Kaspersky Vulnerability & Patch Management

Kaspersky Vulnerability & Patch Management Enhance security and reduce complexity
with centralized management tools

Cybercriminals exploit unpatched vulnerabilities in operating systems and common applications (including Java, Adobe, Internet Explorer, Microsoft Office and more) as part of targeted attacks against businesses of every size. This risk is compounded by increasing IT complexity – if you don’t know what you’ve got, how can you secure it?

By centralizing and automating security and management tasks, such as vulnerability assessment, patch and update distribution, hardware and software inventory and application rollouts, Kaspersky Vulnerability & Patch Management minimizes IT security risks and cuts through IT complexity. All delivered from a single integrated ‘pane of glass’ security management console.

Learn more about what customers are saying about our technologies and True Cybersecurity for Business here.

    • Improved visibility and risk mitigation

      Kaspersky Vulnerability & Patch Management provides comprehensive information about devices and applications running on your network. It gathers data about software versions and ascertains whether updates are required and vulnerabilities need to be patched. The detected vulnerabilities can be automatically prioritized so that the most critical patches are patched first and the most important updates deployed with priority. You get a complete view of what you have, the risks involved, and the tools to mitigate them.

    • Less IT management complexity

      Designed for Windows-based networks, Kaspersky Vulnerability & Patch Management incudes a set of client management tools to automate a wide range of IT administration functions to save time and resources. Automated provisioning of applications and OS, and remote access and troubleshooting minimize the time and resources required to set up new workstations or roll out new applications.

    • Reduced impact on systems and users

      Kaspersky Vulnerability & Patch Management handles updates and patch distribution centrally to optimize update schedules. This ensures that the network doesn't overload or have a negative impact on IT systems' performance. Updates can be scheduled for after-hours to minimize impact on employee productivity. When deploying new or updated software at a remote office, one local workstation can act as the update agent for the entire remote office – remote deployment with less traffic on your network.

    How to buy

    Kaspersky Vulnerability & Patch Management is available as a targeted solution – for businesses that want to eliminate security vulnerabilities. For Kaspersky Endpoint Security for Business Select customers, this automation is available with the Kaspersky Vulnerability and Patch Management Add-on.

    Kaspersky Vulnerability & Patch Management is also included in the following products:

    Kaspersky Total Security for Business, Kaspersky Endpoint Security for Business Advanced and Kaspersky Endpoint Security for Business Select can also be purchased on subscription – with flexible, monthly licensing. Please check with your local partner about subscription availability in your country – and see the relevant system requirements here.

  • Vulnerability assessment and patch management

    Kaspersky Vulnerability & Patch Management provides total visibility of all hardware and software running on the corporate network, and the status of each, so you always know what needs to be done to keep your business safe. It automates the entire cycle of vulnerability assessment and patch management, including vulnerability detection and prioritization, patch and update download, testing and distribution, result monitoring and reporting.

    • Scan, detect and prioritize vulnerabilities

      Automated software scanning enables rapid vulnerability detection, prioritization and remediation. Vulnerability scanning can be delivered automatically or scheduled according to the administrator's requirements in the shortest timeframe via a single policy to detect both Microsoft and non-Microsoft vulnerabilities (150+ software applications are supported). Flexible policy management facilitates the distribution of updates, compatible software as well as the creation of exceptions, depending on the computer's role in the network.

      Effective vulnerability assessment allows the most critical to be prioritized and fixed ahead of the rest. The severity of a vulnerability is assessed by Kaspersky Lab's experts as well as additional threat analysis. If malware is exploiting a flaw, it's immediately considered critical and prioritized.

    • Download and test patches and updates

      Kaspersky Vulnerability & Patch Management can automatically download necessary patches and updates. It can also play the role of Windows Update (WSUS) server.

      Before distributing patches and updates to applications and operating systems across the organization, the administrator can test them to ensure that the updates will run smoothly without impacting on system performance and employee efficiency. The administrator can limit the list of applicable patches on endpoint to approved patches only. Once known vulnerabilities have been identified and prioritized, patches can be tested in the local environment before being deployed if required.

