Keeping devices up-to-date is a fundamental cybersecurity practice. If devices are using software or firmware that is out-of-date, they can be vulnerable to cyber attacks and poor performance. Patch management software is just as important as performance monitoring for keeping devices safe.
Patch management tools help administrators update devices remotely through the use of one platform. In this article, we’re going to look at the best patch management software and tools on the market.
Why Do I Need to Use Patch Management Software?
Patch management tools are important because they allow you to update multiple devices from one location. Rather than updating lots of devices individually, you can update them collectively through one platform. From one user interface, you can push software and firmware updates to devices connected to your network.
Patch management software is useful because it saves the user time and makes managing patches much easier. Being in the position to keep devices updated reduces the likelihood of a device being unpatched and compromised.
Here is our list of the best patch management software:
- SolarWinds Patch Manager (FREE TRIAL) A patch manager for Windows systems that is part of a wider suite of IT infrastructure management tools.
- Atera (FREE TRIAL) A cloud-based patch manager designed for deployment by managed service providers (MSPs).
- PRTG Network Monitor IT infrastructure monitor that also supervises software and operating system versions.
- ManageEngine Patch Manager Plus A patch manager for Windows, Linux, and Mac OS that supports more than 750 applications.
- GFI LanGuard Patch manager for Windows, Linux, and Mac OS devices that runs on Windows.
- Cloud Management Suite Cloud-based tool that patches software on windows, Linux, and Mac OS hosts.
- SysAid Patch Management This patch management tool is part of SysAid IT Asset Management. Can support manual patch strategies or be set to run automatically.
- Itarian Patch Management A patch manager for Windows system that can also patch software on Linux remotely.
- Automox This tool patches software on Windows, Linux, and Mac OS that runs automatically.
- Kaseya VSA This patch manager is part of a remote monitoring and management system for use by MSPs.
First up on this list we have SolarWinds Patch Manager. SolarWinds Patch Manager is a tool used for Microsoft WSUS patch management. This tool integrates with SCCM and offers users the ability to automate patches. In other words, you don’t need to add patches manually in order to stay up-to-date. If there are any problems with patches, then you can diagnose problems with Windows Update Agent.
The patch management experience offered by SolarWinds Patch Manager is very user-friendly. On the patch status dashboard you can view the latest patches and the top 10 missing patches to see where your network security needs to be improved.
If you require more details you can also view the status of SCCM endpoints and additional third-party patches. Updates from the following applications are supported: Adobe, Apache, Apple, Citrix, Dell, Google, HP business, Malwarebytes, and VMware.
There are also patch compliance reports which can be used to detail the status of patches and overall regulatory requirements. All of this information can be sent onwards to other members of your team for further analysis.
Overall SolarWinds Patch Manager is well-suited to those looking for a WSUS and SCCM patch management solution with a simple dashboard and patch compliance reports. SolarWinds Patch Manager starts from a price of $3,750 (£2,845). There is also a 30-day free trial available.
Atera is a patch management solution and RMM platform. This tool is designed specifically for small- to mid-sized businesses and provides a dashboard-based monitoring experience. It is SaaS-based so you can update patches on your devices no matter where you are located. Patches can be identified and automatically updated to keep your network updated with minimal effort.
Patch management on Atera can be used to view the real-time status of system resources, active users, windows updates, SQL servers, Exchange, Active Directory, VMware, and Hyper-V. You also have the option to automatically discover new available patches and schedule updates monthly or weekly.
Alerts are another feature that help to stay on top of network security. On the main dashboard you are shown a breakdown of Recent Alerts which are ranked and color-coded with additional details. This helps to keep you in the loop about what is happening on your network and if any devices have been left vulnerable.
Atera offers a clearcut patch management experience that would function well within any enterprise environment. However, the price tag makes Atera ideal for smaller organizations that want to reduce costs. It costs $79 (£59.95) per technician for unlimited devices. There is also a 30-day free trial.
PRTG Network Monitor is widely-known as a network monitoring platform but also offers patch management capabilities as well. You can use this tool to check for Windows patches and other updates performed within your network. If a device is experiencing issues updating then you can see that through the dashboard view.
There are also notifications to provide real-time updates on patch status. For example, if a patch fails then you can be sent an alert with more details. To use the alerts system, all you need to do is configure a sensor for the type of system that you want to monitor. PRTG Network Monitor uses configurable sensors to measure particular segments of your network.
