Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Enterprise IT security management configuration tool.

Lumension Security : 10 April, 2008  (New Product)
With PatchLink SCM, enterprises can now configure and proactively manage IT asset security and ensure compliance.
Lumension Security has announced the availability of PatchLink Security Configuration Management (SCM). PatchLink SCM enables organisations to proactively assess secure configuration states of IT assets and automate internal and external audits in accordance with industry-recognised best practices.

PatchLink SCM leverages the National Institute of Standards and Technology's (NIST) open source Security Configuration Automation Protocol (SCAP) policies. The new offering is an enterprise-ready solution designed to perform a top-down threat analysis that reduces business risk, improves overall network performance and lowers costs while simultaneously addressing and meeting audit requirements. PatchLink SCM provides a comprehensive list of NIST's SCAP policies with more than 700 secure settings that directly map to industry regulations such as FDCC (Federal Desktop Core Configuration) and PCI DSS (Payment Card Industry Data Security Standard). The SCAP ready solution delivers customisable configuration templates based on industry best practices to help organisations quickly evaluate their security posture and determine the necessary remediation steps in order to maintain compliance with the industry security standard.

"Configuration security has become such a critical issue for both government and private industry in recent years that regulatory mandates—including PCI DSS and FDCC—have incorporated very specific configuration requirements," said Mike Wittig, president and CTO of Lumension Security. "Even with these mandates and standards in place, many organisations need the right configuration tools and automation to properly assess and maintain systems with specific settings on an ongoing basis. We have worked very closely with industry leaders such as NIST and the National Security Agency to develop this SCAP-ready solution that provides a top-down baseline of the security environment for standardising and automating risk management, compliance reporting and security measurement."

Configuration issues are typically the result of changes made by employees within the firewall—either intentionally or accidentally—that open attack vectors for hackers. Default configurations for operating systems and applications are oftentimes not secure, and even when systems are initially secured, their configurations "drift" over time, resulting in reduced security posture, increased attack surface, application conflicts, reduced productivity and higher IT operating costs due to security incidents and helpdesk overhead.
In addition, according to the SANS Institute's best practices for preventing its top 20 risks, organisations should enforce configurations from the first day by implementing the most secure configurations that business processes will allow. Lumension Security's PatchLink SCM mitigates threats associated with mis-configured endpoints by providing out-of-the-box regulatory, standards-based assessment and industry best practices templates.

PatchLink SCM seamlessly integrates with Lumension Security's proven, industry-leading solutions, PatchLink Update and PatchLink Scan, to deliver a comprehensive, enterprise-class solution. This includes agent-based and agentless risk assessment of software flaws and configuration vulnerabilities, accurate remediation, continuous validation and policy compliance reporting. Lumension Security is currently working with an accredited laboratory to officially make its PatchLink Update and PatchLink Scan SCAP validated as part of the SCAP Validation Program.

"The benefits of standardising and automating secure configuration settings include slowing the spreading of botnets, radically reducing delays in patching and stopping many attacks directly. In addition, organisations that have addressed configuration issues typically report a significant cost savings," said Alan Paller, founder and research director of the SANS Institute.

Lumension Security's PatchLink SCM will be available worldwide May 1, 2008. For more information, please the SCM product website. For a free 30 day trial of PatchLink SCM and Vulnerability Management Solution, please complete the product evaluation request form.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo