The Best IoT Update Management Tools

IoT devices, such as security cameras, used to be updated automatically by their manufacturers to keep their firmware and utilities up to date. However, that strategy has terrible security consequences. A hacker just needs to break into one computer – that manages the device software updates – to infect hundreds of millions of devices all over the world.

Here is our list of the best IoT update management tools:

1. Syxsense Manage A cloud-based device management system with automated patch management for endpoint, network equipment, and IoT devices. This is one of the few system management services that includes update management for every type of device that your business uses.
2. JFrog Connect A highly respected IoT management system that is very useful for updating the firmware on Industrial IoT devices.
3. Quest KACE Systems Management Appliance This on-premises package manages the lifecycle of all IT devices, including IoT systems. Runs on a hypervisor.
4. AWS IoT Device Management A comprehensive secure remote management package for IoT devices operations that includes update management.
5. Cumulocity IoT Device Management A reliable and well-organized asset management system for IoT devices that is suitable for very large fleets.
6. ThingsBoard An open-source IoT device management package with free and paid versions.

You can read more about each of these options in the following sections.

According to IoT-Analytics, there were 11.3 billion IoT devices connected to the Internet at the end of 2020. Estimates forecast 27 billion devices by the end of 2025. These connected devices are everywhere and they are becoming useful tools for hackers.

IoT device vulnerabilities

Currently, the main abuse of IoT devices, such as security cameras is mostly used by hackers as zombie devices in a botnet. These pieces of equipment are instructed to send malformed connection requests to a target server simultaneously to prevent that server from receiving genuine requests from the Web. This is called a DDoS attack and it is a perpetual problem for Web-based businesses.

Increasingly, IoT devices are providing paths for intruders to get into a business system. If there is a procedure from your device that reports into one of your servers, or receives instructions from within your network, there is a path that intruders can use to send in a remote access Trojan (RAT) – and then they have a backdoor into your network, bypassing your firewall.

Consumer devices, such as TVs and even fridges are still updated directly from the manufacturer over the internet and this is a massive public security problem that no one seems able to address. However, businesses can take control of this problem.

Securing IoT devices

There are two steps that a business needs to take to protect its IoT devices from hacker attacks and it is best to perform these out of the box. The first of these is to log into the management console of each device and change the username and password from the default.

The variation used by manufacturers for access credentials is minimal. It takes hackers a couple of minutes to guess these combinations by running an automated credentials cracker off a list of words, such as “system,” “admin,” and “password.”

Worse still, every single device will have the same username and password. So, once a hacker has spent a few minutes cracking the access credentials for a specific model of security camera, he only needs to locate the many installations of that device to gain a botnet of devices.

The second step you need to take is to block external access to your IoT devices. Wireless devices need to use transmission protection, which should be WPA3, or, if that isn’t available on the device, WPA2.

Devices that connect through to your network over the internet should use Transport Layer Security (TLS). If that isn’t available on the device, you need to look into installing a VPN client on the device.

Using a VPN is a step toward creating your own extended protected network out over the public medium of the Internet. If you have several sites and IoT devices on each, you should look into creating a SASE system to protect your wide area network and shield your IoT devices.

IoT firmware updates

By following best practices and securing your IoT devices, you run into another problem. Your device security will now block the manufacturer from accessing your IoT systems and updating their firmware and software. So, you need to implement an alternative route to keep your IoT devices up to date and free from exploits.

One of the essential tasks in keeping all equipment safe from hackers is to close vulnerabilities and one of the main methods to achieve this is patch management.

You now need to implement IoT vulnerability security through IoT update management.

The best IoT update management tools

Most software producers make updates available for their products on their websites and patch managers know where to look to get that installer and download it. The same is true for the manufacturers of IoT devices – they make firmware updates available for download. So, you need a patch manager that is specifically programmed to look at hardware manufacturers rather than software houses for updates.

Using this set of criteria, we looked for a list of IoT update management tools that are reliable and automated.

1. Syxsense Manage

Syxsense Manage is part of a cloud platform of system monitoring and management tools. The Manage bundle offers a range of tools to help run all of your IT assets that includes IoT devices.

Key Features:

• Automated patch rollouts
• Producer polling
• Unattended implementation
• Completion status reports
• Patches IoT devices

The patch management module of the Syxsense Manage service can update software, operating systems, and firmware on endpoints network equipment, and IoT devices.

The patch manager prioritizes the patch requirements of each device, letting you know when there are computers or equipment that need to be updated urgently. This is important because the Syxsense system is automated. You give it a calendar of maintenance windows and it will hold up patches until the next available period. Many managers see applying patches as a disruptive exercise and try to put it off. The risk rating service lets you know to maybe enter a sooner time to roll out those patches.

It is better to apply patches when the devices are not in use, therefore it is common practice to schedule patch installation for out-of-office hours. This can mean paying big bucks to technical staff to stay in the office and run the process. This isn’t necessary with Syxsense Manage because the patch system will kick off automatically. Detailed execution reports and completion statuses in the patch manager console let technicians see how things went.

