SOURCE: Lumension Security

January 29, 2008 16:27 ET

Lumension Security Unveils New Security Configuration Management to Help Organizations Streamline Compliance With Policies, Improve Security Posture and Reduce Costs

Enterprise-Class Solution Enables Organizations to Standardize and Secure Endpoint Configurations Through Comprehensive Assessment, Remediation, Enforcement and Policy Compliance Reporting

SCOTTSDALE, AZ--(Marketwire - January 29, 2008) - Lumension Security™, Inc., a leading global security management company formed by the combination of PatchLink® Corporation and SecureWave® S.A., today announced the introduction of PatchLink Security Configuration Management (SCM™), the industry's first enterprise-class solution that ensures secure and compliant endpoint configurations in accordance with industry best practices. PatchLink SCM leverages the Security Content Automation Protocol (SCAP) and is seamlessly integrated into Lumension Security's proven, market-leading solutions, PatchLink Scan™ and PatchLink Update™. The PatchLink SCM solution provides both commercial and government entities with out-of-the box regulatory and best-practices templates to ensure all of their systems and applications are properly configured.

"Enterprises need to focus on first securing their business systems and then on demonstrating compliance. The vast majority of damage-causing attacks (both internal and external) take advantage of misconfigured or poorly administered systems," said John Pescatore, VP and Distinguished Analyst at Gartner Inc. "Enterprises need to deploy security processes that are backed with automated tools to increase both the effectiveness and the efficiency of configuration and vulnerability management."

"Evolving regulations and standards have become more specific with regards to regular assessment and measurement reporting of endpoint configurations," said Matt Mosher, senior vice president of the Americas at Lumension Security. "PatchLink SCM enables enterprises to define security policies that are based on best practices identified by security organizations such as National Security Agency and National Institute of Standards and Technology (NIST) as well as leading vendors such as Microsoft. Lumension customers can easily link these policies to technical controls, enabling them to easily demonstrate compliance with their organizational security policies and government regulations. This integration also facilitates continuous assessment and comprehensive reporting to help organizations proactively reduce corporate risk by eliminating vulnerabilities caused by mis-configurations and providing ready-to-deploy policy related content."

With PatchLink SCM, organizations can easily monitor and verify the organization's compliance with both federal and commercial regulatory requirements. This is accomplished by automatically mapping security policies and controls to recognized industry best practices. By combining standards-based assessment and remediation for both software and configuration vulnerabilities -- and by reporting against specific regulatory policies and industry standards such as Federal Desktop Core Configuration (FDCC) and Payment Card Industry (PCI), among others -- PatchLink SCM delivers a cost-effective, easily managed, holistic solution for managing secure configuration and policy compliance.

According to the U.S. Office of Management and Budget (OMB), all federal government agencies must adopt secure configurations on Windows XP and Vista operating systems by February 1, 2008. The memorandum, OMB 07-11, stipulates that agencies must certify that applications are fully functional and operate correctly on systems using the FDCC. In addition, agencies must implement standard installation practices and assert that installing/updating does not alter the configuration settings from the approved FDCC configuration.

"The OMB mandate and looming deadline have created a pressing need among federal agencies for a solution that quickly assesses configuration and provides guidelines for any necessary remediation. However, current offerings are either not scalable to an enterprise level or they do not integrate with existing solutions, leaving organizations to deal with yet another disparate technology," said Steve Antone, vice president of federal solutions at Lumension Security. "Our SCM module is the first of its kind to solve both the scalability and integration issues. A large number of our federal government customers already use PatchLink Update and Scan solutions, so SCM is a seamless fit into the infrastructure and will provide robust assessment, remediation and enforcement capabilities within one technology set."

PatchLink SCM provides a comprehensive list of NIST's SCAP policies with hundreds of defined checks, allowing organizations to quickly evaluate their security posture and determine what must be fixed to meet a given standard. In addition, customized templates ensure that assessments are tailored to the various compliance policies that fit an organization's specific requirements. The SCM product streamlines this process by facilitating the simple importing and exporting of policies across multiple Vulnerability Management Servers, enabling the same policy documents to be shared by network scanner and agent-based assessment. This eliminates the need to manage and interpret a wide range of different policies and results from non-integrated scanners and agents.

Lumension's SCM will be available in Q2 2008.

About Lumension Security™, Inc.

Lumension Security™, formed by the combination of PatchLink® Corporation and SecureWave® S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; application and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, Hong Kong and Singapore. PatchLink, now Lumension, was founded in 1991 by Sean Moshir. More information can be found at

Lumension Security, the Lumension logo, PatchLink® and Sanctuary® are trademarks or registered trademarks of Lumension Security. All other trademarks are the property of their respective owners.