We do IT differently.

Call 844.750.4170 for more information.

Patch Automation
September 7, 2016

Patch Automation

It’s incredible to imagine how many security exploits are avoidable just by patching systems. According to Verizon’s 2016 Data Breach Investigations Report, 85% of successful exploits stem from the top 10 Common Vulnerabilities and Exposures (CVE’s) only. Those are known vulnerabilities with a patch readily available.

Patch management is extremely important to avoid security breaches, but the task itself can be time consuming and burdensome on an already busy IT department. The cost in man hours is extremely high for patching, but the cost of a security breach is even higher.

Human Error

Have you ever forgotten to do something, or missed a typo in an important email?  Everyone does things like that. Sure, being imperfect is one of our endearing qualities, but it isn’t good for business. That’s one reason that more and more companies are seeking to automate as much as possible. Patching is no different. If one patch is missed, a company can suffer vulnerabilities and downtime. Patch automation removes the likelihood of missed patching.


The process of patching systems includes everything from reading about fixes, approving and applying fixes, manually reapplying failed patches, rebooting and downtime, service tests, and more. If patching your systems takes 200 hours per month (conservative estimate), that’s time that your IT department wasn’t spending on more important things. When your team spends all of their time on break-fix and maintenance tasks, they aren’t improving your processes or moving anything forward.


Instead of wasting your team’s time manually applying patches, there are cost effective automation solutions.

Windows Server Update Services (WSUS) is an invaluable tool in cutting time spent on patching Windows systems. The solution is included with standard or above Windows Server licenses, or free after the OS is purchased. It’s simply a role that will need to be installed. It’s simple to setup, configure, and manage the original source.

The drawback of using WSUS alone are that you will not be able to automate patching of third party software, and there are limitations to the level of control you will have.

A great addition to WSUS to begin automating, is System Center Configuration Manager (SCCM). SCCM is an additional suite available for purchase. SCCM solves the drawbacks of WSUS, enabling granular control of updates, along with pushing non-Microsoft updates (Adobe, Java, accounting software). The only problem with implementing SCCM is that specialized knowledge is required in configuration and management.

Another way to automate your patching to save time and money, is to simply hire a consultant to put automation policies in place. Sierra Experts offers this as a service, and our engineers have vast experience from custom LOB system testing to integration related issues with certain patches. We can make sure that you never miss another patch – and most of all, patching is fully tested on your environment prior to full deployment. Contact us to find out how it works.

Sierra Experts is an IT Managed Service and Support provider, specializing in remote monitoring and remote management of computing systems, cloud/virtual systems hosting, VoIP/SIP PBX trunks and solutions, physical server hosting, software development and hardware and software reselling. For more, check out www.SierraExperts.com