Can Patch-Management Companies Survive?

Who would have thought that a day would come when there are far more companies
selling ways to patch PC operating systems than there are companies selling
PC operating systems?

That’s where we find ourselves now. The Microsoft Corp.’s Windows
operating system ships on more than
93 percent of PCs worldwide, according to a report by
market-research firm IDC.

Meanwhile, there are at least 21 major players in the business of providing
patch-management software that simplifies the maddening task of applying the
scores of fixes that come out each year for Windows, Microsoft Office and
other programs, according to a recent
buyer’s guide by Jeff Fellinge in Windows IT Pro magazine.

I don’t know whether having so many companies in this space is a good thing
or a bad thing, but one thing’s for sure — it’s a whole ‘nother layer
of software that IT managers didn’t have to grapple with just a few years ago.

Live And Let Die

There’s so much ferment in solutions for patch management that John Dix,
the editor of Network World, a weekly tech magazine, recently
challenged all the vendors to a “virtual showdown”
— an online debate beginning Nov. 15 on how best to patch. In his
announcement, Dix implied that there would soon have to be a consolidation
of the major providers, who now come in three configurations:

• Pure-Play Patch Management.
These are specialized companies, such as
Shavlik Technologies and
Big Fix, which concentrate
almost entirely on patching operating systems and applications.

• Server And Desktop Management.
Firms such as
Configuresoft and
Altiris, which
traditionally have focused on computer asset management, are increasingly
moving into patch management as well.

• Security Scanning.
Companies that grew famous on their antivirus and vulnerability scanning
tools, such as McAfee
and Symantec, are also
building up their offerings in the patch-management field.

Can all of these players continue to innovate without some of them falling
by the wayside? Dix declined to comment for this article.

Don’t Get Out The Embalming Fluid Yet

One of the standalone patch-management vendors makes a strong case that the
specialized firms will have a continuing role for a long, long time.

“There are a handful of standalone patch-management companies: Shavlik,
Patchlink, Big Fix,
Ecora,
St. Bernard,” says
Eric Schultze, the chief security architect of Shavlik Technologies. “Any of
the other vendors use one of those five companies’ technology,” he notes,
citing Configuresoft as an exception that has built its own solution.

Patch-management software, in this view, is a product that you can either buy
from its original developer or from a major-label software publisher with only
cosmetic differences.

“We’ve decided that we want to be the ‘Intel Inside’ of the patch-management
market,” Schultze explains. “We have technology that’s used by Symantec,
BMC Software through its
Marimba acquisition, iPass,
Bindview,
NetIQ,
Executive
Software, and in some sense Microsoft. The Microsoft
Systems
Management Server 2.0 and SMS 2003, its patch-management detection engine,
is an older version of the Shavlik engine.” Symantec obtained a relationship
with Shavlik through the larger corporation’s February 2004 acquisition of On
Technology, which had previously signed a deal with Shavlik.

In addition to business opportunies for the specialized firms to provide
technology to the larger, more established companies, there are plenty of new
challenges that IT leaders will need help to confront, Schultze says. Shavlik
itself is moving into “spyware management,” for example.

Spokespersons for McAfee and Symantec did not provide company executives for
comment on this subject by press time.

Nailing Down The Patch-Management Market

Others also see plenty of openings for players of all sizes.
“Patch management software for Windows is still in its infancy, really.
Microsoft is still working out the kinks in providing companies with
reliable patches in a consistent format,” says Fellinge, the author of the
patch-management buyers’ guide.

“Patch management software must do three things right: deploy patches reliably,
scan systems accurately, and provide solid reports of enterprise patch status,”
he explains. “I think that in the short term there is room for small and large
vendors — but those companies that get these three points at a reasonable
price will nail the market.”

Conclusion

We may question why we have to install multiple security upgrades every month
— but the reality is that this is going to continue to be a fact of life,
now that hackers around the world have learned how easy it is to exploit holes
in Windows and other software.

Simply setting Microsoft’s “Windows Update” program on automatic and letting it
do its thing is a poor defense for most companies. Major enterprises
must test all new patches before deploying them. And even small businesses
must use separate, nonautomatic systems to update non-OS software, such as
Microsoft Office, which has its own upgrade procedure.

The need to handle all these application changes is so great that most of the
patch-management vendors seem likely to stick around for the duration —
whether their code retains its original name or takes on the logo of a more
famous software publisher.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020