Vulnerabilities scanning and patch management in Kaspersky Security Center

September 8, 2015

They got bugs

Here is the sort of axiom every IT professional knows well: software has bugs. And the more complex and advanced they are, and the more (thousands) lines of code are written for it to run, the higher the probability of errors and vulnerabilities. And that means more headaches for the admins who are there to tend to the company’s network security, which is always at risk.

The good news is that manufacturers of the most popular software are updating their suites regularly, but not all of them provide the mechanism for automatic updates – which means there is at least some time (occasionally quite long) between the update release and its actual installation. The primary problem here is that this time gap can be (and often is) exploited by the attackers.

Also, sources of the information on updates are scattered, which only adds to the burden.

Solutions

A system administrator should be aware of everything that is going on in his company infrastructure. This is a necessary condition to ensure security. Keeping track of everything by hand is almost an impossible task, but there are tools to automate it.

Kaspersky Security Center 10, the Kaspersky Lab’s unified management console, makes it easier to manage and secure all your endpoints – including physical, virtual and mobile devices. In addition, our Web Console lets you manage your systems and security from any Internet-enabled device.

As part of its Systems Management functionality, there is Vulnerability assessment & patch management functions, which help with identifying and eliminating vulnerabilities within both operating systems and applications used within the corporate infrastructure. Patching work can be done much more rapidly.

vul

How are vulnerabilities identified? The information about them is obtained from the database made up by Kaspersky Lab experts. It is, in turn, based on in-house analytics and the Secunia vulnerability database. Windows Update database is, of course, employed as well. The links to a detailed vulnerability description at CVE database and Securelist are also provided (see above).

Vulnerability assessment & patch management also allows for the prioritization of vulnerabilities, so that those considered critical are fixed ahead of the rest. Severity is assessed by Kaspersky Lab’s experts based on Secunia database as well as additional analysis. And if there is malware exploiting the flaw, it is considered critical.

Kaspersky Security Center allows you to identify the specific computers with vulnerable software; it is especially helpful if a large park of endpoints is being serviced.

Automatic distribution of patches and updates (for Microsoft and non-Microsoft software) as well as reducing traffic for updates at remote offices is also provided: a remote workstation is used then as an update agent.

Monitoring patch installation is also present: and if some patches fail to get installed properly (this happens!), the problem can be fixed remotely.

The administrator can use Kaspersky Security Center to implement various vulnerability fixing methods. An automatic fixing for all found vulnerabilities can be configured (apparently a recommended course of action, but there can be details); or only the vulnerabilities that meet some criteria (all critical, for instance) are patched. Automatic installation of updates can also be configured depending on specified conditions, for example, all approved updates.

The administrator can also configure installation of the selected patches or updates. The same task type serves all these purposes: Install application updates and fix vulnerabilities. One task of this type is enough to perform all the described actions. Such task is created by the Quick Start wizard if the administrator selects to find and install updates rather than just search for updates. By default, the task execution starts daily at 1 A.M.

Kaspersky Security Center is available as a free download. Patch management functionality is activated by system management license that’s shipped with three products: Kaspersky Endpoint Security for Business – Advanced, Kaspersky Total Security for Business and Kaspersky Systems Management.

 

More information about the solution is available here.