SAN FRANCISCO, CA - RSA Conference 2008 - Lumension Security(TM) Inc., a recognized, global leader in security management formed by the combination of PatchLink® Corporation and SecureWave® S.A., today announced the availability of PatchLink Security Configuration Management (SCM). PatchLink SCM enables organizations to proactively assess secure configuration states of IT assets and automate internal and external audits in accordance with industry-recognized best practices.
PatchLink SCM leverages the National Institute of Standards and Technology's (NIST) open source Security Configuration Automation Protocol (SCAP) policies. The new offering is an enterprise-ready solution designed to perform a top-down threat analysis that reduces business risk, improves overall network performance and lowers costs while simultaneously addressing and meeting audit requirements. PatchLink SCM provides a comprehensive list of NIST's SCAP policies with more than 700 secure settings that directly map to industry regulations such as FDCC (Federal Desktop Core Configuration) and PCI DSS (Payment Card Industry Data Security Standard). The SCAP ready solution delivers customizable configuration templates based on industry best practices to help organizations quickly evaluate their security posture and determine the necessary remediation steps in order to maintain compliance with the industry security standard.
"Configuration security has become such a critical issue for both government and private industry in recent years that regulatory mandates -- including PCI DSS and FDCC -- have incorporated very specific configuration requirements," said Mike Wittig, president and CTO of Lumension Security. "Even with these mandates and standards in place, many organizations need the right configuration tools and automation to properly assess and maintain systems with specific settings on an ongoing basis. We have worked very closely with industry leaders such as NIST and the National Security Agency to develop this SCAP-ready solution that provides a top-down baseline of the security environment for standardizing and automating risk management, compliance reporting and security measurement."
Configuration issues are typically the result of changes made by employees within the firewall -- either intentionally or accidentally -- that open attack vectors for hackers. Default configurations for operating systems and applications are oftentimes not secure, and even when systems are initially secured, their configurations "drift" over time, resulting in reduced security posture, increased attack surface, application conflicts, reduced productivity and higher IT operating costs due to security incidents and helpdesk overhead.
In addition, according to the SANS Institute's best practices for preventing its top 20 risks, organizations should enforce configurations from the first day by implementing the most secure configurations that business processes will allow. Lumension Security's PatchLink SCM mitigates threats associated with mis-configured endpoints by providing out-of-the-box regulatory, standards-based assessment and industry best practices templates.
PatchLink SCM seamlessly integrates with Lumension Security's proven, industry-leading solutions, PatchLink Update and PatchLink Scan, to deliver a comprehensive, enterprise-class solution. This includes agent-based and agentless risk assessment of software flaws and configuration vulnerabilities, accurate remediation, continuous validation and policy compliance reporting. Lumension Security is currently working with an accredited laboratory to officially make its PatchLink Update and PatchLink Scan SCAP validated as part of the SCAP Validation Program. For more information, please visit http://nvd.nist.gov/scapproducts.cfm.
"The benefits of standardizing and automating secure configuration settings include slowing the spreading of botnets, radically reducing delays in patching and stopping many attacks directly. In addition, organizations that have addressed configuration issues typically report a significant cost savings," said Alan Paller, founder and research director of the SANS Institute.
Pricing & Availability
Lumension Security's PatchLink SCM will be available worldwide May 1, 2008. For more information, please visit the SCM product website. For a free 30-day trial of PatchLink SCM and Vulnerability Management Solution, please complete the product evaluation request form.
Source Link
Source Link
Posts
0 comments:
Post a Comment