I've never used SolarWinds patch manager, but after all of those breaches I'm very leery on any of their stuff. Another option to look into is manage engine patch manager plus. It can be a bit of a pain but it worked decently enough. Also, very cheap. Just don't expect a super robust and deliable program
this post was submitted on 22 Jun 2023
6 points (75.0% liked)
Sysadmin
7298 readers
2 users here now
A community dedicated to the profession of IT Systems Administration
No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]
founded 1 year ago
MODERATORS
Thanks for the advice. The Solarwinds hack was truly extraordinary! When I was researching Solarwinds Patch Manager I saw this article from Wired that made me see it in a new light.
https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/
You're probably right that I should steer clear of them. I'll check out Manage Engine.
Honestly, both suck. Patch Manager also requires WSUS and that relationship is...rocky at best. Their (Solarwinds') support also just likes to blame everything on WSUS so if you have issues good luck getting them resolved.
Look into a real RMM. We used NinjaOne at my last job and it was solid and fairly inexpensive. Action1 may also be a good fit if you are smaller as their free tier is pretty generous.
Side note, if you are new to Solarwinds anything they will hound the ever-living fuck out of you if you so much as look at them. Even if you use a burner email they are somehow pros at tracking people down. Don't say I didn't warn you.
We are relatively small, with about 400 workstations and 40 servers or so on the network. I will check out Ninja One and Action1. I hadn't heard of either of those.
Sadly as for that other bit of advice, Solarwinds sales staff already have our info and it's true they are quite persistent. It wasn't Solarwinds, but I once contacted another vendor using a generic email account we created for that purpose and they used the domain to track down info on myself and other senior IT staff in the department and message us directly. I asked him straight up how he got our info and he told me about a service they subscribe to that specializes in providing private email addresses of staff in organizations like ours. It was pretty off putting and made me want to never do business with the company. Some sales people are really too much.
Check out Ivanti Security Controls (née Shavlik Patch Manager) as well. Or PDQ Inventory/Deploy. Both are better options.
Ivanti Security Controls is another I hadn't heard of, but we are actually using PDQ Deploy and it has proven to be a great value for us. I didn't realize Inventory included a patch management component. I will definitely check that out! Thanks.
I don't have to manage Ivanti, but using it is great! The GUI is a bit all over the place but you get used to it.
We consolidated our patch management into Qualys and dropped Ivanti Security Controls (Shavlik). I regret it. It was stupid slow but it worked so well.
I've had sales folks call me on my personal phone and one of them told me they found me on zoominfo.com. I promptly went to their site and requested a deletion.
I'm using the free Action1 plan for our servers and really like it.
Solarwinds patch manager is (in my subjective opinion) a bad solution. I’ve implemented it before. It had/has several issues, and if you push solarwinds on anything they will acknowledge it as a “known issue.” Then they will close your ticket and just straight up not ever resolve it.
Thanks everyone for the helpful advice! I am going to hold off for now and research some of the other suggested solutions.
We are also looking at another solution from Solarwinds, Security Event Manager. I'm going to talk to our CIO and encourage him to hold off on that for now too. I'm not confident in the security of Solarwinds applications and they are also pretty expensive.
Thanks again for the feedback!