GFI LANguard is the first network vulnerability and patch management solution to integrate with more than 1,500 critical security applications

The GFI Infrastructure Business Unit announces the launch of GFI LANguard™ 2011, the latest version of the company’s comprehensive network vulnerability scanning and patch management solution. GFI LANguard 2011 is the first network vulnerability and patch management solution to integrate with more than 1,500 security applications and to include keyword search functionality, illustrating GFI’s commitment to providing small and medium-sized businesses (SMBs) with innovative products that meet the needs of today’s dynamic IT environments.

GFI LANguard 2011 combines vulnerability scanning, patch management and network and software auditing into one solution that enables IT professionals to scan, detect, assess and correct potential security risks on their networks with minimal administrative effort. GFI LANguard provides administrators the ability to inventory devices attached to their networks; receive change alerts, such as notification when a new application is installed; ensure antivirus applications are current and enabled; and strengthen compliance with industry regulations through automated patch management that defends against potential network vulnerabilities. The solution can manage of up to 5,000 machines from a single console.

Enhanced features of GFI LANguard 2011 include:

• Complete Network Security Awareness – incorporates a new management dashboard that processes all security scans, provides current network security status and maintains a history of all relevant changes made to the network.
• Easier Security Management – integrates with more than 1,500 critical security applications, including antivirus, antispyware, firewall, URL filtering, instant messaging, peer- to-peer, disk encryption, VPN, data loss prevention, backup, and device-access control solutions to quickly and easily identify existing security infrastructure, report on the status of each application and remediate any security issues.
• Quick Text Search – enables administrators to perform keyword searches in scan results to quickly and easily ensure specific actions were performed.
• Faster Security Scanning – uses local agents to automate and distribute the scanning load across client machines, resulting in faster and more accurate scans. Thousands of machines, even in Wide Area Network (WAN) environments, can be scanned in minutes.
• Enhanced Reporting – simplifies report management and distribution. Payment Card Industry Data Security Standard (PCI DSS) dedicated reports are also available to help organizations prove compliance.
• Virtual Infrastructure Recognition – detects virtual machines hosted by scanned computers, giving administrators a complete view of their virtual infrastructure.

“We designed GFI LANguard 2011 to be a virtual security consultant for our customers,” said Cristian Florian, product manager, GFI Software. “We constantly strive to enhance our products with innovative new features that meet the evolving needs of SMBs. Our last version of GFI LANguard was the first network security solution to automate missing patch detection and remediation for the top five Web browsers running on Windows-based systems, and GFI LANguard 2011 is now the first solution of its kind to integrate with 1,500 critical security applications.”

Driving Innovation for SMBs

GFI Software’s Infrastructure Business Unit develops a broad range of solutions that help SMBs strengthen their IT operations and better manage all the devices attached to their network. Infrastructure solutions provided by GFI include: data backup and recovery, log management, network fax server, network monitoring, network vulnerability scanning, patch management, network access control and web monitoring. To learn more, email sales@gfi.com or visit www.gfi.com.

SMBs are increasingly aware of the cost savings and efficiencies they can gain by adopting cloud-based IT solutions. The Intel Hybrid Cloud enables GFI Software to take advantage of that rising demand and the recurring revenue it generates from subscription-based pricing.

According to IT research firm Gartner Inc., SMBs “typically have a smaller IT force, and gain significant leverage from the use of external cloud services. These factors have combined so that SMBs are taking the lead in adopting cloud computing for core revenue-producing and mission-critical systems …”¹ Gartner also forecasts that “SMB cloud market revenue will exceed $30 billion by 2014; with the greatest demand coming from SMBs in North America…”²

“As more and more SMBs adopt cloud-based solutions to cut costs and streamline operations, GFI Software is evolving its own software delivery and pricing models to support them,” said Walter Scott, CEO of GFI Software. “For the cloud to successfully gain traction in the SMB market, it needs to be easy to deploy, cost effective, reliable and backed by a trusted industry leader. Intel is a name all SMBs know and respect. Participating in the Intel Hybrid Cloud program ensures GFI Software is well positioned to lead SMBs into the cloud.” 

“Through the Hybrid Cloud, Intel is offering VARs and MSPs access to the core solutions a small business needs via a software-as-a-service model,” said Bridget Karlin, general manager, Intel Hybrid Cloud. “Whether it’s email, security, VoIP, an office productivity suite or accounting software, we’re creating a market place for SMB applications from industry solution providers like GFI Software. With the applications announced today, and more to be added in the coming months, GFI Software helps diversify and add a tremendous amount of depth to the Intel Hybrid Cloud offering.”

