• No results found

Lumension Endpoint Management and Security Suite

N/A
N/A
Protected

Academic year: 2021

Share "Lumension Endpoint Management and Security Suite"

Copied!
17
0
0

Loading.... (view fulltext now)

Full text

(1)

© Copyright 2009, Lumension

Lumension® Endpoint

Management and Security Suite

Patch and Remediation Module Evaluation Guide

July 2012

(2)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

2

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

L.E.M.S.S:LPR - Table of Contents

Introduction ... 3

Module Description ... 3

Objective ... 4

Evaluation Scenarios ... 4

Prepare Test Environment ... 4

Scan Your Endpoint Environment ... 8

Remediate Selected Vulnerabilities ... 9

Deploy Software to Endpoints ... 12

Create a Mandatory Baseline ... 13

Set up Hours of Operation and Wake-on-LAN ... 15

Reporting ... 16

(3)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

3

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

Introduction

This document is designed to assist you in implementing the Lumension Endpoint Management and Security Suite (L.E.M.S.S.) Patch and Remediation Module and to use it as an ongoing record of your observations and feedback during the evaluation process.

Module Description

Lumension® Patch and Remediation is the market-leading solution that identifies and patches

vulnerabilities across the entire organization, supporting heterogeneous operating systems, configurations and all major 3rd party applications, and managed through a single console. Lumension Patch and Remediation seamlessly integrates with Lumension® Endpoint

Management and Security Suite, which simplifies endpoint management and control and reduces TCO by consolidating different product modules into a single console, server and agent platform architecture. Lumension® Patch and Remediation provides:

• Heterogeneous OS support for easy patch and remediation administration across multiple platforms - Windows, Unix, Linux and Mac OS.

• The industry’s broadest third party vulnerability content available, including the largest repository of Adobe vulnerability content.

• Integrated asset discovery for full network visibility and continuous control across both physical and virtual environments.

• Automated policy baselines to ensure that patches, configurations, remediations, and other tasks are continuously enforced.

• Enhanced Wake-on-LAN to ensure complete control over the patching process, provide flexibility for when patches are deployed and to bring powered down systems back online to ensure that critical patches and software updates are successfully deployed.

• Power management reporting to effectively demonstrate power consumption savings and to provide necessary information to apply for utility rebate programs through local utility providers.1

• Patented Fingerprinting2

technology which determines whether an endpoint is patched or un-patched across a variety of OS’s and applications.

• Extensibility and customization via Lumension® Content Wizard including power policy management, software deployment and removal, desktop configuration templates and custom task scripting.

• IT risk management integration via Lumension® Risk Manager to automatically assess controls and potential deficiencies for IT risk management prioritization and compliance reporting.

Lumension Patch and Remediation uniquely addresses the 3 main challenges you face in regards to the tidal wave of software vulnerabilities that exist in your organization:

1. Accurately identifying and analyzing all the software vulnerabilities on all endpoints, physical or virtual, online or offline;

2. Rapidly patching vulnerabilities with minimal user impact; 3. Monitoring patch efficacy and demonstrating policy compliance.

1

(4)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

4

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

Objective

The goal of this evaluation guide is to assist you in implementing Lumension Endpoint

Management and Security Suite (L.E.M.S.S.): Patch and Remediation and to guide you through the evaluation process.

We recommend that you implement this solution on a small group of endpoints. The task list includes the following:

1. Prepare test environment 2. Scan your endpoint environment

3. Mitigate the threat – remediate selected vulnerabilities 4. Create a mandatory baseline

5. Set up Hours of Operation and Wake-on-LAN

Evaluation Scenarios

Prepare Test Environment

Business Context: Install the L.E.M.S.S. software onto the server and L.E.M.S.S. agent onto a

small group of endpoints, per the L.E.M.S.S. platform evaluation guide. Once installed, create an additional “Patch Administrator” role for someone to be in charge of Patch and Remediation policies. Next, deploy Patch agent plugin to endpoint agents. Finally, create a custom group for test endpoints.

