Symantec Says Don’t Leave Security Patches to Chance

With thousands of new viruses, worms and other threats attacking your business’ network and leaving it vulnerable over the past year, how can your small network administration team ensure that your employees are up to date with the latest security patches? Adding more work to your overworked IT team (if you have one) isn’t a great choice, and relying on users to keep their desktop PCs current is a risky bet.

Automating the process is the logical step and Symantec today announced an option designed to make patch updates a part of the daily business routine. The Cupertino, Calif.-based company that specializes in security software today announced version 1.1 of Symantec ON iPatch.

The announcement also unveils a new, broader distribution strategy. Until today the product had been sold only in conjunction with Symantec ON iCommand, a configuration management tool. Now it will be sold as a standalone product.

According to Symantec, ON iPatch is designed to help automate the patch management process by determining the patch status of computer systems, identifying missing Microsoft security patches and automatically installing them on individual computers, groups of computers or across the entire organization simultaneously.

“Patch management is a hot topic that dovetails with security concerns from viruses, worms and any type of hacker,” said Thom Bailey, director of product management for Symantec’s Enterprise Administration. Bailey said that ON iPatch is a viable solution for companies with from 50 PCs up to 2,000. However, the primary target is small and mid-size businesses running Microsoft Windows networks — “businesses that do not have the budget or the need for a large IT staff,” Bailey said.

Using the tool is “incredibly easy,” Bailey said. “You install the product, do a sweep of environment, look for which PCs are missing which patches, get them and deploy them,” he said. One the attractive attribute’s of Symantec ON iPatch is that it eliminates the need to install an agent on each computer.

According to Symantec, other features of security software include the following capabilities:

  • Customizable scan configuration templates allow you to scan by IP address, computer name, domain name, Active Directory organizational unit or files containing IP addresses or computer names. Administrators can also scan for missing and/or installed patches.
  • An XML file contains information on which patches are available, the files, file versions and checksums in each patch and their locations on the scanned computer.
  • The scanning and deployment engine is designed to identify the appropriate patch and installation switches for each computer and provide either the installation or rollback parameters necessary to install or remove the patch silently and while the target PC is unattended. A patch deployment template offers scheduling, reboot and validation options, including the capability to remove temporary installation files. After the scanning process, patches can be deployed manually or automatically.
  • The reporting module supports filtering and export options to generate custom reports, which include information on each computer scanned, missing patches and information about each security patch, including the Microsoft Bulletin ID, the Knowledge Base Article and the severity.
  • iPatch performs patch analyses and validations to differentiate between legitimate files and “trojaned” or regressed files. All patches undergo three signature validation checks and once deployed, are stored in a location on the remote computer with security permissions.
  • Symantec reports that ON iPatch taps industry standards such as the JET and SQL databases for storing patch scan results, XML for accessing the patch information database and Active Directory for accessing user and group information.

Symantec ON iPatch
Symantec’s ON iPatch scans for missing and/or installed patches. The company said its customizable scan configuration templates allow you to scan by, among other things, IP address, computer name or type and domain name.

In addition to having the right tools, Bailey said, companies need to have the right attitude as well. “Patch management needs to be part of day-to-day activities — not left to a security team. It can’t be [the responsibility] of one or two people who do everything.”

Pricing for ON iPatch starts at $23.80 per seat based on a 10-seat license, which includes a one-year maintenance agreement. Bailey said that volume discount pricing is available and that product is expect to ship immediately.

Dan Muse is executive editor of’s Small Business Channel and EarthWeb’s Networking & Communications Channel.

Do you have a comment or question about this
article or other small business topics in general?
Speak out in the Forums.
Join the discussion today!

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.