Patch Management and Endpoint Security

A feature of KACE Systems Management Appliance

Experience robust endpoint security with the KACE Systems Management Appliance (SMA). Automate software patch management and deploy patches from one of the largest patch libraries in the industry. Achieve peace of mind by patching and updating your Windows and Mac platforms, as well as potentially vulnerable third-party applications such as Adobe Reader and Oracle Java. Serving as a single source for software patch management, the KACE SMA helps reduce the complexity of your IT infrastructure because you don’t have to maintain multiple patching solutions. Periodic scans and patch assessments help you identify computers where automated patch management isn’t working, so you can address those computers and correct the problem in real time.

The KACE SMA automatically sends out patch updates, but the solution gives end users some control over the process. You can set deadlines that define when a patch must be installed, and users can choose when their patch updates and system reboot happen so that work is not disrupted. Administrators also have a good experience, in that they can coordinate patch updates across complex and distributed user bases while maintaining visibility into the patching phases on a per-machine basis.

How it works:

Patch Management and Endpoint Security Screenshot

Comprehensive patch management and deployment: Reduce infrastructure and resource costs by using a single solution to manage patches for heterogeneous environments. Achieve peace of mind by making sure Windows and Mac platforms, as well as potentially vulnerable third-party applications, such as Adobe Reader® or Oracle Java®, are patched and up to date. Get powerful administrative capabilities including customizable and automated patch scheduling based on dynamic filtering so you can right-size your patching plan for your business.

The Smart Labels feature in the KACE SMA allows you to classify your endpoints using self-selected parameters. Labels can include make and model, location, operating system and other designations. You can combine labels when you’d like to take a specific action on extremely granular groupings of endpoints.
Employ remote replication for multiple worksites: Significantly reduce the network impact of large patch deployments with remote-replication capabilities. The KACE SMA enables you to designate one computer in a remote subnet to kick off Wake-On-Lan during off hours for patching and distribution.

The KACE SMA patch management data is sent once over your network to the replication share, and all other systems at that remote office can then directly pull patches from the designated remote replication share through the LAN instead of from the KACE SMA — without the need for dedicated hardware or personnel at the remote facility.
Robust, standards-based vulnerability scanning: Quickly discover vulnerabilities in your environment and identify systems that aren’t compliant with your security and configuration policies with powerful security audits. Employ OVAL-based vulnerability scanning for all managed Windows systems. Manage common endpoint configurations and confirm organizational compliance with easy-to-use, automated Security Content Automation Protocol (SCAP) scheduling and detailed reporting.
Simplify configuration management and security policy enforcement: Streamline configuration and security policy enforcement processes, such as firewall, browser and registry settings, for Windows, Mac and Linux systems by automatically deploying scripts based on specific conditions, or manually running a script based on need. Easily create scripts that target individual systems, a specific group of systems or an entire network – or use a variety of pre-built scripts. Gain the ability to set and enforce desktop configurations and manage McAfee and Symantec antivirus packages.; * OVAL is the information community standard endorsed by the US Computer Emergency Readiness Team (US Cert.) and the Department of Homeland Security.