Lumension Security"s
PatchLink Update is an agent-based patch manager that plays well with
heterogeneous operating systems. Unlike the first product we reviewed,
Shavlik NetChk Protect, which supported only Microsoft environments,
PatchLink Update works with Mac OS X, Unix, Linux, Solaris and VMware
as well as Windows. In addition, it can protect a number of
applications supported on these plat
If, like us, you"re hesitant about deploying agents, you"ll appreciate
PatchLink"s Agent Management Center, a central interface that helps
with agent administration and deployment. PatchLink also integrates
with Active Directory for dynamic creation of groups with cascading
assignments of baselines, agent policy and user permissions. The
product"s inventory management feature allows for identifying and
reporting on software, hardware and services, while user policy
features enable some administration to be delegated while still
maintaining security. The system"s patch repository is updated daily;
after patches are tested by Lumension, they"re packaged and delivered
securely to the application.
Finally, the reporting component offers flexible charts and graphs for
analyzing vulnerabilities, deployment status, agents and baseline
compliance. Notifications via e-mail are available for just about any
type of event.
Let"s Get Patching
We were pleasantly surprised to find PatchLink"s agents a breeze to
install—we simply connected to the update server via a Web browser to
get rolling. For Windows agent installs, the Agent Management Center
can automate deployment with remote registry and file and print sharing
enabled. Command line silent installs speed up deployment on
non-Windows systems.
Initial scan results were available almost immediately and showed
patches available as "vulnerabilities." Installed agents are by grouped
according to OS, and devices can be assigned to multiple groups.
Organizations that need customization will find plenty of options.
Aside from the ability to schedule deployments of multiple patches, we
could suspend deployment in case of patch failure, easily change the
deployment order or options of a particular patch, and customize user
notification or alert to a required reboot. Each patch can have its own
message, options and time limit.
Lumension"s patch repository was quick to respond to requests for new
package downloads, and communications between update server and patch
repository is over a secure protocol, with each package verified by the
server. forms, including Adobe Flash,
antivirus products and alternative Web-browsers like Firefox.
|
