Security configuration management: Advanced patching

For many small and medium-sized businesses (SMBs), security means putting a firewall in place and doing the requisite patching required every month after Microsoft's "Patch Tuesday." There are many tools that can automate and manage the patching process, but the tools are not enough.

Keeping an endpoint secure involves more than making sure it is adequately patched. IT professionals at SMBs also need to make sure the data on the device is protected and adheres to the organization's policies relative to authorized applications. For instance, you may want to turn off Skype or not allow users to use Web mail at work or during certain times.

    Requires Free Membership to View

More on patching
Firm eases pain of patch management for mobile workers

Seven steps for a patch management process: Check IT List
First-generation patching products didn't give the level of granularity needed to enforce these policies. They were all about scanning a machine, making sure the latest patches were applied and moving on. A new offering called security configuration management (SCM) is maturing quickly and can address many of these issues.

SCM products manage the lifecycle of the desktop and integrate a lot of traditional desktop management functions, like software distribution, patching and asset management.

There will be more functionality making it into the SCM agent. Antivirus and antispyware functions are obvious additions to provide more leverage and ease the burden of managing all of the disparate agents running on the typical device.

Ultimately, you are trying to both increase the security of your environment and streamline the management. Sounds like having your cake and eating it too? It is, and for that privilege you will pay -- probably through the nose. But as the markets mature, prices will come down, as they always do.

So who are some of the players in this market? Per usual, you have the specialists and the aggregators, who have bought their way into the market. The specialists include BigFix Inc., Configuresoft Inc., Shavlik Technologies LLC and PatchLink Corp. Some started with patching and have grown capabilities, while others started from the standpoint of systems management and sort of ended up doing security. No matter, these companies will be rolled up sooner, rather than later, as Big IT (Microsoft, Hewlett-Packard Co., IBM, CA) realizes it's sick of giving money to Big Security (Symantec Corp. and McAfee Inc.).

Speaking of Big Security, both of the antivirus leaders have bought companies to get exposure to security configuration management. Symantec has had a number of products that solved a portion of problems (Enterprise Security Manager and BindView) and recently bought Altiris Inc. to get a broader, more robust endpoint management capability. McAfee bought Citadel Security Systems Inc. and Preventsys to integrate their capabilities into its Total Protection suite.

Of course, you know what they say about acquired technology. Unless it's actually integrated, it's not really that useful. So we are going to continue to see a lot of evolution and integration relative to endpoint security. It's ridiculous that you need eight to 10 agents to get the job done, so consolidating these capabilities is a must, and it's happening -- slowly, but surely. To net things out, security configuration management is yet another feature of a strong endpoint security platform.

Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and the author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about The Pragmatic CSO at http://www.pragmaticcso.com, read his blog at http://blog.securityincite.com, or reach him via email at mike.rothman (at) securityincite (dot) com.

This was first published in May 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.