Expected Outcome: L.E.M.S.S. and the Patch module are fully operational and ready for

evaluation on the server and a small group of endpoints. A new role has been defined on the server for the purpose of enforcing IT security and administration of Patch and Remediation policies. A custom group of endpoints has been created for group management purposes. Create Patch Administrator role

SERVER TASKS

1. Navigate to Tools > Users/Roles and select the Roles tab 2. Click the Create button

3. Enter a name for the role (i.e. Patch Manager) and use the Manager role as a template 4. On the access rights tab remove all rights in the Jobs, content, antivirus, device control,

application control, and application library sections 5. Click OK

6. Verify that the new role was created 7. Go to the Users tab and click Create

8. Click Next and enter the user name “PatchManager”

9. Enter any password you like and select the newly created role 10. Click Finish

(5)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

5

(6)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

6

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

Deploy Patch Agent Plugin

SERVER TASKS

1. Navigate to Discover > Assets to perform an asset discovery by computer name or IP range

2. Based on the results of the asset discovery, install the patch agent plugin on a small group of endpoints.

3. Review the results of the job

(7)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

7

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

ENDPOINT TASKS

1. Check endpoint performance and CPU utilization

2. Launch the Agent Control Panel and verify that the Patch module agent plugin was installed successfully.

(8)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

8

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

Create Custom Group for Endpoints

SERVER TASKS

1. Navigate to Manage > Groups and select the Group Membership view 2. Select Custom Groups in the Group Browser section

3. Click the Create button

4. Enter a name for the group called “Public Use Desktops” and save

5. Click “Public Use Desktops”, then change the view to “Endpoint Membership” 6. Click the Manage button

7. Select the endpoints for the group then click the Assign button 8. Once all endpoints are assigned, click the OK button

Scan Your Endpoint Environment

Business Context: With over 30,000 known software vulnerabilities, accurately identifying and

analyzing all of the possible threats to all of your computers can appear to be an insurmountable challenge. In this task, you will scan your computer for any known vulnerabilities.

Expected Outcome: Lumension Patch and Remediation returns all the vulnerabilities identified on

the scanned assets, both physical and virtual, online. Vulnerabilities include security

(9)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

9

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

Lumension Patch and Remediation supports all major OS platforms (Windows XP to Windows 7 and Server 2008 R2; Linux; MacOS; Sun Solaris; HP; etc.). LPR also addresses all your software application vulnerability patching needs to strengthen your endpoint security posture.

SERVER TASKS

1. Open the LEMSS “HomePage” from any compatible web browser.

2. Navigate to Manage > Groups and select the custom group previously created 3. Right click and set you view to Vulnerabilities

4. Review Vulnerabilities provides a scorecard of vulnerabilities to the number of machines applicable.

The Vulnerabilities view shows a list of all of the vulnerabilities that the agent discovered from its latest internal machine scan, per the filtering criteria as defined in the filter options in the upper right hand corner. Lumension Patch and Remediation provides an automated mechanism for gathering software updates from most leading operating system and application developers, with multiple thousands of vulnerability signatures currently available, ensuring broad coverage for today’s heterogeneous environments.

REVIEW RESULTS

Remediate Selected Vulnerabilities

Business Context: Once the identification and analysis is complete, you may discover a sizeable

number of known vulnerabilities that could afford cybercriminals a means to penetrate your environment. How do you effectively remediate all of these threats in order to dramatically

improve your risk posture and avoid costly, embarrassing attacks? Get ready to deploy patches to all affected endpoints. You’ll want to prioritize your remediations by groups, business impact, and level of importance of the patches. Use LEMSS to deploy the latest Patch Tuesday security releases.

Expected Outcome: Once vulnerabilities have been identified and analyzed, you can remediate

(10)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

10

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

SERVER TASKS

1. On the Manage > Groups Vulnerabilities page view, check the box next to the vulnerability name and click the Deploy button.

2. Click Next to enter the wizard.

3. Within the wizard, the system has already identified the vulnerable computers that require the patch for the selected vulnerability.

4. Continue to click Next to move through the wizard to show… a. Deployment Options

i. How you can select the date and time of deployment

ii. How you can set bandwidth throttling to control how many agents can communicate with the server simultaneously. (Note: you must name the deployment to move to the next screen)

b. Package Deployment Order and Behavior i. Ability to auto-Qchain patches together

ii. Control of whether computers are to be rebooted c. Notification Options

i. Ability to notify users of deployments and provide them with the ability to delay deployments for a period of time that you define.

