PatchLink Scan is a complete stand-alone network-based scanning solution that performs a comprehensive external scan of all of the devices on your network, including servers, desktop computers, laptops, routers, printers, switches and more. By leveraging the powerful, yet easy to use PatchLink Scan, you are able to identify weaknesses before they are exploited.

Adaptive Scanning - The most accurate vulnerability assessment scan using flexible network-based scanning techniques based on access-levels including credentialed and null based. Also, perform ad hoc scans that can target one or many machines and specific vulnerabilities.

Auto Updating - Schedule and automate recurring scan tasks to run on a daily, weekly or monthly basis.

Complete Asset Discovery - Identifies all network devices and performs configuration and informational checks on ports, services, users, shares and groups

Comprehensive Vulnerability Coverage - Over 4000 vulnerability audits with wide support across Windows, POSIX and infrastructure devices. Vulnerability audits include security configurations, OS and application vulnerabilities, null passwords, patch-level related vulnerabilities, known hacking tools, malware, common worms, and P2P software checks.

Comprehensive Reporting - Ability to create and export (RTF, PDF, HTML, etc) numerous high-level or detailed reports of all scan data to confirm policy and regulatory compliance

Consolidated Views - Multiple scans can be merged together to form a more comprehensive security posture.

Highly Scalable - Highly scalable architecture due to its modular components which can be installed on the same or separate systems and scaled-up as needed. Multiple instances of the scanner scan engine can be deployed across the enterprise, controlled remotely or locally. As the number of systems on the network increase so can the number of engines performing the scans.

Non-Disruptive Scanning - Designed to safely scan for vulnerabilities using standard networking protocols with minimum impact to your network. Never employs malicious vulnerability attacks; scanning methodology uses safe standard networking protocols and API’s.

Remediation Recommendations - Extensive vulnerability database with informational resources and remediation recommendations

Risk-Based Prioritization - All scanned systems are evaluated and prioritized according to asset value and vulnerability criticalities using straight-forward equations. All systems are then listed by risk severity to help focus and prioritize remediation efforts.

Role-Based Administration - Enables distributed management of scan activity by user roles

Provides rapid, accurate and secure patch management, allowing you to proactively manage threats by automating the collection, analysis and delivery of patches throughout your enterprise. PatchLink Update significantly decreases the costs involved in securing your organization from worms, Trojans, viruses and other malicious threats.

Support for security and all other patches - not only security and OS, and potentially business SW and HW patches as well, greater support for additional vendors leveraging their own technology to deliver remediation binaries to PatchLink Update Server

Agent-Based Architecture - Protects laptop and mobile devices that are often disconnected from the network and reduces network bandwidth usage

Directory Services Integration - Dynamic creation of groups based on existing Microsoft Active Directory environments, with cascading inheritance for agent policy, mandatory baseline and user permissions

Inventory Management - Identifies and reports all software, hardware and services inventory and supports software distribution

Automated Agent Distribution - Agent Management Center utility automates the deployment of the patching agent to unmanaged computers, ensuring maximum coverage and protection

Automatic Notifications - Automatically alerts administrators when a patch is removed or dropped due to restoring a backup or installing a new application

Comprehensive Patch Pre-Testing - Lumension Secuirity's extensive testing against standard computer images reduces the amount of development and testing required prior to patch deployment

Flexible Application Reporting - Audits and reports on the status of the organization's security

Flexible Scanning and Deployments - Allows the Administrator to control the scanning and patch distribution schedule to minimize business disruptions

Fully Internet-Base - Communications based upon standard protocols (TCP-IP/ HTTP & HTTPS)

Flexible Group Management - Creates custom computer groups to increase deployment accuracy and IT efficiency

Hierarchical "Nested" Grouping - Allows the Administrator to represent multiple layers of geographical structure within PatchLink Update

Highly Scalable - Ensures complete coverage for the largest worldwide networks with high-availability topologies and PatchLink Distribution Point architecture

Custom Graphical "Dash Board" - Enables creation of a custom dash board of the information most critical to the success of your organization's patch management process from a list of 8 key indicators

Multi-Patch Deployments - Delivers multiple patches to multiple computers in one distribution to increase IT productivity

Multi-Platform Support - Enables security of all operating systems in heterogeneous networks, including Windows, UNIX, Linux, Apple, and Novell

Patch Fingerprint Accuracy - Ensures the highest level of accuracy in the detection of security vulnerabilities

Policy-Based Administration - Ensures that all systems meet a mandatory baseline policy - a key aspect of regulatory compliance

Role-Based Administration - Enables System Administrator to delegate activities to improve productivity while maintaining security

Subscription Service - Provides constant vulnerability/patch availability notification and secure downloads for selected, pre-tested and pre-packaged patches from a dedicated PatchLink host and ensures no unauthorized packages enter your network

Flexible Architecture - Flat or Hierarchical implementations, with a single management console instance or multiple consoles rolling up into a centralized, master console.

Consolidated Views - Multiple scan and remediation reports can be merged together to form a comprehensive security posture

Highly Scalable -Currently deployed by customers across hundreds of thousands of endpoints.

