaluated on the market today, the SysUpdate suite is high quality.

Greer is a network analyst at a large Texas state agency. Bishop operates PeoplesInformation.com, an Internet consulting firm. They can be reached at egreer@thecourageequation.com.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group