Taking care of patches

SecurityProfiling Inc. has a simple, four-step model for taking care of patches: You install a SysUpdate OnSite Server, put client programs on each workstation on the network, plug the Anti-Vulnerability Management Console into a Microsoft Corp. Windows workstation, and you're ready to go.

Once we had the management console installed on a workstation, we connected remotely to the vendor's servers and started an update to our Microsoft Desktop Engine database. It only took about three minutes to update our database of patches.

We liked the simple interface for configuring security policies. SysUpdate is relatively undemanding of hardware resources. Small and even midsize organizations should not have to buy expensive servers.

We liked the granular control that the Anti-Vulnerability Management Console gave us over each workstation group's enforced patch, software and settings templates. And we also liked the use of the Microsoft Management Console (MMC) for the Anti-Vulnerability Management Console, the software's administration program. Use of this interface greatly reduces the learning curve for this product.

For all its ease of use, there are a few things we would have liked to see in SysUpdate. For starters, we would have liked to see some integration with Microsoft's Active Directory.

It's also worth noting that on more than one occasion, when the management workstation became low on resources, the Anti-Vulnerability Management Console crashed. We consider this event to be merely a caution not to overload the management workstation. The OnSite servers and clients were stable, so this should not affect production.

Finally, we disagree with SysUpdate's use of plain HTTP rather than secure and encrypted HTTPS for communication across the Internet between the customer's OnSite servers and the vendor's remote-update servers. Fortunately, all communications between the OnSite server and the clients used strong encryption.

Deploying SysUpdate

The SysUpdate servers can each support 10,000 clients. But when implementing this product in the real world, the physical layout of your local- and wide-area networks will come heavily into play. Cost and complexity will grow in direct proportion to the number of remote locations in the network.

If you have a large, heterogeneous network, this product may not fit your organization. Given the layout and organization of the Anti-Vulnerability Management Console, we have serious reservations about whether it can scale to meet the needs of a network consisting of 10,000 or 25,000 computers.

Nevertheless, we must qualify our criticism by saying that, compared to other patch-management products we have evaluated on the market today, the SysUpdate suite is high quality.

Greer is a network analyst at a large Texas state agency. Bishop operates PeoplesInformation.com, an Internet consulting firm. They can be reached at egreer@thecourageequation.com.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group