Let's take a look at some of the top patch management options out there. These solutions were chosen based primarily on the most recent Gartner Magic Quadrant for Client Management Tools.
Gartner noted that BMC, Hewlett Packard Enterprise (now Micro Focus) and Red Hat tend to treat patching as one aspect of managing the overall server life cycle, as opposed to having a tight focus on PCs, laptops and other similar endpoints. Multiplatform server and desktop-focused patching vendors include IBM, Ivanti, Verismic and Kaseya. For the patching of non-Microsoft applications, a major patch management pain point, Ivanti, Flexera and SolarWinds are noted as strong by Gartner analyst Terrence Cosgrove.
These are not rigid categories. There is plenty of overlap between them and vendors are steadily introducing new capabilities that blur such divisions.
- Product features comparison chart
- SolarWinds Patch Manager
- Flexera Corporate Software Inspector
- IBM BigFix
- Ivanti Patch
- Red Hat Satellite
- Kaseya VSA
- Micro Focus ZENworks Patch Management
- Verismic CMS Patch Manager
- BMC BladeLogic Server Automation
- KACE Systems Management Appliance
SolarWinds Patch Manager can automate the patching of Microsoft Windows servers and workstations for both Microsoft and third-party products. It includes a catalog of updates for products such as Google Chrome, Mozilla Firefox and Java. It requires the use of either Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).
See our in-depth look at SolarWinds Patch Manager.
Flexera continuously identifies vulnerable applications and applies security patches. It leverages verified vulnerability intelligence to assess over 20,000 applications, drives patch prioritization based on criticality of vulnerabilities and security policies, provides tested patch packages for non-Microsoft applications, and integrates with management tools for patch deployment.
See our in-depth look at Flexera Corporate Software Inspector.
IBM BigFix is a collaborative endpoint management and security platform for IT infrastructure and security professionals. It provides real-time endpoint data that can re-image remote devices, distribute and patch software, discover and inventory new assets, assess application usage, and monitor and enforce compliance polices across many types of devices using multiple versions of Windows, Mac and Unix OSes and apps.
Ivanti provides several patch management options for Windows, Linux, Unix and Mac and an extensive third-party catalog of software updates. Some came from Landesk, some from Shavlik, Heat, and a long list of other acquired companies.
See our in-depth look at Ivanti Patch.
Red Hat Satellite is a Linux server management product that helps users control and optimize the lifecycle of Linux operating systems. It works in conjunction with Red Hat Insights, a configuration assessment service that analyzes system configuration state to identify performance, stability, or security risks.
See our in-depth look at Red Hat Satellite.
The Kaseya VSA Software Management module is a patching solution for Mac and Windows operating systems as well as a way to deploy hundreds of third-party software titles. It uses peer-to-peer technology to distribute patches to reduce bandwidth requirements.
See our in-depth look Kaseya VSA.
ZENworks Patch Management was inherited from HPE and Novell. It is an automated patch management solution that retrieves and deploys patches. It automates the collection, analysis, and policy-based delivery of patches to endpoints. It provides pre-tested patches for more than 40 different Windows and non-Windows operating systems.
See our in-depth look at Micro Focus ZENworks Patch Management.
Patch Manager is included in the Verismic Cloud Management Suite. It automatically keeps desktops, laptops and remote users up-to-date with security patches and software updates. A subscription includes patching for Microsoft, Linux and third-party vendors.
See our in-depth look at Verismic CMS Patch Manager.
Patching is a subset of the capabilities of BladeLogic, which also include provisioning, compliance, configuration management, and software deployment. It is normally offered as a platform, but there are options to purchase only the patch capabilities if required. Further features include the ability to stage and test patches before committing them, integration with service desk change management systems, and add-on SaaS services that enable vulnerability management and remediation.
The KACE Systems Management Appliance offers patch and endpoint management and security and can patch up to 20,000 machines in four hours. Endpoints are automatically discovered and provisioned by vendor, operating system, department, and location.
See our in-depth look at the KACE Systems Management Appliance.