Network security scanning and patch management

GFI LanGuard is a network security and vulnerability scanner which provides a complete network security overview, while also providing remedial action through its patch management features.

GFI LanGuard acts as a virtual consultant to give you a complete picture of your network set-up, provide risk analysis and help you to maintain a secure and compliant network state faster and more effectively. The software assists you in these key areas:

• Patch management
• Vulnerability assessment
• Network and software auditing
• Assets inventory
• Change management
• Risk analysis and compliance.

GFI LANguard 2011 has the following new features:

Integration with over 1,500 critical security applications
It integrates with over 1,500 critical security applications of the following categories: antivirus, antispyware, firewall, anti-phishing, backup client, VPN client, URL filtering, patch management, web browser, instant messaging, peer-to-peer, disk encryption, data loss prevention and device access control. It provides reports on their status and rectifies issues by allowing operations like enable antivirus or firewall, trigger definitions update for antivirus or antispyware, uninstall peer-to-peer applications, etc.

Agents technology
The tool can be configured to run either in agent-less or agent-based mode. The agents technology enables automated audits and distributes the scanning load across client machines. The administrator simply needs to define the network perimeter and provide credentials to enable automatic network discovery, agent deployment and auditing of the client machines. Manual intervention is necessary only when fine-tuning is required. This feature provides the following benefits:

• High speed: Scan hundreds or thousands of machines in just few minutes.
• Automation: Agents update the client status on server on regular schedule. Every time the application is opened, users can analyze a complete and up-to-date network security overview.
• Scalability: Due to distributed load it is possible to scan more machines in one go, even in WAN environments.
• Accuracy: Local scans have less failure points than remote scans; agents will continue to work even when computers are not connected to the network.

New powerful interactive dashboard
GFI LANguard 2011 features a powerful and interactive dashboard that processes all security audits to provide a summary of current network security status and a history of all relevant changes in the network over time. It also drills down through information starting from network-wide security sensors to individual security scan results.

Full text search support
The software makes it possible for users to instantly locate the information they are interested in. Searching the scan results is now as easy as searching on the Internet. The search displays instant results with links to relevant items. You can search for both current and past events and for specific items like vulnerabilities, installed applications, missing patches etc. Moreover, you can save and print search reports.

Revamped reporting
Reports are now integrated within the main application. All reports are based on a computer’s current status, and not on specific scans. These reports can be exported to popular formats like PDF, HTML, XLS, XLSX, RTF and CVS and can be scheduled and sent by email. They can also be used as a template to create new custom reports and are fully re-brandable.

Network discovery not bound by license limitations
With GFI LANguard 2011, license slots are no longer required for all computers and devices in the scan results database. Only the ones that are scanned beyond network discovery are bound by license limitations.

Integration with existing network infrastructure
The software can now import organizational units or entire active directory. This leads to easier computer management as you can view the computers in GFI LANguard as they are organized in your network.

Improved support for virtual infrastructure
GFI LANguard 2011 offers detection of virtual machines hosted by the scanned computer, which means you can have a better view of your virtual infrastructure.

Custom software deployment improvements
With the latest version of GFI LANguard 2011, you can save custom software deployment configuration for re-usage. Moreover, you are also given support for configuration (auxiliary) files, i.e., for installations that require a configuration file as a parameter.

Cristian Florian, Product Manager at GFI Software, comments: “A vulnerability scan outlines the gates that malware can use to reach the network. Some of these gates are easy to detect and remediate because they are represented by vulnerabilities that have been disclosed to the public and for which a security update is available. In this case all that’s necessary to close the vulnerability is to apply the security patch. However, vulnerability scanning also outlines security misconfigurations, open ports, running services, open shares and other security sensitive information that collectively help administrators to detect and close unnecessary services in order to minimize the attack surface and provide protection from zero-day exploits.”

GFI LanGuard is available for download here.