Reduce Corporate Risk with Proactive Security Configuration Management
Security Configuration Management Business Issues and Challenges
As IT environments have become increasingly complex, supporting virtual and distributed platforms, companies must ensure that they maintain control of their information and system management. IT organizations must manage multiple point-based technologies, which add complexity and cost. A new approach is required to simplify the IT environment and ensure enhanced security and IT risk management with the lowest total cost of ownership possible.
Download the Datasheet
Such a solution is particularly important to effectively manage endpoint configurations. With end users regularly able to download and install software, application conflicts can occur – ultimately reducing user productivity and increasing IT operating costs due to security incidents and help desk overhead. Proactively monitoring configurations is just as important as rapidly applying critical patches because 60 percent of all exploited vulnerabilities are due to insecure configurations.¹ Government regulations and industry standards are recognizing this, which explains the recent influx of security configuration management requirements.
Without holistic visibility and standardization of endpoint configurations, IT administrators can't possibly know or manage all of the applications in the environment. A solution is needed that allows organizations to enforce a consistent endpoint configuration policy and continuously monitor and report on its adherence.
Overview
Ensure That Endpoints Are Securely Configured, Remediated and Compliant with Industry Best Practices and Regulatory Mandates
Lumension® Endpoint Management and Security Suite delivers an end-to-end suite of solution capabilities across endpoint operations, security, compliance and IT risk management to reduce complexity, optimize TCO, improve visibility and deliver control back to IT.
Lumension® Security Configuration Management provides out-of-the-box regulatory, standards-based assessment and industry best practices templates to ensure endpoints and applications are not only patched, but also properly configured. It seamlessly integrates with its proven, market-leading solutions, Lumension® Scan and Lumension® Endpoint Management and Security Suite: Patch and Remediation, to deliver a comprehensive network and agent-based risk assessment of software flaws and configuration vulnerabilities, rapid remediation, continuous validation and policy compliance reporting. Lumension Security Configuration Management provides:
- Management of security configuration baselines for workstations, servers and mobile laptops from a single point of control
- Continuous and proactive assessment to prevent configuration drift and ensure policy compliance
- Out-of-the-box regulatory and industry standards-based configuration templates
- Identification of configuration-based risk through monitoring and reporting on non-compliant systems
- A NIST-validated solution
How It Works
- 1.Discover: Gain complete visibility of your heterogeneous network environment. Proactively discover all of your IT assets, both managed and unmanaged, through in-depth scans and flexible grouping and classification options.
- 2.Assess: Proactively identify security configuration issues against out-of-the-box checklists containing hundreds of configuration settings mapped to industry standards.
- 3.Prioritize: Focus on your most critical security risks first.
- 4.Remediate: Create automated policy baselines that simplify the process of maintaining a secure environment by continuously monitoring, detecting and remediating policy-driven environments across all major platforms and applications.
- 5.Report: Gain a holistic view your security configuration policy violations. Access a full range of operational and management reports that consolidate discovery, assessment, and remediation information on a single management console.
Demonstrate Compliance with Regulatory Policies and Industry Standards
- As a NIST-validated solution, Lumension Security Configuration Management provides a comprehensive list of SCAP policies with hundreds of defined checks, allowing organizations to quickly evaluate their security posture and determine what must be fixed to meet configuration requirements according to:
- Microsoft Windows Security Guide Series
- NIST Special Publication 800-68
- Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG)
- National Security Agency (NSA)
- Office of Management and Budget (OMB) Federal Desktop Core Configuration (FDCC)
- In addition, customized templates ensure that assessments are tailored to the various compliance policies that fit an organization's specific requirements.
Features & Benefits
| Key Product Features |
Benefit |
SCAP Validated FDCC Scanner
- This NIST validation ensures accurate assessments of policy checklists and configurations as defined in the National Vulnerability Database.
|
Increases Accuracy and Confidence
- SCAP validation provides another level of confidence.
- Agency endpoint configurations will be compliant with Mandate standards.
|
Leverages Open Standards and Protocols
- Ensures policy management via extendable and customizable architecture providing the ability to add, create, define, edit and import/export security configuration policies and checklists based on industry standards in an easy-to-edit XML format.
|
Reduces IT Costs
- Create and maintain your own policies.
- Manage and interpret different policies and results from different tools with integrated scanners and agents.
|
Policy Assessment and Compliance Management
- Delivers a flexible mechanism to assess and apply appropriate policies to applicable systems.
- Combination of standard configuration checklists from variety of sources with Lumension repository of software vulnerabilities delivers information with context to properly remediate.
- Delivers actionable information.
|
Simplifies Compliance
- Simplify compliance through best-practice configuration checklists.
Lowers TCO
- Automation of configuration issue identification & correction lowers security operating costs.
Reduces Endpoint Risk
- Reduce security incidents and strengthen your security posture.
- Continuously manage & enforce your policy.
|
| Policy Assessment and Enforcement
|
Increases Compliance
- Maintain your compliance by enforcing policy.
|
Centralized User Interface
- Demonstrates policy compliance with high- and low-level reports on the status of your endpoint configurations.
