10 Top Patch Management Solutions


Let's take a look at some of the top patch management options out there. These solutions were chosen based primarily on the most recent Gartner Magic Quadrant for Client Management Tools.

Gartner noted that BMC, Hewlett Packard Enterprise (now Micro Focus) and Red Hat tend to treat patching as one aspect of managing the overall server life cycle, as opposed to having a tight focus on PCs, laptops and other similar endpoints. Multiplatform server and desktop-focused patching vendors include IBM, Ivanti, Verismic and Kaseya. For the patching of non-Microsoft applications, a major patch management pain point, Ivanti, Flexera and SolarWinds are noted as strong by Gartner analyst Terrence Cosgrove.

These are not rigid categories. There is plenty of overlap between them and vendors are steadily introducing new capabilities that blur such divisions.

Jump ahead:

SolarWinds Patch Manager

SolarWinds Patch Manager can automate the patching of Microsoft Windows servers and workstations for both Microsoft and third-party products. It includes a catalog of updates for products such as Google Chrome, Mozilla Firefox and Java. It requires the use of either Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

See our in-depth look at SolarWinds Patch Manager.

Flexera Corporate Software Inspector

Flexera continuously identifies vulnerable applications and applies security patches. It leverages verified vulnerability intelligence to assess over 20,000 applications, drives patch prioritization based on criticality of vulnerabilities and security policies, provides tested patch packages for non-Microsoft applications, and integrates with management tools for patch deployment.

See our in-depth look at Flexera Corporate Software Inspector.

IBM BigFix

IBM BigFix is a collaborative endpoint management and security platform for IT infrastructure and security professionals. It provides real-time endpoint data that can re-image remote devices, distribute and patch software, discover and inventory new assets, assess application usage, and monitor and enforce compliance polices across many types of devices using multiple versions of Windows, Mac and Unix OSes and apps.

See our in-depth look at IBM BigFix.
See user reviews for IBM BigFix.

Ivanti Patch

Ivanti provides several patch management options for Windows, Linux, Unix and Mac and an extensive third-party catalog of software updates. Some came from Landesk, some from Shavlik, Heat, and a long list of other acquired companies.

See our in-depth look at Ivanti Patch.

Red Hat Satellite

Red Hat Satellite is a Linux server management product that helps users control and optimize the lifecycle of Linux operating systems. It works in conjunction with Red Hat Insights, a configuration assessment service that analyzes system configuration state to identify performance, stability, or security risks.

See our in-depth look at Red Hat Satellite.

Kaseya VSA

The Kaseya VSA Software Management module is a patching solution for Mac and Windows operating systems as well as a way to deploy hundreds of third-party software titles. It uses peer-to-peer technology to distribute patches to reduce bandwidth requirements.

See our in-depth look Kaseya VSA.

Micro Focus ZENworks Patch Management

ZENworks Patch Management was inherited from HPE and Novell. It is an automated patch management solution that retrieves and deploys patches. It automates the collection, analysis, and policy-based delivery of patches to endpoints. It provides pre-tested patches for more than 40 different Windows and non-Windows operating systems.

See our in-depth look at Micro Focus ZENworks Patch Management.

Verismic CMS Patch Manager

Patch Manager is included in the Verismic Cloud Management Suite. It automatically keeps desktops, laptops and remote users up-to-date with security patches and software updates. A subscription includes patching for Microsoft, Linux and third-party vendors.

See our in-depth look at Verismic CMS Patch Manager.

BMC BladeLogic Server Automation

Patching is a subset of the capabilities of BladeLogic, which also include provisioning, compliance, configuration management, and software deployment. It is normally offered as a platform, but there are options to purchase only the patch capabilities if required. Further features include the ability to stage and test patches before committing them, integration with service desk change management systems, and add-on SaaS services that enable vulnerability management and remediation.

See our in-depth look at BMC BladeLogic Server Automation.
See user reviews for BMC BladeLogic Server Automation.

KACE Systems Management Appliance

The KACE Systems Management Appliance offers patch and endpoint management and security and can patch up to 20,000 machines in four hours. Endpoints are automatically discovered and provisioned by vendor, operating system, department, and location.

See our in-depth look at the KACE Systems Management Appliance.

Patch Management Product Feature Comparison

Top Patch Management Providers
VendorUse CasesMetricsIntelligenceDeliveryPricing
SolarWindsMicrosoft Windows servers and workstations for both Microsoft and third- party productsPatch Manager is deployed in a wide range of environments ranging from dozens of nodes to several thousandN/AWindows applicationPatch Manager is licensed on a per node basis,starting at $3,617 for up to 250 nodes (license with first-year maintenance)
FlexeraNorth America, and Europe.Used to discover, verify,validate and document vulnerabilities in over 55,000 productsUses Vulnerability Intelligence by Secunia ResearchOn-premises,virtual appliance and cloudPricing is per device, with no minimum number of devices
IBMBigFix is used by thousands of organizations of all sizesFirst query results are returned within 15 seconds,with full query on 120,000 nodes returned within 5 minutesAn intelligent agent ensures that decision-making and calculations are performed at the endpoint rather than in the networkOn premisesBigFix starting prices range from $2.49/client device/year to $43.80/client/device per year depending on version and features
lvantiSMB to large enterpriseN/APatch catalog updated twice weekly,plus Zero Day support with out of band releases for critical security updatesOn premises, virtualized or cloudlvanti standalone solutions are priced at $65 per server or $30 per workstation. Integrated solutions start at $9 per endpoint for perpetual or $5 per endpoint for subscription
Red HatEnterprise computing, server provisioning, configuration,and patch management of Linux systemsN/AA l-based predictive analytics from Red Hat InsightsOn-premise software (Satellite), Software-as- a-Service (Insights)$192/$199 per managed server for SateIIite/lnsights, respectively
KaseyaMSPs and mid-market enterprisesKaseya manages over 10 million endpoints with its management, monitoring and patching solutionEndpoints can securely share patches for rapid deployment without the overhead of huge patch downloads over the internetOn-premises or cloud$0.50/endpoint/month
Micro FocusSMEs to large enterprisesMore than 10,000 pre-tested patches for more than 100 major current and legacy applications and operating systemsAutomatic patch deployment based on pre-defined policiesSoftware or virtual applianceNo pricing data available
VerismicSMBs to enterprises, as well as MSPsVerismic has deployed over five million patches globallyAutomatically discovers network devices,and predictive patch management prioritizes patching and threat remediationSoftware as a ServiceSubscription based
BMCTargets include larger enterprise customers with complex patching and security needsBMC BladeLogic supports some enterprises with more than 150,000 servers under managementProvides operational context to security scansOn-premises solution, though there are also customers running BladeLogic inside of AWS and AzureNo pricing data available
KaceMid to large enterprises, including regulated industriesPatches up to 20,000 machines in four hours; solution includes endpoint managementDetects missing patches; can be scheduled at least disruptive timesHardware,virtual appliance,and 'as a service'No pricing data available