For example, there is a Windows Updates Status (PowerShell) Sensor. You can use this sensor to monitor the following information: time elapsed since last update, installed windows updates, missing windows updates, and hidden updates. All of this information is categorized by severity and shown to you with numerical and graphical meters.
You can configure thresholds for each sensor so that you receive a notification once certain criteria has been met. You can configure PRTG Network Monitor to notify you the moment that an update has been missed. Alerts are sent via email, SMS, or push notifications.
There is a free version of PRTG Network Monitor which supports up to 100 sensors. If you need more than that, you can purchase one of the paid versions. The price of the paid versions depends on the number of sensors you require. The paid versions start with PRTG 500 which provides 500 sensors for a price of $1600 (£1,214). You can download the free trial version of PRTG Network Monitor.
ManageEngine Patch Manager Plus is a patch management tool that can be used to patch Windows, Mac OS, and Linux computers. The platform offers support for over 750 applications. ManageEngine Patch Manager Plus can be deployed on-premises or in the cloud and is just as comfortable with managing virtual machines and servers as it is desktop devices. Patch management is automated with connected devices being scanned and assessed automatically.
The bulk of the patch management experience is delivered through the dashboard. The dashboard offers a patch view, all computer view, and detailed view. Each view displays different information. For example, the patch view option shows you patches that are available for your network whereas the all systems view shows you the status of current devices. Changing between these options helps you to prioritize what information you wish to see.
One exceptional feature available on ManageEngine Patch Manager Plus is the ability to test and approve patches. The ‘test and approve’ feature allows you to test patches on a small group of computers before you apply any changes to the entire network. Using this feature ensures that you don’t deploy any patches that put your network out of action!
There are three versions of ManageEngine Patch Manager Plus: the Free Edition, ProfessionalEdition, and Enterprise Edition. The Free Edition package supports up to 25 computers. The professional version supports larger LAN environments and provides patch management reports and third-party patch management. The Professional Edition provides antivirus definition updates and the ability to test and approve patches. There is also a free trial version.
5. GFI LanGuard
GFI LanGuard is a patch management solution that can patch Windows, Mac OS, and Linux devices. It is backed by over 60,000 vulnerability assessments to help keep your devices up-to-date. GFI LanGuard can monitor over 60 third-party applications including: Active Python, FileZilla Client, Apache Web Server, Apple QuickTime, Adobe Reader, Adobe Acrobat, Core FTP, Nmap, Google Chrome, Mozilla Firefox, VMware Player, and more.
All you need to run GFI LanGuard is Microsoft Windows Server 2016 Standard DataCenter, Microsoft Windows Server 2012, Microsoft Windows Server 2008, Microsoft Windows 10 Pro/Enterprise, Microsoft Windows 7, Microsoft Windows Vista or Microsoft Small Business Server 2011.
Mid-sized organizations looking for a patch management solution that can be configured alongside a WSUS server that is reliable and easy to deploy would be well-advised to consider GFI Languard. The tool costs $24 (£18) for a one-year subscription. There is also a node-based pricing structure that costs $26.00 (£19) per user for nodes 25-49. Between nodes 50-249 this drops to $14.00 (£10.62) and then drops to $10 (£7.59) per node for 250-2999. There is also a free trial version that you can download here.
6. Cloud Management Suite
Cloud Management Suite is a versatile patch management solution that offers support for Windows, Mac, Linux, and third-party applications. This tool is cloud-based and is accessed through a web browser. Cloud Management Suite can be deployed in less than an hour. From the moment you launch the program there are automated patch queries which show you the Critical and Top 10 Windows patches so that you can kick start your patch management.
If you need to look closer into patches you can generate reports. Reports provide you with a record of the patch data you have produced in real-time. For additional security over your patch records you can enable two-factor authentication with an email or SMS.
There are three versions of Cloud Management Suite: Cloud Management Suite Essentials, Cloud Management Suite, and Cloud Management Suite Realtime Security. The Essentials version offers third-party patching and device discovery with one console user account. The Essentials version offers five console user accounts and reports. The Cloud Management Suite Realtime Security version offers unlimited user accounts and live device location maps. You can download the free trial here.
7. SysAid Patch Management (SysAid IT Asset Management)
SysAid Patch Management is a tool that integrates into SysAid IT Asset Management that is designed to keep computers and windows servers up-to-date. Patches can be automatically and manually updated. The tool has been designed to make the setup process as simple as possible and the user interface maintains this usability from managing patches to configuring manual updates.
