Centero has compared patch management products before: the first comparison was published in 2015, the second one the following year, in 2016. There were several reasons to take on this comparison task. Centero wanted to compare its own product to similar solutions of its competitors and, in doing so, improve the quality and functionalities of Centero Software Manager. The latest comparison of patch management tools was completed in 2019.
The comparison gathered information related to patch management processes, methods, and tools. In addition, we wanted to offer the readers as objective as possible an overview of the patch management solutions available in the world at the moment.
The comparison was released for public late 2019, and it’s available for download free of charge here.
Patch Management solutions under comparison
The compared solutions fall into three categories. In the next posts of this blog series, we will go through all of the following tools:
- Cloud-based and agent solutions
- Automox patch management
- Cloud Management Suite
- Comodo ONE (Itarian)
- F-Secure PSB: Software Updater
- Integrating on-premises-solutions
- Centero Software Manager
- Ivanti Patch for SCCM
- Solarwinds Patch Manager
- Standalone on-premises-solutions
- GFI Languard
- IBM BigFix
- ManageEngine Patch Manager Plus
The patch management tools we compared are, just like Centero’s own Centero Software Manager, products designed for centralized update management of commercial 3rd party applications, meaning applications like Google Chrome, Mozilla Firefox, Adobe Reader, and Adobe Flash Player.
Applications and updating them
Centero’s comparison has been limited to a certain set of solutions: those aimed at automatizing the patch management of often used 3rd party applications, in particular on Windows workstations. There are several reasons for application updates, but maintaining and improving information security is probably the most important one.
3rd party applications, however, come from various application providers, meaning the update schedules and methods come in all shapes and sizes. This means that completely manual patch management is extremely painstaking, sometimes even impossible.
The survey and the criteria behind the comparison
The comparison draws from a survey we conducted, aimed to study the 3rd party application updates on workstations using a Windows-based operating system. For this survey, we received 100 answers from 44 different countries.
Among other things, the survey aimed to find out whether the organization had conducted an information security risk evaluation from business point of view, and whether the organizations saw 3rd party application vulnerabilities as a threat to their business. We also collected information on the most often used 3rd party applications, the most important update management processes, and the features that were considered most important in a management tool. The information gathered was then used when defining the comparison criteria.
Focus of the comparison
Our aim was to maintain a strong objectivity in the comparison, and that’s why it was crucial to study the available solutions with as clear criteria as possible. It was also important to try to reflect the compared issues with both the results of the Centero survey, the general context of information security, and other surveys in the field.
The compared products were evaluated in the following areas:
- Product Security
- Vulnerability Management
- Distribution and Installation
- Update Verification
- Usability and Capacity for Best Corporate Practices
- Solution Deployment.
The General category dealt with, among other things, how comprehensive the application was, the product’s pricing and trial use, the operating systems the product supports, the infrastructure it requires, how Microsoft’s security updates were managed, and, if applicable, the business application updates.
Product security covered managing and uninstalling patch management solutions, tracing and determining update information, and the possibility to monitor the admin action log.
When it came to vulnerabilities, the evaluation focused on the solution’s ability to monitor 3rd party application vulnerabilities, the possibility to set vulnerability alerts, and whether the product had a vulnerability scoring system.
To read more on the criteria, and the results of the survey, download our free Patch Management Tools’ Comparison. You’ll find it here!
Conducting the comparison
Once we had the criteria we started the comparison, one product at a time.
The solution comparison was mainly done in two parts. First, we went through the solution’s management features, and once that was done, we tried to update the included 3rd party applications onto a Windows 10 endpoint, using the product in question. After this, we were able to browse the endpoint to see how, and with what settings, the patches were installed.
In the next post of this blog series we will see how F-Secure PSB: Software Updater did in the comparison.
For detailed information on the comparison’s results, and the features of the compared applications, check out our Free Patch Management Tools’ Comparison Guide.