| Lumension Security Launches SCAP-Ready Security Configuration Management Solution, Allowing Enterprises to Proactively Manage Secure Settings and Compliance Audits |
Lumension Security™ Inc. today announced the availability of PatchLink Security Configuration Management (SCM).
Scottsdale, Ariz., Apr 9, 2008 Lumension Security, a recognized, global leader in security management formed by the combination of PatchLink® Corporation and SecureWave® S.A., today announced the availability of PatchLink Security Configuration Management (SCM). PatchLink SCM enables organizations to proactively assess secure configuration states of IT assets and automate internal and external audits in accordance with industry-recognized best practices.
PatchLink SCM leverages the National Institute of Standards and Technology's (NIST) open source Security Configuration Automation Protocol (SCAP) policies. The new offering is an enterprise-ready solution designed to perform a top-down threat analysis that reduces business risk, improves overall network performance and lowers costs while simultaneously addressing and meeting audit requirements. PatchLink SCM provides a comprehensive list of NIST's SCAP policies with more than 700 secure settings that directly map to industry regulations such as FDCC (Federal Desktop Core Configuration) and PCI DSS (Payment Card Industry Data Security Standard). The SCAP ready solution delivers customizable configuration templates based on industry best practices to help organizations quickly evaluate their security posture and determine the necessary remediation steps in order to maintain compliance with the industry security standard.
"Configuration security has become such a critical issue for both government and private industry in recent years that regulatory mandates-including PCI DSS and FDCC-have incorporated very specific configuration requirements," said Mike Wittig, president and CTO of Lumension Security. "Even with these mandates and standards in place, many organizations need the right configuration tools and automation to properly assess and maintain systems with specific settings on an ongoing basis. We have worked very closely with industry leaders such as NIST and the National Security Agency to develop this SCAP-ready solution that provides a top-down baseline of the security environment for standardizing and automating risk management, compliance reporting and security measurement."
Configuration issues are typically the result of changes made by employees within the firewall-either intentionally or accidentally-that open attack vectors for hackers. Default configurations for operating systems and applications are oftentimes not secure, and even when systems are initially secured, their configurations "drift" over time, resulting in reduced security posture, increased attack surface, application conflicts, reduced productivity and higher IT operating costs due to security incidents and helpdesk overhead. In addition, according to the SANS Institute's best practices for preventing its top 20 risks, organizations should enforce configurations from the first day by implementing the most secure configurations that business processes will allow. Lumension Security's PatchLink SCM mitigates threats associated with mis-configured endpoints by providing out-of-the-box regulatory, standards-based assessment and industry best practices templates.
PatchLink SCM seamlessly integrates with Lumension Security's proven, industry-leading solutions, PatchLink Update and PatchLink Scan, to deliver a comprehensive, enterprise-class solution. This includes agent-based and agentless risk assessment of software flaws and configuration vulnerabilities, accurate remediation, continuous validation and policy compliance reporting. Lumension Security is currently working with an accredited laboratory to officially make its PatchLink Update and PatchLink Scan SCAP validated as part of the SCAP Validation Program.
"The benefits of standardizing and automating secure configuration settings include slowing the spreading of botnets, radically reducing delays in patching and stopping many attacks directly. In addition, organizations that have addressed configuration issues typically report a significant cost savings," said Alan Paller, founder and research director of the SANS Institute.
About Lumension Security™, Inc.
Lumension Security, a company formed by the combination of PatchLink® Corporation and SecureWave® S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; application and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, Hong Kong and Singapore. PatchLink, now Lumension, was founded in 1991 by Sean Moshir.
About AfricaSD
AfricaSD is the Sub-Saharan Lumension Security Solutions Distributor, and always offers customers and reseller partners the very best security awareness, forums, consulting, and security training certifications. AfricaSD focuses on forming long-lasting partnerships with its clients, from initial assessment, to implementation and ongoing support. AfricaSD works side-by-side with its clients throughout the entire technology life cycle and is proud of its large customer base, which includes several sub-Saharan SME's, enterprises and government departments. True 24 x 7 x 365 support is available on all AfricaSD total e-security solutions. The firm's technical staff are fully certified and trained on the entire product range and offer a combination of one-to-one help and a wealth of technological resources. For further information, visit the company's website www.africasd.com or contact them on +27 (0) 12 665-2513, or at asd@africasd.com.
|
|
