Managing non-microsoft updates



Similar documents
Complete Patch Management

Complete Patch Management

Vulnerability Intelligence & 3 rd party patch management

Complete Patch Management

EXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.

Secunia Corporate Software Inspector (Secunia CSI) ver.5.0

The Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director

Vulnerability Management

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Resolving the Top Three Patch Management Challenges

Secunia Corporate Software Inspector (CSI)

The SIEM Evaluator s Guide

Closing the Vulnerability Gap of Third- Party Patching

Three Ways to Secure Virtual Applications

Total Protection for Compliance: Unified IT Policy Auditing

The Importance of Patching Non-Microsoft Applications

CuTTIng ComplexITy simplifying security

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

Northwestern University Dell Kace Patch Management

Practical Patch Compliance

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Cisco Advanced Malware Protection for Endpoints

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Lumension Endpoint Management and Security Suite

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

Extreme Networks Security Analytics G2 Vulnerability Manager

Assuring Application Security: Deploying Code that Keeps Data Safe

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

Cloud and Data Center Security

IBM Tivoli Endpoint Manager for Lifecycle Management

Kaseya IT Automation Framework

IBM Tivoli Endpoint Manager for Lifecycle Management

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

IBM Security QRadar Vulnerability Manager Version User Guide

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Critical Security Controls

UP L04 Introduction to 3 rd Party Patching Using the 4A Model Hands-On Lab

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

Patch Management Solutions Test

AVOIDING PATCH DOOMSDAY Best Practices for Performing Patch Management

Cisco Advanced Malware Protection for Endpoints

How To Manage A Network Security Risk

Tackling Third-Party Patches

THE SECURITY EXPOSURE

IBM Security re-defines enterprise endpoint protection against advanced malware

Lumension Guide to Patch Management Best Practices

Invincea Advanced Endpoint Protection

End-user Security Analytics Strengthens Protection with ArcSight

BEST PRACTICES. Systems Management.

What you need to know to keep your computer safe on the Internet

Scanless Vulnerability Assessment. A Next-Generation Approach to Vulnerability Management

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Why Free Patch Management Tools Could Cost You More

Microsoft Windows Intune: Cloud-based solution

IBM Endpoint Manager for Mobile Devices

IBM Tivoli Endpoint Manager for Security and Compliance

What Do You Mean My Cloud Data Isn t Secure?

Secunia Vulnerability Review

Vulnerability management lifecycle: defining vulnerability management

Information and Communication Technology. Patch Management Policy

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

Reducing the cost and complexity of endpoint management

2011 Forrester Research, Inc. Reproduction Prohibited

The Value of Vulnerability Management*

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cisco Advanced Malware Protection

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Operationalize Policies. Take Action. Establish Policies. Opportunity to use same tools and practices from desktop management in server environment

VULNERABILITY MANAGEMENT

McAfee Endpoint Protection Products

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

2015 Vulnerability Statistics Report

System Center Configuration Manager

Combating a new generation of cybercriminal with in-depth security monitoring

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Enterprise Security Solutions

Avoiding the Top 5 Vulnerability Management Mistakes

Security Information & Event Management (SIEM)

Transcription:

Managing non-microsoft updates With Microsoft s System Center Configuration Manager secunia.com 1

How to patch all your programs directly in Microsoft System Center 2012 A common perception is that System Center 2012 is simply a tool for software inventory management and for patching Microsoft operating systems and programs. However, it is much more than that. Did you know that you can also use it to patch ALL programs installed in your infrastructure including non- Microsoft programs: the primary cause of vulnerabilities discovered in 2012? By having access to System Center 2012, you actually have a powerful and effective resource at your disposal. You just need to unleash its potential. This is where the Secunia SC2012 Plugin comes in. System Center 2012 + Secunia CSI + Secunia SC2012 Plugin The seamless integration of the Secunia SC2012 Plugin with System Center 2012 means that you can access best-in-class vulnerability intelligence and a complete patch management solution the Secunia Corporate Software Inspector (CSI) directly from one console. There is no need to install an additional agent in your infrastructure. The result: increased visibility of the threats to your organization. Why patch? The number of cyber-attacks targeting businesses is increasing. Hackers are specifically focusing on exploiting vulnerabilities in non-microsoft programs and using them as doorways into corporate networks. Facts (1) The number of vulnerabilities found in the 50 most popular programs typically installed on an endpoint has increased by 98% over the last 5 years. In 2012, 86% of vulnerabilities in the 50 most popular programs were found in non-microsoft programs. Patches are proven to be the most effective means for remediating vulnerabilities. However, only patching Microsoft programs is not enough. By leaving non-microsoft programs unmonitored and unpatched, you are leaving your organization wide open. It only takes one unpatched, insecure program to leave your IT infrastructure exposed to a security breach and the potentially devastating consequences for your operations, revenue, customers and brand. 1: Secunia Vulnerability Review 2013, secunia.com/vulnerability-review 2 secunia.com