Role-Based Administration - Delegate remediation and reporting activities to improve productivity while maintaining security

Policy-Based Administration - Push out mandatory baseline policies to all endpoints — a key aspect of regulatory compliance

Standard Industry Classifications - Identified vulnerabilities are linked to common industry vulnerability classifications like CVE, BugTraq and IAVA codes for easy identification, analysis and remediation.

Comprehensive Reporting - Document changes and demonstrate progress toward audit and compliance requirements with enterprise & local reporting of asset inventory, network or agent-based scans, vulnerability remediation and much more

Global Installation Support - Inclusion of international date / time designations for assessment and remediation activities and A4 support for report generation

 

Provides out-of-the-box regulatory, standards-based assessment and industry best practices templates to ensure endpoints and applications are properly configured. PatchLink Security Configuration Management™ seamlessly integrates with its proven, market-leading solutions, PatchLink Scan and PatchLink Update, to deliver a comprehensive network and agent-based risk assessment of software flaws and configuration vulnerabilities, rapid remediation, continuous validation and policy compliance reporting. PatchLink Security Configuration Management™:

Open, standards-based approach: Leverages security best practices to ensure secure configurations; content pulled from a variety of sources including: OVAL Vulnerability fingerprints, SCAP, FDCC Compliance

Checklist, PCI Compliance Checklist, NVD, Microsoft Patch Fingerprint, etc.

Delivers actionable information: Consolidates content from variety of sources and delivers information with context to properly remediate

Policy Management: Provides the ability to define, edit and import/export security configuration policies.

Policy Assessment: Delivers a flexible mechanism to assess and apply appropriate policies to applicable systems.

Results and Reports: Demonstrates policy compliance with high and low level reports on the status of endpoint configurations..

Policy Enforcement: Maintain compliance, leveraging automated remediation and policy enforcement with PatchLink PDK.

Mature (PatchLink Update and Scan) delivery platform for assessment and reporting - SCM is expanded functionality on top of a proven base

Centralized User Interface: Technical controls and asset entities are consolidated into a single UI

Consolidated architecture: Comprehensive approach within one architecture and framework for securing the endpoint

Gathers data snapshots from each PatchLink Update server in your environment, on a pre-defined, automated basis. The data is uploaded to a separate Enterprise Reporting server, via secure RSA encrypted transmissions, ensuring that data analysis does not interfere with critical assessment and remediation activities. Once uploaded, the data is consolidated into the central Enterprise Reporting data warehouse repository for centralized analysis and reporting.

Auto Report Generation & Distribution - Schedule automated report generation and immediate email distribution of reports to authorized users

Comprehensive Report Library - Over 30 standard reports for vulnerabilities, patch deployment, inventory, compliance, and more are included

Data Mining - Interactive reports allow you to “drill down” into report data, drilling from a global view of all users down to individual groups and entire Update servers down to individual devices.

Efficient Data Consolidation - Installs on a separate server to minimize disruptions to PatchLink Update, enabling you to run reports without interrupting key patch and vulnerability tasks

Enterprise Dashboard - Global view of vulnerability status for all enterprise assets provides a unified look at the health of your enterprise.

Extensible to 3rd Party Reporting Tools - Works seamlessly with third party reporting tools including SQL Reporting Services, Business Objects, Crystal Reports, and more

Group Hierarchy Reporting Structure - Ability to report on custom nested groups created within PatchLink Update and directory service groups designated in your Microsoft Active Directory Services structure

Instantaneous Results - View current status of vulnerability management efforts with up-to-minute reports

Open Reporting Schema - Data views make it easier to find reporting data; underlying queries are exposed to easily create custom reports

Policy-Based Reporting - Flexible policy-based reporting enables you to substantiate compliance with security aspects of government regulations such as Sarbanes-Oxley, HIPPA, FISMA and others

Secure, Automated Data Transfer - Data from multiple PatchLink Update Servers is automatically transferred to a secure central repository using RSA encryption

Quickly and easily create intelligent change packages that can dynamically identify and correct a variety of problems from simple configuration issues to blocking Zero-day threats – proactively. Once created, these packages can be seamlessly uploaded into your PatchLink Update repository for automatic deployment, continuous validation, and ongoing status reporting.

Flexible Content Creation - custom remediation packages can be created to address a wide range of software and configuration threats, distribute or remove applications and files, enforce configuration policies, and more.

Rapid Content Development - intuitive, easy-to-use interface allows you to develop custom packages in minutes to react to the latest threats.

Immediate Content Distribution - content is seamlessly ported into your PatchLink Update repository for automated, enterprise-wide deployment.

Applicability Testing - custom packages can be wrapped with intelligence using our patented Fingerprint Technology™, allowing you to test machines for applicability before distributing packages throughout your network.

Broad Coverage - custom packages can be deployed across your heterogeneous network to any machine that contains a PatchLink Update agent.

Continuous Monitoring - custom packages created with PatchLink PDK can be continually monitored and reported on through the PatchLink Update interface.