Best in class Windows Security Patching

I have been working with Windows security patching since the birth of Radia Patch Manager over a decade ago and have learned a few things along the way about what makes up a great security patch solution. Here is a quick run down of some attributes I believe are required for inclusion in the best in class Windows security patch solutions.

• Time – The time it takes to acquire/deploy/develop the security update is crucial to the success of security patching. If you can’t acquire/deploy/develop a security patch for 30 days after the security patch is released by a vendor the solution isn’t very useful. The best in class security patching software should be able to acquire/deploy or develop a custom solution within minutes/hours of the security release.
• Intelligence –Without good intelligence or reporting you are simply guessing on the state of the Enterprise. Radia Patch Management has intelligent design built-in so we can run compliance reports based on Inventory data. Using software management to deploy security patches, known as drop and run, lacks intelligent design and compliance reporting capabilities. A secondary software deployment known as an Audit would need to be deployed in order to run a compliance report based on installed software or file details.
• Versatility – You must have the ability to develop custom solutions based on the current needs of the Enterprise. Best in class security patching should be able to acquire/deploy/develop most security patches and not just Microsoft security patches. There should not be a need to use a secondary product to fill the gaps in security patching. Having said that, it is never a bad idea to have a secondary solution on hand in case of unexpected failure of the primary solution.
• Complexity – Complexity is not a good thing and only leads to frustration which in turn leads to mistakes being made. Best in class software should be easy to implement and learn.
• Reliability –Best in class software should have a predicable outcome when deploying security patches in the Enterprise. While there may be instances where problems are introduced by the patch being deployed, the solution should reliably deliver and uninstall patches when needed.
• People – Without dedicated, competent employees even the best in class software will fail to meet the needs of the enterprise.

 Successful Windows security patching is essential to the success of any Enterprise. While Radia Patch Manager does lack some best in class functionality out of the box, it does have the versatility to expand security patching into many middleware products that other vendors are unable or unwilling to venture into and handle most if not all security patching needs.