Patch Management and Endpoint Security

How it works:

Comprehensive patch management and deployment

Reduce infrastructure and resource costs by using a single patch management software solution to manage patches for heterogeneous environments. Achieve peace of mind by making sure Windows, Linux and Mac platforms, as well as potentially vulnerable third-party applications are patched and up to date (reference the patching matrix for details). Get powerful administrative capabilities including customizable and automated patch scheduling based on dynamic filtering so you can right-size your patching plan for your business. 

The Smart Labels feature in the KACE SMA patch management software allow you to classify your endpoints and updates using self-selected parameters. Device labels can include criteria such as make and model, location, operating system and other designations, and the update labels can utilize criteria such as release date, severity, classifications, vendor and more. You can combine labels when you’d like to take a specific action on widespread or granular groupings of endpoints. 

Employ remote replication for multiple worksites

Significantly reduce the network impact of large patch deployments with remote-replication capabilities. The KACE SMA patch management software enables you to designate one computer in a remote subnet to kick off Wake-On-Lan during off hours for patching and distribution.

The KACE SMA patch management data is sent once over your network to the replication share, and all other systems at that remote office can then directly pull patches from the designated remote replication share through the LAN instead of from the KACE SMA — without the need for dedicated hardware or personnel at the remote facility.

Robust, standards-based vulnerability scanning

Quickly discover vulnerabilities in your environment and identify systems that aren’t compliant with your security and configuration policies with powerful security audits performed by the KACE vulnerability scanning tool. Employ OVAL-based vulnerability scanning for all managed Windows, Mac and Linux systems. With the KACE vulnerability scanning tool, you can manage common endpoint configurations and confirm organizational compliance with easy-to-use, automated Security Content Automation Protocol (SCAP) scheduling and detailed reporting.

Simplify configuration management and security policy enforcement

Streamline configuration and security policy enforcement processes, such as firewall, browser and registry settings, for Windows, Mac and Linux systems by automatically deploying scripts based on specific conditions, or manually running a script based on need. Easily create scripts that target individual systems, a specific group of systems or an entire network – or use a variety of pre-built scripts. Gain the ability to set and enforce desktop configurations and manage McAfee, Symantec and other common antivirus packages.  

* OVAL is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.