I'm looking for reliable solutions to manage software patches for third-party applications. Specifically, I need options that require minimal human input and comply with security standards like ISO27001, NIST, or Cyber Essentials (UK). We already use Qualys for scanning and a Kaseya RMM, but I'm exploring other patching products. I have Datto's patch management for some clients, but it only covers Windows patches and has been inconsistent. Ideally, I'd like a tool that can handle a few thousand endpoints within 14 days after a critical CVE is disclosed.
5 Answers
Ansible/AWX is our go-to for both OS and third-party patching. It’s pretty powerful and configurable.
We've switched from on-prem PDQ Deploy to the cloud-based PDQ Connect. It's super helpful because as long as the endpoint is online, we can keep everything patched. The automation features really shine when you need to quickly update things like VPN clients.
Is Chocolatey still relevant? I used it a while back for third-party patches and found it quite reliable. I'm interested in hearing what others are using too since I'm in a similar situation as you.
I swear by Microsoft Configuration Manager paired with PatchMyPC Enterprise. Their patch catalog is extensive and always expanding. The support is really quick too. Not to mention, it automatically keeps all my applications up to date, which is a huge time-saver.
We use Action1 for both Windows and third-party app patching. It has a wide range of supported apps and is easy to set up. Plus, you can patch up to 200 endpoints for free, which makes it a great option to check out!
Thanks, I’ll definitely look into that!