The Many Flavors of Patch Management

Patch management used to be an internal duty that was manually intensive duty. For some, it still is. More recently, alternatives have emerged such as automated patch managed, hosted patch management, and patch management as a service. However it is done, patch management is about managing the process of patching software and applications. It encompasses functions such as testing patches, prioritizing them, deploying them, verifying that they are installed in all endpoints, and in general looking after every aspect of patching.  

Let’s take a look at each of the flavors of patch management.  

Manual Patch Management  

Perhaps in very small organizations, manual patch management has its place. The user or manager notices that patches are available from Microsoft and others and deploys them to the handful of devices used within the business. In some cases, updates can be pre-configured to automatically be installed.  

The downside to this manual approach is that some urgent patches are likely to be missed. Most businesses have one or more specialized application in use and they may not offer automatic updates. Further, when anything has to be done manually, the door is open for delays or even complete neglect. If the business is swamped with other traffic, routine security duties can be left “until later”. Cybercriminals can take advantage of such delays to install ransomware and other malware.  

Additionally, once the organization grows beyond a small number of devices, patching becomes time consuming. There are so many patches being issued to address so many vulnerabilities that it is very easy to fall behind.  

Manual patch management is also prone to human error. In some cases, it may lead to exposed vulnerabilities or decreased app performance when patches are overlooked or incorrectly applied. An effective patch management service eliminates these issues. By applying automation to track and install updates, patch management helps organizations account for and oversee all the software patches their systems and devices depend on. 

On-Premises Patch Management  

On-prem patch management tools have been in use for decades. They help IT to test, prioritize, schedule, and deploy patches throughout the enterprise. Features vary from vendor to vendor. The latest products offer automation features that take much of the time and effort out of patch management.  

However, some IT departments may configure then to run in such a way as to delay the deployment of urgent patches. They may institute testing protocols for all patches that cause long delays. They may even turn off automatic updates. The fact is that patch management has been found to be a weak point in many organizations. Despite constant news stories about vulnerabilities and Common Vulnerabilities and Exposures (CVEs) being released with such regularity, a surprising number of organizations fail to install urgent patches for months on end despite having patch management tools to hand. There are some high-risk CVEs that are years old and still unpatched in some enterprises.  

Cloud-based Patch Management  

Some vendors provide cloud-based patch management tools to simplify patching processes and minimize the work needed from internal IT staff. The provider keeps the patching software up to date, takes care of any maintenance, and delivers the same patch management capabilities as on-prem patch management. Lightweight, responsive agents give a clear picture of how many endpoints are in the network even if they’re remote, roaming, or in the cloud. 

Patch Management as a Service  

Patch management vendors and MSPs have harnessed the Software as a Service model to provide fully automated patch management services. These services do all the heavy lifting for organizations when it comes to patching. Patch Management as a Service (PMaaS) is a managed offering that aims to eliminate the hassle of patch management by taking care of the function automatically using a subscription model. It enables organizations to update their systems and applications, perform maintenance and repairs, and improve performance and usability of their software after it has been implemented.  

Syxsense offers cloud-based patch management as well as a managed patch management service. Known as Syxsense Active Manage, it offers patch management, as well as reporting and compliance services. It can detect missing OS and third-party patches, target groups of devices, and deploy updates automatically. A lightweight, responsive agent is used to give a clear picture of how many endpoints are in the network even if they’re remote, roaming, or in the cloud. It is hosted in Microsoft Azure, with cross-platform support for Windows, Mac, Linux, iOS, and Android. 

For more information visit