Automated Windows Patching on Remote Workstations – Is WSUS Enough?

Automated Windows Patching on Remote Workstations – Is WSUS Enough?

When it comes to maintaining a secure and functional digital network, patch management is an essential consideration for businesses and their IT teams. 

As reported by Dark Reading, 60% of organizations that suffered a data breach in the past two years found the culprit to be a known vulnerability for which they had not yet patched. By applying updates as quickly as possible, your organization is able to lessen your exposure to security vulnerabilities.

Patch management was traditionally a more straightforward consideration. However, as more companies are operating on a remote or hybrid work structure, the process has become more complex. Auditing current patch management procedures and following best practices are critical for organizations looking to minimize their risk and secure their networks.

Traditional patch management and WSUS

A software patch or fix is a quick-repair job for a piece of programming designed to resolve functionality issues, improve security or add new features. 

Usually, these patches are added after another user or company has already experienced an issue, which could range in severity from a minor inconvenience all the way to a major data breach. As more teams work remotely and IT is no longer able to physically access and monitor their digital environment in-person, automated patch solutions are becoming an increasingly valuable asset. 

Windows Server Update Services (WSUS) is a widely used tool that was originally designed to help businesses optimize their Windows patching process. For enterprise networks relying on operating systems, WSUS offers update management for all Microsoft products, as well as the automatic approval of frequently updated security classifications.

Yet, according to Help Net Security, while 79.7% of IT managers use WSUS and have implemented a policy to manage patching, almost 40% still spend eight hours every month on manual patching tasks ⁠— and, nearly 30% spend twice as long doing the same. Why?

As a product, WSUS is not very user-friendly and typically takes a significantly long period of time to set up compared to more comprehensive alternatives. Other additional disadvantages include:

  • It’s only supported on the Windows Server, and requires fairly expensive licensing.
  • WSUS needs at least four gigabytes of memory to run. The more updates that come out, the more RAM is needed.
  • Over time, as your organization begins to store an increasing amount of downloaded updates, you’ll need to own or free up hundreds of additional gigabytes. And, depending on the software your organization deploys, this amount could increase.
  • The management database can occasionally be corrupted through day-to-day operations and usage, crashing the server and requiring cleanup and repair work to fix it.

In addition to these issues, managers who deploy WSUS have to also consider a process for patching non-Microsoft software that is run on enterprise networks. 

When patching is left up to the individual users, companies are put at an even greater risk. One study by the University of Edinburgh found nearly half of respondents said that they had been frustrated when updating their software. Those surveyed cited the disruption to workflow as the number one cause of avoiding the task for “as long as possible.”

A fully considered patch management process is critical to business continuity and security. As Verizon found in their annual Data Breach Investigations Report, one in three major security breaches is the result of mismanaged patching. These attacks typically result in costly downtime and leave IT teams scrambling to identify, isolate and correct attractions across systems.

When the risk of a data breach is so high, organizations can’t depend on outdated or insufficient patch management solutions. Now more than ever, businesses with hybrid and remote workforces are at a greater risk of experiencing a cyberattack that leverages an missing patch as a means of entry. 

Finding the best patching solution for your organization
At Faronics, we offer an easy-to-use patch management solution that provides maximum control over Windows and third-party app installation and updates.

Unlike other servicing tools, Deep Freeze Cloud patch management features application deployment, scheduled application updates and software usage stats. Your team will receive real-time data through dashboards and alerts to help inform their business decisions. Your company will have complete control when it comes to authorizing and installing necessary updates. Customizable patch scheduling also allows teams to manage deployment times and minimize any downtime for end users.

Our team of experts is ready to help you secure your corporate network and protect your valuable data. If your organization is ready to take the next steps in patch automation, explore our available products or contact us today for further information. 

About The Author

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, expert on Reboot Restore Technology when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.