Patch Management: Challenges and Solutions
Patch management is a critical and complex task. Timely and properly managed patching optimizes cybersecurity, compliance, availability, and functionality. Haphazard patch management can result in security gaps, compatibility problems, sluggish or erratic performance, unnecessary downtime, or loss of important features. Patching involves more than periodic updates of operating systems and applications for servers and endpoints. Firmware patches can be essential for peripherals such as printers and scanners, network infrastructure appliances like routers and Wi-Fi access points, and Internet-of-Things (IoT) devices like sensors and robotics.
Progent's Patch Management Services can cover IoT devices like sensors and robotics
The patching process can present a range of complications that vary from network to network. Resources that may require patching can be on-premises, in the cloud, mobile, or in the homes of telecommuters. Environments may include a mix of Windows, Linux, Apple, and Google operating systems and applications. Some patches can be installed automatically and at scale using tools like Microsoft Configuration Manager, Intune, or Azure Update Management. Others must be performed manually. Patching for core systems must be scheduled to minimize business disruption. In some mission-critical environments, patches must be carefully tested before being approved for production.
Progent's managed services for patch management provide businesses of any size an affordable end-to-end solution for identifying, acquiring, evaluating, testing, prioritizing, scheduling, applying, and documenting software and firmware updates to your ever-evolving IT network. In addition to optimizing the security and functionality of your IT network, Progent's patch management services give your IT staff time to focus on strategic projects and tasks that deliver maximum business value to your network.
Patch management is a closed-loop process central to your risk management strategy
Progent's Patch Management Processes
Progent offers standard and custom service programs for software and firmware patching. These managed services allow you to offload part or all of your patch management tasks to a nationwide IT support firm with over two decades of experience providing network design, deployment, and support to organizations of all sizes worldwide. Progent works closely with your IT managers to define the scope of the services you require. Services available from Progent for patch management include:
- Discover network assets: This can include business-critical applications like Exchange and SQL, web-facing servers, desktop and mobile endpoints, security appliances such as firewalls, and network infrastructure devices like switches and Wi-Fi access points.
- Identify assets to be managed: Progent will work with you to determine which of your network assets you wish to select for ongoing patch management services. Progent offers a variety of standard programs that cover specific classes of items and Progent can also create custom programs to meet your unique requirements.
- Deploy patch management tools: Progent is familiar with a wide selection of patch installation tools and patch tracking databases. Available tools include Azure Update Management for cloud-based assets, Configuration Manager for on-prem assets, Intune for mobile devices, IT Glue for documentation, plus a selection of advanced anti-virus platforms. Together, these tools allow you to automate and track updates for resources located in public and private clouds, on-premises, on the road, at branch offices, and in the residences of at-home workers.
- Analyze patch status and perform risk analysis of missing patches: Generally, systems with up-to-date patching are more secure and stable than those with sporadic updates. However, some patches have the potential to disrupt essential business operations by introducing compatibility problems, system instability, or unfamiliar and confusing changes to user experiences. Progent can help you determine which patches carry a risk to your organization's IT environment, or which patches should be assigned a high priority because they block a major security threat. Progent's experience with patch management can help you maintain a secure network without compromising productivity.
- Develop a patch management program: Progent's team of experts can assist in designing and managing a patch management program that fits your business needs and security requirements. Progent offers standard and custom patch management services and can help with automated as well as manual patching. Progent can manage mission-critical assets only, all patchable resources, or anything in between.
- Patch testing: Even the world's largest networks, including Amazon AWS and Microsoft Azure, have experienced major outages caused by updates that were insufficiently tested before being applied to production systems. For organizations with no tolerance for downtime, Progent can help create test environments that allow you to make sure new patches will not cause stability problems for your network.
- Prioritize and schedule patches: Progent can help you determine which patches should be performed immediately and which can be safely delayed in order to minimize business disruption. Some regulatory standards, such as the Payment Card Industry (PCI) Data Security Standard, require that
the most critical security patches be installed within a certain timeframe.
