Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rolling Review: LANDesk Patch Manager

LANDesk software's Patch Manager is offered on its own and as a component of LANDesk's Security Suite or Management Suite; we tested only Patch Manager. Like the other three tools we've covered thus far in this Rolling Review, LANDesk Patch Manager uses proprietary agents installed on target devices. In testing, Patch Manager provided thorough vulnerability discovery and remediation, as well as a robust array of tools to customize those tasks. LANDesk permits management of end devices via existing directory structures, like Active Directory, or through groups created in the application.

DIG DEEPER
THE FIRST STEP
Patching systems is vital to protecting your business, but there's a lot more to do. Download our InformationWeek Report on data loss prevention

Patch Manager's repository of patches can be customized, and the system supports a number of operating systems, including Mac OS X, Red Hat and SUSE Linux, Solaris, and Windows, as well as most common applications, from Apple's iTunes to Sun's JRE, plus popular antivirus systems, including those from McAfee, Sophos, and Symantec. At setup we simply selected the applications we wanted to scan and downloaded appropriate patches. Scans can be enabled with an "autofix" functionality--unique among products we've reviewed so far--that will automatically deploy patches when Patch Manager finds a vulnerability. This may seem like an attractive capability, but it's important to thoroughly test patches before pushing them out to production, so proceed with caution. Instead, we'd recommend the notification option, in which Patch Manager alerts IT by e-mail or pager when a vulnerability of a specified severity is discovered.

LANDesk also supports a policy-based implementation, where you can define the types of patches you want to install and when. While distributing packages, we could use features like targeted multicast, which minimizes bandwidth consumed, or peer download, which capitalizes on local bandwidth by sharing packages already downloaded by one agent on a given subnet. Pretty cool.

Moreover, these features enable pre-staging of patches, allowing for even more flexibility than the usual scheduling options we've seen. LANDesk also impressed us with Patch Manager's inventory scan. In our environment, it provided a surprisingly thorough physical inventory of servers.


Rolling Reviews resent a comprehensive look at a hot technology category, beginning with market analysis and wrapping up with a synopsis of our findings. See our kickoff and other reviews in this patch management series at
networkcomputing.com/rollingreviews/patch

  • 1