Table of Contents
- Summary
- Market Categories, Deployment Types, and Patch Coverage
- Key Criteria Comparison
- GigaOm Radar
- Vendor Insights
- Analyst’s Take
- Methodology
- About Ron Williams
- About GigaOm
- Copyright
1. Summary
Patch management is the process used to identify, acquire, verify, and install software and firmware patches to physical and virtual devices and the software systems that reside on them. No software is without flaws: bugs require fixing, and security vulnerabilities need to be mitigated or removed before bad actors can take advantage of them.
One key challenge with patch management is that infrastructure is generally complex: fixing one system or service may have ripple effects on others, so processes and mechanisms need to work across the architecture.
Patch management requires the proper tools, processes, and methods to minimize risks and should support the functionality of the underlying hardware or software. Patch characterization, prioritization, testing, implementation tracking, and verification are all part of robust patch management. AI/ML may facilitate these capabilities to lower risk and control vulnerabilities.
Security patching is particularly important in the current environment because the threat landscape is growing and will continue to do so for the foreseeable future. Good patch management practices require mitigation of direct risks—and the root causes responsible for cyber events. The inclusion of security evaluation for compliance is also becoming a prerequisite for patch management solutions.
Most organizations patch laptops, desktops, and servers in an ad hoc manner, so a patch management solution can add rigor and consistency to what may already be in place. When searching for a solution, companies should evaluate the coverage that already exists in their organization, so they can assess and address any gaps.
This GigaOm Radar report highlights key patch management vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating Patch Management Solutions,” we describe in more detail the capabilities and metrics that are used to evaluate vendors in this market.
This is our second year evaluating the patch management space in the context of our Key Criteria and Radar reports. All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:
- Patch identification and management
- Collaboration
- Reporting
- Auditing
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.