I'm curious to find out what tools people are using for software patching and remediation, especially for third-party applications. I'm not talking about Windows patches, but rather tools that require minimal human intervention and comply with standards like ISO27001, NIST, or Cyber Essentials. Currently, we have Qualys for scanning and Kaseya RMM, and I'm exploring Qualys's patching solution. I also use Datto's patch management for some clients, but it's limited to Windows and doesn't perform well. Ideally, I want a reliable product that can manage patching for several thousand endpoints within 14 days of a critical CVE alert.
5 Answers
We use Action1 for patching both Windows and third-party applications. It has a broad library of supported apps right out of the box and lets you add custom ones if needed. It's really easy to set up and effective — plus, they allow you to manage up to 200 endpoints for free. Definitely worth checking out!
We recently switched from on-prem PDQ Deploy and Inventory to the cloud-based PDQ Connect. It only requires an online connection to keep everything patched. We've been really happy with its features, especially for patching our VPN clients. Plus, it has great automation for CVE patching across a lot of applications.
We're using Microsoft Configuration Manager along with PatchMyPC Enterprise. Their patch catalog is fantastic and keeps expanding. The support is quick and helpful, and it automatically creates installation objects, so any software updates are current as of the previous day. Completely automated and super convenient!
Is Chocolatey still a viable option for patch management? I used it years ago for third-party applications and found it to be pretty solid. I'm curious about what others are saying, so I'll keep an eye on this thread!
We heavily rely on Ansible/AWX for both OS and third-party patching. It's flexible and works well for our needs.
Thanks, I’ll check this out!