Vulnerability Management and Patch Management
The introduction of vulnerabilities from unpatched IT assets, unmanaged devices, or insecure coding practices are ever present challenges that require a proactive response, and providing your IT organisation with both the strategy and tools necessary to identify, remediate and maintain secure configurations is key.
Many organisations have a mixed platform environment, along with a plethora of 3rd party applications, all of which, dependant on their position in the network, require timely deployments of security or configuration updates. Having the necessary tools to provide both the visibility of state, and required levels of automation in these mixed environments is certainly a challenge, even with some of the most advanced software deployment tools that may already be in place.
As a technology, vulnerability management provides the crucial ‘check’ in the PDCA life-cycle, across internal and external infrastructures, identifying infrastructure and application level vulnerabilities which may have been previously ignored, highlighting the remedial actions necessary. Some vulnerability management products can also work in conjunction with your patch management processes and technologies, s providing a ‘risk rating’ for unpatched assets, displaying a likely-hood of compromise based on deployed security technologies on the asset in question.
So whether you are looking at redefining your patch management strategy for your business, considering the use of Windows WSUS/SCCM over other best of breed patch management products, or looking to address your PCI DSS requirements for vulnerability management, the security architects at JAW Consulting UK can help. We can work with you to define your security requirements, and leveraging our extensive knowledge of security solutions in the market, and first hand implementation experience, we can help provide guidance on evaluation and implementation for a range of solutions, either on-site or from leading managed service providers.
Our security architects have experience of products such as Bigfix, Lumension Security, Shavlik, McAfee Vulnerability Management (formerly Foundstone), Qualys and IBM Internet Scanner (Proventia Network Enterprise Scanner)