Transitioning SMBs to the Cloud

The Intel Hybrid Cloud is a subscription-based software delivery model providing locally hosted hardware and software on a pay-as-you-go basis. SMBs get all the benefits of services in the cloud with the peace of mind of maintaining their data on site. 

The following GFI Software solutions are available through the Intel Hybrid Cloud:

• GFI VIPRE® Antivirus – Defends against viruses, adware, spyware, worms, rootkits, phishing attacks, malicious URLs and more without slowing down PCs
• GFI LANguard – Provides comprehensive monitoring, patch management for Microsoft and other popular software, vulnerability analysis, asset inventory and other services to ensure network security and compliance
• GFI EventsManager – Helps businesses meet a broad array of security, regulatory compliance, business continuity and e-discovery requirements by collecting, logging and analyzing events occurring on the network
• GFI EndPointSecurity – Prevents data loss and theft by controlling what devices access the network, blocking malicious or unauthorized software, and centrally monitoring the network for newly connected devices.

To learn more about GFI Software solutions available through the Intel Hybrid Cloud, visit intel.com/go/hybridcloud or send email to sales@gfi.com.

1. Gartner Research “Predicts 2011: Cloud Computing Is Still at the Peak
of Inflated Expectations,” Nov. 22, 2010
2. Gartner Dataquest “Market Insight: SMB Cloud Services Require Comprehensive
CSP Channel Strategies,” Dec. 6, 2010

This competition is now closed.

The festive season is upon us once again where we look at the year gone by and make our new resolutions for the year ahead. But one thing remains… the GFI Festive Season Competition! With fantastic prizes to be won and a very easy way in which to do it, this is one competition that you can’t afford not to participate in! Especially since there are TEN prizes to be given away!

Ten lucky winners have the chance to win a 10-user license for one of the following GFI software products: GFI LANguard, GFI MailArchiver, GFI WebMonitor or GFI VIPRE Antivirus Business.

But it doesn’t end there; one of these ten will be randomly selected to win an iPad!

How’s that for some festive fun?!

What do you have to do to win? Simple. Just complete this form and answer the simple question (select the answer from the drop down menu in the form).

Entries will be accepted until Wednesday, December 15, 2010 – the competition form will no longer be available after that date. The winners will be notified during the week starting Monday, 20 December, 2010 via the email address used in the form*.

Terms & Conditions

• Only one submission per person will be accepted
• Only completed forms will be eligible for the competition
• GFI Software employees & their families cannot take part in this competition
• Not all submissions who guess correctly will win a prize. 10 names will be drawn randomly from the list according to how many entries are received.
• The GFI Software user license is valid for one year.
• The GFI Software user license is valid for 10 users.
• Upon contacting the winner/s, if no reply is received within a week, GFI retains the right to choose another entry
• Whilst GFI does its utmost to ensure that all prizes are delivered in a timely fashion the company does not retain responsibility for any prizes that are lost/stolen in the mail
• The prize has to be sent to the country of residence listed upon registration; no other addresses will be permitted
• GFI retains the right to cancel/change this or any promotion without notice
• GFI’s decision is final and no correspondence will be entered into
• Any incomplete or irrelevant entries; or entries that do not comply with the Terms and Conditions will not be eligible to win.
• Prizes are as described and cannot be substituted for cash

* Prizes will be dispatched in January 2011 due to holiday season restrictions.

Here are some of the potential repercussions of simply having 1 un-patched machine on the network:

• Downtime and loss of productivity due to reinstallation
• Questionable data integrity due to a successful exploit
• Negative public relations due to systems unavailable for your customers
• Legal problems should your patch management process go under a judicial microscope

Here are the simple three steps to successfully manage the patch deployment process using GFI LANguard:

1. Scanning for vulnerabilities and building an application inventoryThe first step would be to establish an inventory of your organization’s network and the software deployed on it. Without a proper inventory, patching becomes a very daunting task. In addition to this, machines should also be prioritized by creating a risk profile based on their necessity to the organization. GFI LANguard ships with an applications inventory which provides a list of all applications detected during past scans.For the inventory discussed above to be populated automatically, an initial scan of all machines must be done. You can choose to run a scheduled custom scan to simply detect for missing patches and service packs. This would scan the machines to list the software installed on each one. The scan results would then save the applications detected in the scans in the applications inventory.

