• Print
Details
Category: OrcaTYDE(tm) - Products by Partners

Lumension® Endpoint Management and Security Suite
Security Configuration Management


Reduce Corporate Risk with Proactive Security Configuration Management

Security Configuration Management Business Issues and Challenges

As IT environments have become increasingly complex, supporting virtual and distributed platforms, companies must ensure that they maintain control of their information and system management. IT organizations must manage multiple point-based technologies, which add complexity and cost. A new approach is required to simplify the IT environment and ensure enhanced security and IT risk management with the lowest total cost of ownership possible.

Such a solution is particularly important to effectively manage endpoint configurations. With end users regularly able to download and install software, application conflicts can occur – ultimately reducing user productivity and increasing IT operating costs due to security incidents and help desk overhead. Proactively monitoring configurations is just as important as rapidly applying critical patches because 60 percent of all exploited vulnerabilities are due to insecure configurations.¹ Government regulations and industry standards are recognizing this, which explains the recent influx of security configuration management requirements.

Without holistic visibility and standardization of endpoint configurations, IT administrators can't possibly know or manage all of the applications in the environment. A solution is needed that allows organizations to enforce a consistent endpoint configuration policy and continuously monitor and report on its adherence.

Overview

Ensure That Endpoints Are Securely Configured, Remediated and Compliant with Industry Best Practices and Regulatory Mandates

Lumension Endpoint Management and Security Suite delivers an end-to-end suite of solution capabilities across endpoint operations, security, compliance and IT risk management to reduce complexity, optimize TCO, improve visibility and deliver control back to IT.

Lumension Security Configuration Management provides out-of-the-box regulatory, standards-based assessment and industry best practices templates to ensure endpoints and applications are not only patched, but also properly configured. It seamlessly integrates with its proven, market-leading solutions, Lumension Scan and Lumension Endpoint Management and Security Suite: Patch and Remediation, to deliver a comprehensive network and agent-based risk assessment of software flaws and configuration vulnerabilities, rapid remediation, continuous validation and policy compliance reporting. Lumension Security Configuration Management provides:

  • Management of security configuration baselines for workstations, servers and mobile laptops from a single point of control
  • Continuous and proactive assessment to prevent configuration drift and ensure policy compliance
  • Out-of-the-box regulatory and industry standards-based configuration templates
  • Identification of configuration-based risk through monitoring and reporting on non-compliant systems
  • A NIST-validated solution

How It Works

alt
  • 1.Discover: Gain complete visibility of your heterogeneous network environment. Proactively discover all of your IT assets, both managed and unmanaged, through in-depth scans and flexible grouping and classification options.
  • 2.Assess: Proactively identify security configuration issues against out-of-the-box checklists containing hundreds of configuration settings mapped to industry standards.
  • 3.Prioritize: Focus on your most critical security risks first.
  • 4.Remediate: Create automated policy baselines that simplify the process of maintaining a secure environment by continuously monitoring, detecting and remediating policy-driven environments across all major platforms and applications.
  • 5.Report: Gain a holistic view your security configuration policy violations. Access a full range of operational and management reports that consolidate discovery, assessment, and remediation information on a single management console.

Demonstrate Compliance with Regulatory Policies and Industry Standards

As a NIST-validated solution, Lumension Security Configuration Management provides a comprehensive list of SCAP policies with hundreds of defined checks, allowing organizations to quickly evaluate their security posture and determine what must be fixed to meet configuration requirements according to:
  • Microsoft Windows Security Guide Series
  • NIST Special Publication 800-68
  • Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG)
  • National Security Agency (NSA)
  • Office of Management and Budget (OMB) Federal Desktop Core Configuration (FDCC)

In addition, customized templates ensure that assessments are tailored to the various compliance policies that fit an organization's specific requirements.

Lumension Scan Supported Target Systems

Operating System / Version Discovery Assessment Remediation
Windows 2003 Server X86/X64

X

X

X
Windows 2008 Server X86/X64

X

X

X
Windows XP X86/X64

X

X

X
Windows Vista X86/X64

X

X

X

Features & Benefits

Key Product Features Benefit
SCAP Validated FDCC Scanner
  • This NIST validation ensures accurate assessments of policy checklists and configurations as defined in the National Vulnerability Database.
 Increases Accuracy and Confidence
  • SCAP validation provides another level of confidence.
  • Agency endpoint configurations will be compliant with Mandate standards.
Leverages Open Standards and Protocols
  • Ensures policy management via extendable and customizable architecture providing the ability to add, create, define, edit and import/export security configuration policies and checklists based on industry standards in an easy-to-edit XML format.
 Reduces IT Costs
  • Create and maintain your own policies.
  • Manage and interpret different policies and results from different tools with integrated scanners and agents.
Policy Assessment and Compliance Management
  • Delivers a flexible mechanism to assess and apply appropriate policies to applicable systems.
  • Combination of standard configuration checklists from variety of sources with Lumension repository of software vulnerabilities delivers information with context to properly remediate.
  • Delivers actionable information.
 Simplifies Compliance
  • Simplify compliance through best-practice configuration checklists.

