• United States

Vendors bulk up patch management

Dec 15, 20033 mins
Enterprise Applications

Patch management vendors BigFix and LanDesk are upgrading their software to meet corporate demand for more-comprehensive tools that go beyond the discovery and installation of new patches.

This week BigFix will release Version 4.0 of its Patch Manager, which allows for monitoring of 75,000 nodes from a single server and automates problem resolution. BigFix is expanding the software to include configuration management, which will flag systems without the latest patches and provide an inventory of nodes on the network and the software they are running.

LanDesk, whose Management Suite 8.0 has similar capabilities, last week added a new module also called Patch Manager. Both vendors offer support for Windows, Linux and Unix.

Companies such as AltirisConfigureSoft,, Loudcloud,, PatchLinkShavlik Technologies develop similar patch management tools and are broadening their focus to combat other security vulnerabilities such as poor system configuration.




Corporate users are beginning to realize that patch management is not a single task but a process that includes a detailed inventory, change management, configuration management, asset management, and maintenance and communications plans.

“You need a process to evaluate patches and how they affect your corporate network,” says Andy Nosal, supervisor of technical services and LanDesk operations for financial firm Raymond James Financial in St. Petersburg, Fla. He says patching mistakes could cripple desktops and put his firm out of business. “We don’t like to do a fire drill when a new patch is released,” he says.

The company, which has established a patch SWAT team, runs Management Suite to provide inventory and is evaluating the addition of Patch Manager.

LanDesk’s Patch Manager features a vulnerability scanner that recognizes nodes on the network that need a new patch. The module validates new patches and checks for conflicts or dependencies. The software includes a synchronization feature that checks with patch sites, such as Windows Update, to find new patches.

The software also has an application policy manager to assure that groups of computers are configured identically and includes a mechanism called Peer Download, which makes it more efficient to distribute patches over the network.

LanDesk’s Management Suite is priced at $89 per user, and the Patch Management module is an additional $12.

BigFix’s software, also called Patch Manager, is part of the BigFix Enterprise Suite (BES), which includes a server and a host of agents that detect and install needed patches.

In Version 4.0, BigFix has boosted the number of supported nodes from 15,000 to 75,000 on a single BES Server, which runs on Windows 2000 or 2003.

“Now we can support deployments to an entire global organization,” says Greg Toto, vice president of product management for BigFix. Also new is a feature called custom actions, which lets administrators make configuration changes or fix problems on the fly on a single computer or across a set of computers, including desktops, laptops and servers. A new dashboard provides a vulnerability status report through either a desktop or Web-based interface, and a real-time progress report shows how a fix is progressing across a network.

BigFix also has made improvements to performance with new caching and reporting features, and added a new user interface to ease administration of large deployments, delegate management over a number of administrators, and organize and store patches.

Patch Manager 4.0 is priced at $21.50 per Windows computer and $58 for Linux and Unix machines.