Microsoft patch management got you down? Secunia CSI 5 has your back
If only there were a way to keep up to date automatically on vulnerabilities and have Windows apply patches to the important ones. Secunia's Corporate Software Inspector (CSI) 5.0 lets you do that, applying even your 3rd party software updates through Microsoft's WSUS (Windows Software Update Services) and SCCM (System Center Configuration Manager).
I've been complaining for years that Microsoft should open up the Windows Update process to third parties. Secunia has filled in most of this gap with their Personal Software Inspector (PSI) for individuals and CSI for managed networks.
CSI now works the whole vulnerability-remediation lifecycle. It scans computers on your network for the software installed on them. Secunia is well-known in the security community for an immense and comprehensive database of vulnerabilities. Customers can access this database using the new version 3.1 of their VIM (Vulnerability Intelligence Manager) which provides customized alerts on vulnerability events.
They use this database to determine which applications on your systems are in need of patching or have reached end-of-life. From the console you can install and uninstall apps and decide which patches to apply.
If you use WSUS you're going to love this. CSI determines which 3rd party apps, such as Adobe Flash and Apple's QuickTime, need updates. It packages those updates and puts them in the WSUS database, where they can be delivered using Windows Update. Apps like QuickTime that don't have MSI/MST installers get packaged inside one by CSI.
There is also now an agent for Mac OS X systems on the network, although this is for vulnerability reporting only. CSI cannot patch OS X systems. CSI 5.0 has a more flexible reporting module and APIs to allow developers to access the system to build their own apps.
One of the problems with patch management systems is that notebook users on the road can get out of synch with their updates. One way to address that now is to let CSI manage clients that run the PSI. PSI works great as a standalone solution for Windows systems by using Secunia's servers as a guide for scanning and patching. But now it can act as a CSI agent as well, allowing IT control of the notebook.
Prices start at $2,700 for CSI Small Business. A 30 day free trial is available.
This video covers the features that are new in 5.0:
I still wish this sort of comprehensive patching just came with Windows, but it doesn't. The great thing about the software business is that companies like Secunia can fill the need.
Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contributing Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.