Kaspersky Vulnerability and Patch Management

Kaspersky Vulnerability and Patch Management Enhance security and reduce complexity
with automated updates

Cybercriminals exploit unpatched vulnerabilities in operating systems and common applications (Java, Adobe, Internet Explorer, Microsoft Office, etc.) as part of targeted attacks against businesses of every size.

This risk is compounded by increasing IT complexity – if you don’t know what you’ve got, how can you secure it?

By centralizing and automating security and management tasks, such as vulnerability assessment, patch and update distribution, hardware and software inventory and application rollouts, Kaspersky Vulnerability & Patch Management minimizes IT security risks and cuts through IT complexity. All from a single, integrated management console.

Learn more about what customers are saying about our technologies and True Cybersecurity for Business here.

    • Improved visibility and risk mitigation

      Kaspersky Vulnerability & Patch Management provides comprehensive information about the devices and applications running on your network. It gathers data about software versions and ascertains whether updates are required and vulnerabilities need to be patched. The detected vulnerabilities can be automatically prioritized so that the most critical patches are applied first and the most important updates deployed with priority. You get a complete view of what you have, the risks involved, and the tools to mitigate them.

    • Less IT management complexity

      Designed for Windows-based endpoints, Kaspersky Vulnerability & Patch Management incudes a set of client management tools to automate a wide range of IT administration functions to save time and resources. Automated provisioning of applications, OS, remote access and troubleshooting minimize the time and resources required to set up new workstations or roll out new applications.

    • Reduced impact on systems and users

      Kaspersky Vulnerability & Patch Management handles updates and patch distribution centrally to optimize update schedules. This ensures that updates don't overload the network or impact system performance. Updates can be scheduled for after-hours to minimize interruptions and when deploying new or updated software at a remote office, one local workstation can act as the distribution point for the entire remote office.

    How to buy

    For customers who don't have Kaspersky Endpoint Security for Business, Kaspersky Vulnerability & Patch Management is available as a targeted solution.

    For Kaspersky Endpoint Security for Business Select customers, it's available as an add-on Kaspersky Vulnerability & Patch Management is also included in the following products:

    Kaspersky Total Security for Business, Kaspersky Endpoint Security for Business Advanced and Kaspersky Endpoint Security for Business Select can also be purchased on subscription, with flexible, monthly licensing. Please check with your local partner about subscription options in your country and refer to the relevant system requirements here.

  • Vulnerability assessment and patch management

    Kaspersky Vulnerability & Patch Management provides total visibility of all hardware and software running on your corporate network, and the status of each, so you always know what needs to be done to keep your business safe. It automates the entire cycle of vulnerability assessment and patch management, including vulnerability detection and prioritization, downloading patches and updates, testing and distribution, result monitoring and reporting.

    • Scan, detect and prioritize vulnerabilities

      Automated software scanning enables the rapid detection, prioritization and remediation of vulnerabilities. Vulnerability scanning can be delivered automatically or to a set schedule via a single policy to detect Microsoft and non-Microsoft vulnerabilities (150+ software applications are supported). Flexible policy management facilitates the distribution of updates, compatible software as well as the creation of exceptions, depending on the computer's role in the network.

      Effective vulnerability assessment allows the most critical vulnerabilities to be prioritized and fixed first. The severity of a vulnerability is assessed by Kaspersky's experts as well as additional threat sources. If malware is exploiting a flaw, it's immediately deemed critical and prioritized.

    • Download and test patches and updates

      Kaspersky Vulnerability & Patch Management can automatically download necessary patches and updates. It can also play the role of Windows Update (WSUS) server.

      Before distributing patches and updates to applications and operating systems across the organization, the administrator can test them to ensure that the system will run smoothly without impacting on performance and employee efficiency. The administrator can also limit the list of applicable patches on endpoints to approved patches only. Once known vulnerabilities have been identified and prioritized, patches can be tested in the local environment before being deployed if required.

