Product Reviews

ECM Security Update Manager to the Rescue

Enterprise-wide security management with just a few clicks of the mouse.

• By Chad Todd
• 06/01/2002

In a large shop, it’s almost impossible to stay on top of updating security patches. This is where ECM Security Update Manager (SUM) comes to the rescue.

Configuresoft makes the Enterprise Configuration Manager suite, and the core component of the suite is called the Enterprise Configuration Manager (ECM). The Security Update Manager (SUM) is an add-on module to ECM, which is a data-collection program that captures information based on thousands of variables from the computers within your company. SUM (among other things) automates the process of deploying security patches and fixes to workstations and servers.

At first, I was a little overwhelmed with ECM as a whole, as it provides a lot of information. However, the SUM module isn’t as complex and is easy to use. Adding computers to be monitored is simple, and updates take place through a push process. You tell the ECM Console which machines to push a patch to, and it does all of the work. The only requirement is that the user account utilizing ECM have administrative rights on all of the machines being managed.

After installing the client, you’re ready to start patching your computers. SUM works in conjunction with Microsoft’s XML Security Database. This database maps all bulletins to the product affected. This allows you to view updates by bulletin number or product name. Personally, I like the product view. This allows you to separate the task of keeping the servers up to date. If your responsibilities are ISA and Exchange, you don’t have to weed through all of the SQL and Internet Explorer bulletins manually to get your job done.

SUM does an excellent job of scheduling updates. It allows you to separate the scheduling of applying patches and rebooting servers. Sometimes you may want to apply your patches during the day so that you can verify that they were applied, but you may want to reboot your servers at night when no one is using them.

The pricing on SUM alone is affordable: It only costs $25 per server and $5 per workstation. Unfortunately, you can’t purchase just the SUM module, as it requires ECM to function. The ECM licenses cost $775 per server and $30 per workstation. This brings the total cost to $800 per server and $35 per workstation. Fairly pricey if you’re only going to use SUM; not bad when you consider everything that the ECM suite will do for you.

ECM Security Update Manager integrates Microsoft's security site directly into its console. (Click image to view larger version.)

I was impressed with SUM and was completely comfortable with the interface after about 30 minutes of playing with it. Figure 1 shows the SUM console. I really like the integration with Microsoft’s Security site. This allows you to research a particular bulletin from within the interface. I also like that the tool doesn’t show every patch created. It only shows non-superceded bulletins. All in all, I highly recommend SUM to anyone wanting to manage their servers’ security patches at an enterprise level. This tool makes it easy to see where you stand patch-wise and to apply patches to all of your servers within a few mouse clicks.