If you want to update your Windows computers with the latest updates and security patches, SUS does a great job in giving you the ability to manage the updates. But I'm not sure that completely answers your question. If you want to update other applications, such as Microsoft Office, SUS alone will not do that for you. You would need to look into another solution like Systems Management Server, which can do what SUS does, but also deploys any application or application update to your company's computers.
Despite that, the SUS architecture is pretty simple. You install an SUS
server in your organization. This server synchronizes with the Windows
Update Web site so that the updates and patches sit on the server. Then it gives you the ability to choose what updates should be made available to the computers. Once you have authorized an update, the Update service on the computers know to pull the updates from your local server. Here's a good paper on developing a patch management policy for your company. It also includes prescriptive guidance for using SUS for deploying updates.
This was first published in August 2003