Patch management

From: William Kupersanin (
Date: 11/14/03

  • Next message: Kelly Martin: "SecurityFocus new article announcement"
    To: <>
    Date: Thu, 13 Nov 2003 23:19:30 -0500

    Howdy list,

    I'm looking for people's experiences with various patch/policy management systems. I am looking for a tool to use in a heterogeneous environment including various Windows, *nix, & Novell.

    I have seen tools that will maintain an inventory of systems and COTS software on those systems and automatically disseminate vulnerability information to the appropriate administrators depending on the vulnerability and what OS/software package it affects.

    I have seen tools that will allow one to track, on a vulnerability by vulnerability basis, what hosts have been mitigated and which are still vulnerable.

    I have seen tools that will push patches to the systems (ala SMS, LANDesk, rsync)

    I have seen other tools that will check registry keys and configurations throughout the enterprise and report on systems' compliance with various benchmarks and policies (Bindview)

    It just seems to me that the software pieces required to go to the machines and check for patches, push patches, and check configuration settings, should be very similar. I've found a couple of packages that will do 3 out of 4 of these tasks. I have not been able to find anything that does it all.

    I'm interested in knowing about others' successes or failures with any packages that can support some or all of these goals in a diverse environment.

    Thanks in advance!

    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -

  • Next message: Kelly Martin: "SecurityFocus new article announcement"