Shavlik hits a patch management high note with its robust NetChk Protect. When we launched this Rolling Review we cited automation of the patch process, strong change control and the ability to use bandwidth wisely as key decision points, and NetChk delivers well. The scheduler can handle both discovery and deployment of patches as well as continually scan systems for patch compliance, and we could stage a master version of Office. We were also kept well-informed thanks to its ability to generate Microsoft Baseline Security Analyzer-formatted output for scan results. By adding Shavlik's Distribution Server option, IT can control when patches are distributed to target machines. However, companies with Unix or Linux boxes will need to supplement NetChk.
Shavlik includes a patch repository that is checked prior to all scans, enabling NetChk to keep current with the most recent patches. The repository automatically updates Microsoft security- and non-security-related patches within 24 hours of release. Repository connections and the validity of patches applied by NetChk are verified by digital signatures, and communications between host and client machines use secure protocols. Patching of our test VMs was seamless.
Shavlik NetChk Protect simplifies management of critical security patches and watches for spyware, malware and unwanted applications, all from a single, simple-to-use console without requiring agents.
This Rolling Review will rate patch management tools on breadth of platforms supported, testing and staging capabilities, reporting, the ability to roll back and more. Shavlik focuses only on Windows environments and offers an array of features to manage patches on both OSes and applications. We've also invited 13 other vendors to participate.
We recommend NetChk Protect for all-Windows environments. It includes most must-have features, is easy to use and works as advertised. Not needing to deploy another agent on desktops and servers is a huge benefit. Add virtualization support and a mechanism to throttle network bandwidth, and NetChk will be a hard act to follow.
Other features time-strapped IT groups will appreciate include the ability to set up automated e-mails of scan or deployment results, a choice between agent-less or agent-facilitated patch deployment, transparent support of virtualized systems, and spyware discovery and remediation. These are small features, but they show a level of maturity and over time will make a difference for organizations that must automate as much of the patch process as possible, yet still want to feel confident with results.
For those who must keep detailed security records, we found reporting both comprehensive and flexible. Reports are generated from scanning and patch deployment results and could be arranged and grouped in multiple ways. We used some of the default reports after our scan to gauge the success of patch distribution by severity and the rate of scan successes. Reports are easily exported into a variety of formats, including PDF, HTML, CSV, and RTF.