   With each new scan, any new applications which may have been installed would also be detected by the scan and added to the applications inventory. GFI LANguard would then automatically download any patches and service packs for the applications that need patching.

2. Analyzing the resultsThe most important task following a network security scan is identifying which areas and systems require your immediate attention. This is achieved by analyzing and correctly interpreting the information collected and generated during a network security scan. Upon completing a scan, GFI LANguard immediately displays a scan summary that graphically displays the vulnerability level of the scanned computer or a combined interpretation of the scan results obtained following a network scan.The scan results also show a vulnerability level. A vulnerability level is a rating given by GFI LANguard to each computer after it has been scanned. This rating indicates the vulnerability level of a computer/network, depending on the number and type of vulnerabilities and/or missing patches found. See a complete list of software products supported by GFI LANguard. Once a scan has been performed, and its results analyzed, the final step would be to remediate the vulnerabilities.
3. Remediating the vulnerabilitiesOnce you have performed a scan and analyzed the results, you can now configure GFI LANguard to automatically fix some of the issues identified during your network audit. This is achieved through the built-in tools that ship with the product. Available remediation actions include:

• Auto-patch management – This remediation feature automatically downloads missing updates and deploys them network-wide.
• Applications auto-uninstall – This remediation action enables the auto-uninstall of applications that support silent uninstall. This remediation action auto-uninstalls the applications of your choice from the application inventory outlined above. The process involves a test phase (called validation) during which an application is uninstalled automatically to identify if silent uninstall is supported by target application. If it is, all the other instances on the network will be automatically uninstalled during scheduled scans.

Sometimes drastic action may be necessary to protect your organization’s network. You can always disable the machine’s account and immediately start the patch management process on this infected/un-patched machine.

If this doesn’t work, then disable the switch port that the workstation connects to or move the machine to a quarantined network. This will allow you to remediate the vulnerabilities on this machine in a confined environment, without increasing the risk of the entire network getting infected.

We’re pleased to announce the release of GFI LANguard™ version 9.6, the first network security solution to automate missing patch detection and remediation for the top five Web browsers running on Windows systems – Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari and Opera Browser. Download GFI LANguard version 9.6.

GFI LANguard combines vulnerability scanning, patch management and network and software auditing into one comprehensive solution that allows IT professionals to scan, detect, assess and correct potential security risks on their networks with minimal administrative effort.

LANguard also offers administrators the ability to take inventory of devices on their networks, maintain change management awareness, and increase compliance with industry regulations through automated patch management.

The new version of GFI LANguard extends its automated patch management capabilities to even more applications – allowing companies to further streamline their networking and security processes and reduce the vulnerability levels of their IT software infrastructure.

“Web browsers are the number one cause of network vulnerabilities among third party applications, and if companies do not have an automated patch management solution in place to detect and deploy security patches for these vulnerabilities, they are at an increased risk of suffering from a security breach or malware attack,” said Cristian Florian, product manager, GFI Software. “With GFI LANguard version 9.6 we not only wanted to expand our automated patch management capabilities to new applications – including all of the major Web browsers – but also to help our customers reduce windows of vulnerability by giving them real-time product updates.”

Enhanced features of GFI LANguard 9.6 include:

• Automatic patching for new third party applications: GFI LANguard 9.6 is the first solution to automate patching and remediation for all major Web browsers running on Windows systems: Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari and Opera Browser. Additional new applications that can be automatically patched with LANguard 9.6 include Apple iTunes, Foxit Reader, Real Player, Skype and WinZip.
• Real-time notification of product updates: The first product page features a news section that highlights the latest product news, including when new patches are available, new third party products are supported for patching, and new vulnerabilities are added to the database. By notifying users in real-time about new product updates, they are able to better prepare for auditing and remediation.
• Enhanced auto-deployment approval option: Administrators can now utilize a new option in patch auto-deployment approval that allows them to auto-approve patches for Microsoft applications only, non-Microsoft applications only, or both at the same time.

Which were the most vulnerable applications in the first half of 2010?

