Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Sign in to follow this  
Followers 0
Rss Bot

Secunia: SCUP Catalogs vs. Software Vulnerability Manager

By Rss Bot, in Hosting security alert

Recommended Posts

Rss Bot    1

Rss Bot
Posted

Systems Center Updates Publisher (SCUP) has been around with limited success since 2011, but is getting the spotlight thanks to integration in the latest releases of System Center Configuration Manager (SCCM). It allows you to push patches right from within SCCM, but with many limitations:

  • It requires a SCUP catalog. Adobe has one and so do some hardware vendors, but Microsoft is not in the business of providing any third-party patch content and has no intentions of doing so.
  • There is no criticality or other data on which to prioritize your patching efforts
  • Patches cannot be customized (suppressing reboots, disabling automatic updates, etc.)
  • It does not distinguish between feature and security updates
  • More importantly, it does not provide insight into anything not listed in the catalog

CatalogCoverage.png

If you have a catalog of 50 applications that match your needs and manage to get them all patched, you are left with a very false sense of security because you do not know about anything else. On the contrary, Software Vulnerability Manager offers the ability to detect over 20,000 applications and and helps you measure your device’s vulnerability status against them all.

Free SCUP catalogs will not get you more than a handful of patches that overlap with your organization’s software portfolio. If you pay for a third-party SCUP catalog, you can get more but it will never be more than a small fraction of the applications that affect your environment. Software Vulnerability Manager for example, provides dozens of out-of-the-box, tested and easily configurable patches but does not expose them via SCUP due to the many limitations listed above.

It can be compelling to think you might just get out of having to create your own patches if only you had a big catalog. If you are willing to live with the inability to customize such patches, you can indeed get to a place where you may create less packages. But there simply isn’t such a thing as a patch catalog that will provide enough coverage to get you out of creating patches of your own. Flexera offers the industry leading AdminStudio solution to help you create custom patches quickly, easily and with the least amount of risk.

The key issue with the catalog approach is that the catalog is all you know about– you only get awareness of your patch status against what is in the catalog. Without a comprehensive solution like Software Vulnerability Manager, getting insight into what applications need to be patched can be an insurmountable challenge. Having access to a database several times larger than the largest catalog with details about the vulnerabilities in question (like attack vector or criticality rating) so you can prioritize effectively (and even automate remediation) can help you to address what is most important quickly and dramatically reduce the risk of unpatched software in your organization.

Source

View the full article

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Sign in to follow this  
Followers 0
Go To Topic Listing
×