Review: GFI Takes On Patch Management

The importance of maintaining up-to-date software and secure IT throughout an enterprise only increases over time. Today, with more operating systems and applications in deployment throughout business, patch management can become a numbing exercise with many potential areas for fumbling along the way.

GFI Software, though, has taken a number of steps over the past 18 months to spread its technology, to deliver effective solutions for virtual environments and to lower the barrier to entry for businesses that need to maintain secure software throughout the enterprise but lack the budget to do so. Based in Cary, N.C., GFI also maintains a channel program with more than 10,000 partners globally.

But none of that would mean an awful lot if its software didn't work. So the CRN Test Center decided to take a look at its GFI LANGuard Network Security Scanner and Vulnerability Management Tool, V.9, to see whether it lived up to the other strong aspects of the company's operations. The verdict: It does.

Before examining LANGuard, we looked at competing products in the lab that took anywhere from several hours to several days to install, confrigure and work correctly. Other solutions, we found, needed operating system software to be fully patched and updated even before installing it onto a server. In our opinion, while those solutions might have value in certain areas, the approach defeats the purpose. If a VAR or administrator has to spend 14 hours manually installing patches, service packs and updates just to install patch management software, what's the point?

LANGuard isn't in that category. We installed it on a virtualized Windows Server 2003 Standard Edition SP2. No updates or patches were installed beforehand. Unlike competing patch management applications, LANGuard didn't make us run around inserting and ejecting service pack CDs and the like over and over again before it could get up and running. The software installed itself in about 20 minutes on our Server 2003 hosted on server running VMWare ESX 3.1. Once installed, LANGuard took an inventory of updates and service packs that needed installation, queued them up, and readied them to go.

One could estimate the time savings of this approach in the hours compared to other patch management solutions.

But does it work? We found that it quickly identifies and remediates essential patching and software updating across a Microsoft network. It's clean and it's effective. Our first time out, for example, it identified more than two-dozen patches needed on a new device and promptly dispatched them to the device. It scanned a separate, on-network PC in 51 seconds before determining it was up-to-date.

GFI LANGuard is considered freeware for five IPs; it costs $30 per IP for 5-9 IPs for a one-year SMA; for 10-24 IPs, the main price will run $32 per IP; for 50-99, it's $14 per IP. Pricing scales up to $3,999, where GFI charges $4 per IP for a one-year SMA.

We can easily recommend this software for patch management, and believe the company's approach in providing a freeware version for very small businesses is a strong statement in the confidence in the quality of its technology.