Lumension Vulnerability Management - Patch Management Solutions

Integrated, Proactive Software Vulnerability Assessment and Patch Management

Vulnerability Management Business Drivers and Challenges

Considering that over 90% of cyber attacks exploit known security flaws for which remediation is available¹, effective vulnerability and patch management should be on every company’s to-do list. However, in today’s economy, enterprises are forced to do more with less and maintain a secure IT environment while keeping operating costs low.

This creates an enormous challenge for enterprises in light of an increasing number of remote employees who reduce the organization’s visibility into the network and control over the devices that are brought in and out of the environment. IT organizations must now support heterogeneous environments with:

  • Increasingly diverse operating systems beyond simply Windows, including Red Hat, Unix and many more
  • Countless software applications, including business productivity tools, web browsers, P2P and more
  • More physical and virtual machines within the network
  • Numerous endpoint configurations that have drifted out of compliance with regulatory or corporate policies as well as industry best practices

By streamlining and automating vulnerability management processes, organizations can effectively address operating systems and application flaws. Being able to quickly patch third party application vulnerabilities is of increasing importance as these risks are exploited with more frequency.

When faced with all these challenges, it is important that organizations find the right balance between effectively addressing network security and compliance concerns while keeping a low total cost of ownership (TCO).


The Lumension Vulnerability Management solution delivers automated vulnerability assessment and patch management through an integrated solution that enables businesses to automatically detect risks, deploy patches and defend their business information across a complex, highly-distributed environment with greater efficiency and minimal impact to productivity. All of these activities are seamlessly integrated into a single management console for complete visibility into your network.

The Lumension Vulnerability Management solution combines award-winning products, such as Lumension Scan, Lumension Patch and Remediation, Lumension Security Configuration Management, and Lumension Content Wizard. By consolidating vulnerability data with centralized policy enforcement and compliance reporting, the Lumension Vulnerability Management solution enables you to effectively manage the entire vulnerability lifecycle and transition from a reactive security model to a proactive risk management approach.

How It Works

1. Discover: Gain complete visibility of your heterogeneous network environment. Proactively discover all of your IT assets, both managed and unmanaged, through in-depth scans and flexible grouping and classification options.
2. Assess: Proactively identify known issues before they can be exploited. Perform a deep analysis and thorough OS, application, and security configuration vulnerability assessments of endpoints via Lumensions network- and agent-based scanners.
3. Prioritize: Focus on your most critical security risks first. Multiple views of vulnerability assessment information allow you to prioritize vulnerabilities by severity or organizational impact.
4. Remediate: Automatically deploy patches to an entire network. Simplify the process of maintaining a secure environment by continuously monitoring, detecting and remediating policy-driven environments across all major platforms and applications.
5. Report: Gain a holistic view your environmental risk. Access a full range of operational and management reports that consolidate discovery, assessment, and remediation information on a single management console.

Key Capabilities and Benefits

Solution Capability


Asset Discovery/Inventory
  • Provides visibility to the entire network environment, including virtual machines.
  • Thorough and accurate discovery of network assets via both network and agent-based scans.
  • Discovers silent or hidden network nodes.
Delivers Full Network Visibility
  • Gain full visibility into your physical and virtual network and understand your security posture through continuous discovery and vulnerability assessments.
  • Get insight into the use of removable devices.
  • Lay the foundation for the development of a comprehensive security policy in compliance with internal and external regulations or standards.
Thorough Vulnerability Assessment
  • Proactively identifies known software and security configuration vulnerabilities before they can be exploited.
  • Identifies high-risk vulnerabilities that are not patch-related.
  • Leverages Lumensions large pre-built vulnerability and configuration repositories as well as customized vulnerability policies.
Ensures Proactive Risk Management
  • Identify exposure to potential threats and vulnerabilities within the network.
Maintains Compliance
  • Maintain constant audit and compliance readiness.
  • Intelligent Patch and Remediation
    • Automatically deploys patches to an entire network.
    • Offers a single, scalable solution to patch and remediate a heterogeneous network; i.e. Windows, Linux, Unix, and Mac.
    • Boasts a vast repository of over 25,000 patches that covers all major applications and operating systems from many vendors.
    • Allows the enforcement of mandatory baselines and policy.
    • Supports the creation of customized patches and remediation.
    Reduces Endpoint Risk
    • Reduce security incidents and strengthen your security posture.
    • Programmatically manage your Patch and Remediation strategy.
    • Continuously enforce policy.
    Reduces Operational Expenses and TCO
    • Automatically deploy patches to an entire network.
    • Use a single solution to manage Windows and non-Windows patches versus multiple point products.
    Comprehensive Reporting
    • Delivers a single and consolidated management console.
    • Provides composite reports aggregating discovery, assessment and remediation results to provide a more complete view of the environment.
    • Delivers advanced reporting capabilities to meet the custom needs of organizations.
    • Provides regulatory and industry-best practices reporting templates to demonstrate compliance against established regulatory standards with both out-of-the-box and customizable queries.
    Provides Holistic View of Environmental Risk
    • Enjoy complete visibility into your distributed network via centralized reporting.
    • Gain control over security risks and take immediate corrective actions.
    • Ensure visibility of both physical and virtual environments from a single console.
    Delivers Executive Reporting
    • Be ready for comprehensive executive and management reporting at a moment’s notice.
    Ensures Audit Readiness
    • Maintain constant audit readiness through the automated collection and centralization of security configuration and vulnerability assessment results.
    • Customize reports to fit audit requirements.
    Single Management Console
    • Single and consolidated view of entire network.
    • Discover, assess, prioritize, remediate, and report on the entire network environment from one solution.
    • Administrative flexibility.
    • Centralized and decentralized command and administrative control for actionable intelligence.
    Lowers TCO

    • Reduce your cost and administrative management overhead by using one solution versus multiple point solutions/ applications.
    • Meet the needs of multiple users and audiences.
    Delivers Holistic View of Environmental Risk
    • Enjoy complete visibility into your distributed network and manage risk holistically.
    • Gain control over security risks and take immediate corrective actions.
    Security Configuration Management
    • Provides out-of-the-box regulatory, standards-based assessment and industry best practices templates to ensure endpoints and applications are properly configured.
    • Automatically identifies security mis-configurations and software conflicts in your network environment.
    • Detects systems that have drifted out of configuration policy.
    • Delivers Security Content Automation Protocol (SCAP) validated configuration assessments.
    Enhances IT Productivity and Lowers Support Costs
    • Reduce security incidences and resulting helpdesk calls.
    • Focus your remediation efforts and resources on the most critical issues.
    • Save time and effort by centrally managing and automating system desktop configuration tasks.
    Ensures Compliance
    • Demonstrate compliance with regulatory policy requirements (FDCC, PCI-DSS and HIPAA).
    • Provide most accurate FDCC checks with the latest OVAL definitions.
    • Implement best practices.
    • Provide policy measurement reports.
    • Reduce the cost of compliance.

    Gartner Research