- Document patch history and status: Progent can create a centralized knowledge base for tracking the patch level of every monitored asset. This makes it easy to find where software, firmware, or driver updates can be downloaded and includes patch release dates, release notes, and other important information required for a comprehensive patch management solution.
- Troubleshoot patch failures: Patches to some key resources such as operating systems or application servers can cause unforeseen compatibility or stability issues, especially with legacy or home-grown software or older devices. Progent has the breadth of experience to help you quickly identify and mitigate problems that may arise as a result of applying an update.
Patch Management for Network Infrastructure from Cisco and Other Vendors
Software and firmware updates are frequently released for network infrastructure appliances like firewalls, routers, switches, wireless controllers, and Wi-Fi access points. These updates typically harden security, improve feature sets, or mitigate stability and compatibility issues. Managing updates for these infrastructure devices can pose a challenge, especially in mixed-vendor environments and networks that have a combination of on-premises datacenters, at-home workers, branch offices, and cloud-hosted resources. In addition to tracking and acquiring updates, IT managers must make sure network appliances have sufficient disk space and patches are transferred cleanly and work properly.
Progent has provided advanced support for Cisco networking products for more than two decades and also offers expertise with other major vendors including Juniper, Palo Alto Networks, SonicWall, Fortinet, WatchGuard, and CheckPoint. Progent's managed services for patch management can help you consolidate your software update solution to include network appliances along with servers, endpoints, applications software, and IoT devices.
Progent offers patch management expertise for network appliances from Cisco and other leading vendors
Progent's Standard and Custom Patch Management Services
Progent offers a range of standard patch management packages that include backup services, reporting, and documentation. Pricing is based on the type and quantity of devices covered. Additional services including building environments for pre-installation patch testing are billed at time and material rates. Custom packages are also available and typically cover specialized devices and/or applications.
PROACTIVE Server Patch Management
On Prem or Private Cloud Server:
Azure Cloud Servers Patch Management:
- Compliance scan of all Windows and Linux servers
- Update compliance assessment results for enabled machines
- Scheduled Patching and Preventative Maintenance
- License & Asset reporting and management
- Managed Anti-Virus - Current AV system
- Initiate Server backup once complete
- Additional Support Billed at T&M Rates
- IT Glue access control and asset documentation
On Premises or Virtual Workstation:
- ProSight Availability Monitoring
- OS & 3rd Party Patch Management
- Scheduled Preventative Maintenance
- Managed Anti-Virus - current AV system
- Hosted Anti-Spam - Spam Hero
- Additional Support Billed at T&M Rates
- IT Glue access control and asset documentation
BASIC Server Patch Management
Managed Patch both Physical and Virtual Servers:
On Premises or Virtual Workstation Patch Management:
Server or Workstation Security SLA - Add on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
PROACTIVE Network Device Patching
Internet Facing Hardware - Managed Devices (Security appliances, firewalls, routers):
Internal Network Hardware - Managed devices (wireless controllers, Wi-Fi access points, switches):
Network Device Security SLA - Add on service
Security Critical Patches - applied within 48 hours of Progent being notified - invoiced only when needed
Initial Patching Event Additional Costs:
Initial Patching will have an additional cost per server or network device to provide for review and documentation of current patch level and any other documentation needed for properly managing the ongoing patching as defined above. If multiple patches are needed that require additional time for the initial patching, Progent will provide any estimates beyond the normal patching cost.
Additional Services Available:
Download Progent Patch Management Services Datasheet
To download a datasheet about the features and benefits of Progent Patch Management Services, select:
Progent Patch Management Services Datasheet. (PDF - 330 KB)
Contact a Progent Expert about Patch Management Services
For more information about Progent's patch management services, call Progent at 800-993-9400 or see Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is designed to guide organizations to complete the urgent first phase in mitigating a ransomware attack by stopping the bleeding. Progent's remote ransomware expert can help businesses to identify and isolate breached servers and endpoints and protect undamaged assets from being penetrated. If your system has been breached by any version of ransomware, act fast. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800. For more information, visit Progent's Ransomware 24x7 Hot Line.