I'm looking for effective tools to handle software patching and remediation for third-party applications. Specifically, I'm not referring to standard Windows patches but rather solutions that require minimal human intervention and align with security standards like ISO27001, NIST, or Cyber Essentials (UK). Currently, we're using Qualys for scanning and Kaseya RMM. Qualys seems to have a patching solution, which I'm just starting to explore, and while I use Datto's patch management for some clients, it primarily covers Windows patches and isn't very reliable. Ideally, I'm in search of a trusted product that can manage patching for thousands of endpoints within 14 days of critical CVE disclosures.
13 Answers
We work with Automox for our patch management needs. It's been working out pretty well for us without any major issues.
We transitioned from an on-prem PDQ Deploy and Inventory setup to PDQ Connect, which is cloud-based. It allows us to manage patching from anywhere with an internet connection. The automation and on-the-fly VPN client updates have been lifesavers! They also have extensive CVE patching capabilities.
We're using Action1 for both Windows and third-party application patching. They have a solid library of supported apps right out of the box, plus you can add your own if necessary. It's straightforward to set up, works well, and the best part is you can manage up to 200 endpoints for free. Definitely worth a look!
For some applications, we do a wrapper process in PDQ Deploy to ensure they install correctly, since some don’t register versions properly. We set a rule to update any out-of-date apps after hours.
We use Tanium specifically for its Deploy module, which offers pre-made packages for popular software. We usually customize our own packages for other applications.
MECM and Intune with Patch My PC is our setup, and we’re only using both during our transition to Intune.
I've been utilizing Microsoft Configuration Manager with PatchMyPC Enterprise. Their patch catalog keeps getting better, and their support is pretty quick to respond. The best feature for me is the automation—it makes sure all my software is current before users even install apps from the Software Center, plus it keeps everything fresh for system imaging. Super helpful!
NinjaOne is my top choice for patching. If I had the freedom to choose our RMM, this would be my go-to, but we're stuck with Kaseya.
Just a couple of interns managing our patching—it’s surprisingly effective. We've had some decent success with VSAx, though there have been a few high uptime servers that still need attention for rebooting post-patch.
For OS and third-party app patching, we utilize Ansible/AWX. It's been quite effective for us.
Is Chocolatey still relevant? I used it years ago and found it reliable for third-party patching. I’m facing the same issues as the OP, so I’ll be following this thread closely!
We’re using Ivanti EPM. I know it gets mixed reviews, but it has done the job for us without any significant problems.
Action1 has treated us well, but we had some frustrating experiences with Qualys. After dealing with billing issues and unhelpful support, we decided to switch. Having the ability to manage our account online without waiting on sales reps is a big plus.
Thanks, I’ll check this out!