Share This:

Patch management serves as a key defense against cyberthreats and also ensures operating systems and business-critical software are maintained. However, it is not always a simple and straight-forward task for managed service providers (MSPs), especially in current times. With hybrid work in place, MSPs must develop a best practice that not only ensures network servers are up to date, but that customers’ endpoints are as well to prevent any exploits. 

Some of the most common challenges with patch management include effectively testing patches before deploying to customers, patches failing deployment, and being able to confirm that customers are up to date with their patches. 

Experts weighed in with best practices for streamlining patch management, helping address MSP challenges. 

We asked some of our resident experts here at Barracuda for their thoughts on the topic. We spoke with Ken Bartlett, sales engineer manager, and Shawn Saunders, a senior quality assurance analyst of MSP tools, and captured their tips for streamlining a patch management process. 

It’s important to get the full picture!

There are many patch management solutions in the market, and Ken Bartlett believes that remote monitoring and management (RMM) platforms offer the most complete patch management features for MSPs. However, RMM vendors often take different patch management approaches. Bartlett suggests that MSPs should focus on two key areas during their investigation: 

  1. Where are the patches sourced from? The source from which the RMM pulls the patch is important. This tells you whether you can leverage it for all software comprehensive patch management. Also, some sources will research the validity of the patches prior to releasing them. This can shorten the testing cycle for MSPs and help make the process more efficient. 
  2. Does the RMM platform offer granular control to apply patches? Different devices and users have different requirements. Having granular control when it comes to applying patches allows MSPs to create test groups within their customer sites to meet each customers’ unique needs. 

Automated versus manual patch management

Some MSPs may wonder when they should invest in automated patch management. According to Bartlett, this really comes down to your service model. If most of your customers fall under the break/fix service model, you may find manual patch management suitable. This is because you are not required to keep patches updated for your customers. You will just need to validate if your customers’ devices are up to date when an issue arises. 

For MSPs who offer active monitoring and management services to their customers, automated patch management is a must. Automation will allow you to scale your technician’s time, standardize patch management service delivery, and prevent exploitation of vulnerabilities by cybercriminals. 

It is worth noting that for many service providers, the managed service approach offers several benefits when compared to the break-fix model. In addition to predictable recurring revenue each month, offering managed services enables the MSP to avoid reactive emergencies to an extent, because of the proactive care they provide up front. 

Patch testing best practices

Even the most trusted vendors’ patches should be tested before they are rolled out to your customers, otherwise they could cause catastrophic impact. Shawn Saunders shares that patches can create conflicts with customers’ infrastructures. This has been echoed by some partners who had scheduled minor Microsoft updates to automatically roll out. The patch conflicted with their billing software, which brought their entire finance team to a halt during year-end. 

Even the most trusted patches should be tested before they are rolled out to your customers.

An easy way to test patches is to set up test groups within your customer sites. The test groups may consist of non-mission critical devices within each site. As new patches are released, MSPs can schedule automatic approvals to the patches and apply patches to test groups. After successful deployment, the patches can roll out to the rest of the site. 

Ensuring a successful process

To ensure a successful patch process, MSPs must ensure all devices are available and online. It is important for MSPs to set the patch timeframe and communicate the schedule with their customers. This will increase the success rate for patches deployed. 

In addition, if patch management is deployed through an RMM platform, MSPs should also leverage the alerting and reporting feature to ensure MSPs are alerted if it was unsuccessful. In conjunction with alerting, MSPs can schedule automated reports to confirm if the patch process was complete or if there are devices that did not receive the patch. 

Streamlining the patch management process can help MSPs ensure that they deploy patches efficiently and successfully in their customers’ sites. This ensures they are secure against cyber threats. 

 Photo: Natali Ximich / Shutterstock


Share This:
Doris Au

Posted by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Leave a reply

Your email address will not be published. Required fields are marked *