    • Distribute patches

      Patches and updates can be distributed immediately and automatically, or deployment can be postponed to run after-hours with the support of Wake-on-LAN. Multicast broadcasting technology enables local distribution of patches and updates to remote offices, which reduces bandwidth requirements. In this scenario, a machine in the remote office is designated as an Update Agent, receives all the necessary patches and updates and distributes them to the other local machines, minimizing network traffic.

    • Monitor results and run reports

      Patch installation results can be monitored so the administrator is satisfied that the problem has been eliminated and the patches delivered successfully. The administrator is also alerted if an error occurs – for example, if updates were pushed to 100 machines, the administrator doesn't have to investigate each individual machine, but just examine the overall report that has been generated.

      Kaspersky Vulnerability & Patch Management enables the administrator to run reports on scans to look for potential weak spots, track changes and gain extra insights into organizational IT security – and the information about every device and system on the corporate network. Information about existing exploits and known threats as well as CVEs (common vulnerabilities and exposures) are also available.

    • Deliver and deploy custom applications

      If you're using applications that aren't on a supported list, you still can benefit from centralized update provisioning and application deployment. The software deployment process is completely transparent; you can deploy software at your command or schedule it for after-hours. In some cases, you can specify additional parameters to customize the software being installed.

    Client management tools to streamline routine it tasks

    Kaspersky Vulnerability & Patch Management improves reliability and IT efficiency by automating many of the administrative tasks associated with deploying software updates and minimizing the amount of associated downtime.

    • Hardware inventory

      All devices on your network are automatically discovered and recorded in a hardware inventory. Guest devices can be also automatically discovered – and provided with secure Internet access to corporate systems and data. Complete device parameter data is also recorded to facilitate policy refinement.

    • Create software inventories

      A software inventory details all the software on your network, giving you the ability to control software usage or block unauthorized applications. With comprehensive information on purchased licenses and expiry dates, the software inventory also helps to consolidate the tracking of license lifecycles.

    • Remote troubleshooting

      By enabling secure, remote connections to any desktop or client computer, Kaspersky Vulnerability & Patch Management helps you to resolve issues quickly and efficiently. An authorization mechanism prevents unauthorized remote access – and, for traceability and auditing, all activities performed during a remote access session are recorded in a log.

    • Operating system deployment

      To optimize operating system (OS) deployment – and save time – Kaspersky Vulnerability & Patch Management automates and centralizes the creation, storage and cloning of secured system images. Images are held in a special repository, ready to be accessed during deployment. Client workstation image deployment can be made with either PXE servers (Preboot eXecution Environment – also for new machines without OS) or using Kaspersky Vulnerability & Patch Management tasks (to deploy OS images to managed client machines).

      By sending Wake-on-LAN signals to computers, you can automatically distribute the images outside of office hours. UEFI support is also included.

      After creation, the OS image can be further edited in the following ways:

      • Run a script or install additional software after the OS has been installed
      • Create a boot flash drive with Windows PE
      • Import an OS image from distribution packages – Windows Imaging Format (WIM).
    • Centralized management

      Kaspersky Vulnerability & Patch Management is managed via Kaspersky Security Center, a single unified management console that provides visibility and control of all your security and client management tools. Kaspersky Vulnerability & Patch Management can be easily scaled to cover large IT networks. Role-Based Access Control enables the separation of security management responsibilities between multiple administrators.

    How to buy

    Kaspersky Vulnerability & Patch Management is available as a targeted solution – for businesses that want to eliminate security vulnerabilities. For Kaspersky Endpoint Security for Business Select customers, this automation is available with the Kaspersky Vulnerability and Patch Management Add-on.

    Kaspersky Vulnerability & Patch Management is also included in the following products:

    Kaspersky Total Security for Business, Kaspersky Endpoint Security for Business Advanced and Kaspersky Endpoint Security for Business Select can also be purchased on subscription – with flexible, monthly licensing. Please check with your local partner about subscription availability in your country – and see the relevant system requirements here.

Technical information
Applications inside

ADDITIONAL INFORMATION

Not sure which Security Solution is right for your business?

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close