SCCM Review

Graphical reporting is informative and easy to use, but an agentless version is needed


What is our primary use case?

This solution is used for vulnerability management. Our primary use case is for software updates, including ad-hoc and monthly updates, as well as security patches.

How has it helped my organization?

The whole purpose of vulnerability management is to help with mitigating any security threats that could be within the network. So this solution has helped because it is very valuable to have an overview of which devices and networks are not up to date, or have failed to update with a specific software update deployment.

A specific example is related to malware by the name of Coinminer. It is used by intruders to remotely mine cryptocurrency, using your computer resources. It consumes your computer's CPU and memory. By putting this solution in place and ensuring that the latest security patches are installed, you are no longer vulnerable to this virus. Your computer operates at an optimal speed.

In summary, you maintain security and the best performance of your systems.

What is most valuable?

The most valuable feature is the graphical-based status reports of software updates; showing successful and failed deployments. This gives you a quick overview of vulnerable computers that expose your network to risks of a security breach.

What needs improvement?

I would like to see an agentless version of the solution. An agent-based system is one where every computer on the network has to have a client installed in order to be able to report on it or deploy to it. In the case of this solution, you need to have the SCCM agent installed on every computer. To me, that is a weakness because if you don't have the agents installed in some computers, then you cannot reach them for the deployment of software updates.

An agentless system means that you don't need to have an agent installed on computers. You would simply sweep the network, see all live computers and deploy the updates be able to deploy updates. It is worth noting is that the installed agents open and run on specific ports in the computer. These may be used as launch pads for attacks; making your network more vulnerable to security breaches.

For how long have I used the solution?

More than ten years.

What do I think about the stability of the solution?

This is a stable solution. They release regular updates and upgrades, and they keep enhancing the features. I have not had any bugs that I would say were a challenge.

What do I think about the scalability of the solution?

This solution is very scalable. As your network becomes bigger, you're able to accommodate more computers in terms of deploying the updates that you need to.

How are customer service and technical support?

Microsoft technical support is fairly good, and I would rate them eight out of ten. They try to act promptly, but there are two issues that cause delays. The first is related to the difference in time zones, and the second comes about from the different levels of support licensing.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup for this solution is straightforward. It is a Microsoft-based product, and they usually have startup wizards. It is graphical, and the process of installation is self-explanatory. It is easy, even for a new user.

The initial setup, depending on whether it is a server and what tests have to be done, might take about two hours.

Once running, the time required for the deployment of updates varies depending on how many computers you are deploying to. If you have, say two thousand computers, then it will take approximately a week for all of them to be fully updated. This also depends on how regularly the computers are online. In cases where systems are frequently offline, it will take even longer. Once they come online, they get the deployment and update.

The first priority after installing the software is to gather all of the end-user devices. Make sure that they are all covered and up to date all of the time.

One IT administrator is enough to deploy and maintain this solution.

What about the implementation team?

We handled the implementation and deployment ourselves.

What's my experience with pricing, setup cost, and licensing?

The licensing is good because they have various options, depending on what you are looking for. There are one-year up-to three-year license contracts.

Which other solutions did I evaluate?

We did not evaluate options other than this one, from Microsoft. It is our company policy to run on Microsoft SCCM.

What other advice do I have?

Since this solution is agent-based, computers without the agent cannot be reached on the network. In addition, non-Microsoft products are not supported. So if you have a mix of platforms like Linux and Mac OS, you'd be better off looking for an agentless solution and not SCCM.

Security is one of the big problems with Microsoft products, but usability is equally good. 

I would rate this product a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email