News

Configuresoft Security Patch Management Software Updated

Configuresoft released the second generation of a product for one of the biggest problems facing Windows administrators right now -- security patch management.

Security Update Manager 2.0 became available on Monday. SUM 2.0 is a module for Configuresoft's Enterprise Configuration Manager. Configuresoft's approach to security and system availability is to report on and automate the configuration of Windows machines in enterprise networks. "Over 90 percent of vulnerabilities are due to misconfigurations," asserts Configuresoft CEO Alexander Goldstein.

ECM, the company's flagship product, collects tens of thousands of configuration variables from agents on workstations and servers and consolidates them in a SQL Server database for reporting and analysis.

But Configuresoft also recognizes that patch management is a time-consuming and expensive problem for the enterprise. The company cites a Gartner estimate that correcting a security vulnerability at a company with 1,000 servers can cost $300,000.

Configuresoft's value proposition with SUM is to combine the massive store of data it collects through ECM with some extra work its engineering staff puts into Microsoft security bulletins, of which there have been 64 so far this year.

Configuresoft analyzes each security bulletin for the services and software it affects. Run against the centralized SQL database maintained by ECM, the Security Update Manager can immediately give administrators a very fast and specific report on exactly which machines need patching.

Running the query against the database instead of querying the network provides authoritative vulnerability assessment results in seconds rather than hours or days. "Most of our competitors are using some sort of real-time querying in order to assess which machines are vulnerable. Usually only 95 percent to 99 percent of servers are up, and with workstations it's difficult to connect to more than 70 percent to 80 percent of workstations at a time," Goldstein says.

It also greatly reduces the number of machines that need to be checked against the patch requirements. For example, early in 2002, Microsoft and the rest of the industry released fixes for a problem in the SNMP service. Configuresoft learned from its customers that only about 5 percent to 7 percent of their Windows 2000 systems were actually running the service and needed the patch.

"These patches are not productive. They are never tested to the extent that you would like them to be tested. The idea here is to do no harm," Goldstein says. "In reality, this has the impact of doing two things. One: It substantially diminishes the number of patches that have to be deployed. Two: It makes the workload easier."

Much of that fine-grained assessment of system vulnerabilities that allows for targeted lists of affected systems is new to the 2.0 version of SUM. Other new features include push-and-pull patch deployments and role-based administration. The push-and-pull feature allows administrators to push patches to a network location at remote sites so branch office machines can pull the patches down locally rather than over a wide area network. The role-based administration allows delegation of subsets of SUM 2.0 management powers to local staff and lower level administrators.

SUM 2.0 starts at $25 per server and $5 per workstation on top of the base cost of ECM, which starts at $995 per server and $30 per workstation.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.