Properly keeping an IT infrastructure updated is a costly and weary activity: GFI’s LanGuard is a product conceived to structure and automate management process in a complete safety.
An example how dangerous is to have non updates systems is clearly shown by the very recent wave of infections by WannaCry, the ransomware that -albeit being targeted to a restricted number of users (they could have been way more had some remedies not been found promptly)- attacked Microsoft-based infrastructures in more than 150 countries. The ransomware exploited the EternalBlue vulnerability, which is available only on non-patched version of the operating system. Yet imagine what the outcome would have been if it targeted all Windows systems.
Protecting the network and managing patches
Often times, one can face problems about security, patch management and network control: these operations, like many others, are usually carried out with the aim of several, different software thus making the job hard to organize in a centralized manner. GFI LanGuard perfectly fits in such a context so hard to keep up with: the three pillars of vulnerability management are contained within a single piece of software, an overall package that allows you to keep networks under control and guarantee their protection.
GFI LanGuard is a network security scanner and patch management system with optimal network mapping and in-depth risk analysis capabilities, all done before security breaches happen because of the lack of network patches.
This piece of software by GFI is more mature than other security tools available on the market because it works with such a completeness of features that is hardly found on other platforms. As a matter of fact, its quality is also proved by the fact that the engine of GFI LanGuard is also used by other vendors that then rebrands the product.
GFI LanGuard can be installed on a Windows platform and, from the console, you can scan the whole network to find every connected devices like physical servers or VMs, notebooks, PCs, smartphones, printers and network gear like switches, routers and access points. Once the analysis is done, GFI LanGuard verifies any potential security issue.
Scans can be performed in two modes. The agent-less mode is the less invasive one but it’s quite costly in terms of bandwidth and resources as the audit is done directly from the machine where LanGuard runs on.
An agent modality is available as well, with a dedicated agent on each client capable of providing even more information.
Patch management is not limited to Windows, macOS and Linux operating systems, it can also be extended -the first one in its league!- to all major browsers for Windows systems: Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari and Opera Browser, thus covering a very critical sector. Patch management support is available for most common third-party applications, allowing sysadmins to verify, download and distribute patches in the same way as they monitor and manage operating systems.
The most notable software that can be managed in this integrated mode include: Apple QuickTime, Adobe Acrobat, Adobe Flash Player, Adobe Reader, Adobe Shockwave Player, Mozilla Firefox, Mozilla Thunderbird and Java Runtime.
In addition to patch management, it’s also possible to perform an update to the latest release of many applications installed on machine: for instance if an old version of Adobe Flash is identified, GFI LanGuard asks whether to directly update or apply al patches of the existing version.
Hardware requisites of LanGuard strictly depends on the size of the network. In a scenario with up to a hundred devices, a 2GhZ Dual Core processor, 2GB of RAM and 5GB of disk space are enough; complete requisites are listed at this address.
Software installation is easy, the installation package is a few hundreds of MBs and the procedure is driven by a practical izard. Software Maintenance is activated with a license code that is provided when ordering the product. An automated control to check for local vulnerabilities is run at the first reboot of the machine.
Once the software is opened, we are greet by the Home view where we can: visualize the dashboard and do a status check on network vulnerabilities and inspect results; check problems related to security (ie deploying missing patches, uninstall non authorized software, activate antivirus, and so forth); manage agents enabling automated network scans or distributing the workload amongst the different clients and, lastly, launch a manual scan for an agent-less network inspection.
A few words on licensing
As we’ve seen before, using GFI LanGuard with support and updates requires a new license. New licenses start from a minimum of 25 nodes; a node is intended as a network device with an IP address.
Price changes according to the desired number of nodes to protect and there are ad-hoc quotes for requirements exceeding 2999 nodes.
For each purchase of GFI LanGuard you are also given for free of an additional 25% of nodes to use exclusively on mobile devices.
To make a simple example, if we buy a 25 nodes license, we can protect 25 devices equipped with an IP address. We are also given 6 additional nodes for free to manage smartphones and tablets. A picture explains it well:
Please be careful when the Software Maintenance expires: after a 40-day grace period, the product ceases to function.
The advantages of a single software
The interface of GFI LanGuard is very handy, intuitive and responsive: windows and fields can be resized at your will and content can be copied and pasted with a single right click.
Patch management for operating systems and for third-party applications allows you to achieve a uniformly configured environment and, above all, to protect it from threats and vulnerabilities, also in virtualized situations. In addition, the integration with more than 2.500 security applications (antivirus, anti-spyware, firewall) generates an accurate report on their status, indicating which software are to be enabled, updated or controlled.
GFI LanGuard isn’t limited to scanning computers on a network and to providing a chronology of all modifications, but also provides an overview and runs vulnerability controls on smartphones, tablets and network devices like printers and routers.
Everything can be exported as reports in formats like PDF, HTML, XLS, XLSX, RTF and CVS and be sent via email or rebranded with the company’s logo.
GFI LanGuard also includes a database with vulnerability check, including the OVAL (more than 11.500 checks) and the SANS Top 20 standard. The database is updated periodically in an automated way and security control run on machines perform more than 60.000 different analysis with the goal of identifying and correcting any threat present on the system before they are exploited by hackers.
The strength of LanGuard lies in the advanced web-based reporting console that is centralized, integrated with Active Directory and that can be easily accessed remotely, thus allowing to manage also users with read-only or administrative permissions connected at the same time.
Why choosing LanGuard
GFI LanGuard is a complete product that can act as a real “IT consultant” inside your IT infrastructure. As we’ve seen in this overview, features and advantages are several: so we have summarised the 5 pros of this platform.
- Minimize the risk of security violations by means of a proper network scan aimed to finding security problems and vulnerabilities, automated identification and uninstall of non authorized applications, control of installed software and hardware devices on the network and delivery of alerts and reports on the network security status.
- Automate patch management for Microsoft, Linux and macOS operating systems and other third-party application. We believe to reiterate once more how a proper patch management is vital as, as we know well, many companies, public institutions and professionals underestimate the subject of IT security.
- Execution of controls and monitoring of network security.
- Support to security compliance norms that require a regulate assessment of vulnerabilities and patch management (PCI DSS, HIPAA, SOX, GLBA, PSN CoCO), which is an important aspect for listed and joint-stock companies.
- Evaluate and manage the security of smartphones and tablets used by employees to access to business information and application.
Software like GFI LanGuard, with all the features we have covered, are precisely conceived to protect from vulnerabilities and not only they help to prevent lurking and hidden risks, but also to manage all activities required to secure an infrastructure from a single platform, which are two indispensable aspects of a proper IT management.