Patch-management products move toward remediation

Test shows BigFix, McAfee and PatchLink lead in easing remediation woes

By Mandy Andress, Network World Alliance, Network World
December 11, 2006 12:10 AM ET

Patch-management products have evolved from simply pushing out patches to now encompassing more preemptive security measures, including manipulating security configuration settings, deploying standard software packages, maintaining policy compliance and taking an active role in vulnerability remediation.

In this Clear Choice Test we evaluated six products previously rooted in patch management that now claim to help ease remediation activities. All told, we tested Altiris' Client Security Management Suite, BigFix's Enterprise Suite, Kace Networks' KBOX, LANDesk Software's Security Suite, McAfee's (formerly Citadel Security's) Hercules and PatchLink's Update.

How we tested remediation systems
Archive of Network World tests
Subscribe to the Network Product Test Results newsletter

BigFix Enterprise Suite came out on top as the Clear Choice winner, performing well in all categories and standing out in ease of use and customization capabilities. McAfee's Hercules was a close second, falling slightly behind in its customization capabilities. PatchLink Update rounds out the top three. While it lacks some native support for advanced customization and reporting capabilities we were looking for in a product of this class, PatchLink does make these functions available in add-on components.

Product	BigFix Enterprise Suite 6.0	McAfee (formerly Citadel) Hercules Remediation Manager	PatchLink Update 6.3
Vendor	BigFix	McAfee	PatchLink
Price as tested	$40 per seat, per year.	$75,800 as tested, includes licensing and support for 500 workstations and 100 servers.	$1,495 per server and $18 per node.
Pros	Best reporting; Custom Fixlets enable custom remediation actions; very easy to use. Related Content	Best interface; detailed access control.	Strong complement of default reports that can be easily filtered based on key criteria; detailed access control.
Cons	Detailed access control could be improved.	Custom report engine not fully integrated into the product and is difficult to use.	Separate components to get full custom packages and reporting.
Score	4.4	4.35	4.25

Product	LANDesk Security Suite 8.7	Altiris Client Security Management Suite 6.2	Kace 3.0 (KBOX 1000 Series)
Vendor	LANDesk Software	Altiris	Kace Networks
Price as tested	Starts at $59 per node.	Starts at $88 per node plus $69 per node for patch management.	Starts at $9,500.
Pros	Based on strong foundation Management Suite, which allows for adding additional LANDesk services on a single platform.	Client Security Management Suite adds endpoint security and application security in a single client.	Appliance model allows for quick setup; ticketing supported; alerting service is unique.
Cons	Difficult to navigate with poor user interface; custom scripting language required for custom remediation.	Security Expressions not fully integrated into suite; patch deployment configuration lacks advanced options.	Security components seem to take a back seat to ticket system and software distribution.
Score	3.88	3.7	3.4

The breakdown	BigFix	Citadel	PatchLink	LANDesk	Altiris	Kace
Remediation functionality 30%	5	4.5	4.5	4.5	5	4.5
Product management and administration 25%	5	4.5	5	3.5	2.5	4
Remediation workflow 15%	3	3.5	3.5	3	2.5	3.5
Access control 15%	3	5	4.5	4	4.5	1.5
Reporting 15%	5	4	3	4	3.5	2
TOTAL SCORE	4.4	4.35	4.25	3.88	3.7	3.4
Scoring Key: 5: Exceptional; 4: Very good; 3: Average; 2: Below average; 1: Subpar or not available