Syxsense Manage isn’t just a patch manager. Apart from IoT update management, this system offers software license management for endpoint and mobile device management. This cloud-based system is a subscription service but you need to contact the Sales Department to request a quote. You can assess this tool with a 14-day free trial that also gives access to the Syxsense Secure module.

2. JFrog Connect

JFrog Connect is a specialized IoT device management tool that has built up a strong reputation since it was known as Upswift – JFrog acquired that business in September 2021.

Key Features:

• Management tools for remote IoT devices
• Devices need to be running Linux
• Secure connections
• Automated IoT update management

Upswift is now called JFrog Connect and it is a cloud platform that includes a bundle of systems to manage remote IoT devices. It can also manage and update computers running Linux. One caveat about JFrog Connect is that the IoT devices have to be running a Linux distro for this system to operate.

This system allows administrators to get direct access to remote IoT devices for maintenance. The system also extracts performance data, which is shown in the JFrog Connect console. You can use this system to access IoT devices that are connected to your local network as well even though it is advertised as a system to manage remote devices – the package runs from the cloud, so even your local devices are remote to the platform.

There are six editions for JFrog Connect and they are divided into two groups: Early Production and Production. The Production group is quite pricey with subscription rates starting at $300 per month for a 10 device monitoring bundle. The Early Production group is more affordable with the first plan, Prototype, being free – that covers three devices. The Early Production plan costs $99 per month for 10 devices. Get a free trial of the top plan for one device.

3. Quest KACE Systems Management Appliance

Quest KACE Systems Management Appliance includes deployment, management, and retirement procedures to cover the entire lifecycle of system hardware and it includes IoT devices in its brief. Part of the responsibilities of this package includes patch management. The tool also includes software license management, so it is an IT asset management (ITAM) system.

Key Features:

• Equipment lifecycle management
• IoT update management
• Software license management

Quest deploys tunneling to create secure connections to remote devices, such as IoT equipment. This enables encryption on the link and keeps a channel open for technician remote access and automated firmware risk scanning and updating.

The KACE Systems Management Appliance can be contacted by administrators through a mobile app. The service allows you to set up a calendar of maintenance windows and it will hold back patches for unattended installation at the next available period.

Quest KACE Systems Management Appliance installs on-premises as a virtual appliance over a hypervisor. This can be Hyper-V, VMWare, or Nutanix. Quest doesn’t publish a price list, so you need to contact the Sales Department to request a quote. Assess this tool with a 14-day free trial.

4. AWS IoT Device Management

AWS IoT Device Management is Amazon’s IoT device control service. This cloud platform offers a very expandable service that can supervise thousands of IoT devices per account, so if you are a large business with many sites and many devices, this would be a good choice.

Key Features:

• Secure access
• Performance monitoring
• Update management

The package provides secure access to your devices, which gives you a way to harden those IoT systems against intruder access attempts – only access via the secure link is possible. The console of the AWS IoT Device Management service gives you performance feedback and you can also get remote access to each device through the system. The IoT Device Management system includes an update manager for firmware and other software running on your devices.

The AWS service isn’t limited to monitoring one type of device per account, so you can include shopfloor systems, vehicles, security cameras, and retail equipment in your account.

This is an excellent and comprehensive service and your biggest difficulty is going to be working out how much the service is going to cost because there are several factors involved. Check out the AWS Pricing page for more details.

5. Cumulocity IoT Device Management

Cumulocity IoT Device Management is an IoT device management system provided from the cloud by Software AG. This system includes the setup of device configurations nads on-going monitoring and management. As it is a cloud service, this tool is remote to your own local devices and it treats all of your fleet, near and far, equally.

Key Features:

• Cloud-based
• Secure connections
• Monitores performance

This package includes an update manager for firmware and it is a complete asset management system for IoT devices.

The Software AG system is capable of managing very large fleets – one of its clients is Deutsche Telekom. This is an efficient and reliable system.

Software AG doesn’t publish a price list for the Cumulocity IoT Device Management service. However, you can contact the Sales Department and arrange access to a workshop to explore the system.

6. ThingsBoard

ThingsBoard is an open-source system with a Community Edition, which is available for free. You don’t get professional support with that version, so you might want to move up to the Professional Edition.

Key Features:

• Performance alerts
• Firmware update management
• Fault remediation automation

This system provides configuration management and performance monitoring for remote IoT devices. The system uses HTTP for connections, but you can adjust that to HTTPS to get connection security. This service includes an alerting mechanism for different operating statuses and it is also possible to set up a rule base for automated remediation. Firmware update management is one of the services of ThingsBoard.

A nice feature of the management console is live location tracking on a real-world map. The system operates through telemetry, so it could also be used to monitor microservices and Web applications.

The software for ThingsBoard installs on Linux, macOS, Windows, Windows Server, Docker, or on Raspberry Pi. There is also a cloud option for ThingsBoard Professional. ThingsBoard Cloud is available for a 30-day free trial.