Below are the results after processing vulnerability data feeds as of July 7, 2010 from National Vulnerability Database (NVD), which is the U.S. government repository of standards based vulnerability management data:

Interesting highlights and remarks:

• Web browsers are the most targeted applications. They hold the top four places. Other popular targets for hackers are Adobe products, Java Runtime Environment and Microsoft Office.
• Discussions about which browser is most secure do not make much sense. They all have quite a number of new security vulnerabilities. Probably a safe web browser is one which is used by only a few people and therefore is not popular enough to get attention from hackers. However, on such a browser a lot of sites will not work simply because most developers only test their site on the top most used browsers.
• Adobe, Microsoft and Mozilla have the most products in the top 15:
  o Adobe – 5 products
  o Microsoft – 3 products
  o Mozilla – 3 products
  o Oracle – 2 products
  o Apple – 1 product
  o Google – 1 product

According to NVD new security vulnerabilities are published with a rate of 16 per day. Vendors are forced to release a lot of security updates to keep their products secure; therefore a vulnerability management tool like GFI LANguard can be very helpful. Currently LANguard can automate patching for 11 products out of the 15 mentioned above. Here is the full list of supported non-Microsoft products.

GFI LANguard 9.5 was launched at the end of May with a new and very important feature for people working in the network security area: patch management for non-Microsoft applications.

The aim is to perform from a central location network wide detection, download and deployment of missing updates for all important vendors of popular applications widely spread in corporate environments. Such applications get a lot of attention from hackers and therefore need security updates quite often.

The enhancement saves a lot of a network administrator’s time as it would take forever to patch each machine individually even for relatively small networks with 20-100 machines. To have an idea of the amount of work involved it is enough to take a look at some of the updates released last month (June 2010):

• Microsoft
  o One Microsoft Silverlight update (June 3rd)
  o 10 security bulletins on patch Tuesday (June 8th)
• Mozilla
  o Two updates of Firefox (Firefox 3.6.4/Firefox 3.5.10 and Firefox 3.6.6)
  o Two updates of Thunderbird (Thunderbird 3.0.5 and Thunderbird 3.1)
• Adobe
  o One update of Flash Player (Flash Player 9.0.277.0/Flash Player 10.1.53.64)
  o One update of Reader (Reader 8.2.3/Reader 9.3.3)
  o One update of Acrobat (Acrobat 8.2.3/Acrobat 9.3.3)

There are a total of 18 updates only from Microsoft, Mozilla and Adobe. Other vendors (i.e. Apple) have released security updates too. It becomes extremely hard to keep up with them.

So far, beside Microsoft security updates, LANguard 9.5 could be used to patch popular applications from Adobe (Flash Player, Acrobat Standard and Professional, Reader and Shockwave Player), Mozilla (Firefox and Thunderbird) and Oracle (Java Runtime Environment).

Starting on July 13, 2010 new applications are added to the supported list:

• Apple QuickTime
• Adobe Air
• Adobe Acrobat Professional Extended
• Opera Browser

The complete list of supported applications is available. Stay tuned however as new applications will be added to the list soon!

If you would like us to consider additional applications for patch management you can submit a request.

GFI LANguard is designed for admins to be able to control the entire network covering workgroup computers as well as domains from a central location. This is a big advantage and can be combined with the scripting capabilities of LANguard. Using scripts it is possible to get even more information about computers scanned. In the past we saw popular scripts for network and software audit (now included as standard features in application) or computer serial number retrieval.

If an admin wants to not only to scan but also make changes on the network it can be done by applying common admin commands to remote computers. This is, for example, what Patch Management can do – the missing patches can be deployed and installed; the deployment can be considered the “active” part of GFI LANguard. There is also a Custom Software deployment module which can be used to install software, update files etc. A particularity of Custom Software deployment is that first you must scan a computer and then analyze the response and set a deployment.

Another possibility to make changes on scanned computers consists in the usage of the scripts attached to vulnerabilities. The scripts can include a detection section followed by the “active” part which will modify something on the remote computer. This will take a short time and will be done in one shot compared to Custom Software where the deployment cannot be triggered automatically by a scan. If you want to be notified which computers have been processed by vulnerability/script you can display echo messages in scanner activity windows.

In GFI LANguard, scripting can be done in a VBS like language for Windows, using SSH for Linux or in Python for both. If you don’t want to run the script on all machines you can filter them by IP, OS or any other criteria using the vulnerability parameters or directly in script, or simply using a computer list

You can use these scripts/vulnerabilities in a dedicated profile having an IP range as target and eventually in a scheduled scan that will act as a guardian remediating automatically all problems found on the computers discovered.

