Key Criteria for Evaluating Patch Management Solutionsv2.0

An Evaluation Guide for Technology Decision-Makers

Table of Contents

  1. Summary
  2. Patch Management Primer
  3. Report Methodology
  4. Decision Criteria Analysis
  5. Evaluation Metrics
  6. Key Criteria: Impact Analysis
  7. Analyst’s Take
  8. About Ron Williams

1. Summary

Patch management is a process by which organizations can automatically detect, deploy, and report on software patches across the enterprise. Patch management solutions ensure systems and software stay up to date by installing software updates, service packs, and hotfixes to reduce security risks, improve system performance, and avoid downtime.

Good patch management practices in the current global environment require identifying and mitigating the root causes responsible for cyberattacks. Patch management also requires the proper tools, processes, and methods to minimize security risks and support the functionality of the underlying hardware or software. Patch prioritization, testing, implementation tracking, and verification are all part of robust patch management.

While patch management primarily addresses security vulnerabilities, patch management and security operations (SecOps) are typically performed in different organizational environments. SecOps is concerned about risk, compliance, and security. ITOps has similar objectives but focuses more on risk and security in terms of reducing vulnerability rather than ensuring compliance. These are similar goals; however, in practice, ITOps is concerned with installing patches and keeping software up-to-date, whereas SecOps focuses more broadly on the entire enterprise. This bifurcation can lead to issues, notably delays between security problems being found by SecOps and the communication of the issues to ITOps. Shortening the length of exposure before a given security patch is applied is a key factor in protecting the organization. Patch management solutions that bridge the gap between SecOps and ITOps can improve the security of the enterprise, though this may be costly.

This is the second year that GigaOm has reported on the patch management space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report details the capabilities (table stakes, key criteria, and emerging technologies) and non-functional requirements (evaluation metrics) for selecting an effective patch management solution. The companion GigaOm Radar report identifies vendors and products that excel in those capabilities and metrics. Together, these reports provide an overview of the category and its underlying technology, identify leading patch management offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Full content available to GigaOm Subscribers.

Sign Up For Free