    • Distribute patches

      Patches and updates can be distributed immediately and automatically, or deployment can be postponed to run after-hours with the support of Wake-on-LAN. Multicast technology enables local distribution of patches and updates to remote offices, which reduces bandwidth requirements. In this scenario, a machine in the remote office is designated as a distribution point, receives all the necessary patches and updates and distributes them to the other local machines, minimizing network traffic.

    • Monitor results and run reports

      Patch installation results can be monitored so the administrator is satisfied that the problem has been eliminated and the patches delivered successfully. The administrator is also alerted if an error occurs – for example, if updates were pushed to 100 machines, the administrator doesn't have to investigate every machine, but just examine the overall report that has been generated.

      Kaspersky Vulnerability & Patch Management enables the administrator to run reports on scans to look for potential weak spots, track changes and gain extra insights into organizational IT security – and the information about every device and system on the corporate network. Information about existing exploits and known threats as well as CVEs (common vulnerabilities and exposures) are also available.

    • Deliver and deploy custom applications

      If you're using applications that aren't on a supported list, you still can benefit from centralized update provisioning and application deployment. The software deployment process is completely transparent; you can deploy software immediately or schedule it for after hours. In some cases, you can specify additional parameters to customize the software being installed.

    Client management tools to streamline routine IT tasks

    Kaspersky Vulnerability & Patch Management improves reliability and IT efficiency by automating many of the administrative tasks associated with deploying software updates and minimizing the amount of associated downtime.

    • Hardware inventory

      All devices on your network - including guest devices - are automatically detected and recorded in a hardware inventory.. Device configuration data can be collected to facilitate policy refinement.

    • Create software inventories

      The software inventory details all the software on your network, letting you control software use and block unauthorized applications. With comprehensive information on purchased licenses and expiry dates, the software inventory also helps to consolidate tracking of license lifecycles.

    • Remote troubleshooting

      By enabling secure, remote connections to any desktop or client computer, Kaspersky Vulnerability & Patch Management helps you to resolve issues quickly and efficiently. An authorization mechanism prevents unauthorized remote access – and, for traceability and auditing, all activities performed during a remote access session are logged.

    • Operating system deployment

      To optimize OS deployment – and save time – Kaspersky Vulnerability & Patch Management automates and centralizes the creation, storage and cloning of secured system images. Images are held in a special repository, ready to be accessed during deployment. Deploying client workstation images can be done with either PXE servers (Preboot eXecution Environment – also for new machines without an OS) or using Kaspersky Vulnerability & Patch Management tasks (to deploy OS images to managed client machines).

      By sending Wake-on-LAN signals to computers, you can automatically distribute the images outside of office hours. UEFI support is also supported.

      The OS image can be handled in the following ways:

      • Run a script or install additional software after the OS has been installed
      • Create a boot flash drive with Windows PE
      • Import an OS image from a distribution package – Windows Imaging Format (WIM).
    • Centralized management

      Kaspersky Vulnerability & Patch Management is managed via Kaspersky Security Center, a single unified management console that provides visibility and control of all your security and client management tools. Kaspersky Vulnerability & Patch Management can be easily scaled to cover large IT networks. Role-Based Access Control allows security management responsibilities to be divided between multiple administrators.

      Two management options are available:

      • The Kaspersky Security Center MMC console
      • The Kaspersky Security Center's Web Console

    How to buy

    For customers who don't have Kaspersky Endpoint Security for Business, Kaspersky Vulnerability & Patch Management is available as a targeted solution.

    For Kaspersky Endpoint Security for Business Select customers, it's available as an add-on Kaspersky Vulnerability & Patch Management is also included in the following products:

    Kaspersky Total Security for Business, Kaspersky Endpoint Security for Business Advanced and Kaspersky Endpoint Security for Business Select can also be purchased on subscription, with flexible, monthly licensing. Please check with your local partner about subscription options in your country and refer to the relevant system requirements here.

Technical information
Applications inside

ADDITIONAL INFORMATION

Not sure which Security Solution is right for your business?