Assets and Inventory ISV Partner Alliance Value Patch Management for Microsoft® System Center Assets and Inventory - ISV Partner Alliance Value Secunia Standard Automated vulnerability scanning and patch management tool for third-party (nonMicrosoft) programs in corporate networks. Offers the industry’s largest coverage of third-party programs and uses existing infrastructures for fast implementation. Secunia CSI 10000/20 2500 5000 10000 10 15 20 Secunia CSI 250/2 Secunia CSI 500/3 Secunia CSI 1000/5 Secunia CSI 2500/10 100 250 500 1000 1 2 3 5 Number of users All CSI 7 versions integrate with Microsoft WSUS, Microsoft System Center 2012 Configuration Manager, Secunia PSI for Android, Secunia VIM and any patch deployment tool for third-party patching Self-Help (web, forums) Full solution setup Assisted: Web/mail The Secunia CSI integrates with System Center Configuration Manager, providing software inventory (programs and plug-ins). This is mapped to security intelligence related Phone support Assisted: Phone to programs/plug-ins as well as details about vendor-supplied security updates. The Secunia CSI can scan using the System Center agent, automatically repackage security Email support – Assisted: On-Site 2 days updates/patches and push them to System Center Configuration Manager. Further scans Response time of desktops/servers ensure that updates are applied and that systems are compliant. • • • Secunia CSI 5000/15 Secunia CSI 100/1 Number of hosts Integrating with WSUS and System Center Configuration Manager, the Secunia Corporate Software Inspector (CSI) offers patch management through automation and a highly Integration centralized approach. It makes deployment of third-party updates simple. By using the Secunia CSI customers can strengthen endpoint protection, manage the software security level of de-centralized assets, receive flexible and scalable reporting, scan Microsoft Windows, Support Support Type Apple Mac OSX, and Red Hat Enterprise Linux, ensure compliance and protect against Setup call potential security breaches. Enterprise Yes Standard No Enterprise Cost Availability Y No Cost Y Inc’d w/Package Mon-Fri, 8.30AM- 10.30PM CET Y Inc’d w/Package Mon-Fri, 8.30AM- 10.30PM CET Y2 days 2 days 2 days 24x7, 365 days/year 1 day Inc’d w/Package http://secunia.com/vulnerability_scanning/ mmckeown@secunia.com http://tool.microsoftsca.com/ 1 day Flexible 1 day Assets and Inventory Architecture The Secunia CSI provides the reliable, comprehensive, and up-todate Vulnerability Intelligence and highly accurate scan results needed by IT-operations and Security teams to proactively deal with the Vulnerability threat imposed by unpatched programs. By combining reliable Vulnerability Intelligence and Vulnerability Scanning with automated Patch Creation and integration with the customers patch deployment solution, the intelligence becomes actionable from a Client Management (CM), Security Information & Event Management (SIEM), and Governance, Risk & Compliance (GRC) perspective. Further, remediation efforts become more targeted, ensuring that IT and Security Officers are focusing on the vulnerabilities that have the greatest impact on the organisation’s security state. The Secunia CSI assesses the security state of practically all legitimate programs running on Microsoft Windows platforms and supports scanning of Windows, Android, Apple Mac OSX and Red Hat Enterprise Linux (RHEL) platforms as well as custom software. *Source: Secunia CSI Complete Patch Management overview: http://secunia.com/?action=fetch&filename=productsheet_csi70_i ndepth.pdf Assets and Inventory Deployment Examples of customer deployment Company A has around 150 hosts. It needed an easy to use scanning and vulnerability management solution to ensure each host was kept up to date and secure. It already had Microsoft WSUS facilities in place for deploying Microsoft updates, but third-party programs were handled separately. There were also patch management update and verification issues. After selecting and deploying the Secunia CSI, IT Managers can manage and deploy patches for third-party applications, using the existing WSUS infrastructure. A clear overview of what needs to be patched is provided based on the criticality ratings issued by Secunia. Work can be prioritized based on risk and remediation efforts. As a result the customer has made resource savings, as central management can now be handled by one person who has a clear view of what systems need to be patched. The Secunia CSI is simple to implement. The main overhead is the deployment of a simple agent that is capable of maintaining itself. Use of the agent is, however, optional as scans can be undertaken using an agent-less approach. IT security users and staff will usually be responsible for managing the solution on an ongoing basis, but at the implementation stage, the internal skills required involve an administrator with full administration credentials. For larger projects, additional internal IT resources may be required to support the roll-out of Secunia CSI agents across the organization. Typical deployment time for a pilot project is around four