As a busy sysadmin, I’m blown away by Red Hat‘s Red Hat Network. They provide a simple web interface through which you can manage all your non-firewalled machines. Security updates can be scheduled and applied, new packagaes, etc. For your firewalled machines, you get email notices telling you what patches are avaliable for what machines, and there are tools that will go out and update the machine.
They collect a substantial amount of information on each machine, but I have faith in them (so far), so out-sourcing security to them isn’t that big of a deal to me. Especially since they charge less than $20/machine.