What to patch Knowing what non-microsoft programs to patch at any given time is also a significant challenge. Many organizations focus on only patching top-of-mind programs such as Adobe Flash, Adobe Reader and Java. This is a short-sighted approach as lesser-known or non-corporate programs can also be vulnerable. It is the unknown element of your software portfolio that could actually be your team s Achilles Heel the weak link that could compromise the security status of your entire company. Example: Apple itunes is not a typical corporate program, but the likelihood is that 10-15% of employees have it installed on their office or home systems. There were 243 vulnerabilities in Apple itunes in Q4 2012 (2). Without a patch management tool in place, you probably would not have been aware of this fact until an issue arose. Cybercriminals will target and attack all programs; therefore you need to know about all programs installed in your IT infrastructure and patch all of them. Gartner predicts; Enterprises are using more client management features in the traditional Windows environment, such as software usage monitoring, self-service application deployment and application patch management. Desktop application patch management, while not new, is becoming a more common practice. As organizations continue to mature Windows OS patching, their focus will shift to third-party applications, such as Java and Adobe products. (3) Utilizing System Center 2012 With the Secunia SC2012 Plugin, the Secunia CSI provides a complete patch management solution directly from System Center 2012; enabling your team to lean on, and benefit from: Vulnerability intelligence Map your entire software inventory and correlate this to vulnerability intelligence covering more than 44,000 programs from thousands of vendors, so that you can immediately identify the programs that are critical and require prioritization. There are many customizable features such as the dashboard, reports and auto updates. Vulnerability scanning Metadata (*.exe, *.dll and *.osx files) is gathered from a locally installed agent running from SC2012. This is matched to raw metadata and Secunia s file signatures, and then compared to Secunia s advisory and vulnerability database. The frequency of this process is configurable by you. Patch creation Secunia s dynamic update catalog then provides the security patches that are specifically relevant for your IT infrastructure. Patch deployment Packages created with the Secunia Package System (SPS) can be edited, with the parameters determined by you. Customizations could include opting to detect all previous versions and updating to the latest version, removing and accepting EULA, withdrawing shortcuts on desktops and controlling auto updates. Organizations that require quick deployments of non-microsoft application patches should either staff their packaging groups appropriately to quickly package and test updates, or should use add-on patching tools or competitive products that offer stronger patching. (4) 2: Secunia PSI Country Report: USA. Q4 2012. secunia.com/resources/countryreports/us 3: Magic Quadrant for Client Management Tools. April 2013. Gartner 4: Microsoft System Center 2012 Configuration Manager Offers Many Infrastructure and Administrative Improvements, but Challenges Remain. October 2012. Gartner secunia.com 3

Accurate security assessment, tactical decision-making The natural fit of the Secunia SC2012 Plugin and System Center 2012 results in many benefits for your team. Here are a few: Risk reduction through increased visibility and control of threats organization-wide. The ability to rapidly handle and remediate non-microsoft vulnerabilities via one console. Optimized time and resource management. The capacity to: conduct cross-platform scanning, pinpoint the exact vulnerabilities affecting your network, simplify the patching of vulnerabilities, secure your off-site assets and send email alerts upon any changes in the network. Overall, with the right patch management capabilities in place, you will have a solution for the root cause of security issues affecting your organization: vulnerabilities in software. By prioritizing your remediation efforts, you can reduce the risks by focusing on the most severe issues first and the vulnerabilities that can be fixed easily, here and now. In fact, the right patching strategy will not only help your organization comply with industry regulations, it will also help you achieve an 80% reduction of risk. (5) Imagine a library that holds only the books you are interested in. That is what the Secunia CSI offers System Center 2012: No noise, no clutter just pure, relevant information that is actionable, and patches that are ready to be deployed. Morten R. Stengaard, Director of Product Management & Quality Assurance, Secunia. Take charge of your patching. 5: How to Secure a Moving Target. 2013. Secunia 4 secunia.com

Common questions/tips & Tricks How easy is it to integrate the Secunia CSI with Microsoft System Center 2012? The Secunia SC2012 Plugin makes integration extremely easy. It means that you no longer have to login to separate consoles to do your day-to-day work. The Secunia Package System (SPS) is available directly in System Center 2012, including all the preconfigured patches that come with the Secunia CSI. What is the difference between using Secunia versus using System Center Updates Publisher (SCUP) for non-microsoft patching? With catalog-based solutions such as SCUP, there will be occasions when not all the threats will be detected. Should I wait until I complete migration to Microsoft System Center 2012 to implement a process for patching my non-microsoft programs? No. Never, ever wait! The Secunia CSI is fully integrated with System Center Configuration Manager 2007 without a plugin and the process is similar. System Center 2012 requires the Secunia SC2012 Plugin. From a security standpoint, being without a patch management tool for any length of time is extremely risky and is therefore unadvisable. What are the options for companies using Windows Server Update Services (WSUS)? The Secunia CSI is fully integrated with WSUS so you can also do a standalone WSUS installation. Unless your users are never connected to the Internet, then you need to be aware of all the programs in your environment and control them by ensuring that they are all patched. With a cloud-based solution such as Secunia s vulnerability intelligence database, which forms the foundation of the Secunia CSI, you can create tailored categories for both managed and unmanaged programs (customize security levels, enable auto update, patch creation, etc.). What about custom applications that need updates, which are not part of the database? You can report these directly to Secunia s Research Team they always want to know about new cases. Secunia s vulnerability database is the most extensive in the field, and its researchers are the eyes and ears of the industry. They constantly update the database so that you always receive the latest intelligence. Is there a report that can be linked to the administrator that doesn t require admin credentials? Yes. You can create and schedule customized reports and email them to your managers or team members. You can very quickly generate an overview of your organization s security status including the number of insecure programs running in your infrastructure and the criticality rating for each. secunia.com 5

Secunia can help Secunia is a member of the Microsoft System Center Alliance Program. We can assist you with your Microsoft System Center 2012 questions and patch management needs. sales@secunia.com or secunia.com/sc2012 6 secunia.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information