KasperskyVulnerability and Patch Management

Automated software scanning enables the rapid detection, prioritization and remediation of vulnerabilities. Vulnerability scanning can be delivered automatically or to a set schedule via a single policy to detect Microsoft and non-Microsoft vulnerabilities (150+ software applications are supported). Flexible policy management facilitates the distribution of updates, compatible software as well as the creation of exceptions, depending on the computer's role in the network.

Effective vulnerability assessment allows the most critical vulnerabilities to be prioritized and fixed first. The severity of a vulnerability is assessed by Kaspersky's experts as well as additional threat sources. If malware is exploiting a flaw, it's immediately deemed critical and prioritized.

Kaspersky Vulnerability & Patch Management can automatically download necessary patches and updates. It can also play the role of Windows Update (WSUS) server.

Before distributing patches and updates to applications and operating systems across the organization, the administrator can test them to ensure that the system will run smoothly without impacting on performance and employee efficiency. The administrator can also limit the list of applicable patches on endpoints to approved patches only. Once known vulnerabilities have been identified and prioritized, patches can be tested in the local environment before being deployed if required.

Patches and updates can be distributed immediately and automatically, or deployment can be postponed to run after-hours with the support of Wake-on-LAN. Multicast technology enables local distribution of patches and updates to remote offices, which reduces bandwidth requirements. In this scenario, a machine in the remote office is designated as a distribution point, receives all the necessary patches and updates and distributes them to the other local machines, minimizing network traffic.

Patch installation results can be monitored so the administrator is satisfied that the problem has been eliminated and the patches delivered successfully. The administrator is also alerted if an error occurs – for example, if updates were pushed to 100 machines, the administrator doesn't have to investigate every machine, but just examine the overall report that has been generated.

Kaspersky Vulnerability & Patch Management enables the administrator to run reports on scans to look for potential weak spots, track changes and gain extra insights into organizational IT security – and the information about every device and system on the corporate network. Information about existing exploits and known threats as well as CVEs (common vulnerabilities and exposures) are also available.

If you’re using applications that aren’t on a supported list, you still can benefit from centralized update provisioning and application deployment. The software deployment process is completely transparent. You can deploy software immediately or schedule it for after hours. In some cases, you can specify additional parameters to customize the software being installed.