Organisations face many challenges around ensuring compliance, reducing TCO and improving productivity. These are just some issues organisations face every day:

• Application conflicts and reduced user productivity increase IT operating costs due to security incidents and help desk overhead.
• Lack of domain expertise in security best practices results in weakened security posture and lack of compliance.
• Increased need to demonstrate compliance against a multitude of regulations and policies.

In addition, today’s borderless enterprise does not have a holistic view over the endpoint security on their network and probably doesn’t know whether a system has been patched, is free of vulnerabilities and is configured correctly. Proactively monitoring configurations is just as important as the need to rapidly apply critical patches because 60% of all exploited vulnerabilities are due to insecure configurations¹. Government regulations and industry standards are recognizing this, which explains the recent influx of security configuration management requirements. A solution is needed that allows organizations to enforce a consistent endpoint configuration policy and continuously monitor and report on its adherence.

Ensure Regulatory Compliance through Risk Assessment and Remediation of Application and Endpoint Vulnerabilities

Lumension Security Configuration Management provides out-of-the-box regulatory, standards-based assessment and industry best practices templates to ensure endpoints and applications are properly configured. Lumension Security Configuration Management seamlessly integrates with its proven, market-leading solutions, Lumension Scan™ and Lumension Patch and Remediation™, to deliver a comprehensive network and agent-based risk assessment of software flaws and configuration vulnerabilities, rapid remediation, continuous validation and policy compliance reporting.

How It Works

1. Manage Security Configuration Policy: Define, edit, and import/export security configuration policies and best practices by leveraging the Security Content Automation Protocol (SCAP). Automatically map these regulatory or internal security policies to your own agent policy set, enabling you to standardize and secure your endpoint configurations and easily demonstrate compliance. Thanks to open standards, security specifications can also be added or edited to create custom security configuration policies.
2. Assess Policy Compliance by Group and Device: Apply desired security specifications to your network device groups and application configurations. Automatically (or manually, where applicable) assess policy compliance with security configuration specifications for device groups as well as individual devices.
3. Report Policy Compliance Results: Demonstrate policy compliance by reporting configuration status against regulations and industry standards such as Federal Desktop Core Configuration (FDCC) and Payment Card Industry (PCI-DSS) as well as customized policies.
4. Enforce Policy Compliance: Achieve and maintain compliance with security configuration policies and best practices, leveraging automated remediation and policy enforcement with Lumension Content Wizard™.

Demonstrate Compliance with Regulatory Policies and Industry Standards

• As a NIST-validated solution, Lumension Security Configuration Management™ provides a comprehensive list of SCAP policies with hundreds of defined checks, allowing organizations to quickly evaluate their security posture and determine what must be fixed to meet FDCC standards. In addition, customized templates ensure that assessments are tailored to the various compliance policies that fit an agency’s specific requirements.
• To address PCI-DSS Lumension Security Configuration Management™ ingests the PCI policy template and maps technical controls to the detailed requirements. It also automates the policy assessment of specific PCI requirements, including manual checks where appropriate, and monitors and reports against the requirements to ensure comprehensive PCI compliance.
• Lumension Security Configuration Management™ can be used to monitor and report on any set of policies that follow the SCAP checklist standards such as Sarbanes Oxley, GLAB, HIPAA and ISO 17799. While FDCC and PCI-DSS are available out-of-the-box for immediate implementation, any other security standard policies can be mapped to SCAP standard checklists allowing Lumension Security Configuration Management to control against these checks.

Benefits
Increases Accuracy and Confidence

• SCAP validation provides another level of confidence.
• Agency endpoint configurations will be compliant with Mandate standards.

Ensures Accurate Configuration Assessments

• Improve the accuracy of your scanning results with the latest OVAL definitions.

Reduces IT Costs

• Create and maintain your own policies.
• Manage and interpret different policies and results from different tools with integrated scanners and agents.

Simplifies Compliance

• Simplify compliance through best-practice configuration checklists.

Lowers TCO

• Automation of configuration issue identification & correction lowers security operating costs.

Reduces Endpoint Risk

• Reduce security incidents and strengthen your security posture.
• Continuously manage & enforce your policy.

Increases Visibility of Security Posture

• Detail and roll-up results views provide instant visibility into configuration posture.

Ensures Constant Audit-Readiness

• Maintain constant audit readiness through the automated collection and centralization of security configuration results.

Increases Compliance

• Maintain your compliance by enforcing policy.

Reduces IT Costs

• Reduce IT overhead via standardized & secure configuration settings.
• Increase operational efficiency by managing all vulnerability activities from a single tool.

Download Lumension Security Configuration Management Datasheet