- Technical controls and asset entities are consolidated into a single UI.
- Intelligent Dashboard Displays.
|
Reduces IT Costs
- Reduce IT overhead via standardized and secure configuration settings.
- Increase operational efficiency by managing all vulnerability activities from a single tool.
|
Security Posture Reporting
- Automates security checks including event log policy settings, file permission settings, local policies group, system services group, network settings, system settings, windows components, local user policy setting, security patches, firewall settings, IE settings application settings.
|
Increases Visibility of Security Posture
- Detail and roll-up results views provide instant visibility into configuration posture.
Ensures Constant Audit-Readiness
- Maintain constant audit readiness through the automated collection and centralization of security configuration results.
|
| Mature Delivery Platform for Assessment and Reporting
|
Security Configuration Management Capabilities Integrated into Proven Vulnerability Management Solution
- Ensure regulatory compliance through risk assessment of security configurations (e.g., screensaver configurations, password complexity, running services).
- These capabilities are built on top of proven vulnerability management solutions.
|
Requirements
Minimum Requirements - Server
| Requirements |
Version |
| Hardware |
A dual-core processor (any speed)
1 GB RAM
32 GB of available disk space |
| Operating System |
Windows Server® 2003, Web Edition with SP2 or later (x86)
Windows Server 2003, Standard Edition with SP2 or later (x86)
Windows Server 2003, Enterprise Edition with SP2 or later (x86)
Windows Server 2003 R2, Standard Edition with SP2 or later (x86)
Windows Server 2003 R2, Enterprise Edition with SP2 or later (x86)
Windows Server 2008, Web Edition (x86/x64)
Windows Server 2008, Standard Edition (x86/x64)
Windows Server 2008, Enterprise Edition (x86/x64)
Note: Lumension Endpoint Management and Security Suite must be installed on an English operating system using any English locale (en-US, en-UK, en-CA, and so on) in its default configuration.
|
| Web server |
Microsoft® Internet Information Services (IIS) 6.0 or later. |
| .NET Framework |
Microsoft .NET Framework version 3.5
Note: If not present, Microsoft .NET Framework 3.5 is installed with Lumension Endpoint Management and Security Suite.
|
| Web browsers |
Microsoft Internet Explorer 7.0 or greater
Mozilla®Firefox® 3.0 or greater. |
| DB Server |
SQL Server 2005, Express Edition with SP3 (x86)
SQL Server 2005, Standard Edition with SP3 (x86)
SQL Server 2005, Enterprise Edition with SP3 (x86)
SQL Server 2008, Express Edition (x86)
SQL Server 2008, Standard Edition (x86/x64)
SQL Server 2008, Enterprise Edition (x86/x64)
Supported database servers can be installed in the following locations relative to the Lumension Endpoint Management and Security Suite server:
- Locally in named instances installed by Lumension Endpoint Management and Security Suite.
- Locally in named or default instances that are preexisting.
- Remotely in named or default instances that are preexisting.
Note: If an instance of SQL Server is not present on your target server, SQL Server 2008, Express Edition with SP1 is installed with Lumension Endpoint Management and Security Suite (if you are not using a remote instance of SQL Server)
|
Lumension Patch and Remediation Agent Coverage - Supported Client OS
| Vendor |
Processor Family |
OS Version |
OS Edition |
OS Bit |
| Microsoft Windows |
X86/x64 |
Windows XP SP2 |
Professional |
32/64 |
| Windows 2003 |
Web
Standard
Enterprise
R2 |
32/64 |
| Windows Vista |
Enterprise
Business
Ultimate |
32 |
| Microsoft Windows 7 |
Professional
Enterprise
Ultimate |
X86
X86_64 |
| Microsoft Server 2008 |
Web
Standard
Enterprise |
X86
X86_64 |
| Microsoft Windows Server 2008 R2 |
Web
Standard
Enterprise |
X86
X86_64 |
Minimum Requirements with Lumension Scan
| Hardware |
Pentium® compatible 1 GHz
Single 100 Mbps network connection
20GB of available disk space
512 MB RAM |
| Operating System |
Windows 2000 Server SP4
Windows Server 2003 SP1
Windows XP Professional SP2
Windows 2000 Advanced Server SP4 |
| .NET framework |
Microsoft .NET Framework 2.0+ |
Lumension Scan Supported Target Systems
| Operating System / Version |
Discovery |
Assessment |
Remediation |
| Windows 2003 Server X86/X64 |
|
|
|
| Windows 2008 Server X86/X64 |
|
|
|
| Windows XP X86/X64 |
|
|
|
| Windows Vista X86/X64 |
|
|
|
Save up to 33% with our Solution Packs
| Combining award-winning software, world-class 24x7 technical support and expert training, Lumension® Solution Packs rapidly enhance your security posture and reduce IT operational costs – enabling an always-on and always-protected business.
|
 |