Top Patch Management Software for 2021

Let’s take a look at some of the top patch management options out there. These solutions were chosen based primarily on the most recent Gartner Magic Quadrant for Client Management Tools.

Gartner noted that BMC, Hewlett Packard Enterprise (now Micro Focus), and Red Hat tend to treat patching as one aspect of managing the overall server life cycle, as opposed to having a tight focus on PCs, laptops and other similar endpoints. Multiplatform server and desktop-focused patching vendors include IBM, Ivanti, Verismic, and Kaseya. For the patching of non-Microsoft applications, a major patch management pain point, Ivanti, Flexera, and SolarWinds are noted as strong by Gartner analyst Terrence Cosgrove.

These are not rigid categories. There is plenty of overlap between them and vendors are steadily introducing new capabilities that blur such divisions.

Jump ahead:

SolarWinds Patch Manager

SolarWinds Patch Manager can automate the patching of Microsoft Windows servers and workstations for both Microsoft and third-party products. It includes a catalog of updates for products such as Google Chrome, Mozilla Firefox and Java. It requires the use of either Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

See our in-depth look at SolarWinds Patch Manager.

Flexera Corporate Software Inspector

Flexera continuously identifies vulnerable applications and applies security patches. It leverages verified vulnerability intelligence to assess over 20,000 applications, drives patch prioritization based on criticality of vulnerabilities and security policies, provides tested patch packages for non-Microsoft applications, and integrates with management tools for patch deployment.

See our in-depth look at Flexera Corporate Software Inspector.

IBM BigFix

IBM BigFix is a collaborative endpoint management and security platform for IT infrastructure and security professionals. It provides real-time endpoint data that can re-image remote devices, distribute and patch software, discover and inventory new assets, assess application usage, and monitor and enforce compliance polices across many types of devices using multiple versions of Windows, Mac and Unix OSes and apps.

See our in-depth look at IBM BigFix.

Ivanti Patch

Ivanti provides several patch management options for Windows, Linux, Unix and Mac and an extensive third-party catalog of software updates. Some came from Landesk, some from Shavlik, Heat, and a long list of other acquired companies.

See our in-depth look at Ivanti Patch.

Red Hat Satellite

Red Hat Satellite is a Linux server management product that helps users control and optimize the lifecycle of Linux operating systems. It works in conjunction with Red Hat Insights, a configuration assessment service that analyzes system configuration state to identify performance, stability, or security risks.

See our in-depth look at Red Hat Satellite.

Kaseya VSA

The Kaseya VSA Software Management module is a patching solution for Mac and Windows operating systems as well as a way to deploy hundreds of third-party software titles. It uses peer-to-peer technology to distribute patches to reduce bandwidth requirements.

See our in-depth look Kaseya VSA.

Micro Focus ZENworks Patch Management

ZENworks Patch Management was inherited from HPE and Novell. It is an automated patch management solution that retrieves and deploys patches. It automates the collection, analysis, and policy-based delivery of patches to endpoints. It provides pre-tested patches for more than 40 different Windows and non-Windows operating systems.

See our in-depth look at Micro Focus ZENworks Patch Management.

Syxsense Patch Manager

Patch Manager is included in Syxsense. It automatically keeps desktops, laptops and remote users up-to-date with security patches and software updates. A subscription includes patching for Microsoft, Linux and third-party vendors.

See our in-depth look at Syxsense Patch Manager.

BMC BladeLogic Server Automation

Patching is a subset of the capabilities of BladeLogic, which also include provisioning, compliance, configuration management, and software deployment. It is normally offered as a platform, but there are options to purchase only the patch capabilities if required. Further features include the ability to stage and test patches before committing them, integration with service desk change management systems, and add-on SaaS services that enable vulnerability management and remediation.

See our in-depth look at BMC BladeLogic Server Automation.

KACE Systems Management Appliance

The KACE Systems Management Appliance offers patch and endpoint management and security and can patch up to 20,000 machines in four hours. Endpoints are automatically discovered and provisioned by vendor, operating system, department, and location.

See our in-depth look at the KACE Systems Management Appliance.

Patch Management Product Feature Comparison

Top Patch Management Providers

Vendor Use Cases Metrics Intelligence Delivery Pricing
SolarWinds Microsoft Windows servers and
workstations for both Microsoft and third-
party products
Patch Manager is deployed in a wide range of environments ranging from dozens of nodes to several thousand N/A Windows application Patch Manager is licensed on a per node basis,starting at $3,617 for up to 250 nodes (license with first-year maintenance)
Flexera North America, and Europe. Used to discover, verify,validate and document
vulnerabilities in over 55,000 products
Uses Vulnerability Intelligence by Secunia Research On-premises,virtual appliance and cloud Pricing is per device, with no minimum number of devices
IBM BigFix is used by thousands of organizations of all sizes First query results are returned within 15 seconds,with full query on 120,000 nodes returned within 5 minutes An intelligent agent ensures that decision-making and calculations are performed at the endpoint rather than in the network On premises BigFix starting prices range from $2.49/client device/year
to $43.80/client/device per year
depending on version and features
lvanti SMB to large enterprise N/A Patch catalog updated twice weekly,plus Zero Day support with out of band releases for critical security updates On premises,
virtualized or cloud
lvanti standalone solutions are priced at $65 per server or $30 per workstation. Integrated solutions start at $9 per endpoint for perpetual or $5
per endpoint for subscription
Red Hat Enterprise computing, server provisioning, configuration,and patch management of Linux systems N/A A l-based predictive analytics from Red Hat Insights On-premise software (Satellite), Software-as- a-Service (Insights) $192/$199 per managed server for SateIIite/lnsights, respectively
Kaseya MSPs and mid-market enterprises Kaseya manages over 10 million endpoints with its management,
monitoring and patching solution
Endpoints can securely share patches for rapid deployment without the overhead of huge patch downloads over the internet On-premises or cloud $0.50/endpoint/month
Micro Focus SMEs to large enterprises More than 10,000 pre-tested patches for more than 100 major current and legacy applications and operating systems Automatic patch deployment based on pre-defined policies Software or virtual appliance No pricing data available
Verismic SMBs to enterprises, as well as MSPs Verismic has deployed over five million patches globally Automatically discovers network devices,and predictive patch management
prioritizes patching and threat remediation
Software as a Service Subscription based
BMC Targets include larger enterprise customers with complex patching and security needs BMC BladeLogic supports some enterprises with more than 150,000 servers under management Provides operational context to security scans On-premises solution, though there are also customers running BladeLogic inside of AWS and Azure No pricing data available
Kace Mid to large enterprises, including regulated industries Patches up to 20,000 machines in four hours; solution includes endpoint management Detects missing patches; can be scheduled at least disruptive times Hardware,virtual appliance,and ‘as a service’ No pricing data available


Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Related articles