Security Configuration Management
Lumension Security Configuration Management provides out-of-the-box regulatory, standards-based assessment and industry best practices templates to ensure endpoints and applications are properly configured.
Lumension Case Study
Once you get used to options available PatchLink is simple to use and the export to CSV facility is very useful.
Mike Walder
Support Consultant
East Sussex County Council
Lumension Case Study
It is imperative that organizations move away from the scan-and-patch mindset. Not only is it a reactive method of security, but also not every problem can be fixed with a patch.
Matt Mosher
Author & Senior Vice President of Americas
Lumension
Read the Integrating Vulnerability Assessment and Remediation white paper
Security Configuration Management Business Issues and Challenges
Organisations face many challenges around ensuring compliance, reducing TCO and improving productivity. These are just some issues organisations face every day:
- Application conflicts and reduced user productivity increase IT operating costs due to security incidents and help desk overhead
- Lack of domain expertise in security best practices results in weakened security posture and lack of compliance
- Increased need to demonstrate compliance against a multitude of regulations and policies
In addition, today's borderless enterprise does not have a holistic view over the endpoint security on their network and probably doesn't know whether a system has been patched, is free of vulnerabilities and is configured correctly. Proactively monitoring configurations is just as important as the need to rapidly apply critical patches because 60% of all exploited vulnerabilities are due to insecure configurations¹. Government regulations and industry standards are recognising this, which explains the recent influx of security configuration management requirements. A solution is needed that allows organisations to enforce a consistent endpoint configuration policy and continuously monitor and report on its adherence.
¹ IDC
Ensure Regulatory Compliance through Risk Assessment & Remediation of Application & Endpoint Vulnerabilities
Lumension Security Configuration Management seamlessly integrates with its proven, market-leading solutions, Lumension Scan™and Lumension Patch and Remediation™, to deliver a comprehensive network and agent-based risk assessment of software flaws and configuration vulnerabilities, rapid remediation, continuous validation and policy compliance reporting.
How It Works
- Manage Security Configuration Policy: Define, edit, and import/export security configuration policies and best practices by leveraging the Security Content Automation Protocol (SCAP). Automatically map these regulatory or internal security policies to your own agent policy set, enabling you to standardise and secure your endpoint configurations and easily demonstrate compliance. Thanks to open standards, security specifications can also be added or edited to create custom security configuration policies.
- 2. Assess Policy Compliance by Group and Device: Apply desired security specifications to your network device groups and application configurations. Automatically (or manually, where applicable) assess policy compliance with security configuration specifications for device groups as well as individual devices.
- 3. Report Policy Compliance Results: Demonstrate policy compliance by reporting configuration status against regulations and industry standards such as Federal Desktop Core Configuration (FDCC) and Payment Card Industry (PCI-DSS) as well as customised policies.
- 4. Enforce Policy Compliance: Achieve and maintain compliance with security configuration policies and best practices, leveraging automated remediation and policy enforcement with Lumension Developers Kit™.
Demonstrate Compliance with Regulatory Policies and Industry Standards
- As a NIST-validated solution, Lumension Security Configuration Management™ provides a comprehensive list of SCAP policies with hundreds of defined checks, allowing organisations to quickly evaluate their security posture and determine what must be fixed to meet FDCC standards. In addition, customised templates ensure that assessments are tailored to the various compliance policies that fit an agency's specific requirements.
- To address PCI-DSS Lumension Security Configuration Management™ ingests the PCI policy template and maps technical controls to the detailed requirements. It also automates the policy assessment of specific PCI requirements, including manual checks where appropriate, and monitors and reports against the requirements to ensure comprehensive PCI compliance.
- Lumension Security Configuration Management™ can be used to monitor and report on any set of policies that follow the SCAP checklist standards such as Sarbanes Oxley, GLAB, HIPAA and ISO 17799. While FDCC and PCI-DSS are available out-of-the-box for immediate implementation, any other security standard policies can be mapped to SCAP standard checklists allowing Lumension Security Configuration Management to control against these checks.
