IT Briefcase Exclusive Interview with Bertrand Hazard on Optimal Patch Management

What are you hearing from IT professionals as to their major concerns about managing patches?

When it comes to patch management, we’re hearing about three major challenges from our customers right now.

The first is that of patching third party applications. While there is a lot of information on Microsoft patches, there is little shared knowledge on how to patch third party apps; one of the major risks to organizations is from the applications that users download. Third party application patches usually get pushed out on an irregular basis and it’s up to the end user, in many cases, to download these patches. What they aren’t doing is a major risk to the security of the organization.

In most instances, patching is the responsibility of a junior level member of the IT team. This is a challenge because patching is a complex, cross-functional discipline that those with less experience might not have the knowledge to manage.  Background in networking, operating systems, security and other IT disciplines are often needed to make the best patching decisions.

The third challenge is the growth in personal mobile devices used in the workplace. With BYOD (Bring Your Own Device), Windows and third party mobile applications can introduce vulnerabilities to the IT environment as they connect into the enterprise wirelessly. In addition, mobile devices, which comprise much of BYOD are today being patched by their mobile carriers, not the individual’s organization.

With these challenges in mind, we launched PatchZone.org, a vendor agnostic space on the thwack community where IT pros can share ideas and best practices on patching their systems across their organizations.

Why, in your opinion, has it been so difficult in the past for IT pros to get good information online about brands they can trust?

For many years, the only source of IT software and product information was provided directly by the vendors. And in most cases, it was difficult for IT professionals to get a specific question answered. With the advent of online communities, this has dramatically changed and IT users now have many ways to all the information they are after directly from their peers in addition to the vendors.

At SolarWinds for example, we launched thwack as a customer message board in 2003 as one of the first online destinations designed specifically for IT managers. Now with over 100,000 registered members, it has become one of the most popular communities for IT pros to share information, discover tips from product managers, and get peer-to-peer support and perspectives on SolarWinds’ products.  Members learn from us, from one another, and in turn, we learn from them.  It’s through our close ties to the community that SolarWinds is able to deliver product updates much faster than other companies by leveraging the clear feedback and direction from the community.

With PatchZone.org, which we launched in July, we’re taking it to the next level by offering one central place for IT pros to gain and share information on the latest Microsoft and third party patch updates.  IT peers and industry experts share information on all things patch management, including which applications are most vulnerable, which updates they should apply and when, how to implement patch managements on a tight budget, and more.

SolarWinds has always had a strong presence within the world of Network Management. Why Patch Management now?

Over the past few years, we have deepened our IT management solution offerings to include not just network management, but also virtualization management, storage management, log and security information management, and application and server management. All of our products share the fundamental characteristics that users have come to expect from SolarWinds; they are easy to install, quickly solve everyday problems, and are very affordable.

With the acquisition of EminentWare earlier this year, we’ve broaden our offering in the Systems Management arena and introduced SolarWinds Patch Manager which makes the time-intensive, error-prone chore of patching Microsoft Windows servers and workstations simpler, faster, and more reliable. It also allows SysAdmins to automate patching applications across tens of thousands of servers and workstations and receive automatic notifications of new third-party patches from leading vendors like Adobe®, Apple®, Google®, Mozilla®, and Sun Microsystems®. Patching critical apps was a request we had heard many times over in the thwack user community and we’ve had tremendous response since the introduction of Patch Manager.

Additionally we noticed that the WSUS community has a desperate need for an updated diagnostic tool for the WSUS agent. When WSUS version two was first launched in 2005, Microsoft released the Client Diagnostic Tool, a free support tool. However, it has never been updated to reflect the myriad of changes that have occurred from WSUS v2 to WSUS v3 SP2, and the Client Diagnostic Tool is a 32-bit only tool, leaving 64-bit systems with no equivalent functionality.

In June, we introduced Diagnostic Tool for the WSUS Agent; this free SolarWinds tool validates key Windows Update Agent configuration values and identifies well-known causes for defective configuration values where possible. It tests connections to all WSUS resources required by a client and helps identify causes of connection failures. The tool also provides detailed descriptions of Windows Update Agent errors and the best steps to make repairs to correct errors.

How will PatchZone offer to help online IT users with their patch management challenges?

What’s really unique about PatchZone.org is that it’s open to anyone, and we encourage companies that work in the patch management arena to participate.  In particular, we have reached out to industry experts through the thwack ambassador program to contribute to PatchZone. These experts share their expertise and insight on important patching issues, and supply IT pros with direct, informed, real-world solutions. PatchZone is an open-source community project, and will only be as successful and helpful as the participants involved. Currently, the following industry experts are contributing to PatchZone:

• Augusto Alvarez, Microsoft Student Partner since 2006, is now celebrating the publication of his second book, “Microsoft Application Virtualization Advanced Guide.” He has served as a thwack ambassador and has his own blog.
• Lawrence Garvin, M.S., MVP, MCITP, a long-term Microsoft Windows Server Update Services (WSUS) and Software Update Services (SUS) pro, is a SolarWinds product manager. Lawrence has also shared his expertise as Principal/CTO of Onsite Technology Solutions to companies worldwide.
• Robert Miller has over 14 years of experience with network, system, and telephony administration. He is a respected security researcher and blogger.
• Brien Posey, six-time Microsoft MVP, is a published author of over 4,000 technical articles and papers and three dozen book contributions. He has served as a CIO in the healthcare industry and a network administrator for the United States Department of Defense.

Being heavily invested in the patch management community, we watch forums like PatchManagement.org, TechNet WSUS forum, Configuration Manager 2007 Software Updates Management forum and Configuration Manager 2012 – Security and Compliance forum.

All of these forums have had the following questions – is there a central place to learn about the latest 3^rd party patches, what are WSUS troubleshooting tips, and so on.  PatchZone was created as a resource to help answer those questions as well as to provide guidance on other patch management issues. Ultimately we aim for PatchZone to be the first one-stop-community of its kind and provide all the answers IT pros need.

We hope that organizations that have in the past ignored patching will learn how it’s possible to manage patches without it turning into someone’s full time job.

Bio:

Bertrand Hazard is the business strategy lead for the systems management and mobile IT management product portfolios at SolarWinds, a leading provider of powerful and affordable IT Management software. He has more than a decade of experience devising and executing sales & marketing strategies in the software industry. Bertrand earned a Bachelor’s degree in International Business studies from Middlesex University and his Product Management & Marketing Programs Certification from Pragmatic Marketing. You can follow Bertrand on Twitter at www.twitter.com/Bertrand_H or reach him at Bertrand Hazard.