I'm looking for effective tools to manage software patching, specifically for 3rd party applications. I need something that requires minimal human input and meets security standards like ISO27001, NIST, or Cyber Essentials (UK). Currently, we use Qualys for scanning and a Kaseya RMM for some clients, but I'm exploring additional patching products. I've tried Datto's patch management, but it's pretty limited to Windows patches and can be unreliable. Ideally, I want a solution that can efficiently patch thousands of endpoints within two weeks of a critical CVE disclosure.
5 Answers
We use Ansible/AWX for patching both OS and 3rd party applications. It works well for automating the process and ensures everything is up-to-date.
I recommend using Microsoft Configuration Manager paired with PatchMyPC Enterprise. The catalog is extensive and continuously updated. It automates not only the patching but also keeps installation objects current, making sure everything stays up-to-date when users access the Software Center. Super automated and reliable!
Is Chocolatey still relevant? I used it a while ago for 3rd party software and found it quite effective. Like the OP, I'm also interested in the latest solutions, so I’ll be watching this thread closely!
We use Action1 for both Windows and 3rd party application patching. They have a solid library of supported apps right out of the box and let you add your own if needed. It’s easy to set up, effective, and you can manage up to 200 endpoints totally free. Definitely worth a look!
We transitioned to the cloud model of PDQ Connect from an on-prem PDQ Deploy setup. Now, any endpoint just needs internet access, and we can patch and update everything seamlessly. The automation and CVE patching capabilities are pretty impressive, especially for VPN clients.
Thanks, I’ll check this out!