hours, for a 30-user departmental deployment around eight hours, and for a larger 500-user enterprise-wide deployment around sixteen hours. Company B has over 10,000 hosts. Prior to deploying the Secunia CSI solution its systems were maintained by dedicated teams of IT and security experts. The company already used Microsoft System Center Configuration Manager to track its software inventory, supplemented by the System Center Updates Publisher (SCUP), to create custom updates. The client now uses the Secunia CSI to create an overview of their network and uses its criticality ratings to prioritize remediation efforts. The Secunia CSI complements and integrates with System Center Configuration Manager, allowing the customer to patch third-party programs and applications by providing pre-configured packages out-of-the-box. Using the Secunia CSI has reduced IT resource overheads and freed up those resources for other assignments. The Secunia CSI’s reporting engine is used to generate reports for the company's management team, as well as extracting scan results for import into an existing SIEM tool. *Source: Ovum Technology Audit, Secunia CSI, 2011. https://secunia.com/?action=fetch&filename=Ovum_Technology_Audit_Secun ia_CSI_5_2011.pdf *Source: Ovum Technology Audit, Secunia CSI, 2011. https://secunia.com/?action=fetch&filename=Ovum_Technology_Audit_Secunia_CSI_5_2011.pdf *Source: SC Magazine, February 2014. http://www.scmagazine.com/secunia-corporate-software-inspectorcsi/review/4098/ The Secunia CSI received an overall 5-star rating from SC Magazine in its Product Review. “Performance”, “Ease of Use”, “Support” and “Value for Money” were specific elements highlighted. “Strengths: Simple deployment, integration with Microsoft WSUS and System Center.” Assets and Inventory Case Studies SJISD Improves and Simplifies IT Security with Secunia’s Corporate Software Inspector (CSI). A U.S. school district based off the coast of Washington state elaborates on how the Secunia CSI has helped solve its patch management challenges. The Secunia CSI started working directly out-of-the-box to update the school’s software. The CSI’s extensive vulnerability coverage of non-Microsoft applications provided a deeper level of threat analysis. Applications could be patched immediately without the need for a separate installation agent due to integration with Microsoft System Center 2012 and Active Directory, and the Secunia SC2012 Plugin. With the Secunia CSI, SJISD were able to update insecure software (Microsoft AND non-Microsoft) in timely manner; simplify and strengthen its IT security process; and introduce significant time, resource and cost savings. “We had problems keeping our systems patched and secure. Without a vulnerability and patch management solution, you might plan on re-imaging every two to three months, but with the workload, it often just doesn’t get done...The CSI is the most complete solution I’ve ever come across, and pays for itself in time savings within the first ten to fifteen applications. It’s the best solution found for the money.” - Steve Smith, Network Administrator, San Juan Island School District. http://secunia.com/?action=fetch&filename=SecuniaCSICustomerSuccessStory-SanJuan.pdf Secunia joins Microsoft System Center Alliance program. Secunia has joined the Microsoft System Center Alliance to further support interoperability with System Center Configuration Manager. The Secunia CSI helps System Center Configuration Manager administrators map the entire software inventory and correlate this to vulnerability intelligence to improve visibility into the vulnerability management lifecycle. The consequences of exploitation of a vulnerability and the subsequent security breach can have a devastating impact upon an organisation’s critical assets. Vulnerabilities represent the “Achilles’ Heel” of any IT system. Therefore, managing these vulnerabilities is the primary means of reinforcing the strength of any IT security infrastructure. provides a highly detailed software inventory which is mapped to program and plug-in vulnerability intelligence, as well as vendor supplied security updates – or ‘patches’. It automatically repackages these security updates and pushes them to System Center Configuration Manager, allowing users to control, manage, and monitor their update deployment using System Center Configuration Manager. The Secunia CSI inspects desktops and server systems to ensure that all updates are applied correctly and all systems are compliant. The Secunia CSI removes the complexity from Vulnerability Management through unified, automated deployment of critical security updates. “Secunia’s interoperability with System Center Configuration Manager enhances our mutual customers’ ability to secure their IT systems globally by patching vulnerable non-Microsoft programs. Secunia CSI accurately maps local programs from thousands of different software vendors and any associated security patches with specific information and ratings.” Christian von Burkleo, Director of Business Strategy, Management and Security Division, Microsoft Corp. http://secunia.com/company/blog_news/news/196/