Once the initial scan is complete, you will probably want to deploy any missing patches or service packs. To do so, go to the Security Scanner container at the top of the user interface and then right click on the computer that you want to update. You will have the option of deploying the patches onto the selected computer or onto all computers. LANguard will send the users a message before the deployment process begins and will stop any necessary services on the user's machines.
Earlier I mentioned that one of the big drawbacks to Microsoft's SUS is that there are a limited number of Microsoft products that it can manage patches for. This is not the case with GFI LANguard though. GFI LANguard can handle patch management for all Microsoft server products, operating systems, and even for Microsoft Office. It even has the ability to deploy patches for non-Microsoft products (although the need for such patches is not automatically detected). Although GFI LANguard is clearly superior to SUS, GFI recommends using GFI LANguard as a compliment to SUS rather than as an alternative to it. In fact, GFI has published a white paper that details the specifics of using SUS and GFI LANguard together. You can read this white paper at www.gfi.com/whitepapers/patch-management.pdf.
Another reason why using GFI LANguard in conjunction to SUS is an ideal patch management solution is because of the timeliness of patch deployment. You probably remember the SQL Slammer virus, which exploited a hole in SQL Server. A patch was available from Microsoft very soon after the virus first appeared and yet millions were affected with the virus because they did not patch SQL quickly enough. GFI LANguard allows you to deploy patches immediately to all of your computers. You also have the option of scheduling both scans and patch deployments. Additionally, you have the option of setting up various types of alerts. That way if a security scan detects a critical vulnerability you can be notified immediately so that you can take action.
Earlier I mentioned that one of the big drawbacks to Microsoft's SUS is that there are a limited number of Microsoft products that it can manage patches for. This is not the case with GFI LANguard though. GFI LANguard can handle patch management for all Microsoft server products, operating systems, and even for Microsoft Office. It even has the ability to deploy patches for non-Microsoft products (although the need for such patches is not automatically detected). Although GFI LANguard is clearly superior to SUS, GFI recommends using GFI LANguard as a compliment to SUS rather than as an alternative to it. In fact, GFI has published a white paper that details the specifics of using SUS and GFI LANguard together. You can read this white paper at www.gfi.com/whitepapers/patch-management.pdf.
Another reason why using GFI LANguard in conjunction to SUS is an ideal patch management solution is because of the timeliness of patch deployment. You probably remember the SQL Slammer virus, which exploited a hole in SQL Server. A patch was available from Microsoft very soon after the virus first appeared and yet millions were affected with the virus because they did not patch SQL quickly enough. GFI LANguard allows you to deploy patches immediately to all of your computers. You also have the option of scheduling both scans and patch deployments. Additionally, you have the option of setting up various types of alerts. That way if a security scan detects a critical vulnerability you can be notified immediately so that you can take action.
No comments:
Post a Comment