Taking care of patches

SecurityProfiling Inc. has a simple, four-step model for taking care of patches: You install a SysUpdate OnSite Server, put client programs on each workstation on the network, plug the Anti-Vulnerability Management Console into a Microsoft Corp. Windows workstation, and you're ready to go.

Once we had the management console installed on a workstation, we connected remotely to the vendor's servers and started an update to our Microsoft Desktop Engine database. It only took about three minutes to update our database of patches.

We liked the simple interface for configuring security policies. SysUpdate is relatively undemanding of hardware resources. Small and even midsize organizations should not have to buy expensive servers.

We liked the granular control that the Anti-Vulnerability Management Console gave us over each workstation group's enforced patch, software and settings templates. And we also liked the use of the Microsoft Management Console (MMC) for the Anti-Vulnerability Management Console, the software's administration program. Use of this interface greatly reduces the learning curve for this product.

For all its ease of use, there are a few things we would have liked to see in SysUpdate. For starters, we would have liked to see some integration with Microsoft's Active Directory.

It's also worth noting that on more than one occasion, when the management workstation became low on resources, the Anti-Vulnerability Management Console crashed. We consider this event to be merely a caution not to overload the management workstation. The OnSite servers and clients were stable, so this should not affect production.

Finally, we disagree with SysUpdate's use of plain HTTP rather than secure and encrypted HTTPS for communication across the Internet between the customer's OnSite servers and the vendor's remote-update servers. Fortunately, all communications between the OnSite server and the clients used strong encryption.

Deploying SysUpdate

The SysUpdate servers can each support 10,000 clients. But when implementing this product in the real world, the physical layout of your local- and wide-area networks will come heavily into play. Cost and complexity will grow in direct proportion to the number of remote locations in the network.

If you have a large, heterogeneous network, this product may not fit your organization. Given the layout and organization of the Anti-Vulnerability Management Console, we have serious reservations about whether it can scale to meet the needs of a network consisting of 10,000 or 25,000 computers.

Nevertheless, we must qualify our criticism by saying that, compared to other patch-management products we have evaluated on the market today, the SysUpdate suite is high quality.

Greer is a network analyst at a large Texas state agency. Bishop operates PeoplesInformation.com, an Internet consulting firm. They can be reached at egreer@thecourageequation.com.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.