Effectively Manage the Changing IT Environment
As IT environments have become increasingly complex, supporting virtual, distributed, and disparate platforms, companies must ensure that they maintain control of their endpoints through patch management and other things. Ensuring endpoint security is configured and patched correctly across the operation system and 3rd party applications is paramount to reducing IT risk and improving endpoint operations.
With the browser fast-becoming the new corporate desktop and 3rd party applications being heavily targeted by cybercriminals it has become more challenging to effectively mitigate IT risk exposures across today's dynamic IT environments. In fact, the number one security priority listed by the SANS Institute is patching "client-side software"1.
Gartner identified that 90% of all cyber attacks are from known vulnerabilities and predicts that by the end of the year, 75 percent of enterprises will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses³.
Without a network security software and a comprehensive vulnerability management solution to define mandatory baselines, discover and assess your network resources, patch and remediate vulnerabilities, and centrally audit and report on the effectiveness of your vulnerability management approach, your organization may be left exposed.
Lumension’s Patch and Remediation Solution provides rapid, accurate and secure patch management.
This optimization is achieved by automating the patching process, from vulnerability identification to patch collection, distribution, remediation and verification reporting. Lumension Patch and Remediation significantly reduces the exposure to cybercriminal and malware risk while decreasing the cost of endpoint operations and compliance reporting requirements. With centralized management, Lumension allows you to proactively manage threats and IT risk, and give your system endpoint security even in the most complex IT environments.
A single, intuitive management consolefor easy patch and remediation administration across multiple platforms - Windows, Unix, Linux and Mac OS.
The industry’s broadest 3rd party vulnerability content available including the largest repository of Adobe vulnerability content.
- Integrated asset discovery for full network visibility and continuous control across both physical and virtual environments.
- Automated policy baselines to ensure that patches, configurations, remediations, and other tasks are continuously enforced.
- Extensibility and customization via Lumension Content Wizard including power policy management, software deployment and removal, desktop configuration templates and custom task scripting.
- Enhanced Wake-on-LAN to provide complete visibility and control over powered down systems and ensure that critical patches and software updates are successfully deployed. When used in conjunction with Lumension Content Wizard, power management polices and efficient patch management with maximum energy efficiency can be attained.
- Power management reporting to effectively demonstrate the value of reduced power consumption and to use this information to apply for potential power savings rebates from your local power company.*
IT risk management integration via Lumension® Risk Manager to automatically assess controls and potential deficiencies for IT risk management prioritization and compliance reporting.
* This is a separately licensed capability available through Lumension Patch and Remediation.
Lumension Patch & Remediation: How It Works
1. Discover - Gain complete visibility of your heterogeneous network environment. Proactively discover all of your IT assets, both managed and unmanaged, through in-depth scans and flexible grouping and classification options.
2. Assess - Proactively identify known issues before they can be exploited. Perform a deep analysis and thorough OS, application and security configuration vulnerability assessments.
3. Prioritize - Focus on your most critical security risks first.
4. Remediate - Automatically deploy patches to an entire network. Simplify the process of maintaining a secure environment by continuously monitoring, detecting and remediating policy-driven environments across all major platforms and applications.
5. Report - Through patch management and lumension, you can gain a holistic view your environmental risk. Access a full range of operational and management reports that consolidate discovery, assessment and remediation information on a single management console.
Lumension Scan - Vulnerability Assessment and Prioritisation
Lumension Scan is a complete stand-alone network-based scanning solution that performs a comprehensive external scan of all of the devices on your network, including servers, desktop computers, laptops, routers, printers, switches and more. By leveraging the powerful, yet easy to use Lumension Scan, you are able to identify weaknesses before they are exploited.
Adaptive Scanning - The most accurate vulnerability assessment scan using flexible network-based scanning techniques based on access-levels including credentialed and null based. Also, perform ad hoc scans that can target one or many machines and specific vulnerabilities.
Auto Updating - Schedule and automate recurring scan tasks to run on a daily, weekly or monthly basis.
Complete Asset Discovery - Identifies all network devices and performs configuration and informational checks on ports, services, users, shares and groups
Comprehensive Vulnerability Coverage - Over 4000 vulnerability audits with wide support across Windows, POSIX and infrastructure devices. Vulnerability audits include security configurations, OS and application vulnerabilities, null passwords, patch-level related vulnerabilities, known hacking tools, malware, common worms, and P2P software checks.
