Weak patch management is often the root cause of security & compliance issues. The importance of installing critical patches to all systems on the network cannot be over-emphasized.
Many exploitations and attacks happen days after ‘Patch Tuesday’ to take advantage of the time lapse, plus internal patch policies and external regulations like PCI DSS require organizations to “ensure all software and hardware is installed with latest security updates supplied by the vendor so all known vulnerabilities.”
So how does a security team assess and validate their environment against known vulnerabilities for which there is a patch?
Patch Compliance Auditing is the process of auditing and assessing all systems on the network to identify systems that are out of compliance with your internal and external guidelines.
By gaining visibility of devices that are vulnerable and understanding their security & compliance posture, organizations can identify risks and effectiveness of their patch management program.
We here at Tripwire have heard for a long time the need to have a better solution to monitor deployment, verify compliance and reduce the likelihood of an incident by auditing the patch levels of systems across the enterprise.
We’re excited to recently announce the newest version of Tripwire CCM that audits the patch management process to extend network visibility.
By utilizing a completely agentless architecture and requiring no software installation on monitored endpoints, Tripwire CCM helps organizations profile every device on the network and quickly identify which systems have missing patches.
If you want more information on our newest release, you can read the What’s New brief.
- Control and Capabilities Drive Enterprise Security Confidence
- Security Configuration Management for Dummies
- SecureCheq Uncovers Critical Configuration Vulnerabilities
- The Challenges of Security Configuration Management
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock