Taking care of patches

SecurityProfiling Inc. has a simple, four-step model for taking care of patches: You install a SysUpdate OnSite Server, put client programs on each workstation on the network, plug the Anti-Vulnerability Management Console into a Microsoft Corp. Windows workstation, and you're ready to go.

Once we had the management console installed on a workstation, we connected remotely to the vendor's servers and started an update to our Microsoft Desktop Engine database. It only took about three minutes to update our database of patches.

We liked the simple interface for configuring security policies. SysUpdate is relatively undemanding of hardware resources. Small and even midsize organizations should not have to buy expensive servers.

We liked the granular control that the Anti-Vulnerability Management Console gave us over each workstation group's enforced patch, software and settings templates. And we also liked the use of the Microsoft Management Console (MMC) for the Anti-Vulnerability Management Console, the software's administration program. Use of this interface greatly reduces the learning curve for this product.

For all its ease of use, there are a few things we would have liked to see in SysUpdate. For starters, we would have liked to see some integration with Microsoft's Active Directory.

It's also worth noting that on more than one occasion, when the management workstation became low on resources, the Anti-Vulnerability Management Console crashed. We consider this event to be merely a caution not to overload the management workstation. The OnSite servers and clients were stable, so this should not affect production.

Finally, we disagree with SysUpdate's use of plain HTTP rather than secure and encrypted HTTPS for communication across the Internet between the customer's OnSite servers and the vendor's remote-update servers. Fortunately, all communications between the OnSite server and the clients used strong encryption.

Deploying SysUpdate

The SysUpdate servers can each support 10,000 clients. But when implementing this product in the real world, the physical layout of your local- and wide-area networks will come heavily into play. Cost and complexity will grow in direct proportion to the number of remote locations in the network.

If you have a large, heterogeneous network, this product may not fit your organization. Given the layout and organization of the Anti-Vulnerability Management Console, we have serious reservations about whether it can scale to meet the needs of a network consisting of 10,000 or 25,000 computers.

Nevertheless, we must qualify our criticism by saying that, compared to other patch-management products we have evaluated on the market today, the SysUpdate suite is high quality.

Greer is a network analyst at a large Texas state agency. Bishop operates PeoplesInformation.com, an Internet consulting firm. They can be reached at egreer@thecourageequation.com.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.