- Split-brain DNS deployment using Windows Server DNS policy - Wed, Nov 30 2022
- Veeam Backup for Microsoft 365—Why you need to back up your M365 data - Tue, Nov 15 2022
- Cloud-based patch management with Action1 - Tue, Nov 8 2022
There couldn't be a more important topic on the minds of organizations today than security. As businesses have shifted to a hybrid workforce with remote workers, they have had to reimagine management and protection of endpoints that no longer reside on-premises. The ManageEngine Security Suite is a tool that provides the core features needed to manage today's hybrid remote end-user clients.
ManageEngine Endpoint Security Suite tools ^
Many in the world of enterprise IT solutions recognize the name ManageEngine. ManageEngine is the IT management division of Zoho Corporation. The ManageEngine Endpoint Security Suite includes the following tools:
- Patch Manager Plus
- Vulnerability Manager Plus
- Device Control Plus
- Application Control Plus
- Patch Connect Plus
- Browser Security Plus
This suite of products provides the tools to secure the core areas of patching, vulnerability management, and device and application control, all of which are increasingly important today. Let's get an overview of each application contained in the ManageEngine Endpoint Security Suite.
ManageEngine Patch Manager Plus
With a shift to a largely remote workforce, businesses may be struggling with legacy patch management that requires corporate network connectivity. In addition, remote employees may not have access to VPN connections and instead may use cloud SaaS applications for business productivity.
Patch Manager Plus solution can deploy patches to Windows, macOS, and Linux endpoints and supports patching of 500+ third-party applications. Organizations can deploy Patch Manager Plus on-premises and on cloud and patch endpoints located on the corporate network or across the Internet. No corporate VPN is required to manage patches for remote endpoints.
What features are included in the ManageEngine Patch Manager Plus solution?
- Patch Windows, Mac, and Linux endpoints
- Automated patch management
- Ability to decline and control specific patches
- Patch third-party applications
- Achieve 100 percent patch compliance
- Manage endpoints across various networks
- Generate comprehensive reports
- Automate patch testing
- Seamless feature pack and driver update deployment
- Server application patch management
- Service pack deployment
- Patch management reports
- Role-based administration
- Distribution server for bandwidth optimization
- Antivirus definition updates
- Test and approve patches
- Two-factor authentication
Vulnerability Manager Plus
One of the blind spots for many organizations is visibility into security vulnerabilities in the environment. As a result, attackers often use known vulnerabilities to compromise environments. These include OS vulnerabilities, third-party vulnerabilities, and zero-day vulnerabilities. Gartner predicts that "99% of the vulnerabilities exploited by the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident."
Vulnerability Manager Plus is a vulnerability management solution that allows businesses to scan and discover vulnerabilities in all local and remote office endpoints and roaming devices. It then enables organizations to assess the vulnerabilities and prioritize them accordingly. Finally, it helps mitigate the exploits of security holes and prevent them from widening.
Critical features of Vulnerability Manager Plus include the following:
- Vulnerability assessment—Assess and prioritize vulnerabilities based on severity, affected systems, and the remediation of the vulnerability
- Patch management—Integrates with Patch Management Plus for patching capabilities
- Web server hardening—Determine the cause, impact, and remediation for web server flaws, which helps to secure forward-facing servers in the environment
- High-risk software audit—Scan for, identify, and uninstall risky software in the environment
- Security configuration management—Audit systems for complex passwords, least privilege, and memory protection; you can also audit for CIS and STIG compliance
- Zero-day vulnerability mitigation—Deploy scripts that can help remediate vulnerabilities without waiting for a patch to be released
Device Control Plus
Another vital area of security for organizations is device control. Remote employees may be using a wide variety of devices to access business-critical data, leading to insider threats from USB and other peripheral devices. These risky, unmanaged peripherals can result in significant data loss or leak events.
ManageEngine Device Control Plus is a DLP solution that provides device control capabilities across your organization, including remote work environments. With Device Control Plus, you can monitor and control the use of external or built-in peripheral devices. It allows categorizing these devices and applying policies based on the files accessed. In addition, using Device Control Plus, businesses can grant temporary access.
It provides the following DLP features:
- Safeguard data and prevent risky device access
- Have visibility and control over abnormal data transfers
- Identify and block malicious devices
- Grant temporary access to sanctioned devices for a specific period
- Intuitive and easy DLP control
- Spot malicious activity with instant alerts in case of unauthorized access
Application Control Plus
Applications can empower end users. However, applications can also introduce security risks to your business-critical data. Application Control Plus is application control software for enterprise environments that enables IT admins to easily allow or block applications based on the specific rules they establish. It also includes a feature called Endpoint Privilege Management, which enables businesses to enforce the use of least privilege access.
Using Application Control Plus, you can discover all installed applications as an inventory of applications running in the environment. In addition, it can pinpoint applications running with elevated privileges and admin accounts. With Application Control Plus, you can also group applications into allowed and disallowed groups and group applications that require privilege elevation.
You can also create user device groups and associate them with app groups. It eliminates the need to provide users with elevated privileges by mapping user groups to app groups, allowing ManageEngine to mediate the required elevated privileges.
The features of Application Control Plus include:
- Allow only authorized applications to be executed (application whitelisting)
- Unified management of clients, servers, and roaming user endpoints
- Blacklist applications you want to keep out of your organization
- Protect legacy operating systems with application control policies
- Lock down fixed-function devices, such as point-of-sale devices
- Remove unnecessary privileges
- Allow elevating application-specific privileges instead of user privileges
- Create policies to control application requirements
Patch Connect Plus ^
Patch Connect Plus is an interesting security add-on for Enterprises, where an endpoint management solution is already in place. In these cases, a stand-alone patch management solution may not be ideal. This is where Patch Connect Plus unifies the management of third-party updates and applications for Microsoft SCCM and Intune.
Patch Connect Plus integrates with Microsoft Endpoint Manager, to simplify patch management across on-premise machines and systems over the cloud. Further more, you get to automate your patch management cycle around the needs specific to your enterprise. Here are some of the features of Patch Connect Plus:
- SCCM Application Management
- Vast repository of SCCM and Intune-ready patches
- Intune Application Management
- Distribute third-party updates for MEM
- Publish third-party updates to SCCM
- SCCM Right-click Tools
- Customized and flexible deployment policies
- Web Activity Tracking
Browser Security Plus ^
Browser Security Plus from ManageEngine is a complete browser management solution that lets you manage and control the different browsers such as Chrome, Firefox and Safari from a centralized control panel.
This is yet another enterprise security solution with special attention to browsers, thereby enabling IT admins to safeguard their network from a horde of browser-related vulnerabilities or attacks. The features offered by Browser Security Plus are as follows:
Subscribe to 4sysops newsletter!
- Insights - Gain visibility into the browsers used across your network
- Monitor Add-Ons and Browser Extensions
- Restrict certain browsers in your network
- Discover compliance status across systems
- Apply Web Filters
- Built-in Java Manager
- Browser Router
- Browser Isolation
Wrapping up ^
The ManageEngine Security Suite provides four robust applications that help enhance the security of modern enterprise environments, including hybrid remote workers. It includes tools to manage patching, vulnerability management, device control, and application control. Learn more about the individual ManageEngine Endpoint Security Suite tools.