Comprehensive Reporting - Ability to create and export (RTF, PDF, HTML, etc) numerous high-level or detailed reports of all scan data to confirm policy and regulatory compliance
Consolidated Views - Multiple scans can be merged together to form a more comprehensive security posture.
Highly Scalable - Highly scalable architecture due to its modular components which can be installed on the same or separate systems and scaled-up as needed. Multiple instances of the scanner scan engine can be deployed across the enterprise, controlled remotely or locally. As the number of systems on the network increase so can the number of engines performing the scans.
Non-Disruptive Scanning - Designed to safely scan for vulnerabilities using standard networking protocols with minimum impact to your network. Never employs malicious vulnerability attacks; scanning methodology uses safe standard networking protocols and API’s.
Remediation Recommendations - Extensive vulnerability database with informational resources and remediation recommendations
Risk-Based Prioritization - All scanned systems are evaluated and prioritized according to asset value and vulnerability criticalities using straight-forward equations. All systems are then listed by risk severity to help focus and prioritize remediation efforts.
Role-Based Administration - Enables distributed management of scan activity by user roles
Provides rapid, accurate and secure patch management, allowing you to proactively manage threats by automating the collection, analysis and delivery of patches throughout your enterprise. Lumension Update significantly decreases the costs involved in securing your organization from worms, Trojans, viruses and other malicious threats.
Support for security and all other patches - not only security and OS, and potentially business SW and HW patches as well, greater support for additional vendors leveraging their own technology to deliver remediation binaries to Lumension Update Server
Agent-Based Architecture - Protects laptop and mobile devices that are often disconnected from the network and reduces network bandwidth usage
Directory Services Integration - Dynamic creation of groups based on existing Microsoft Active Directory environments, with cascading inheritance for agent policy, mandatory baseline and user permissions
Inventory Management - Identifies and reports all software, hardware and services inventory and supports software distribution
Automated Agent Distribution - Agent Management Center utility automates the deployment of the patching agent to unmanaged computers, ensuring maximum coverage and protection
Automatic Notifications - Automatically alerts administrators when a patch is removed or dropped due to restoring a backup or installing a new application
Comprehensive Patch Pre-Testing - Lumension Secuirity's extensive testing against standard computer images reduces the amount of development and testing required prior to patch deployment
Flexible Application Reporting - Audits and reports on the status of the organization's security
Flexible Scanning and Deployments - Allows the Administrator to control the scanning and patch distribution schedule to minimize business disruptions
Fully Internet-Base - Communications based upon standard protocols (TCP-IP/ HTTP & HTTPS)
Flexible Group Management - Creates custom computer groups to increase deployment accuracy and IT efficiency
Hierarchical "Nested" Grouping - Allows the Administrator to represent multiple layers of geographical structure within Lumension Update
Highly Scalable - Ensures complete coverage for the largest worldwide networks with high-availability topologies and Lumension Distribution Point architecture
Custom Graphical "Dash Board" - Enables creation of a custom dash board of the information most critical to the success of your organization's patch management process from a list of 8 key indicators
Multi-Patch Deployments - Delivers multiple patches to multiple computers in one distribution to increase IT productivity
Multi-Platform Support - Enables security of all operating systems in heterogeneous networks, including Windows, UNIX, Linux, Apple, and Novell
Patch Fingerprint Accuracy - Ensures the highest level of accuracy in the detection of security vulnerabilities
Policy-Based Administration - Ensures that all systems meet a mandatory baseline policy - a key aspect of regulatory compliance
Role-Based Administration - Enables System Administrator to delegate activities to improve productivity while maintaining security
Subscription Service - Provides constant vulnerability/patch availability notification and secure downloads for selected, pre-tested and pre-packaged patches from a dedicated Lumension host and ensures no unauthorized packages enter your network
Lumension Management Console
Flexible Architecture - Flat or Hierarchical implementations, with a single management console instance or multiple consoles rolling up into a centralized, master console.
Consolidated Views - Multiple scan and remediation reports can be merged together to form a comprehensive security posture
Highly Scalable -Currently deployed by customers across hundreds of thousands of endpoints.
Role-Based Administration - Delegate remediation and reporting activities to improve productivity while maintaining security
Policy-Based Administration - Push out mandatory baseline policies to all endpoints — a key aspect of regulatory compliance
Standard Industry Classifications - Identified vulnerabilities are linked to common industry vulnerability classifications like CVE, BugTraq and IAVA codes for easy identification, analysis and remediation.
