Otto background

Should I Replace WSUS?

Windows Software Update Service (WSUS) was released in 2005 as an improved version of Microsoft’s previous update service, Software Update Service (SUS). At the time Windows operating systems were prevalent and patching endpoints individually had become a stretch on bandwidth and human resources. SUS and WSUS solved this issue by allowing IT Managers to download a patch once and apply it across an entire network. WSUS expanded on SUS’ capabilities by adding some additional software capabilities and allowing for reporting on updates.

Initially seen as a much-needed tool, in the decade since it was released WSUS has become a bane to IT Managers and SysAdmins who use it as their primary patching solution. WSUS has many documented problems, including updates that cause WSUS itself to fail, configuration issues, and the lack of a simple way to patch 3rd party applications. Despite 3rd party applications being a leading cause of vulnerabilities1, WSUS only enables patching of Adobe, Java, and other external systems through APIs which require additional configuration and are rarely utilized.

Most critically, WSUS does not reliably give administrators accurate information on what patches have been applied to specific devices, forcing them to run separate checks to verify if their network is fully patched. If devices are offline when a patch is deployed or a patch isn’t installed due to a conflict, WSUS may falsely report those systems as being patched2, leaving networks vulnerable and sysadmins unaware.

While WSUS is a free tool that allows for some automation of patching for Windows systems, it has never been a one-stop-shop for patching needs. Administrators must run WSUS in conjunction with vulnerability scans to verify patch status, and either employ another patch management system for Apple and Linux devices or go through the tedious process of patching these systems manually. Because multiple solutions are employed, the ability to report on the overall security state of your infrastructure requires significant time and resources.

Given these issues and the growth in non-Microsoft operating systems as part of a network’s makeup, WSUS is becoming less relevant in a modern IT infrastructure. IT Managers and SysAdmins are actively searching for a viable alternative to WSUS that provide full infrastructure visibility and reporting, can easily patch third party software applications, and can reduce the burden on the IT team.

Fortunately, there are new automated patch management solutions that meet all of these needs and provide even more features, including the ability to handle hybrid cloud environments,  patch Windows, Linux and Mac OS X, deploy software, and manage device configuration settings. In the past, this level of automation was considered out of reach for everyone except the enterprise level.



About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.