A large number of vendors are aiming to aid IT organizations to manage patches. Many organizations are behind on patch applications, which open them up to security risks, because they lack the resources and tools to manage patches effectively. Smaller and larger companies have different needs when it comes to patches, but both require automation, documenting of changes, testing and solid deployment policies. The volume of Windows updates has focused attention of the patching problem and the need to automate. Windows Server Update Service (WSUS) is much better than using the Microsoft update website, but not enough for organizations with more than just Windows to worry about. WSUS also lacks flexibility and scalability. Software distribution and configuration suites often include patch management, but are also usually quite expensive, and may not be worthwhile if your responsibilities do not include network devices on non-Windows servers. If these suites are worthwhile, they should include 'robust patch management capabilities.' Consider how products deal with devices that aren't connected to the network at the time of the patch. Products should have a method for trying the patch again, and for alerting the administrator in case of failure. There are four types of patch management products: Windows with optional agents, Windows with required agents, multiplatform systems with required agents, and multiplatform with required agents and virtualization. Each class has various products to meet its needs. Though these have not yet been tested, several options are listed for each class.