Managing an IT network that is continuously changing and growing is not a trivial task. Once the network comprises more than a handful of machines, it becomes a near-impossible task to monitor it manually. Network administrators need to keep abreast of the software installed, the systems servers are running on, the numerous devices attached to the network – and ensure that each product is up-to-date so that the network is protected as much as possible from security threats. Administrators are also concerned about compliance; hence the importance and need for regular monitoring and remediation of any issues that could compromise the health of the network.
Here is where GFI LanGuard, a vulnerability scanner for SMBs fits in. It automates a lot of the tasks IT staff need to carry out on a regular basis. This saves the administrator time and energy which can be put to better use, but more importantly, the automation of often tedious tasks, ensures that errors are not made and the network is as secure and up-to-date as possible.
GFI LanGuard is literally an administrator’s virtual consultant, automating numerous tasks efficiently and providing assistance when issues on the network are discovered. GFI LanGuard:
- Automates the vulnerability discovery process, helping administrators to learn fast about the security issues on the network.
- Provides detailed information and external references about security issues, assisting administrators to understand what the problem is, what the impact for their environment is, and how to fix it.
- Automatically assigns a severity level to security issues and computers, making it easier to prioritize what to fix first.
- Automates security issues remediation by deploying missing security updates, uninstalling unauthorized applications, turning on antivirus and more.
The first step to have a healthy network is to know about all the devices connected to it. This is crucial because unmanaged or forgotten machines are not up-to-date with their security and become an easy entry point in the network for malware and hackers.
GFI LanGuard helps network administrators to identify what these devices are: servers and workstations; IP based network devices such as routers, switches and printers; mobile devices and virtual machines.
Software vulnerabilities are the main vehicle malicious software and hackers use to breach networks. Exploited security vulnerabilities in the majority of cases lead to instability on the target systems and this translates into productivity loss until they are repaired or replaced. Things get even more serious when exploited vulnerabilities lead to data loss and data theft. In the event of a breach, the cost to the company is more than just a loss of productivity or time wasted cleaning up infected machines. You have to factor in the data that has compromised the loss of reputation and the costs associated with settling possible claims from affected users.
GFI LanGuard performs over 45,000 checks for security flaws and misconfigurations against operating system and installed applications. The number is continuously increasing as the definitions databases are updated on regular basis to be able to detect and remediate the latest threats.
Vulnerability scanning is the most reliable way to measure how secure the network is. Vulnerabilities detected by GFI LanGuard have detailed descriptions, external references such as CVE ID, OVAL ID or Microsoft bulletin and a severity level calculated using CVSS standard. This helps network administrators to analyze security issues and prioritize remediation.
Additionally, GFI LanGuard users can easily create their own custom vulnerability definitions using predefined checks such as file tests, registry tests, service tests, port tests and so on. If predefined checks are not enough, customers can define their own checks using well known scripting languages like VBS and Python.
The reports on vulnerability statuses and vulnerability trends can be used by network administrators to prove to their superiors or external auditors that regular vulnerability checks are performed on the network, that systems are up-to-date, or that their IT infrastructure is compliant with different regulations such as Payment Card Industry Data Security Standard (PCI DSS).
Microsoft and other software vendors have auto-updating systems that are designed to help users apply the latest patches. This is a solution that works fine but for proper patch management more is required. GFI LanGuard takes patch management a step further by providing a facility to confirm successful deployment of patches, patching of third-party applications and not just Microsoft products, as well as full control on when and how patches are deployed, together with facilities to allow end user reboot control.
GFI LanGuard provides network-wide detection, download and deployment of security updates; and it does this from a central location, on demand or in a fully automated way. It caters for all security updates released by Microsoft and also for the updates for many other popular applications such as Adobe, Java, the major web browsers running on Windows, and more.
Patch management tasks, from missing updates detection to download and deployment, can be scheduled to run at a time that ensures minimal impact on the organization’s normal work flows. Administrators can decide whether to reboot the managed systems or to delegate this to end users.
Some security updates can interfere with the business environment, but GFI LanGuard can help in such cases too by facilitating easy rollback of such patches from all computers in the network. However, it is important to know that not all updates can be uninstalled (for example, service packs applied to the operating system cannot be undone).
Another important feature is the network-wide deployment of custom software and scripts. GFI LanGuard can distribute within the network any piece of software that can be made to run silently.
Network and software audit
The easiest way to maintain the network secure over time is to keep track of security sensitive changes in the network and be notified when they occur. GFI LanGuard reports on available shares, open ports, running services, users and groups, auditing and password policies, hardware devices, installed software, etc. It is not just reporting current information, but it also detects changes from one scan to the next. Administrators are notified, for example, when new ports are open, new users are created or new software is installed. This is very useful for network administrators because it helps them detect and close unnecessary services, thus reducing the risk of a security breach by minimizing the attack surface.
GFI LanGuard integrates with more than 1,500 critical security applications such as antivirus, antispyware, firewalls, anti phishing, web browsers, instant messaging, disk encryption and more. It detects when they are installed and reports on their status – informing network administrators if their security infrastructure works as it should (is the antivirus real time protection turned on, are its definitions up to date? etc). Additionally, for a large number of products it is possible to perform remedial action such as triggering an update of antivirus definition files, or turning on antivirus or the firewall on a machine.
Applications can also be marked as unauthorized and GFI LanGuard can be configured to notify or automatically uninstall these applications when they are detected on the network.
With minimal administrative effort, GFI LanGuard provides a comprehensive network security overview – truly an administrator’s virtual security consultant.