BEST PRACTICE GUIDE TO SYSTEMS MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next



Similar documents
BEST PRACTICES. Systems Management.

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY.

CuTTIng ComplexITy simplifying security

Kaspersky Security for Mobile

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering!

Kaspersky Security for Business

KASPERSKY SECURITY FOR BUSINESS

BEST PRACTICE GUIDE TO CONTROl TOOLS

Microsoft Windows Intune: Cloud-based solution

RESELLER BRANDING BEST PRACTICE GUIDE TO MAIL & WEB.

BEST PRACTICE GUIDE TO ENCRYPTION.

10 BenefIts. that only an Integrated platform security solution can BrIng

Reducing the cost and complexity of endpoint management

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks

AVeS Cloud Security powered by SYMANTEC TM

Northwestern University Dell Kace Patch Management

Proven LANDesk Solutions

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security


10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

Security Intelligence Services.

Top Desktop Management Pain Points

Altiris IT Management Suite 7.1 from Symantec

Guideline on Safe BYOD Management

Cisco Security Optimization Service

10 BENEFITS THAT ONLY AN INTEGRATED PLATFORM SECURITY SOLUTION CAN BRING

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Data Sheet: Archiving Altiris Client Management Suite 7.0 from Symantec Deploy, manage, secure, and troubleshoot

BEST PRACTICES. Security Controls.

Captaining datacenter security: putting you at the helm

Mobile Device Strategy

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

MaaS360 Mobile Service

Kaseya IT Automation Framework

Data Sheet: Endpoint Management Altiris Client Management Suite 7.0 Deploy, manage, secure, and troubleshoot

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

Device Lifecycle Management

Altiris IT Management Suite 7.1 from Symantec

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

Complete Patch Management

Take Back Control in IT. Desktop & Server Management (DSM)

Symantec Protection Suite Small Business Edition

MAXIMUM PROTECTION, MINIMUM DOWNTIME

Symantec Client Management Suite 8.0

Dynamic Service Desk. Unified IT Management. Solution Overview

Introduction. PCI DSS Overview

Unicenter Desktop Management for Enterprise Infrastructure Management

Critical Security Controls

THE TOP 4 CONTROLS.

Symantec IT Management Suite 7.5 powered by Altiris

Simplify Your Windows Server Migration

management Patch ControlNow TM Whitepaper Fixing vulnerabilities before they are exploited.

IBM Endpoint Manager for Lifecycle Management

Proactive. Professional. IT Support and Remote Network Monitoring.

Closing the Vulnerability Gap of Third- Party Patching

World-class security solutions for your business. Kaspersky. OpenSpaceSecurity

Patch Management Policy

Top Four Considerations for Securing Microsoft SharePoint

Kaspersky Business Products 2013

How PatchLink Meets the Top 10 Requirements for Enterprise Patch and Vulnerability Management. White Paper Sept. 2006

Protecting Your Organisation from Targeted Cyber Intrusion

MSP Service Matrix. Servers

Avoiding the Top 5 Vulnerability Management Mistakes

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

How To Protect Your Network From Attack From A Network Security Threat

Google Apps Premier Edition. Included Yes Yes Yes Storage 25 GB Varies by deployment

Fast and Effective Migration from Novell to Windows Active Directory with VMware Mirage WHITE PAPER

High Availability Server Management

WHITE PAPER. Extending the Reach of the Help Desk With Web-based Asset Management Will Significantly Improve Your Support Operations

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Symantec Protection Suite Small Business Edition

OVERVIEW. Enterprise Security Solutions

Eliminating XP from the environment by the end of organizations to cost-effectively plan, manage and support PC change initiatives.

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Requirements When Considering a Next- Generation Firewall

Hi! I m Andy and I m a school ICT technician. We ve been using NetSupport School here for a while now and I want to tell you how it works for us...

Intelligent Laptop Virtualization No compromises for IT or end users. VMware Mirage

The ForeScout Difference

Empowering the Enterprise Through Unified Communications & Managed Services Solutions

Information and Communication Technology. Patch Management Policy

Endpoint Protection Small Business Edition 2013?

