Patch management at any sort of scale has always been a mundane and time-consuming task that most administrators would like to avoid at all costs. With the proliferation of DevOps methodologies and the public cloud, the practice of immutable infrastructure has eliminated the need for patch management in the eyes of some, given the fact that there would be no long-living servers. In contrast to that notion, most environments have long-living servers that are still around and will be for the foreseeable future due to various reasons. The public cloud and DevOps are the new flavors of the month in IT for many valid reasons, but patch management is still a critical aspect of securing IT environments that can be made easier through the use of managed solutions.

 

The benefits of managed patch management are:

  1. Simplified Management -  The patch management solutions offered by cloud providers provide a single management interface to simplify operations. In addition to the proverbial single pane of glass most cloud providers provide a simplified manner in which to deploy the patch management agents to instances to help speed up deployment.
  2. Scalability - Fully managed solutions have been built to scale to the largest of environments without any performance impact. This eliminates the need to rearchitect the patch management deployment to scale with the needs of the organization.
  3. Managed Upgrades - One of the advantages of utilizing a fully managed patch management solution is the fact that the system for managing patches is automatically patched itself. This is a major win for many organizations that are already short on IT staff.

 

Managed Deployment

The following solutions are managed deployments. This means the patch management software company has added a deployment solution to the respective cloud provider's marketplace to allow the infrastructure to be provisioned with the click of a button.

 

ManageEngine Patch Manager Plus

ManageEngine Patch Manager Plus is a patch management solution that supports Windows, Linux and Mac OS endpoints. This solution is only available on AWS as a marketplace deployment option.

 

SaaS Deployment

The following solutions are Software as a Service (SaaS) deployments. This means the patch management software company hosts the software for its customers.

 

Kaseya VSA

Kaseya VSA is an RMM management platform created by Kaseya that includes patch management functionality. The patch management solution includes support for Windows, Mac OS X and 3rd party software.

 

Automox

Automox is a next generation patch management platform hosted in AWS that aims to provide a unified platform for managing patches across all environments. The patch management solution includes support for Windows, Mac OS X, Linux and 3rd party software.

 

Fully Managed

The following solutions are fully managed patch management solutions such that the cloud provider manages your patch management platform on your behalf and allows engineers to focus on ensuring that instances are up-to-date with their patches.

 

AWS Systems Manager (Patch Manager)

Patch Manager is AWS' managed patch management solution that rolls up underneath AWS Systems Manager. Patch Manager supports both Linux and Windows operating systems as well as on-premises workloads.

 

Azure Automation (Update Management)

Update Management is Azure's managed patch management solution that rolls up underneath Azure Automation. Azure Automation Update Management supports both Linux and Windows operating systems.

 

Patch management for many is simply a necessary evil that often goes overlooked but has a critical impact to the security posture of all environments. Leveraging a managed solution for patch management helps to make life that much easier for administrators given that patch management doesn't provide any business value for most organizations, but it has to be done lest the organization become another headline about a security breach due to unpatched systems.