Lowers TCO

  • Automation of configuration issue identification & correction lowers security operating costs.

Reduces Endpoint Risk

  • Reduce security incidents and strengthen your security posture.
  • Continuously manage & enforce your policy.
Policy Assessment and Enforcement
  • Leverages automated remediation and policy enforcement with Lumension Content Wizard.
 Increases Compliance
  • Maintain your compliance by enforcing policy.
Centralized User Interface
  • Demonstrates policy compliance with high- and low-level reports on the status of your endpoint configurations.
  • Technical controls and asset entities are consolidated into a single UI.
  • Intelligent Dashboard Displays.
 Reduces IT Costs
  • Reduce IT overhead via standardized and secure configuration settings.
  • Increase operational efficiency by managing all vulnerability activities from a single tool.
Security Posture Reporting
  • Automates security checks including event log policy settings, file permission settings, local policies group, system services group, network settings, system settings, windows components, local user policy setting, security patches, firewall settings, IE settings application settings.
 Increases Visibility of Security Posture
  • Detail and roll-up results views provide instant visibility into configuration posture.

Ensures Constant Audit-Readiness

  • Maintain constant audit readiness through the automated collection and centralization of security configuration results.
Mature Delivery Platform for Assessment and Reporting
  • Lumension Security Configuration Management is expanded functionality on top of leading products such as Lumension Patch and Remediation and Lumension Scan.
 Security Configuration Management Capabilities Integrated into Proven Vulnerability Management Solution
  • Ensure regulatory compliance through risk assessment of security configurations (e.g., screensaver configurations, password complexity, running services).
  • These capabilities are built on top of proven vulnerability management solutions.

Requirements

Minimum Requirements - Server

Requirements Version
Hardware A dual-core processor (any speed)
1 GB RAM
32 GB of available disk space
Operating System Windows Server® 2003, Web Edition with SP2 or later (x86)
Windows Server 2003, Standard Edition with SP2 or later (x86)
Windows Server 2003, Enterprise Edition with SP2 or later (x86)
Windows Server 2003 R2, Standard Edition with SP2 or later (x86)
Windows Server 2003 R2, Enterprise Edition with SP2 or later (x86)
Windows Server 2008, Web Edition (x86/x64)
Windows Server 2008, Standard Edition (x86/x64)
Windows Server 2008, Enterprise Edition (x86/x64)

Note: Lumension Endpoint Management and Security Suite must be installed on an English operating system using any English locale (en-US, en-UK, en-CA, and so on) in its default configuration.
Web server Microsoft® Internet Information Services (IIS) 6.0 or later.
.NET Framework Microsoft .NET Framework version 3.5

Note: If not present, Microsoft .NET Framework 3.5 is installed with Lumension Endpoint Management and Security Suite.
Web browsers Microsoft Internet Explorer 7.0 or greater
Mozilla®Firefox® 3.0 or greater.
DB Server SQL Server 2005, Express Edition with SP3 (x86)
SQL Server 2005, Standard Edition with SP3 (x86)
SQL Server 2005, Enterprise Edition with SP3 (x86)
SQL Server 2008, Express Edition (x86)
SQL Server 2008, Standard Edition (x86/x64)
SQL Server 2008, Enterprise Edition (x86/x64)

Supported database servers can be installed in the following locations relative to the Lumension Endpoint Management and Security Suite server:

  • Locally in named instances installed by Lumension Endpoint Management and Security Suite.
  • Locally in named or default instances that are preexisting.
  • Remotely in named or default instances that are preexisting.

Note: If an instance of SQL Server is not present on your target server, SQL Server 2008, Express Edition with SP1 is installed with Lumension Endpoint Management and Security Suite (if you are not using a remote instance of SQL Server)

Lumension Patch and Remediation Agent Coverage - Supported Client OS

Vendor Processor Family OS Version OS Edition OS Bit
Microsoft Windows X86/x64 Windows XP SP2 Professional 32/64
Windows 2003 Web
Standard
Enterprise
R2		 32/64
Windows Vista Enterprise
Business
Ultimate		 32
Microsoft Windows 7 Professional
Enterprise
Ultimate		 X86
X86_64
Microsoft Server 2008 Web
Standard
Enterprise		 X86
X86_64
Microsoft Windows Server 2008 R2 Web
Standard
Enterprise		 X86
X86_64

Minimum Requirements with Lumension Scan

Hardware Pentium® compatible 1 GHz
Single 100 Mbps network connection
20GB of available disk space
512 MB RAM
Operating System Windows 2000 Server SP4
Windows Server 2003 SP1
Windows XP Professional SP2
Windows 2000 Advanced Server SP4
.NET framework Microsoft .NET Framework 2.0+