SAN FRANCISCO, CA -- 04/08/08 --
RSA Conference 2008 (BOOTH #1139) --
Lumension Security(TM) Inc., a
recognized, global leader in security management formed by the combination
of PatchLink® Corporation and SecureWave® S.A., today announced the
availability of PatchLink Security Configuration Management (SCM).
PatchLink SCM enables organizations to proactively assess secure
configuration states of IT assets and automate internal and external audits
in accordance with industry-recognized best practices.
PatchLink SCM leverages the National Institute of Standards and
Technology's (NIST) open source Security Configuration Automation Protocol
(SCAP) policies. The new offering is an enterprise-ready solution designed
to perform a top-down threat analysis that reduces business risk, improves
overall network performance and lowers costs while simultaneously
addressing and meeting audit requirements. PatchLink SCM provides a
comprehensive list of NIST's SCAP policies with more than 700 secure
settings that directly map to industry regulations such as FDCC (Federal
Desktop Core Configuration) and PCI DSS (Payment Card Industry Data
Security Standard). The SCAP ready solution delivers customizable
configuration templates based on industry best practices to help
organizations quickly evaluate their security posture and determine the
necessary remediation steps in order to maintain compliance with the
industry security standard.
"Configuration security has become such a critical issue for both
government and private industry in recent years that regulatory mandates --
including PCI DSS and FDCC -- have incorporated very specific configuration
requirements," said Mike Wittig, president and CTO of Lumension Security.
"Even with these mandates and standards in place, many organizations need
the right configuration tools and automation to properly assess and
maintain systems with specific settings on an ongoing basis. We have worked
very closely with industry leaders such as NIST and the National Security
Agency to develop this SCAP-ready solution that provides a top-down
baseline of the security environment for standardizing and automating risk
management, compliance reporting and security measurement."
Configuration issues are typically the result of changes made by employees
within the firewall -- either intentionally or accidentally -- that open
attack vectors for hackers. Default configurations for operating systems
and applications are oftentimes not secure, and even when systems are
initially secured, their configurations "drift" over time, resulting in
reduced security posture, increased attack surface, application conflicts,
reduced productivity and higher IT operating costs due to security
incidents and helpdesk overhead.
In addition, according to the SANS Institute's best practices for
preventing its top 20 risks, organizations should enforce configurations
from the first day by implementing the most secure configurations that
business processes will allow. Lumension Security's PatchLink SCM mitigates
threats associated with mis-configured endpoints by providing
out-of-the-box regulatory, standards-based assessment and industry best
practices templates.
PatchLink SCM seamlessly integrates with Lumension Security's proven,
industry-leading solutions, PatchLink Update and PatchLink Scan, to deliver
a comprehensive, enterprise-class solution. This includes agent-based and
agentless risk assessment of software flaws and configuration
vulnerabilities, accurate remediation, continuous validation and policy
compliance reporting. Lumension Security is currently working with an
accredited laboratory to officially make its PatchLink Update and PatchLink
Scan SCAP validated as part of the SCAP Validation Program. For more
information, please visit http://nvd.nist.gov/scapproducts.cfm.
"The benefits of standardizing and automating secure configuration settings
include slowing the spreading of botnets, radically reducing delays in
patching and stopping many attacks directly. In addition, organizations
that have addressed configuration issues typically report a significant
cost savings," said Alan Paller, founder and research director of the SANS
Institute.
Pricing & Availability
Lumension Security's PatchLink SCM will be available worldwide May 1, 2008.
For more information, please visit the SCM product website. For a free 30-day trial of
PatchLink SCM and Vulnerability Management Solution, please complete the product evaluation request form.
About Lumension Security(TM), Inc.
Lumension Security(TM), formed by the combination of PatchLink®
Corporation and SecureWave® S.A., is a recognized, global security
management company, providing unified protection and control of enterprise
endpoints for more than 5,100 customers and 14 million nodes worldwide.
Leveraging its proven Positive Security Model, Lumension Security enables
organizations to effectively manage risk at the endpoint by delivering
best-of-breed, policy-based solutions that simplify the entire security
management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; security configuration management; application control and device control; extensive policy compliance reporting; and integration with leading network access control solutions.
Headquartered in Scottsdale, Arizona, Lumension has offices worldwide,
including Virginia, Florida, Luxembourg, the United Kingdom, Spain,
Australia, Hong Kong and Singapore. PatchLink, now Lumension, was founded
in 1991 by Sean Moshir. More information can be found at www.lumension.com.
Lumension Security, the Lumension logo, PatchLink® and Sanctuary® are
trademarks or registered trademarks of Lumension Security. All other
trademarks are the property of their respective owners.
Contacts:
Cindy Kim
Lumension Security
(480) 444-1603
cindy.kim@lumension.com
Dan Borgasano
Schwartz Communications
(415) 512-0770
lumension@schwartz-pr.com