Below you can find some examples that can give an idea of what and how this can be done.

The first example can be created by making an exception on the remote machine’s firewall that allows a specific application to run through. In my example the application will be update.exe within GFI LANguard:

Function Main

Dim ip, compip, compname, user, passwd, path, strCommand As String

Dim Shel As Object

cr = Chr(13) + Chr(10)

compip = GetParameter("ComputerIP")

user = GetParameter("User")

passwd = GetParameter("Password")

path="D:\L.N.S.S\PsTools\"

strCommand = "cmd /c " + path + "psexec.exe " + "\\" + compip + " -u " + user + " -p " + passwd + " /accepteula netsh.exe  firewall set allowedprogram ""C:\Program Files\GFI\LANguard 9.0\update.exe"" LANguard_Update ENABLE"

Set Shel = CreateObject("WScript.Shell")

Shel.Run(strCommand)

Set Shel = Nothing

'main = true

End Function

Note:

1. With the script above no vulnerability will be generated since we only need to do a specific action. This is because the main function does not return a value. If main=true line is uncommented and vulnerability Value condition is set to 1 it will be shown . You can find details about these in the GFI LANguard documentation.
2. In this script was used psexec.exe tool which can be downloaded from here: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

In the next example you can find how registries can be modified using a Python script. This will check if Windows automatic logon is enabled and deactivate it:

import _winreg

def main():

 result = 0

 hivekey = _winreg.ConnectRegistry("\\\\" + ComputerIP, _winreg.HKEY_LOCAL_MACHINE)

 testkey = _winreg.OpenKey(hivekey, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", 0, _winreg.KEY_ALL_ACCESS)

 value, type = _winreg.QueryValueEx(testkey, "AutoAdminLogon")

 if value == "1":

 #  GlobalFunctions.echo ("AutoAdminLogon is on. Will be deactivated")

 _winreg.SetValueEx(testkey, "AutoAdminLogon", 0, _winreg.REG_SZ, "0")

 result = 1

 _winreg.CloseKey(hivekey)

 return(result)

Note: comparing with the above script, in this case vulnerability is also generated if you set the vulnerability result to 1.

The last example is a script that joins the scanned computers to a domain.  The script is based on the netdom tool that you can find in Windows Server 2003 Support Tools and in Windows 2008 it can be added by specific roles or tools.

You can find more information here: http://technet.microsoft.com/en-us/library/cc772217(WS.10).aspx. You should have this tool only on the machine where you run GFI LANguard and you have to specify its path within the script.

The script code:

Function main

Dim ip, hostname,path, strCommand As String

Dim domuser, dompasswd, compuser,compasswd,domain,OUname As String

Dim Shel As Object

 result = false

 cr = Chr(13) +  Chr(10)

 hostname = getparameter("ComputerName")

 compuser = GetParameter("User")  ' the admin username to access the computers specified in Alternative Credentials

 comppasswd = GetParameter("Password") ' the password specified in Alternative Credentials

 path =  "c:\temp\"     'or "\\computername\foldername\" is the path where netdom.exe utility can be found

 domuser ="domainusername"      ' ex: administrator  - a domain admin user name to access the DC

 dompasswd = "password"  ' the password for above user account

 domain = "x.y"  ' FQDN domain name where the computer will be joined

 OUname = "testOU" ' OU name

 DC1 = "hdom" ' "internal" domain name ex:  from domainname.com DC1 is domainname

 DC2 = "hpub" '"public" name from above example represent com.

 strCommand = "cmd /c " + path + "netdom.exe " + " JOIN " + hostname + " /Domain:" + domain +  " /userd:"  + domuser + " /passwordd:" + dompasswd + " /usero:" + compuser + " /passwordo:" + comppasswd

 Set Shel = CreateObject("WScript.Shell")

 echo("Join the computer to domain")

 Shel.Run(strCommand) 'run the cmd

 Set Shel = Nothing

'main = result

End Function

If you have to add the computers in a specific OU you can modify the command line in this way:

'   adding to OU :

 strCommand = "cmd /c " + path + "netdom.exe " + " JOIN " + hostname + " /Domain:" + domain + " /OU:OU=" + OUname + ",DC=" + DC1 + ",DC=" + DC2 + " /userd:" + 'domuser + " /passwordd:" + dompasswd + " /usero:" + compuser + " /passwordo:" + comppasswd

Note the following variables: path, domuser, dompasswd, compuser, comppasswd, domain, OUname should be initialized with user specific values.

