Vulnerability Management

With a highly efficient vulnerability management system, Endpoint Central provides a risk-based diagnosis framework to mitigate different kinds of security threats that can destruct the functionality of the system.

It facilitates a continuous scanning of vulnerabilities across all the managed computers in your network without the overhead of scheduling any scans. You can later access and prioritize the discovered vulnerabilities based on Exploit Status, Patch Availability, CVSS scores, Severity Levels, published and discovered dates and then deploy the necessary patches either using manual deployment or using automate patch deployment tasks using the patch management feature. The pro-active diagnosis of zero-day vulnerabilities can help you discover gaps or flaws in applications or operating systems. These zero-day vulnerabilities will be displayed in a separate view for your immediate attention.

The security configurations feature of Endpoint Central is based on CIS and STIG benchmarks. You can identify the security misconfigurations present across the managed systems and web server misconfigurations present across the managed servers and view the resolution to fix the issue.

You can also see the end-of-life software that is no longer supported by vendors, which can pose a great threat to all the endpoints in your network and closely monitor them. Remote desktop sharing software creates unsecure connections, which might lead to exposure of the firewall port to the public, which in turn increases the chances of getting infected with malware, ransomware, or data theft. Employees might use peer to peer software to share and receive files to and from other computers on the internet. These software could pose a threat to network security as it opens certain ports to facilitate file sharing, and it is difficult to verify whether the source of the file is free from malware and viruses. Also, the directories that are shared can be accessed by anyone on the internet. This might also increase the chances of leakage of corporate data and personal information. You can choose to uninstall these remote desktop sharing and peer to peer software if it is not needed for performing business critical applications. You can also add these sofwares to exceptions using the console if the mentioned high-risk software is acceptable for your enterprise.

Some enterprises may follow bench-marking guidelines set by CIS for providing certifications after security audits. If your enterprise follows those guidelines, you can audit the computers using the console. Endpoint Central provides those compliance checks by auditing the endpoints based on those policies framed by CIS and then gives a detailed report on how much these compliance guidelines have been met by the computers.

Endpoint Central's system quarantine policy helps organizations proactively manage system compliance, reduce vulnerabilities, and enhance overall security posture, as you can isolate the non-compliant systems based on certain rules.

You can generate detailed reports about all the vulnerability management processes to ensure adherence to standards. These reports, categorized as Executive and Pre-defined, provide detailed insights into system patching, aiding in vulnerability identification and addressing network security and compliance concerns.