5. At the end of the wizard process, the Deployment Confirmation screen appears. The deployment is now ready to be scheduled. This means that each agent now picks up its deployment the next time it checks in with the server.

(11)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

11

(12)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

12

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

ENDPOINT TASKS:

1. Navigate to and log on to your endpoint in the custom group

2. Once deployments are completed, verify that the endpoint has been updated and is working properly

3. Confirm that the patches were installed.

REVIEW RESULTS:

Log on to the L.E.M.S.S. endpoint management console to verify that the patches have been deployed successfully.

Deploy Software to Endpoints

Business Context: Install the latest software, such as Firefox or Chrome web browsers, Adobe

Reader, etc. to ensure all endpoints are up to date with the most recent version.

Expected Outcome: The latest version of the selected software, such as Firefox or Chrome, will

be installed on all common-use computers.

SERVER TASKS

1. Run a Discover Applicable Updates task in your group of endpoints

2. Create a deployment based on Software Installers for the group (use Mozilla Firefox Google Chrome or any other applicable application)

3. Review the progress of deployments as they are delivered to endpoints.

ENDPOINT TASKS

1. Navigate to and log on to your endpoint in the custom group.

2. Once deployments are completed, verify that the endpoint has been updated and is working properly

(13)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

13

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

REVIEW RESULTS

1. Log on to the L.E.M.S.S. endpoint management console and verify that the software installation was successful.

Create a Mandatory Baseline

Business Context: Once endpoints have been patched and properly configured per your business

policy, you’ll want to ensure that endpoints will remain in this compliant state as well as allow new endpoints in your environment to adopt the same configuration rules. Lumension Patch and Remediation utilizes mandatory baselines to accomplish this goal. Mandatory baselines represent the absolute minimum set of content or locally-created distribution packages that must be

installed on a group’s endpoints. Baselines continually verify that the applicable content items are installed on group endpoints. If a group endpoint is found in a Non-compliant state (does not have an item defined in the baseline installed), L.E.M.S.S. automatically deploys the applicable content until the endpoint is once again compliant. For example, you can set a Mandatory Baseline for all endpoints within a group that must have Microsoft Windows Messenger installed. If Messenger is deleted on a group member’s endpoint, L.E.M.S.S. reinstalls Messenger.

Expected Outcome: After content items are added to a group's Mandatory Baseline, Lumension

Endpoint Management and Security Suite schedules a series of scans and deployments until the group complies with the baseline. Your endpoints will maintain their patched status and

configuration per your business policy, and new endpoints that are added to your endpoint environment will be configured to reflect the mandatory baseline.

SERVER TASKS

1. Navigate to Manage > Groups

2. Select your custom group Public Use Desktops

3. Right click on your group and change the view to Mandatory Baseline 4. Click on Manage to build your Mandatory Baseline

5. From the bottom of the screen, select the vulnerabilities or content you would like to add to your Mandatory Baseline

(14)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

14

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

ENDPOINT TASKS

1. Navigate to and log on to your endpoint in the custom group.

(15)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

15

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

3. Confirm that the endpoint complies with the baseline.

REVIEW RESULTS

1. Log on to the L.E.M.S.S. endpoint management console and verify that the endpoints are compliant with your business policy.

Set up Hours of Operation and Wake-on-LAN

Business Context: Performing maintenance tasks on endpoints can have a tremendous impact on

business operations if performed during regular business hours. Users will be inconvenienced and have downtime, while maintenance tasks could negatively impact network performance. However, if you set up Hours of Operation for each user group, you can schedule maintenance tasks during off-hours and don’t have to impact your user community. Since many machines may be powered down during off-hours due to power conservation policies, waking up these machines prior to deploying patches and performing maintenance will be critical.

Expected Outcome: Your groups of endpoints will be set up to follow group-specific hours of

operation. When performing maintenance tasks on these endpoint groups, you will be able to schedule them during off-hours and take advantage of Enhanced Wake-on-LAN to wake up any offline machine and power them down again once maintenance is complete. As a result, you will minimizes business disruptions and thus improve the productivity of your organization.

