As IT environments have become increasingly complex, supporting virtual, distributed, and disparate platforms, organizations must now ensure that they maintain stronger control of their endpoints. The first step to improving endpoint control is to standardize endpoint configurations and automate patch management across the entire endpoint environment. By eliminating vulnerabilities in third party applications and heterogeneous operating systems, IT risk can be effectively reduced, while endpoint operations can be improved.
With 3rd party applications like browsers and other productivity tools being the primary path used by cybercriminals to gain access to corporate network systems, the ability to effectively mitigate IT risk exposures across today's dynamic endpoint environments is increasingly challenging. That is why the SANS Critical Security Controls includes software inventorying, secure configurations, and continuous vulnerability assessment and remediation among the top-4 priorities for immediate action.
While there are numerous "free" patch management tools or updaters native to specific applications available today, relying upon such tools could end up costing organizations more due to a lack of IT visibility and control that can lead to increased risk and lost productivity. For example, Microsoft Windows Server Update Service (WSUS) only supports current versions of Microsoft applications, and operating systems with patch content – legacy applications may not be supported and no third party applications are supported, which is problematic as about 80% of all vulnerabilities are from non-Microsoft applications. In fact, a typical endpoint requires at least 12 native updaters to cover all applications installed, and even then total coverage is not guaranteed. Learn more about how relying upon "free" patch management tools could cost more.
To ensure that systems remain configured per IT policy and rapidly remediated against the growing list of application and OS vulnerabilities, a centralized solution is needed that automates discovery, assessment and remediation for heterogeneous endpoint environments and proactively alerts busy system administrators to key issues.
Introducing Lumension® Patch and Remediation
Lumension® Patch and Remediation, provides rapid, accurate and secure patch management for applications and operating systems, allowing you to proactively manage threats and IT risk even in the most complex of environments. IT management control is enhanced by centralizing and automating the patching process from vulnerability identification to patch collection, testing, distribution, remediation and verification reporting. Lumension® Patch and Remediation significantly reduces the exposure to cybercriminal and malware risk while decreasing the cost of endpoint operations and compliance reporting requirements.
Heterogeneous OS support for easy patch and remediation administration across multiple platforms, including Windows, Linux, UNIX and Mac OS X. Microsoft patch coverage includes both security and non-security content for operating systems back to Windows XP / Server 2003 and applications such as Office.
The industry's broadest third party vulnerability content available, including the largest repository of Adobe vulnerability content.
Integrated asset discovery for full network visibility and continuous control across both physical and virtual environments.
Automated policy baselines to ensure that patches, configurations, remediations, and other tasks are continuously enforced.
Enhanced Wake-on-LAN provides complete control over the patching process and provides IT with the flexibility to determine when patch distributions occur (i.e. during non-work hours), and to bring powered down systems back on-line to ensure a comprehensive distribution of vulnerability patches.
Power management reporting that demonstrates power consumption savings and provides the information necessary to apply for utility rebate programs available through local utility providers. Lumension® Power Reporting and Lumension® Content Wizard Add-ons provide IT with a complete endpoint power management solution. See how much your organization can save with our power management calculator and view an independent benchmarking analysis of the Lumension® Power Management solution.
Lumension's patented Patch Fingerprinting technology* determines whether an endpoint is patched or un-patched across a wide variety of operating systems and applications – even down to very specific software versions. Patch fingerprints include unique files, file attributes, directories, and registry keys. This unique capability effectively improves endpoint security and reduces operating costs - especially across large and diverse endpoint environments.
Extensibility and customization via Lumension® Content Wizard Add-on including power policy management, software deployment and removal, desktop configuration templates, and custom task scripting to support patch deployment for proprietary in-house systems.
Seamless integration with Lumension® Endpoint Management and Security Suite, which enables organizations to simplify endpoint management and control and reduce the overall expense of managing complex endpoint environments by consolidating different product modules into a single console, single server, single agent platform architecture.
How Lumension® Patch and Remediation Works
Spend 30 minutes with our Sr. Product Manager, as he walks you through a guided demo. Learn how to: discover all of your physical and virtual endpoints, assess the vulnerabilities on those endpoints, prioritize and remediate those vulnerabilities, and generate in-depth reports.
Click to Play
* U.S. Classification: 713191000; 717168000; 717174000; International Classification: G06F011/30; G06F009/44; G06F009/445