I'm interested in finding effective solutions for patching and remediation of third-party applications, not just Windows patches. Ideally, I need software that requires minimal human intervention and complies with security standards like ISO27001, NIST, or Cyber Essentials (UK). Currently, we use Qualys for scanning and have a Kaseya RMM. While Qualys has a patching product that I'm exploring, I'm also using Datto's patch management for some clients. However, Datto only covers Windows patches and isn't very reliable. I'm looking for a trustworthy product that can manage patches for thousands of endpoints within 14 days of a critical CVE being disclosed.
13 Answers
We use an intern pool for some tasks, and VSAx is doing a decent job. It's not perfect, but it's working out at the moment. The price for some of these solutions makes it tempting to keep things casual with interns!
We had Action1 for a bit, but we switched away from Qualys because of frustration with their support for our Apple devices. It was hard getting help when issues arose, especially since it felt like our rep had a bias against Apple. In contrast, Action1 simplifies account issues since everything's online, and it's way less of a hassle to manage.
We have been using Microsoft Configuration Manager along with PatchMyPC Enterprise. Their patch catalog is extensive and always expanding. I love the automation; it ensures that all installation objects are up-to-date, which means users always get the latest apps from the Software Center. It really streamlines my management process.
Pdq Deploy is another solid choice. It’s not always straightforward since we had to create some custom wrappers for certain apps, but it does allow for automation of keeping apps updated after hours.
NinjaOne has become a top choice for me! If I had a say in our RMM, I'd choose them in a heartbeat. Sadly, we're stuck with Kaseya for now, but NinjaOne's features are tough to beat.
If only I had that flexibility with my tools!
We just transitioned to the cloud version of PDQ Connect from an on-prem PDQ Deploy. Now, as long as an endpoint is online, we can patch and update it easily. It's been great for quick updates, especially for our VPN clients. The automation and CVE patching features have also impressed us.
We're using Automox for our patching needs now. It’s been quite effective for our team.
We use Action1 for both Windows and third-party app patching. They have an extensive library of supported apps right out of the box, and you can add your own as needed. It's super easy to set up and effective, plus they let you use it for up to 200 endpoints for free. Definitely worth considering!
Thanks, I’ll check this out.
We're using Ivanti EPM. I know it gets criticized, but it has been working well for our organization even with the hiccups.
MECM and Intune with Patch My PC are our go-to solutions. We’re currently transitioning to Intune, which is going smoothly.
We use Ansible/AWX for patching both OS and third-party applications. It's pretty effective and flexible, especially in managing various patching needs.
We rely on Tanium for deployments. Their gallery has pre-made packages for popular software, but we often build our own to meet specific needs.
Is Chocolatey still a viable option? I used it some years back, and it worked pretty well for third-party app management. I feel your pain about finding a reliable solution, so I'm keen to see what others suggest here.
Hiring interns definitely cuts down on costs!