Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

9/21/2009
03:24 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Lumension Unveils Enhanced Compliance, Risk Mangement Product

Lumension Risk Manager automates IT audit workflows, harmonizes controls with policy requirements, and provides greater visibility across IT assets

A typical organization spends 30-50% more on compliance and IT risk policy management than it should, according to the IT Policy Compliance Group.

Given today's highly regulated business environment combined with the rising cost of compliance, organizations need a comprehensive solution that provides high visibility and continuous monitoring of their compliance and IT risk posture, while supporting greater levels of automation across audit workflows.

In an effort to continually arm customers with technology solutions that address their growing security and compliance needs, Lumension, the global leader in endpoint management and security, today announced the general availability of the Lumension' Risk Manager (LRM) product, the latest addition to its Lumension' Compliance and IT Risk Management Solution.

Lumension Risk Manager helps organizations achieve lower the costs of compliance by automating IT audit workflows, harmonizing controls with policy requirements, and providing greater visibility across IT assets for optimal security and compliance management.

Further, through a partnership with Network Frontiers, Lumension has integrated the Unified Compliance Framework within Lumension Risk Manager. This integration delivers a library of over 400 authoritative documents and 2500 harmonized controls. Periodic updates to the UCF framework ensure customers will always have the latest compliance and control requirements.

Lumension Risk Manager is further enhanced with the patent-pending Lumension Risk Intelligence Engine. This technology automatically identifies control requirements for compliance regulations and is determined by the IT assets' risk profile inputs. This automated capability allows organizations to quickly identify controls required to support multiple compliance and policy initiatives and reduce their dependence on outside consultants.

This new offering from Lumension speaks to the company's commitment to delivering on its compliance product roadmap, as outlined during the acquisition of Securityworks earlier this year.

Key Benefits of Lumension Compliance and IT Risk Management:

  • Reduction in External Audit Resources: Lumension Compliance and IT Risk Management Solution provides IT organizations with a comprehensive compliance and IT risk management framework. IT resources are associated with critical business interests, and harmonized controls are established to meet multiple compliance and policy mandates. This capability supports a reduction in third party consulting resources used to define control and policy requirements to support external regulatory mandates.

  • Assess Once, Comply with Many: With Lumension Compliance and IT Risk Management Solution, organizations can reduce their audit burden and overall cost of compliance by measuring and reporting on compliance across multiple industry and governmental regulations while harmonizing control requirements to best meet these mandates. These capabilities will enable organizations to assess once and report on many regulations simultaneously, rather than using multiple technologies that usually lack a complete, global view of regulations.

  • Focus on IT risk that matters most to the business: With Lumension Compliance and IT Risk Management Solution, companies can continuously monitor their overarching risk and compliance posture and proactively identify and prioritize IT risk deficiencies in the context of their overall compliance and policy requirements. This enhanced visibility allows organizations to more efficiently utilize existing IT resources to address those deficiencies impacting organizational compliance and IT risk posture the most.

    Supporting Quotes: Rob Isarel, CIO, John C. Lincoln Health Network "For our organization, the key to compliance and IT risk management solution is that it gives us a high-level view of what regulations and policies we need to comply with regulatory requirements. One person can't possibly be on top of all the details of the various regulations we're faced with today. Likewise, no one person can be an expert on all of the IT and security systems needed to comply with these regulations. We wanted a solution that automates all of this for us - a shrink-wrapped solution that helps us focus on critical issues and ensures we don't overlook anything. With Lumension Risk Manager, we can store information related to all our disparate systems - such as our asset and device management software, e-health analyzers, and help desk application - in one repository. And we can generate a single report on all of those systems all from a single vendor."

    Charles Kolodgy, Research Director, Security Products, IDC "The IT risks that lurk within organizations today are immense. Regulatory requirements imposed on organizations makes proper risk management an increasingly daunting task. To ensure compliance and a solid security and risk posture, organizations can no longer afford to manage risk in a siloed or manual way. A technology solution that normalizes regulatory mandates is critical to success, but it is just one piece of the puzzle. The other piece is solid communication throughout the organization but especially within IT security and IT operations teams. With visibility, controls for regulatory compliance and security controls, and cross-organizational communications, enterprises will be better armed to mitigate, manage and understand their IT risks than ever before."

    Mike Wittig, President & CTO, Lumension "Compliance, over the past few years, has become a four-letter word for many security practitioners as it conjures up visions of late nights spent poring over data points and audit profiles to ensure that their organization is fully compliant with the overwhelming number of IT compliance-related mandates that exist today. Our vision with Lumension Compliance and IT Risk Management and a main driver behind our acquisition of Securityworks this past spring, is to provide our customers with the technology they need to make their IT compliance and risk management processes more manageable, automated and repeatable. With Lumension Compliance and IT Risk Management Solution, our customers will gain the necessary visibility between operational endpoint security and strategic IT risk that's required for a better connected, smarter run, more efficient IT organization than ever before."

    Lumension Risk Manager will be made available on September 30, 2009. For more information, please click on Lumension Risk Manager.

    To find out how Lumension Compliance and IT Risk Management Solution addresses compliance requirements such as PCI DSS, click to view our On-Demand Demo.

    About Lumension Security, Inc. Lumension Security, Inc., a global leader in operational endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Utah, Florida, Luxembourg, the United Kingdom, Ireland, Spain, Australia, and Singapore. Lumension: IT Secured. Success Optimized. More information can be found at lumension.com . Lumension, the Lumension logo, and the tagline "IT Secured. Success Optimized." are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    News
    Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
    Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
    Edge-DRsplash-10-edge-articles
    Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
    Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
    News
    Cybercrime Groups More Prolific, Focus on Healthcare in 2020
    Robert Lemos, Contributing Writer,  2/22/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    Building the SOC of the Future
    Building the SOC of the Future
    Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-27132
    PUBLISHED: 2021-02-27
    SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
    CVE-2021-25284
    PUBLISHED: 2021-02-27
    An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
    CVE-2021-3144
    PUBLISHED: 2021-02-27
    In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
    CVE-2021-3148
    PUBLISHED: 2021-02-27
    An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
    CVE-2021-3151
    PUBLISHED: 2021-02-27
    i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...