You know about security patches and you probably remember Microsoft triggering a massive number of complaints when computers were running slow on “patch Tuesdays.” Luckily, patching is less disturbing for users today as patching is managed remotely. But, what is remote patch management really? And, what aspects does this approach cover? You’ll find the details in this article.
Let’s jump twenty years back in time – Windows was more or less the only OS in a corporate machine park, bandwidth was limited, and Doomsday was predicted approximately once per month when Microsoft released new security patches. Patching was a task on the network administrator’s to-do list. A necessary job that involved some kind of user disturbance.
In the old days, patching was somehow easier to overcome. Today, patching is not just a matter of closing some security breaches on a single OS. Servers, applications, and network connected devices need a new patch or firmware update on a regular basis. Productivity loss and security issues are the most widely known risks of not taking care of patches, so, today, patching is more than a bullet point on the IT-guy’s checklist.
What is remote patch management?
Remote patch management includes planning, deciding, and prioritizing updates to software and devices within a network, which is all remotely managed from a single application. The purpose is to keep devices secure and up-to-date, while scheduling updates at times that won’t impact the productivity of users.
Obviously, leaving systems and applications open for malicious attacks is the main reason why companies invest in remote patch management. But, downtime is also a consequence of lack of planning in the patching work. Imagine that the corporate network consists of 1,000 users and each user has a personal computer with ten different applications installed. Now, add the servers and the network connected devices. It’s complex and remote patch management includes a priority plan. Some devices should update and reboot instantly. Other applications are better off waiting until after work hours to avoid productivity loss.
What about the remote part?
The description above doesn’t differ much from regular patch management. So, let’s dive into what makes patch management truly remote.
With remote patch management physical presence is not needed. Any update, reboot, or installation can be done remotely by a network administrator. Usually, this is managed by a cloud-based monitoring service that has direct access to all network-connected devices within the organization. This is enabled by installing agents on all devices in the network. Setting up rules, alerts, and automating routine parts of the patching process are standard features in remote patch management software today.
Instant overview is a must for remote patch management tools
As the need for patching is ever changing, a key requirement for patching software is to give network administrators a quick overview.
At Panorama9, we have a special dashboard for this: the vulnerability report lists when a vulnerability was been discovered and when it was fixed. This is regardless of who applied the patch or updated the software. If something breaks then it’s important to know who and what has changed.
To learn more about how we think the patching process should work, please watch this short video.
I hope this made has made what remote patch management is clearer and how it has evolved from just closing some holes in Windows once a month. Feel free to read more about how we deal with patching at Panorama9 or reach out via our supportsite.