Lumension Security Delivers SCAP Validated Vulnerability Management Solution
According to the National Institute of Standards and Technology (NIST), most organizations have difficulty measuring the security of their IT systems. This difficulty arises from multiple causes, such as different ways companies interpret policy, the complexity of systems, and human error. To help organizations improve their security posture and simplify compliance, Lumension Security Inc., a global leader in security management, recently announced the availability of an SCAP validated network scanner. This, combined with Lumension Security's SCAP-ready agent-based scanning and remediation solution, enables government and other IT security organizations to automate compliance, vulnerability management and security measurement.
The additional SCAP validation adds to Lumension Security's powerful Security Configuration Management platform that now combines an agent-based and network vulnerability scanner for complete visibility and control to support IT regulatory compliance initiatives such as FDCC, FISMA, HIPAA, SOX, and security configuration standards.
Security Content Automation Protocol (SCAP) is part of a U.S. government multi-agency initiative to specify an open set of standards for automated vulnerability management, measurement, and policy compliance evaluation. Lumension Security achieved this validation as a result of a formal testing process that ensures proper implementation of the standards and stringent assurance of assessment accuracy within the solution.
"The biggest obstacle companies face today when it comes to demonstrating compliance is visibility," said Paul Zimski, vice president of solution marketing, Lumension Security. "Without accurate, real time visibility of your network, assessing security software vulnerabilities and mis-configurations, managing the configuration state of endpoints, and proving compliance can be complex and often times costly. Our SCAP validated Vulnerability Management Solution is designed to help organizations gain complete visibility and control through automated security configuration change detection, assessment, and compliance reporting."
"We are committed to working with industry leaders such as NIST to develop solutions that help strengthen the security of IT systems and provide the most accurate, automated approach to achieving compliance to meet some of industry's toughest legislations in a cost effective manner," said Zimski.
The Vulnerability Management Solution enables enterprises to effectively manage the vulnerability management lifecycle, including the discovery of all IT assets, vulnerability assessment of configuration policies according to industry best practices, and proactive identification of system drift for rapid remediation. In addition to utilizing the extensive configuration policies provided by the NIST National Vulnerability Database, one of the de facto industry repositories of third party validated vulnerability content, organizations are free to customize policies according to their own internal policies.
In addition, these solutions combined with Federal Desktop Core Configuration (FDCC) Scanner SCAP validation for its agent-based and network scanners, provide out-of-the box support for FDCC which is now mandated as part of the FISMA reporting requirements. The easy to use templates allow Federal agencies to automate configuration and security assessment to meet stringent regulatory standards and reduce the cost of compliance. This is achieved by thoroughly and accurately detecting software flaws and mis-configurations as well as reporting on the state of system configurations and security posture as mandated by the Office of Management and Budget.
Get the industry leading Lumension Security Vulnerability Management Solution free 30 day trial.
About Lumension Security, Inc.
Lumension Security, formed by the combination of PatchLink Corporation and SecureWave S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension Security enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; security configuration management; application control and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide. PatchLink, now Lumension, was founded in 1991 by Sean Moshir.
SOURCE: Lumension Security