Patch Management Checklist: What To Look For in a Platform

Apr 10,2019 | Todd Kirkland

Patch Management Checklist: What To Look For in a Platform

We have had many discussions with JetPatch customers and potential customers about what kind of capabilities the ideal patch management platform should have. We thought it would be useful to share what we heard from IT and InfoSec teams. So, we present, the ultimate patch management checklist.

Centralized Patch Management Through a UI

Handle all patch management tasks across all environments with a single, visual user interface.

Real-Time Patch Compliance Reporting

View an up-to-the-minute dashboard that shows patching compliance across all the organization’s endpoints, following regulatory requirements or the organizations’ own policies.

Standardized Patching Process Across Environments: Cloud, On-Premise and Heterogeneous OSs

A patch management platform should have the ability to define and execute a unified patching process regardless of the environment in which the patches are being deployed.

Patch Consolidation

Instead of deploying patches individually, the ideal patch management platform should be able to intelligently consolidate the deployment of multiple patches at the optimal time. This can be done by both organizational policies, as well as techniques such as machine learning. The result is shorter downtimes while minimizing the length of time vulnerabilities remain unpatched.

Patch Recommendations based on Industry Benchmarking and Baseline Comparisons

Systems must leverage respected industry vulnerability databases to ensure continuous baseline and patch available tracking.

Customizable Scripts for Pre- and Post-Patching Processes

Collect and manage runnable scripts targeted for endpoints by creating tasks and workflows for pre- and post-patching activities.

Automated Multi-Patch Deployment

Automatically execute patch rollout workflows by server groups and maintenance windows. Accelerate testing-staging-production cycles, ensuring patches are deployed without errors.

Integration of Patch Processes with the Organization’s ITSM System

Patch management is not an island in the enterprise IT world. An enterprise-grade patch management platform should be able to automatically create tickets — for example, for patch deployment approvals or patch-related incidents — in the organization’s ITSM, such as ServiceNow and JIRAn

Integration with Vulnerability Scanners

Integration with external vulnerability analytics and assessment tools such as Nexpose and Nessus provides an in-depth assessment and report of discovered vulnerabilities.

Role-Based Access Control (RBAC) and Integration with Domain Controller

Types of access should include local user, domain user, and domain-group. In addition, access defined by server scope must be available.

Patch Optimization and Exception Handling

Analyzes and learn the root causes of remediation delays and automatically correct them.

Filtered Views Based on Endpoint Groups

Endpoint groups allow you to aggregate devices in order to perform all your needed patch processes. Thus, the ability to apply filters to multiple columns is necessary.

Patch Management Checklist: What Next?

We hope you found this patch management checklist useful as you look for the best patch management platform for your organization. JetPatch, of course, supports all of these features and more. We would love to show you a demo. Request a demo.

Originally published at https://jetpatch.com on April 10, 2019.