Backup Exec System Recovery Management Solution 2010 FAQ

SOFTWARE UPDATER A unique tool to protect your business against known threats

SOFTWARE ASSESSMENT MORE IS LESS CUSTOMER: ACTO PROVIDED BY: DPA ONE MORE STEP TODAY IS LESS EFFORT TOMORROW

DOBUS And SBL Cloud Services Brochure

THE COMPLETE VIEWER FOR MS PROJECT. Deployment White Paper

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

Reducing the Complexity of Virtualization for Small and Midsized Businesses

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

World-class security solutions for your business. Business Products. C a t a l o g u e

Emerging threats for the healthcare industry: The BYOD. By Luca Sambucci

eguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success

Transcription:

BEST PRACTICE GUIDE TO SYSTEMS MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

CONTENTS 1. INTRODUCTION...2 Page 2. TOO MANY MULTIPLES...3 3. CENTRALISE, AUTOMATE, CONTROL...3 4. EFFECTIVE IMAGE/PROVISIONING CONTROL AND IMPLEMENTATION... 4 5. SOFTWARE INSTALLATION AND DEPLOYMENT...5 6. EFFECTIVE LICENCE MANAGEMENT AND CONTROL... 6 7. ADVANCED VULNERABILITY SCANNING AND PATCH MANAGEMENT... 7 8. NETWORK ADMISSION CONTROL (NAC)... 8 9. EFFICIENCY THROUGH CENTRALISED CONFIGURATION AND PATCH MANAGEMENT... 9 10. IN CONCLUSION... 9

The Building Blocks of Endpoint Security. 1. INTRODUCTION Do more with less has become a business mantra over the past few years, but it s nothing new to IT professionals. Businesses have always looked to squeeze the maximum possible benefits out of IT resources at the lowest possible cost the real challenge for IT professionals today is keeping pace with complexity in the face of limited resources. PriceWaterhouseCoopers Global State of Information Security report 1 found that IT security risks are greater than ever, with new rules and new, highly skilled opponents in play. To win, businesses must prepare to play a new game that requires advanced skills and strategy. Also in a recent survey conducted by Kaspersky Lab 2, an increasingly chaotic security landscape was revealed, where over 40 per cent of businesses felt underprepared for the threats around them. It s not surprising: Kaspersky Labs is tracking an average of 125,000 unique threats every day. Fifty-eight per cent of users surveyed said their IT security was under-resourced in at least one area of staff, systems or knowledge. 2 1 Source reference: PriceWaterhouseCoopers Global State of Information Security report for 2013 2 Source reference: Kaspersky Global IT Risk Report 2012

2. TOO MANY MULTIPLES It s no longer just about outside threats. Increased platform, device, software and application diversity is making life difficult for IT managers, causing complexity and resource drain, for example: Multiple devices Multiple vendor solutions Multiple management consoles Multiple operating system images Multiple network devices Multiple policies Complexity undermines security, efficiency and growth. It creates room for error and limits your ability to manage change. IT professionals are all too aware of the challenges. But what can you do to mitigate them without restricting end user needs or over-burdening already strained resources? Effective systems management can go a long way towards supporting best practices that optimise IT resources while enforcing a blended security posture capable of dealing with a constantly evolving threat landscape. Time-consuming manual processes and lack of visibility into your network are just two of the greatest challenges faced by today s IT manager. From licence management to software installation, automated vulnerability scanning and advanced patch management, OS image creation/deployment and network access control, every hour you don t spend on day-to-day maintenance and monitoring is one you can spend developing new ideas or supporting new business initiatives. This guide has been developed to help you do just that. 3. CENTRALISE, AUTOMATE, CONTROL There are some fundamental steps that any business can take to ensure optimal performance of IT, reduce costs, improve service levels and increase agility: Standardise your desktop/laptop strategy and keep images to a minimum. Manage PC, laptop and smart device settings and configurations from a central location. Implement and maintain comprehensive security tools. Automate software distribution, patch management, vulnerability scanning and other routine tasks. Optimise software and hardware budgeting and usage. Implement effective, easy-to-manage Network Access Control (NAC). Automation of key, routine tasks from security to troubleshooting allows IT administrators to switch from a firefighting approach to a strategic one in which business needs are aligned with and supported by IT policies. Automation can help reduce the errors often associated with performing manual processes in complex systems. 3

4. EFFECTIVE IMAGE/PROVISIONING CONTROL AND IMPLEMENTATION Every year, you deploy new hardware and applications while constantly upgrading software, operating systems, applying patches and updates. That s time-consuming, expensive and as inventories grow, complex. Preparation and management of a Golden Image a fully optimised master image (or clone) of a complete desktop saves significant time and resources. This perfect system set-up is stored in a special inventory on your network, ready to be rolled out when and where you need it. For businesses intending to migrate to a new operating system, image/provisioning control, inventory and deployment can be automated. The real benefit of this is that administrators can roll out a new operating system after hours, using BootOnLAN technology more time saved and less disruption. Effective image/provisioning deployment ensures operating systems are implemented with optimal security settings, but don t forget to ensure the security of the images themselves best practice calls for securing and controlling access to all images. This should include: Strong passwords. Protecting client authentication certificates. Access controls to protect the reference computer used to capture the operating system you are using for the golden image. This prevents any malicious software from being inadvertently included in the image. Ensure the image is stored in a secure destination, so that it cannot be compromised. Maintain security patches and updates on the reference system, ensuring that all newly rolled-out systems are optimally secured. If your business is considering a migration to Windows 8, effective image/provisioning management will allow you to standardise the operating system used across all devices on your network. Choose a solution that allows you to automate and centrally manage images. Add an extra layer of convenience by opting for a solution that will automatically save end user data. 4