SysAid Patch Management supports many different third-party applications including: Adobe Flash, Mozilla Firefox, Google Chrome, Java, RealPlayer, Safari, Skype, Mozilla Thunderbird, Yahoo Messenger, Apple iTunes, and 7-Zip. In other words, you can monitor most third-party services and applications without leaving the platform.
The patch management experience offered by SysAid Patch Management has something to offer enterprises of all sizes. There are three versions available for purchase: A La Carte, Full and Basic. However, you need to contact the company directly in order to view a quote. There is also a free trial which can be downloaded here.
8. Itarian Patch Management
Itarian Patch Management is another patch management solution that simplifies the patch management process. Itarian Patch Management is designed specifically for Windows patches and can update Windows 2000, Windows XP, Windows XP Gold, Windows Vista, Vista, Gold, Windows 7, Windows 8, Windows 8.1, and Windows 10. Third-party patches are available on request if you require patches for other devices.
The user interface is relatively basic but gets the job done well. From launch you can start to automatically discover devices in your network to begin detecting and patching future vulnerabilities.
From then on, you can create policies to automatically schedule updates. This means that computers will be updated on an automated basis. You can also go a step further and remotely deploy updates for Windows and Linux machines. Itarian Patch management thus provides an exceptional remote patch management experience.
Few tools offer the complete remote patch management solution that Itarian Patch Management does. One of the perks of Itarian Patch Management is that you can download it for free before you upgrade (you’ll need to contact the company directly for a quote). All you need to do to begin is enter your email. The free trial version of Italian Patch Management is available here.
Automox is an OS and third-party patching solution for Windows, Mac, and Linux systems. On Automox, available patches are deployed automatically. However on the dashboard you can also view available patches and accept or reject as needed. There is also the option to see further information if you need to know more before deploying a patch. You can even create custom scripts to dictate how patches are deployed.
This program also offers support for a range of third-party applications. Adobe, MozillaFirefox, and Google Chrome are just some of the names that Automox offers support for. The mix of OS and third-party support makes Automox ideal in most enterprise environments because it can sustain lots of different software providers.
There are two pricing options available for Automox: the Basic and Full versions. The basic version clocks in at $1.60 (£1.21) per endpoint per month. The Full version is billed at $4.00 (£3.04) per active endpoint per month. The main difference between the two is that the Full version offers advanced policy features, a rules-based patching engine, and custom end user notifications. There is also a 15-day free trial which you can download here.
10. Kaseya VSA
Finally we have Kaseya VSA. With Kaseya VSA you can view the patch status of devices connected to your network in real-time. You can tell whether a machine has patches available regardless of whether it is turned on or off. All of this information is shown through one dashboard view so that you don’t miss anything. You also have the control to Override Profiles and block patches that you don’t want to deploy.
One of the key selling points of Kaseya VSA is that you don’t need to maintain a centralized file share or LAN cache. The Agent Endpoint Fabric sends update packages more efficiently reducing the resource footprint needed to update connected devices.
In addition, to make sure that you don’t fall behind, Kaseya VSA has a notifications system. You configure the platform to send you an alert if issues like defragmentation are recognized on a device.
Kaseya VSA also offers wider network monitoring capabilities to measure key metrics like CPU, memory usage, disk usage, and bandwidth usage to provide comprehensive coverage. The ability to manage the physical health of devices alongside their patch status makes this a top of the line patch management solution.
The price of Kaseya VSA depends on the amount of endpoints you require. The more endpoints you have, the higher the price. However, you’ll have to contact the company directly if you want to view a quote. Although there is also a 14-day free trial available here.
Best Patch Management Software: SolarWinds Patch Manager and Atera
Though there are many different patch management tools, SolarWinds Patch Manager, Atera, and Cloud Management Suite stand out as some of the best on this list. Each of these tools has the design and production value to sustain networks of all sizes. These three tools are competitively-priced making them accessible to smaller organizations as well.
However, if the price tag of these tools is too high a tool like PRTG Network Monitor is a formidable alternative. Being able to create your own patch management sensors helps to give you all the functionality of some higher-priced tools without the costs (though you can always transition to paid versions as well!).
Likewise, if you want general network monitoring features as well you can simply provision network monitoring sensors to keep tabs on your network. Combining patch management and network monitoring is useful for limiting the potential for vulnerabilities of all shapes and sizes.
Investing in a patch management tool will pay off over the long term as you keep your network’s devices updated and safe from vulnerabilities. Trying to manually update patches inconsistently can have disastrous consequences if a cyber attacker exploits an unpatched vulnerability. By using a patch management tool you can reduce the risk of a successful attack and stay online.