What is Patch Management?

To truly understand the importance of Patch Management, first we need to truly understand and explain what a ‘Patch’ is.

A system or software ‘Patch’ is additional code provided by manufacturers to fix mistakes, issues or security vulnerabilities in applications and operating systems.

A good example of this, is the Windows update that was provided to computers running Windows XP and newer back in March 2017. This Patch update was released to resolve the vulnerabilities in the SMB protocol, that the Windows Operating System uses for file sharing. ‘WannaCry Ransomware’ hacked into the Windows Operating System causing major security breaches for organisations internationally – NHS being one of the most high-profile cases of this Ransomware Patch attack.

Patches are not just for fixing detrimental flaws in system protocols though, they also provide stability updates to programs that are experiencing bugs or other underlying issues such as applications crashing, failing to run certain features or simply just not executing as they should.

Therefore, Patches are like IT puncture repair kits. They fix the holes in the code so that applications can run smoothly and securely.

Patch Management.

Now that we are all resident ‘Patch’ experts, we can go one step ahead and finally explain what ‘Patch Management’ is.

As silly as it may sound, patch management is pretty much what the name suggests! It’s managing the system patches that are provided to the systems in use.

It is a defined strategy of downloading, deploying and installing patches across a network. Typically, if a network administrator oversaw a small computer network of 5 computers, the patches would most likely be downloaded and installed manually. However, the more machines, software and remote working a network utilises – such manual management of periodic Patch update schedules – becomes increasing difficult, almost impossible.

Having some tasks automated on networks makes life for the users and system admins much easier. The same update and patch schedule can be adhered without the users or administrators having to pay granular attention to the update reminders, or chase staff to complete these. Patch software can be automated to push out and install, and in some cases, reboot the machines if needed, ensuring that critical Patch updates are applied, logged and can be reported on.

Some automation systems include:

  • Microsoft SCCM Patch Management
  • Atera Patch Management
  • Solar Winds Patch Management
  • Symantec Patch Management System


Reports around patch management provide valuable insight into which systems have received their updates. Should a machine miss or fail to install the patches provided by the automation platform, they can be identified, troubleshooted and brought back in line with the rest of the machines on the network by your IT Administrators.

These reports can also help you or your IT Administrators identify if your network is compliant with regulations such as GDPR. Making changes could be require so that the systems reach the level of compliance required.

How does this break down?

We can see a simple flow diagram below of how the patches are retrieved from the update system and distributed to the computers.

There is a loop which holds the updates in place until the specified time or day is met. Once the conditions are met the patches are sent out to the networked machines.

This can also be tailored to the type of machine on your network. Servers can receive patches much sooner than end user machines and computers running mission critical software such as payroll or banking software can be included to receive patches on a more regular basis if your network requires.

For more information regarding Patch Management please feel free to give one of our technicians a call on 0330 2020 118 and choose option 2.

Check out my latest article – What is OSSIM?