Patch Deployment Monthly or Quaterly

Wakkas · May 9, 2018, 6:02am

Hi Team,

Please suggest what is best for patch deployment-

Monthly or Quarterly.
How to choose which patch is require in our environment.
How to check which machines doesn’t have up to date patches installed.

Thanks & Regards
Wakkas Ahmad
Mob No: +91-9580326153

trn · May 9, 2018, 8:02am

Deciding what is best for your environment is something that can’t be decided in a forum like this.

Also, these are patching policy decisions and nothing to do with Bigfix, the answers should be the same whatever deployment mechanism you use.

Wakkas · May 9, 2018, 8:13am

But what is the best practice for patch deployment, what is the suggestion from Bigfix team on this.

mwolff · May 9, 2018, 11:43am

You did not specify which platform you’re patching.
As trn points out, depends on your environment.

This isn’t something we, or even IBM, can tell you. You need to make an informed decision based on the information available from the vendor of the updates, not the tool you use to deploy said updates.

A quick google search returns several Microsoft pages detailing best practices for Microsoft updates. I’m sure the same is true for Red Hat, or CentOS, or IBM Linux, or whatever OS you’re planning on patching.

https://www.google.com/search?q=microsoft+security+updates+best+practices

Wakkas · May 9, 2018, 12:10pm

Mostly we are using Windows & MAC in our environment.

cjwolford · May 9, 2018, 2:56pm

For windows we find that monthly is much more reliable.

For “hand-hold” systems we do quarterly.

raumohit_10 · May 11, 2018, 7:30am

@wakkas using the N-1 approach for patching windows machines is one of the better ways to do patching. N is the current month.

This helps in avoiding any vulnerabilities or bugs that are present in the current patches of the present month.