5. SOFTWARE INSTALLATION AND DEPLOYMENT Software upgrades. New software. New versions of currently used software. You can t manually upgrade every machine at your business; you d never have time to do anything. Software deployment can be automated and optimised to ensure it has the minimum impact on your network, making it completely transparent to end users via silent deployment technology. Some tips: Keep your deployment options open: In addition to standard MSI packages, choose a solution that supports other types of executable files, such as exe, bat or cmd. Be flexible with deployment: Options that allow both on-demand and scheduled deployments will give you greater flexibility. Scheduled deployments are particularly useful in large package scenarios simply deploy after hours when network disruption will be minimal. Installation package modification: This functionality gives further flexibility by allowing you to set installation parameters to ensure compatibility with your policies. Remote installation and traffic management: If you re supporting remote office locations, choose a solution that allows further traffic management by assigning update agent status to a selected workstation. Installation packages will be downloaded by this machine first, before being distributed to other local workstations, minimising network load and significantly reducing Internet connection usage. Multicast broadcasting technology: Further load reduction can be achieved using multicast broadcasting technology, which allows for one-to-many or many-to-many broadcasts. Remote troubleshooting: No more frustrating phone calls with end users remote troubleshooting saves time and effort, allowing you to resolve issues quickly and directly. Software deployment and upgrading is a mundane fact of life for IT administrators. By automating and optimising software deployment, you can ensure that best practice guidelines are the default setting. In multi-site or multi-system scenarios, software deployment controls can help reduce complexity and the errors associated with repeated manual processes. 5

6. EFFECTIVE LICENCE MANAGEMENT AND CONTROL The ability to manage and control software licences across the business gives IT professionals one of the easiest cost-cutting wins available. Apart from enabling cost-reduction by eliminating over-spending on unnecessary software, effective licensing control supports a more effective security strategy when you know exactly who is running what software on your network, it s easier to apply your policies. Best practice in software/hardware licensing management requires that you have complete visibility into every piece of software and hardware running on your network. Automatic device discovery technology supports this, helping you to ensure that all licensing obligations are observed. Here are some further steps you can take: Software inventory: Automate the compilation of an inventory of all software used on your network and gain complete visibility and control. This list allows administrators to control usage, inform end-users if they re running any prohibited/unlicensed software and, if necessary, block the use of undesirable applications. Licence planning: Once you ve got an inventory in place, it s easier to control licence usage according to departmental requirements for example, you may find users in the accounts department have unnecessary licences for office productivity software. These licences can be redeployed or you can cut costs by phasing them out. A clear picture of the licences in use in your business will also allow you to ensure that they are kept up to date. You can also automatically track any breaches. Hardware inventory and device tracking: Like its software counterpart, a hardware inventory gives you a complete view of every device in use on your network. Automate new hardware discovery and notification to keep up to date while monitoring any changes and transferring unused devices to archive. Reporting: Centralised reports give comprehensive information on every piece of software and hardware in use on your network, along with usage history. Insight gleaned from reports will allow you to control usage among groups at any level. Licence control can be a time consuming, often complex task. Automating it not only frees your time but ensures your business meets some key best practices, among them: compliance, cost-effective software and hardware management and comprehensive visibility into what s happening on your network. Small effort, big rewards. What are you waiting for? 6

7. ADVANCED VULNERABILITY SCANNING AND PATCH MANAGEMENT Managing and administering software updates while constantly monitoring for potential vulnerabilities is one of the most important, challenging and resource-intensive tasks faced by any IT department. Faced with a constantly evolving threat environment in which criminals repeatedly scan systems for any sign of weakness, it s vital that IT administrators can find and fix gaps in security before they re exploited. Vulnerability scanning performs this task for you: It scans the devices and software on your network in much the same way a criminal would, looking for weak points that could be exploited. Once located, patch management can fix those gaps, installing the necessary updates or repair software to all the machines on your network. Vulnerability scanning, implemented in tandem with an effective patch management strategy, can help you to keep one step ahead of criminal hackers. Here s how: Keep up to date: Out of date software creates weak spots across your business, whether it s on your servers or at the endpoint. Automated regular, scheduled vulnerability scans will keep you abreast of weak points, allowing you to automate the implementation of patches and fixes. Automate: Effective patch management improves reliability and IT efficiency. By automating the deployment of software updates, and the administrative tasks that go with it, you can minimise downtime associated with patch deployment, auditing and roll-back. Roll back the clock: Updates/installations don t always run smoothly. Sometimes, patches can cause instability or are incompatible with other software or drivers on your machines. Choose a solution with integrated image/provisioning and rolling back to a properly functioning, optimised system will always be easy. Gain complete visibility: By automating scanning, you ll have complete visibility into the current state of patching and updates on all machines. Prioritise: Comparing the results of your scans against multiple vulnerability databases will help you to gain an understanding of the risks associated with any vulnerability. Based on this insight, you can prioritise patching, rolling out less urgent fixes after hours and spreading the load on your network. Report: Accurate, up-to-date and detailed information is a vital part of any security and risk management strategy. By running reports on your scans, you add another layer of insight allowing you to examine and report on potential weak spots, spotting and tracking changes and also giving detailed insight into the patch status of every device and system on your network. Targeted attacks, advanced persistent threats, automated attacks and zero-day vulnerabilities all shrink the time between vulnerability discovery and the creation of an exploit. By automating and scheduling regular scans and patch implementation, IT administrators can streamline their patching and vulnerability scanning processes without compromising on their effectiveness. 7