Comprehensive Reporting - Document changes and demonstrate progress toward audit and compliance requirements with enterprise & local reporting of asset inventory, network or agent-based scans, vulnerability remediation and much more
Global Installation Support - Inclusion of international date / time designations for assessment and remediation activities and A4 support for report generation
Lumension Security Configuration Management
Provides out-of-the-box regulatory, standards-based assessment and industry best practices templates to ensure endpoints and applications are properly configured. Lumension Security Configuration Management™ seamlessly integrates with its proven, market-leading solutions, Lumension Scan and Lumension Update, to deliver a comprehensive network and agent-based risk assessment of software flaws and configuration vulnerabilities, rapid remediation, continuous validation and policy compliance reporting. Lumension Security Configuration Management™:
Open, standards-based approach: Leverages security best practices to ensure secure configurations; content pulled from a variety of sources including: OVAL Vulnerability fingerprints, SCAP, FDCC Compliance
Checklist, PCI Compliance Checklist, NVD, Microsoft Patch Fingerprint, etc.
Delivers actionable information: Consolidates content from variety of sources and delivers information with context to properly remediate
Policy Management: Provides the ability to define, edit and import/export security configuration policies.
Policy Assessment: Delivers a flexible mechanism to assess and apply appropriate policies to applicable systems.
Results and Reports: Demonstrates policy compliance with high and low level reports on the status of endpoint configurations..
Policy Enforcement: Maintain compliance, leveraging automated remediation and policy enforcement with PatchLink PDK.
Mature (Lumension Update and Scan) delivery platform for assessment and reporting - SCM is expanded functionality on top of a proven base
Centralized User Interface: Technical controls and asset entities are consolidated into a single UI
Consolidated architecture: Comprehensive approach within one architecture and framework for securing the endpoint
Lumension Enterprise Reporting
Gathers data snapshots from each Lumension Update server in your environment, on a pre-defined, automated basis. The data is uploaded to a separate Enterprise Reporting server, via secure RSA encrypted transmissions, ensuring that data analysis does not interfere with critical assessment and remediation activities. Once uploaded, the data is consolidated into the central Enterprise Reporting data warehouse repository for centralized analysis and reporting.
Auto Report Generation & Distribution - Schedule automated report generation and immediate email distribution of reports to authorized users
Comprehensive Report Library - Over 30 standard reports for vulnerabilities, patch deployment, inventory, compliance, and more are included
Data Mining - Interactive reports allow you to “drill down” into report data, drilling from a global view of all users down to individual groups and entire Update servers down to individual devices.
Efficient Data Consolidation - Installs on a separate server to minimize disruptions to Lumension Update, enabling you to run reports without interrupting key patch and vulnerability tasks
Enterprise Dashboard - Global view of vulnerability status for all enterprise assets provides a unified look at the health of your enterprise.
Extensible to 3rd Party Reporting Tools - Works seamlessly with third party reporting tools including SQL Reporting Services, Business Objects, Crystal Reports, and more
Group Hierarchy Reporting Structure - Ability to report on custom nested groups created within Lumension Update and directory service groups designated in your Microsoft Active Directory Services structure
Instantaneous Results - View current status of vulnerability management efforts with up-to-minute reports
Open Reporting Schema - Data views make it easier to find reporting data; underlying queries are exposed to easily create custom reports
Policy-Based Reporting - Flexible policy-based reporting enables you to substantiate compliance with security aspects of government regulations such as Sarbanes-Oxley, HIPPA, FISMA and others
Secure, Automated Data Transfer - Data from multiple Lumension Update Servers is automatically transferred to a secure central repository using RSA encryption
Lumension Developers Kit
Quickly and easily create intelligent change packages that can dynamically identify and correct a variety of problems from simple configuration issues to blocking Zero-day threats – proactively. Once created, these packages can be seamlessly uploaded into your Lumension Update repository for automatic deployment, continuous validation, and ongoing status reporting.
Flexible Content Creation - custom remediation packages can be created to address a wide range of software and configuration threats, distribute or remove applications and files, enforce configuration policies, and more.
Rapid Content Development - intuitive, easy-to-use interface allows you to develop custom packages in minutes to react to the latest threats.
Immediate Content Distribution - content is seamlessly ported into your Lumension Update repository for automated, enterprise-wide deployment.
Applicability Testing - custom packages can be wrapped with intelligence using our patented Fingerprint Technology™, allowing you to test machines for applicability before distributing packages throughout your network.
Broad Coverage - custom packages can be deployed across your heterogeneous network to any machine that contains a Lumension Update agent.
Continuous Monitoring - custom packages created with Lumension PDK can be continually monitored and reported on through the Lumension Update interface.