Information Security maga

Pitching patch: Configuresoft

Configuresoft's response emphasized the Enterprise Configuration Manager (ECM) and Security Update Manager (SUM) suite's strength as a configuration management and automated patch management product, turning the issue, correctly, into one of overall vulnerability management. While the company's proposal for patch management wasn't the strongest for our requirements, Configuresoft's overall approach was on point.

Configuresoft crafted its own version of what it deduced was our requirements (in addition to addressing our specific requirements). To some extent, we found this helped focus on big picture issues, but our overall sense was that this enabled Configuresoft to define the problem in its terms and tailor the solution to its strengths.

Following this line, Configuresoft -- like most respondents -- provided no real plan for our company, leaving us to "imagine, if you will" how its deployment would look and work. Configuresoft's agents give it tremendous flexibility for security policy setting and automated remediation through the central database. ECM allows the creation of custom templates to assess and remediate any app—a plus. It also allows for highly granular grouping of devices for remediation, though this is probably of more value to larger, more complex organizations.

Configuresoft uses a DCOM-based agent, using RPC, known for its vulnerabilities, to communicate, but it encrypts all communications with AES over HTTPS.

The company's response on the issue of mobile users and satellite offices was a mixed bag. Configuresoft mentioned distribution points that sounded like local caches to reduce WAN bandwidth, but what they are and how they work was unclear. A plan tailored to our company and a good diagram would have helped.

<<Return to Pitching patch

This was first published in May 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: