Third party patch management is a type of computer security software that administers updates from software vendors and other third parties to systems deployed within an organization. Patch management is typically defined as the process whereby patches are administered to systems in an organization in order to fix security or non-security related issues in software products, keep them up-to-date with vendor-released updates, maintain them to the desired patch level, and ensure compliance with organizational policies and industry standards.
Third party patch management is usually divided into three primary activities: planning and assessment, patch deployment, and patch verification. Planning and assessment includes the setting of patching policies and the identification of vulnerable or missing patches. Patch deployment may involve the distribution of updates, the installation of patches, and the management of patch history. Patch verification includes validation of whether the patches have been installed correctly and whether they remediate the problem they were intended for.
Third-party patch management products are available in both on-premises and cloud-based packages. On-premises offerings are typically managed through a central console with a GUI and are integrated with existing systems to ensure that only authorized patching is performed on machines within the organization. Cloud-based offerings are offered as SaaS solutions and are managed through a web-based interface.
Third-party patch management is beneficial to organizations because it ensures that the latest available patches and updates are installed on systems, thus decreasing the prevalence of security and non-security related vulnerabilities on internal networks. Additionally, patch management solutions offer improved visibility into patching operations, allowing administrators to quickly address potential issues when they arise.
