Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Security configuration management for seamless control and compliance.

Lumension Security : 30 January, 2008  (New Product)
Lumension launches solution for content management, endpoint security and compliance for enterprises in the second quarter.
Lumension Security has announced the introduction of PatchLink Security Configuration Management (SCM), the industry's first enterprise-class solution that ensures secure and compliant endpoint configurations in accordance with industry best practices. PatchLink SCM makes use of the Security Content Automation Protocol (SCAP) and is seamlessly integrated into Lumension Security's proven, market-leading solutions, PatchLink Scan and PatchLink Update. The PatchLink SCM solution provides both commercial and government entities with out-of-the box regulatory and best-practices templates to ensure all of their systems and applications are properly configured.

'Enterprises need to focus on first securing their business systems and then on demonstrating compliance. The vast majority of damage-causing attacks (both internal and external) take advantage of misconfigured or poorly administered systems,' said John Pescatore, VP and Distinguished Analyst at Gartner Inc. 'Enterprises need to deploy security processes that are backed with automated tools to increase both the effectiveness and the efficiency of configuration and vulnerability management.'

'Evolving regulations and standards have become more specific with regards to regular assessment and measurement reporting of endpoint configurations,' said Matt Mosher, senior vice president of the Americas at Lumension Security. 'PatchLink SCM enables enterprises to define security policies that are based on best practices identified by security organizations such as National Security Agency and National Institute of Standards and Technology (NIST) as well as leading vendors such as Microsoft. Lumension customers can easily link these policies to technical controls, enabling them to easily demonstrate compliance with their organizational security policies and government regulations. This integration also facilitates continuous assessment and comprehensive reporting to help organizations proactively reduce corporate risk by eliminating vulnerabilities caused by mis-configurations and providing ready-to-deploy policy related content.'

With PatchLink SCM, organisations can easily monitor and verify compliance with both federal and commercial regulatory requirements. This is accomplished by automatically mapping security policies and controls to recognized industry best practices. By combining standards-based assessment and remediation for both software and configuration vulnerabilities -- and by reporting against specific regulatory policies and industry standards such as Federal Desktop Core Configuration (FDCC) and Payment Card Industry (PCI), among others -- PatchLink SCM delivers a cost-effective, easily managed, holistic solution for managing secure configuration and policy compliance.

According to the US Office of Management and Budget (OMB), all federal government agencies must adopt secure configurations on Windows XP and Vista operating systems by February 1, 2008. The memorandum, OMB 07-11, stipulates that agencies must certify that applications are fully functional and operate correctly on systems using the FDCC. In addition, agencies must implement standard installation practices and assert that installing/updating does not alter the configuration settings from the approved FDCC configuration.

'The OMB mandate and looming deadline have created a pressing need among federal agencies for a solution that quickly assesses configuration and provides guidelines for any necessary remediation. However, current offerings are either not scalable to an enterprise level or they do not integrate with existing solutions, leaving organizations to deal with yet another disparate technology,' said Steve Antone, vice president of federal solutions at Lumension Security. 'Our SCM module is the first of its kind to solve both the scalability and integration issues. A large number of our federal government customers already use PatchLink Update and Scan solutions, so SCM is a seamless fit into the infrastructure and will provide robust assessment, remediation and enforcement capabilities within one technology set.'

PatchLink SCM provides a comprehensive list of NIST's SCAP policies with hundreds of defined checks, allowing organizations to quickly evaluate their security posture and determine what must be fixed to meet a given standard. In addition, customized templates ensure that assessments are tailored to the various compliance policies that fit an organization's specific requirements. The SCM product streamlines this process by facilitating the simple importing and exporting of policies across multiple Vulnerability Management Servers, enabling the same policy documents to be shared by network scanner and agent-based assessment. This eliminates the need to manage and interpret a wide range of different policies and results from non-integrated scanners and agents.

Lumension's SCM will be available in Q2 2008.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo