Over the last two years, 60 percent of companies that suffered a breach determined that the culprits were systems that were not updated properly, according to research from Dark Reading. The practice of patching software, servers, computers, and other endpoints has long been one of the most tedious, albeit most important, things an IT team needs to do. The report from Dark Reading just emphasizes that point. In fact, in an age when most updating and patch management is able to be automated, there is little excuse for so many breaches to be attributed to this cause.
For many organizations, choosing the right management solution for keeping resources up to date poses the real problem. Trying to understand the differences between the different solutions, especially WSUS versus SCCM, often causes enough confusion that companies are left unprotected.
What Are WSUS and SCCM?
Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM) are both management solutions that assist IT teams with keeping systems up to date. Though both have the capability to manage operating system, software, and system updates, they are not the same thing, and there are situations in which one solution is much more appropriate than the other. Knowing when each should be used will help your organization put the best management solution in place to help protect your organization against a variety of attacks, including malware and zero-day exploits.
When Is WSUS Most Appropriate?
WSUS is a software application that allows systems administrators to manage and distribute updates and hotfixes for Microsoft products in a commercial environment. It starts by downloading updates—such as critical updates, security updates, drivers, and service packs—from Microsoft, and then distributes them to connected devices on the network.
WSUS is freely available and does not require its own server to run. Though it does integrate with Group Policy to help prevent users from overriding corporate update policies and provide dashboards that report on update status, it is geared more toward smaller organizations. It is easier to use, its zero cost makes it attractive to budget-conscious organizations, and it provides enough management and reporting to meet the needs of a smaller company.
WSUS does not work with third-party applications or operating systems that are often more vulnerable than Microsoft products.
When Is SCCM More Appropriate?
The main difference when comparing WSUS and SCCM is in the capabilities between the two. SCCM is built for larger organizations, managing more than just patches and updates. This solution manages a large number of computers and endpoints that use different operating systems, not just Windows. In addition to providing a centralized management of resources, SCCM also provides solutions for:
- Remote control
- Software distribution
- Deploying operating systems
- Network access protection
- Hardware and software inventory
- Patch management
For larger organizations, SCCM makes more sense. However, it does require more management and incurs a cost for both the solution and the server resources required to run it.
Both WSUS and SCCM help accomplish one of your IT staff’s most important tasks: keeping your systems and software up to date with the most recent patches. For a small company or an enterprise organization, the choice is easy. However, most businesses find themselves in a situation in which they have to decide between WSUS and SCCM. This is where a trusted managed services provider is able to provide guidance. By taking an inventory of your business assets, knowing your plans for growth, and understanding your organization’s objectives, the right MSP can make a recommendation on which solution is best. Leveraging their expertise, they can also help you with the implementation, training, management, and support of either solution.