I recently read an article on patch management, the way forward and what most other solutions or companies are doing to keep with the fast pace and changes in the technology world. Virtualization was once only a dream by many, virtual offices, virtual malls, virtual pets, etc... Not so many years have passed and we now stand at that stage where virtualization is indeed a reality. Just looking at the computer industry, we have software that can basically do anything, from virtual hardware for your servers (although there is still some hardware involved, but much cheaper) to virtual applications that do not modify your base operating systems registry, can be activated / deactivated (installed / removed) within a matter of seconds, application streaming, etc.
Although your hardware is virtualized, the operating systems on these virtual platforms are still the same as it use to be, with some minor changes, Microsoft Windows, Linux, Unix and AIX are all still there and all function on these virtual hardware platforms. With the increase in development of these new virtual platforms, many more risks are also born and systems need to be updated with the latest security patches available. These days there are many patch management software solutions available out there, but only few are worth investing in or spending your time and effort on.
We have all worked with Microsoft WSUS at one stage of our careers, but let's face it, it was good in the beginning when it was one of the first solutions of its kind, but reporting functionality on WSUS is not very good. That's where the other software houses come into play, they contain the full package, functionality of deploying patches across the enterprise to endpoints and also provide excellent reporting on the status and vulnerability of your networks. Altiris Patch Management is one of those solutions that has all it takes to be the best. I will not go into many details of how Altiris Patch Management works, but would rather want to highlight some functionalities of the solution and compare it with Shavlik Patch Management Solution.
Altiris Patch Management Solution is an agent based solution, where it plugs into the Altiris Agent on the endpoint (computer), which is supported on Windows, Linux, Unix, AIX, Solaris and VMware platforms. This agent scans the end point for any vulnerabilities and reports back to the Altiris Notification Server, in the process giving you a complete overview of your organizations security risk.
Deploying the agents can sometimes be problematic as notebooks are not always connected to the network, agent services have been disabled / stopped or the agent can become corrupted and have to be reinstalled to remedy the problem, which takes up some resource time to troubleshoot and resolve.
With Shavlik Patch Management Solution, which I have used a couple of times, you have the same core functionality as you would find within the Altiris Patch Management Solution, but I'm not too sure on the reporting functionalities on vulnerabilities and status of a enterprise network. Shavlik can either be and agent or agentless solution and is also supported on Windows, Linux, Unix, AIX, Solaris and VMware. Being agentless, saves you the time of deploying the agent to your endpoint as it is not needed for the solution to function. An added extra to the Shavlik solution is that it has developed the ability to patch offline VMware images, impressive!
Even though your VMware server image is offline, you will be able to patch that server, so when it is brought into the live environment it will be up to date with the latest security patches, saving time and effort in setting up a new server or workstation into the production world.
I'm not sure if Altiris Patch Management is also headed that way in versions to come, but it would add a great deal of functionality to the solution.