Overview
Reduce complexity and strengthen security with centralized IT management tools
Unpatched vulnerabilities in popular applications pose a significant threat to IT security. And it’s not just zero-day vulnerabilities that are a problem — growing IT complexity further complicates the task of plugging gaps in vulnerable software swiftly: if you don’t know exactly what you’ve got, how can you secure it?
Managing and administering software updates while constantly monitoring for potential vulnerabilities is one of the most important yet tedious and time-consuming tasks faced by IT departments. By centralizing and automating essential security and configuration and management tasks, such as vulnerability assessment, patch and update distribution, inventory management and application rollouts, Kaspersky Vulnerability and Patch Management saves time and optimizes security.
Vulnerability Assessment and Patch Management
- Detect and prioritize vulnerabilities
- Download, test and distribute patches and updates
- Time-saving software distribution
- Monitor results and run reports
Client Management Tools
- Hardware and software inventories
- Remote troubleshooting
- Convenient OS deployment
Gain full visibility
Full network visibility from a single console eliminates administrator guesswork and provides complete awareness of every application and device, including guest devices, entering the network. This supports centralized control of user and device access to organizational data and applications, in line with IT policies and regulatory compliance requirements.
Enhance Security
Increase the effectiveness of your IT security and reduce time-consuming routine tasks with timely, automated patching and updates. Kaspersky Vulnerability and Patch Management provides total visibility, so you know exactly what needs to be done to keep your business safe. Automating the entire cycle of vulnerability assessment and patch management, including vulnerability detection and prioritization, patch and update downloads, testing and distribution, result monitoring and reporting, supports greater efficiency and significantly reduces the burden on resources.
Streamline IT Tasks
Kaspersky Vulnerability and Patch Management includes a set of client management tools to automate a wide range of IT administrative functions. Automated provisioning of applications and audited, remote access and troubleshooting help to minimize the time and resources necessary to set up new workstations and roll out new applications.
Manage Centrally
Kaspersky Vulnerability and Patch Management is a managed component of the Kaspersky Security Center. All features are accessed and managed through this central console, which uses consistent, intuitive commands and interfaces to automate routine IT tasks.
Benefits
Improved visibility and risk mitigation
Kaspersky Vulnerability & Patch Management provides comprehensive information about the devices and applications running on your network. It gathers data about software versions and ascertains whether updates are required and vulnerabilities need to be patched. The detected vulnerabilities can be automatically prioritized so that the most critical patches are applied first and the most important updates deployed with priority. You get a complete view of what you have, the risks involved, and the tools to mitigate them.
Less IT management complexity
Designed for Windows-based endpoints, Kaspersky Vulnerability & Patch Management incudes a set of client management tools to automate a wide range of IT administration functions to save time and resources. Automated provisioning of applications, OS, remote access and troubleshooting minimize the time and resources required to set up new workstations or roll out new applications.
Reduce impact on systems and users
Kaspersky Vulnerability & Patch Management handles updates and patch distribution centrally to optimize update schedules. This ensures that updates don't overload the network or impact system performance. Updates can be scheduled for after-hours to minimize interruptions and when deploying new or updated software at a remote office, one local workstation can act as the distribution point for the entire remote office.
Features
Vulnerability Assessment and Patch Management
Kaspersky Vulnerability & Patch Management provides total visibility of all hardware and software running on your corporate network, and the status of each, so you always know what needs to be done to keep your business safe. It automates the entire cycle of vulnerability assessment and patch management, including vulnerability detection and prioritization, downloading patches and updates, testing and distribution, result monitoring and reporting.
Scan, detect and prioritize vulnerabilities
Automated software scanning enables the rapid detection, prioritization and remediation of vulnerabilities. Vulnerability scanning can be delivered automatically or to a set schedule via a single policy to detect Microsoft and non-Microsoft vulnerabilities (150+ software applications are supported). Flexible policy management facilitates the distribution of updates, compatible software as well as the creation of exceptions, depending on the computer's role in the network.
Effective vulnerability assessment allows the most critical vulnerabilities to be prioritized and fixed first. The severity of a vulnerability is assessed by Kaspersky's experts as well as additional threat sources. If malware is exploiting a flaw, it's immediately deemed critical and prioritized.
Download and test patches and updates
Kaspersky Vulnerability & Patch Management can automatically download necessary patches and updates. It can also play the role of Windows Update (WSUS) server. Before distributing patches and updates to applications and operating systems across the organization, the administrator can test them to ensure that the system will run smoothly without impacting on performance and employee efficiency. The administrator can also limit the list of applicable patches on endpoints to approved patches only. Once known vulnerabilities have been identified and prioritized, patches can be tested in the local environment before being deployed if required.
Distribute patches
Patches and updates can be distributed immediately and automatically, or deployment can be postponed to run after-hours with the support of Wake-on-LAN. Multicast technology enables local distribution of patches and updates to remote offices, which reduces bandwidth requirements. In this scenario, a machine in the remote office is designated as a distribution point, receives all the necessary patches and updates and distributes them to the other local machines, minimizing network traffic.
Monitor results and run reports
Patch installation results can be monitored so the administrator is satisfied that the problem has been eliminated and the patches delivered successfully. The administrator is also alerted if an error occurs – for example, if updates were pushed to 100 machines, the administrator doesn't have to investigate every machine, but just examine the overall report that has been generated.
Kaspersky Vulnerability & Patch Management enables the administrator to run reports on scans to look for potential weak spots, track changes and gain extra insights into organizational IT security – and the information about every device and system on the corporate network. Information about existing exploits and known threats as well as CVEs (common vulnerabilities and exposures) are also available.
Deliver and deploy custom applications
If you’re using applications that aren’t on a supported list, you still can benefit from centralized update provisioning and application deployment. The software deployment process is completely transparent. You can deploy software immediately or schedule it for after hours. In some cases, you can specify additional parameters to customize the software being installed.
Client management tools to streamline routine IT tasks
Kaspersky Vulnerability & Patch Management improves reliability and IT efficiency by automating many of the administrative tasks associated with deploying software updates and minimizing the amount of associated downtime.
Create software inventories
The software inventory details all the software on your network, letting you control software use and block unauthorized applications. With comprehensive information on purchased licenses and expiry dates, the software inventory also helps to consolidate tracking of license lifecycles.
Remote troubleshooting
By enabling secure, remote connections to any desktop or client computer, Kaspersky Vulnerability & Patch Management helps you to resolve issues quickly and efficiently. An authorization mechanism prevents unauthorized remote access – and, for traceability and auditing, all activities performed during a remote access session are logged.
Operating system deployment
To optimize OS deployment – and save time – Kaspersky Vulnerability & Patch Management automates and centralizes the creation, storage and cloning of secured system images. Images are held in a special repository, ready to be accessed during deployment. Deploying client workstation images can be done with either PXE servers (Preboot eXecution Environment – also for new machines without an OS) or using Kaspersky Vulnerability & Patch Management tasks (to deploy OS images to managed client machines).
By sending Wake-on-LAN signals to computers, you can automatically distribute the images outside of office hours. UEFI support is also supported.
The OS image can be handled in the following ways:
- Run a script or install additional software after the OS has been installed
- Create a boot flash drive with Windows PE
- Import an OS image from a distribution package – Windows Imaging Format (WIM).
Centralized management
Kaspersky Vulnerability & Patch Management is managed via Kaspersky Security Center, a single unified management console that provides visibility and control of all your security and client management tools. Kaspersky Vulnerability & Patch Management can be easily scaled to cover large IT networks. Role-Based Access Control allows security management responsibilities to be divided between multiple administrators.