8. NETWORK ADMISSION CONTROL (NAC) You ve got control over images/provisioning, you have effective licensing controls in place, you ve automated software installation and have advanced scanning and patch management controls in place. Now it s time to apply similar levels of insight and control to your network and the devices and machines that connect to it. Network admission control (NAC) enables IT administrators to enforce security policies by refusing or limiting network access based on any device s compliance with those policies. Essentially, NAC allows IT administrators to set the terms under which anyone can use their network, including guest devices. For organisations supporting BYOD initiatives or an increasingly mobile workforce, NAC ensures that all devices from laptops to PCs and smart phones are running up-to-date, secure versions of your specified applications and software. NAC supports existing security strategies and polices, while enforcing best practices, including: Prevent unauthorised devices from accessing the network. Detection and identification of new devices connecting to the network. Forcing all devices, including guest systems, to meet your specified security requirements. Detection and repair of endpoint vulnerabilities. Insight and reporting into compliance with your security policies. Before implementing NAC, it s important to have a clear vision of what you want to achieve for example, you may wish to allow guest internet usage in a communal area of your premises, but block access to internal networks. You probably want to ensure that all guest laptops are malware free and have a certain level of security in place. Here are some questions you should be asking yourself: Who is allowed to connect to the network? What services and resources are people allowed to access? When is that access to be granted? What locations are people allowed to connect from? Should certain kinds of user groups be restricted to certain kinds of resources or have access limited to particular times? Automatic device discovery is a vital component of effective NAC. This can differentiate between company-owned and guest devices, and apply policies and access accordingly. Save time and effort by automating access this allows you to create an access policy once, but apply it to all devices. An extra layer of security can be applied to guest devices via a Captive Portal. This automatically ensures that all guest devices are directed to a special portal. Guests are given a password and login; once authenticated, they can access the internet and, if allowed, some pre-specified company resources. 8

9. EFFICIENCY THROUGH CENTRALISED CONFIGURATION AND PATCH MANAGEMENT As IT professionals struggle to do more with dwindling resources and budgets, there s a danger that complete visibility and control over business networks will be lost as administrators are forced to focus on urgent issues, often to the detriment of essential-yet-mundane tasks. By centralising and automating many essential configuration and management tasks, IT administrators can not only save themselves time, but money too. Effective systems management, driven by centralised configuration and patch management tools, supports many of the best practices that optimise IT resources while enforcing your company-specific policies. 10. IN CONCLUSION Organisations need intelligent security technologies to protect their data and they also need intuitive and uncomplicated IT efficiency tools. Kaspersky Lab s 2,500 employees are driven to meet those needs for the 300 million plus systems they protect and the 50,000 new systems a day that are added to their number. Kaspersky Systems Management is a component of Kaspersky Endpoint Security for Business. Combining award-winning anti malware, IT policy enforcement tools, centralised management and cloud-assisted protection, Kaspersky s business security products are the right choice for your organisation. Talk to your security reseller about how Kaspersky can bring secure configuration to your networks, the devices that run on them and more! 9

SEe it. control it. protect it. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Kaspersky Lab ZAO, Moscow, Russia www.kaspersky.com 2013 Kaspersky Lab ZAO. All rights reserved. Registered trademarks and service marks are the property of their respective owners. Mac and Mac OS are registered trademarks of Apple Inc. Cisco is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. IBM, Lotus, Notes and Domino are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Microsoft, Windows, Windows Server and Forefront are registered trademarks of Microsoft Corporation in the United States and other countries. Android is a trademark of Google, Inc. The Trademark BlackBerry is owned by Research In Motion Limited and is registered in the United States and may be pending or registered in other countries.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information