SERVER TASKS

1. Navigate to Manage > agent Policy Sets 2. Click on Create to generate a new policy

3. Scroll down to the Patch agent Communication section and click on the Define button to enter the Hours of Operations configuration window

4. You can select the Day or time to set the operational hours

5. You can set the Hours of Operations in 30 minute increments, 24 hours a day, 7 days a week

(16)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

16

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

ENDPOINT TASKS

1. Navigate to and log on to your endpoint in the custom group.

2. Once deployments are completed, verify that the endpoint has been updated and is working properly.

3. Confirm that the endpoint complies with the baseline.

REVIEW RESULTS

1. Log on to the L.E.M.S.S. endpoint management console and verify that the endpoints are compliant with your business policy.

Reporting

Business Context: With mounting pressure to comply with internal security policies and external

regulations, identifying and removing vulnerabilities is no longer enough. Now you must be able to prove ongoing patch efficacy and easily report on all aspects of their vulnerability management process.

Expected Outcome: Lumension Patch and Remediation enables you to prove the effectiveness of

your vulnerability management process though ongoing patch monitoring and rapid, flexible report generation. The agent continuously scans the machine to determine the efficacy of the remediation activities it has performed, on a pre-defined schedule set by the administrator. The information from these DAU (Discover Applicable Update) scans is propagated to the server(s), where it is available for analysis and reporting. Powerful and flexible reporting options are available to both assist in the vulnerability management process and prove compliance with internal security policies and external regulatory requirements.

SERVER TASKS

1. Access the report window by navigating to the Reports tab.

2. Reports are arranged by categories for easy reporting. By selecting the individual categories, the various reports are displayed. Or, of course, you can list all for an alphabetical listing.

3. In the reports window that opens, the Patch and Remediation server contains 29 standard application report templates that provide a wide range of information on vulnerabilities, deployments, policy compliance and with multiple configurable items and a description of the type of report and the export type, as well.

4. Click on the Deployment Summary Report. The flexible structure of the report template allows for the selection of a wide range of criteria at different levels of aggregation. 5. Select all Available Deployments by clicking on the 2 downward pointing arrows and

(17)

www.lumension.com

Vulnerability Management | Endpoint Protection | Data Protection | Reporting and Compliance

17

Lumension® Endpoint Management and Security Suite: Patch and Remediation Module

Evaluation Wrap-up

Lumension Endpoint Management and Security Suite: Patch and Remediation is a powerful role-based application that provides a wide range of capabilities, some that were not discussed, including detailed inventory assessments, software distribution, custom package creation, and many more.

In addition to Lumension Patch and Remediation, Lumension offers Lumension® Content Wizard that extends the capabilities of Lumension Patch and Remediation with custom scripting

capabilities.

The included Content Wizards include custom detection, deployment, patching, and remediation of 3rd party and in-house content, as well as creating custom checks and remediation to detect and alleviate security risks and operational efficiency issues in your environment. Examples include: making sure AV is installed, distributing 3rd party patches, following application deltas, and more. LCW improves your operational efficiency by simplifying remediation package

References

Related documents

Endpoint Security Suite Enterprise for Mac Technical Advisories Endpoint Security Suite Enterprise for Mac offers advanced threat prevention at the operating system and memory

HORUS Cluster: HORUS provides General Purpose Graphical Processing Units (GPGPUs) in a heterogeneous computing environment for use onboard aircraft to process synthetic aperture

Given the inflation of other countries, our model predicts that the inflationary bias increases with openness, 1 − φ, the inflatable debt-GDP ratio, md, central bank dependence,

In its desire to develop the capacity of all members, the Institute will research into various entrepreneurial, management and community development areas to bring in-depth

The DELWORKS DR upgrade delivers exceptional diagnostic imaging using a powerful image acquisition and processing software, Cesium Iodide (CsI) detector options, and

Likewise, no patent protection naturally arises from a patented article to protect a CAD representation of the article. 195 Similarly, there may not even be

This indicates that differences in cumulative phthalates exposure between nail salon workers and the Asian American general population did not depend on whether or not urine

Here we present ongoing efforts to further develop a waveguide‐based platform  for  evanescent  light‐scattering  microscopy.  By  adopting  the  fabrication