Patch-management products move toward remediation

Patch-management products have evolved from simply pushing out patches to now encompassing more preemptive security measures, including manipulating security configuration settings, deploying standard software packages, maintaining policy compliance and taking an active role in vulnerability remediation.

In this Clear Choice Test we evaluated six products previously rooted in patch management that now claim to help ease remediation activities. All told, we tested Altiris' Client Security Management Suite, BigFix's Enterprise Suite, Kace Networks' KBOX, LANDesk Software's Security Suite, McAfee's (formerly Citadel Security's) Hercules and PatchLink's Update.

BigFix Enterprise Suite came out on top as the Clear Choice winner, performing well in all categories and standing out in ease of use and customization capabilities. McAfee's Hercules was a close second, falling slightly behind in its customization capabilities. PatchLink Update rounds out the top three. While it lacks some native support for advanced customization and reporting capabilities we were looking for in a product of this class, PatchLink does make these functions available in add-on components.

Click to see: Remediation test results

Product BigFix Enterprise Suite 6.0 McAfee (formerly Citadel) Hercules Remediation Manager PatchLink Update 6.3 Vendor BigFix McAfee PatchLink Price as tested $40 per seat, per year. $75,800 as tested, includes licensing and support for 500 workstations and 100 servers. $1,495 per server and $18 per node. Pros Best reporting; Custom Fixlets enable custom remediation actions; very easy to use. Best interface; detailed access control. Strong complement of default reports that can be easily filtered based on key criteria; detailed access control. Cons Detailed access control could be improved. Custom report engine not fully integrated into the product and is difficult to use. Separate components to get full custom packages and reporting. Score 4.4 4.35 4.25 Product LANDesk Security Suite 8.7 Altiris Client Security Management Suite 6.2 Kace 3.0 (KBOX 1000 Series) Vendor LANDesk Software Altiris Kace Networks Price as tested Starts at $59 per node. Starts at $88 per node plus $69 per node for patch management. Starts at $9,500. Pros Based on strong foundation Management Suite, which allows for adding additional LANDesk services on a single platform. Client Security Management Suite adds endpoint security and application security in a single client. Appliance model allows for quick setup; ticketing supported; alerting service is unique. Cons Difficult to navigate with poor user interface; custom scripting language required for custom remediation. Security Expressions not fully integrated into suite; patch deployment configuration lacks advanced options. Security components seem to take a back seat to ticket system and software distribution. Score 3.88 3.7 3.4 The breakdown  BigFix Citadel PatchLink LANDesk Altiris Kace Remediation functionality 30% 5 4.5 4.5 4.5 5 4.5 Product management and administration 25% 5 4.5 5 3.5 2.5 4 Remediation workflow 15% 3 3.5 3.5 3 2.5 3.5 Access control 15% 3 5 4.5 4 4.5 1.5 Reporting 15% 5 4 3 4 3.5 2 TOTAL SCORE 4.4 4.35 4.25 3.88 3.7 3.4 Scoring Key: 5: Exceptional; 4: Very good; 3: Average; 2: Below average; 1: Subpar or not available