Patch Management In The Enterprise, Part II

The Vulnerabilities detected on a workstation

PatchLink Update is another agent-based solution that has grown in popularity. It is cross-platform - Windows, Unix and Linux are supported - and will detect vulnerabilities in software from virtually all of the major software vendors. The application is completely Web-based and all agent-to-server communication happens on either port 80 (regular HTTP) or 443 (if SSL is used, which is recommended).

Once the agent software is deployed to a workstation or server, it will periodically execute its detection agent, which will provide a full vulnerability analysis for the computer in question. Based on this analysis, the administrator can then deploy the appropriate patches to a single computer - or a group of them - with only a few clicks of the mouse.

While PatchLink Update's core function is clear, it will also provide hardware and software inventory information similar to that of SMS2003. This information can prove to not only be helpful, but entertaining - such as when you examine the list and find a corporate workstation with Tom Clancy's Rainbow Six installed. This information may lead to an email being sent to the individual's manager. Productivity is important!

What software is installed on the PCs in your organization?

PatchLink Update is also capable of leveraging BITS technology for the patching of remote clients. As mentioned before, BITS means that a dial-up or VPN user's connection won't be swamped if they connect to the network with a patch deployment pending, and if they disconnect during the delivery of a patch, it will resume the next time they connect. PatchLink also works quite well in large organizations with complex network and firewall configurations because all traffic takes place on port 80 or port 443, which are both quite common and probably not blocked to VPN or RAS subnets.

One of the best features of PatchLink Update is the vulnerability analysis reports that you can generate from the Web console. As shown in the image below, you can input multiple vulnerabilities that you would like to report about. Once the report runs, it will show you how many computers the specific vulnerabilities apply to, and whether or not they are patched. It will also show you how many computers are still pending due to the fact that they haven't completed their initial vulnerability analysis. Managers will love to look at the last column displaying "Percentage Patched". In the past, large organizations would shoot for a patched rate of 95% - with the volume of worm traffic now, and the costs associated with each clean-up, organizations are beginning to aim even higher.

With multiple Zotob and Sdbot variants in the wild, knowing the patch status of MS05-039 is important.

Adoption of PatchLink Update appears to have grown dramatically of late. If you look at their lengthy customer list , you will see many recognizable companies that have turned to PatchLink Update for the patching of their workstations and servers. A 10 node, 2-week trial version is available on their website.