As a final note, be careful using such “active” scripts – it is recommended to test them first before targeting the entire network.

GFI LANguard enables administrators to scan, detect, assess and rectify vulnerabilities on their network and to secure it with minimal administrative effort. Over 15,000 vulnerability assessments are carried out when GFI LANguard scans the network, including any virtual environment. When the scan is complete, GFI LANguard’s patch management functionality allows administrators to deploy and manage patches and security updates on all machines across the network. Hardware information can be retrieved and baseline comparisons used to check for unauthorized changes.

With the latest version, network and systems administrators can take their patch management requirements to a new level by detecting, downloading and deploying missing patches on popular non-Microsoft software products and applications such as Acrobat Reader, Adobe Acrobat, Adobe Flash, Adobe Shockwave Player, Firefox, Thunderbird, Java Runtime and others.

“GFI LANguard is a robust and reliable product that enables administrators to scan for and rectify vulnerabilities on their network and also manage and deploy missing software patches. Many companies still take too long to patch their operating systems and software and this often leads to malware attacks and security breaches. With the latest version of GFI LANguard we are extending the capability of the product to manage software patches for non-Microsoft software products giving users another tool to shore up weaknesses on their network,” said Walter Scott, CEO at GFI.

“GFI LANguard has long been the choice of administrators who want to protect their networks. Now they will be in position to ensure that other popular software products that are installed on their systems, apart from Microsoft’s products, are up-to-date with the latest versions and security patches,” Scott added.

For all the changes within this release check out our KB article.

Patches are released by software vendors usually to address security issues or to provide bug fixes. Occasionally they enhance or add new features.

Software security vulnerabilities are the most common way through which malware penetrates your network. While antivirus solutions are detecting and removing malware once it is detected on your system, security patches are aimed to close the doors that malware can use to reach to your system.

The large majority of security vulnerabilities can be fixed by applying the latest patches provided by software vendors. We would never have heard about a lot of popular malware if patches had been applied in time. For example, the Conficker worm was first discovered in November 2008 and during 2009 it continued to spread, infecting an estimated 9 to 15 million computers worldwide, even though Microsoft released a patch that fixed the vulnerability exploited by the worm in October 2008!

Therefore having a proper patch management system that ensures you have the latest security patches applied on your network in time and with minimal effort is extremely important. Making use of an analogy with the automotive industry, applying the latest patches is for network security what the replacement of used brake pads is for driving safety: a maintenance task that requires some time and some money, but not doing it will end in causing damage that will cost much more time and money.

Why use GFI LANguard?

Microsoft and other software vendors have auto-updating systems (like Windows updates) that are designed to help users apply the latest patches. This is a solution that works fine for home users or for a 3-5 computer network.

However in larger networks there are a couple of reasons that makes this impractical. Administrators do not have an overview of what patches were installed on which machines, they are not notified about update failures and they cannot control which patches will be applied and which will not. Sometimes patches can have bugs or enforced security can prevent some applications from working. It is important to install them in a test environment and make sure that business critical applications are working fine before deploying them in the production environment.

Windows Server Updates Services (WSUS) is a free product from Microsoft that helps administrators to manage Microsoft updates in their network. By using this tool administrators can manage what updates, when and on which machines these need to be deployed. They are able to view the patching status of each machine from the network. Additionally the patches are downloaded only once for the entire network and stored to a central repository.

The weak points of WSUS are that it only installs on Windows servers, it is quite difficult to install and configure and it only supports Microsoft updates.

GFI LANguard is a very straightforward product to install, configure and get running. It installs on both servers and workstations and it can be used to deploy Microsoft updates as well as custom software and scripts.

GFI LANguard 9.5 comes with a new important feature for patch management. It has inbuilt support to automatically detect, download and deploy patches for non-Microsoft applications. You can use a single central console to manage security patches for all Microsoft products and patches from other vendors like Adobe, Mozilla or Oracle (and the list of supported products is continuously being expanded).

Moreover GFI LANguard is unique on the market because it is more than just a patch management tool. It also provides full vulnerability assessment and network and software audit, acting as a virtual security consultant for your network.

Click here to view GFI LANguard in action.