Cybercriminals are exploiting unpatched vulnerabilities in operating systems and common applications, including Java, Adobe, Internet Explorer, Microsoft Office and more, as part of their targeted attacks against all sizes of business. This risk is compounded by increasing IT complexity – if you don’t know what you’ve got, how can you secure it?
By centralizing and automating essential security and management tasks, such as vulnerability assessment, patch and update distribution, inventory management and control and application rollouts, Kaspersky Vulnerability & Patch Management minimizes IT security risks and cuts through IT complexity. All delivered from a single integrated ‘pane of glass’ security management console.
Improved visibility and risk mitigation
Kaspersky Vulnerability & Patch Management provides comprehensive information about devices and applications running on your network. It gathers data about software versions and ascertains whether updates are needed and vulnerabilities need to be patched. The detected vulnerabilities can be automatically prioritized so that the riskiest patches are patched first and the most important updates deployed with priority. You get a complete view of what you have, the risks involved, and the tools to mitigate them.
Reduced IT management complexity
Designed for Windows-based networks, Kaspersky Vulnerability & Patch Management incudes a set of client management tools to automate a wide range of IT administration functions to save time and resources. Automated provisioning of applications – and audited, remote access and troubleshooting – minimizes the time and resources involved in setting up new workstations or rolling out new applications.
Reduced impact on systems and users
Kaspersky Vulnerability & Patch Management handles updates and patch distribution centrally to optimize update schedule. This ensures that the network doesn’t overload or have a negative impact on IT systems’ performance. Updates can be scheduled for after-hours to remove interference with employee productivity. When deploying new or updated software at a remote office, one local workstation can act as the update agent for the entire remote office – remote deployment with less traffic on your network.
Vulnerability assessment and patch management
Kaspersky Vulnerability & Patch Management provides total visibility of all hardware and software running on the corporate network, and the status of each of them, so you always know what needs to be done to keep your business safe. It automates the entire cycle of vulnerability assessment and patch management, including vulnerability detection and prioritization, patch and update download, testing and distribution, result monitoring and reporting.
Create software inventories
A software inventory details all the software on your network, giving you the ability to control software usage or block unauthorized applications. With comprehensive information on purchased licenses and expiry dates, the software inventory also helps to consolidate the tracking of license lifecycles.
Scan, detect and prioritize vulnerabilities
Automated software scanning enables rapid vulnerability detection, prioritization and remediation. Vulnerability scanning can be delivered automatically or scheduled according to the administrator’s requirements in the shortest timeframes via a single policy to detect both Microsoft and non-Microsoft vulnerabilities (150+ software applications are supported). Flexible management of policies facilitates the distribution of updated, compatible software as well as the creation of exceptions, depending on the computer’s role in the network.
Effective vulnerability assessment allows for the prioritization of vulnerabilities so that the most critical are fixed in advance of the rest. The severity of vulnerability is assessed by Kaspersky Lab’s experts as well as additional threat analysis. If there is malware exploiting a flaw, it is immediately considered critical and prioritized.
Download and test patches and updates
Kaspersky Vulnerability & Patch Management can automatically download necessary patches and updates. It can also play the role of Windows Update (WSUS) server.
Before distributing patches and updates to applications and operating systems across the organization, the administrator can test them to ensure that the updates will run smoothly without impacting on system performance and employee efficiency. Once known vulnerabilities have been identified and prioritized, patches can be tested in the local environment before being deployed if required.
Patches and updates can be distributed immediately and automatically while patch deployment can be postponed to run after-hours with the support of Wake-on-LAN. Multicast broadcasting technology enables local distribution of patches and updates to remote offices, which reduces bandwidth requirements. In this scenario, a machine in the remote office is designated as an Update Agent, receives all the patches and updates needed and distributes them to the other local machines, minimizing network traffic.
Monitor results and run reports
Patch installation results can be monitored so the administrator is satisfied that the problem has been eliminated and the patches delivered successfully. The administrator is also alerted if an error occurs – for example, if updates were pushed to 100 machines, the administrator doesn’t have to investigate each individual machine, but just examine the overall report that has been generated.
Kaspersky Vulnerability & Patch Management enables the administrator to run reports on scans to look for potential weak spots, track changes and gain extra insight into organizational IT security – and the details of every device and system on the corporate network.
Deliver and deploy custom applications
If you’re using applications that aren’t on a supported list, you still can benefit from centralized update provisioning and application deployment. The software deployment process is completely transparent; you can deploy software at your command or schedule it for after-hours. In some cases, you can specify additional parameters to customize the software being installed.
Client management tools to streamline routine it tasks
Kaspersky Vulnerability & Patch Management improves reliability and IT efficiency by automating many of the administrative tasks associated with deploying software updates and minimizing the amount of associated downtime.
All devices on your network are automatically discovered and recorded in a hardware inventory. Guest devices can be also automatically discovered – and provided with secure Internet access to corporate systems and data. Complete device parameter data is also recorded to facilitate policy refinement.
By enabling secure, remote connections to any desktop or client computer, Kaspersky Vulnerability & Patch Management helps you to resolve issues quickly and efficiently. An authorization mechanism prevents unauthorized remote access – and, for traceability and auditing, all activities performed during a remote access session are recorded in a log.
Operating system deployment
To optimize operating system (OS) deployment – and save time – Kaspersky Vulnerability & Patch Management automates and centralizes the creation, storage and cloning of secured system images. Images are held in a special inventory – ready to be accessed during deployment. Client workstation image deployment can be made with either PXE servers (Preboot eXecution Environment – also for new machines without OS) or using Kaspersky Vulnerability & Patch Management tasks (to deploy OS images to managed client machines).
By sending Wake-on-LAN signals to computers, you can automatically distribute the images outside of office hours. UEFI support is also included.
After creation, the OS image can be further edited in the following ways:
- Run a script or install additional software after the OS has been installed
- Create a boot flash drive with Windows PE
- Import an OS image from distribution packages – Windows Imaging Format (WIM)
Kaspersky Vulnerability & Patch Management is managed via Kaspersky Security Center, a single unified management console that gives you visibility and control of all security and client management tools. Kaspersky Vulnerability & Patch Management can be easily scaled to cover large IT networks. Role-Based Access Control enables the separation of security management responsibilities between multiple administrators.
HOW TO BUY
Kaspersky Vulnerability & Patch Management is available:
- As part of Kaspersky Endpoint Security for Business Advanced
- As part of Kaspersky Total Security for Business
- As an add-on for Kaspersky Endpoint Security for Business Select
- As a standalone targeted solution