Overview

Reduce Corporate Risk with Proactive Security Configuration Management

Security Configuration Management Business Issues and Challenges

As IT environments have become increasingly complex, supporting virtual and distributed platforms, companies must ensure that they maintain control of their information and system management. IT organizations must manage multiple point-based technologies, which add complexity and cost. A new approach is required to simplify the IT environment and ensure enhanced security and IT risk management with the lowest total cost of ownership possible.

Such a solution is particularly important to effectively manage endpoint configurations. With end users regularly able to download and install software, application conflicts can occur – ultimately reducing user productivity and increasing IT operating costs due to security incidents and help desk overhead. Proactively monitoring configurations is just as important as rapidly applying critical patches because 60 percent of all exploited vulnerabilities are due to insecure configurations.¹ Government regulations and industry standards are recognizing this, which explains the recent influx of security configuration management requirements.

Without holistic visibility and standardization of endpoint configurations, IT administrators can't possibly know or manage all of the applications in the environment. A solution is needed that allows organizations to enforce a consistent endpoint configuration policy and continuously monitor and report on its adherence.

Ensure That Endpoints Are Securely Configured, Remediated and Compliant with Industry Best Practices and Regulatory Mandates

Lumension® Endpoint Management and Security Suite delivers an end-to-end suite of solution capabilities across endpoint operations, security, compliance and IT risk management to reduce complexity, optimize TCO, improve visibility and deliver control back to IT.

Lumension® Security Configuration Management provides out-of-the-box regulatory, standards-based assessment and industry best practices templates to ensure endpoints and applications are not only patched, but also properly configured. It seamlessly integrates with its proven, market-leading solutions, Lumension® Scan and Lumension® Endpoint Management and Security Suite: Patch and Remediation, to deliver a comprehensive network and agent-based risk assessment of software flaws and configuration vulnerabilities, rapid remediation, continuous validation and policy compliance reporting. Lumension® Security Configuration Management provides:

  • Management of security configuration baselines for workstations, servers and mobile laptops from a single point of control
  • Continuous and proactive assessment to prevent configuration drift and ensure policy compliance
  • Out-of-the-box regulatory and industry standards-based configuration templates
  • Identification of configuration-based risk through monitoring and reporting on non-compliant systems
  • A NIST-validated solution

 

How It Works

How Security Configuration Management Works

  • 1.Discover: Gain complete visibility of your heterogeneous network environment. Proactively discover all of your IT assets, both managed and unmanaged, through in-depth scans and flexible grouping and classification options.
  • 2.Assess: Proactively identify security configuration issues against out-of-the-box checklists containing hundreds of configuration settings mapped to industry standards.
  • 3.Prioritize: Focus on your most critical security risks first.
  • 4.Remediate: Create automated policy baselines that simplify the process of maintaining a secure environment by continuously monitoring, detecting and remediating policy-driven environments across all major platforms and applications.
  • 5.Report: Gain a holistic view your security configuration policy violations. Access a full range of operational and management reports that consolidate discovery, assessment, and remediation information on a single management console.

 

Demonstrate Compliance with Regulatory Policies and Industry Standards

  • As a NIST-validated solution, Lumension® Security Configuration Management provides a comprehensive list of SCAP policies with hundreds of defined checks, allowing organizations to quickly evaluate their security posture and determine what must be fixed to meet configuration requirements according to:
    • Microsoft Windows Security Guide Series
    • NIST Special Publication 800-68
    • Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG)
    • National Security Agency (NSA)
    • Office of Management and Budget (OMB)Federal Desktop Core Configuration (FDCC)
  • In addition, customized templates ensure that assessments are tailored to the various compliance policies that fit an organization's specific requirements.