ECM Security Update Manager to the Rescue
Enterprise-wide security management with just a few clicks of the mouse.
In a large shop, it’s almost impossible to stay on top of updating security
patches. This is where ECM Security Update Manager (SUM) comes to the
Configuresoft makes the Enterprise Configuration Manager suite, and the
core component of the suite is called the Enterprise Configuration Manager
(ECM). The Security Update Manager (SUM) is an add-on module to ECM, which
is a data-collection program that captures information based on thousands
of variables from the computers within your company. SUM (among other
things) automates the process of deploying security patches and fixes
to workstations and servers.
At first, I was a little overwhelmed with ECM as a whole, as it provides
a lot of information. However, the SUM module isn’t as complex and is
easy to use. Adding computers to be monitored is simple, and updates take
place through a push process. You tell the ECM Console which machines
to push a patch to, and it does all of the work. The only requirement
is that the user account utilizing ECM have administrative rights on all
of the machines being managed.
After installing the client, you’re ready to start patching your computers.
SUM works in conjunction with Microsoft’s XML Security Database. This
database maps all bulletins to the product affected. This allows you to
view updates by bulletin number or product name. Personally, I like the
product view. This allows you to separate the task of keeping the servers
up to date. If your responsibilities are ISA and Exchange, you don’t have
to weed through all of the SQL and Internet Explorer bulletins manually
to get your job done.
SUM does an excellent job of scheduling updates. It allows you to separate
the scheduling of applying patches and rebooting servers. Sometimes you
may want to apply your patches during the day so that you can verify that
they were applied, but you may want to reboot your servers at night when
no one is using them.
The pricing on SUM alone is affordable: It only costs $25 per server
and $5 per workstation. Unfortunately, you can’t purchase just the SUM
module, as it requires ECM to function. The ECM licenses cost $775 per
server and $30 per workstation. This brings the total cost to $800 per
server and $35 per workstation. Fairly pricey if you’re only going to
use SUM; not bad when you consider everything that the ECM suite will
do for you.
|ECM Security Update Manager integrates Microsoft's security
site directly into its console. (Click image to view larger version.)
I was impressed with SUM and was completely comfortable with the interface
after about 30 minutes of playing with it. Figure 1 shows the SUM console.
I really like the integration with Microsoft’s Security site. This allows
you to research a particular bulletin from within the interface. I also
like that the tool doesn’t show every patch created. It only shows non-superceded
bulletins. All in all, I highly recommend SUM to anyone wanting to manage
their servers’ security patches at an enterprise level. This tool makes
it easy to see where you stand patch-wise and to apply patches to all
of your servers within a few mouse clicks.
Chad Todd, MCSE, MCT, CNE, is the author of Hack Proofing Windows 2000 Server by Syngress Publishing. He is the co-owner of Training Concepts, which specializes in Windows 2000 and Cisco training.