Altiris Delivers Integration of Security Vulnerability Assessment and Configuration Management

By | March 29, 2006

Altiris Inc. (Nasdaq: ATRS), a pioneer of service-oriented management solutions, today announced Altiris security assessment and vulnerability compliance features have been integrated into the Altiris architecture to help provide a centralized approach to eliminating security vulnerabilities. In addition, Altiris now offers new policy files for users, groups and heterogeneous systems for comprehensive, audit-ready security compliance across diverse systems and organizations.

Altiris offers two security and vulnerability management solutions. First, Altiris(R) SecurityExpressions(TM) provides a top-down, standardized approach by helping customers define and enforce compliance with established requirements such as Sarbanes-Oxley, FISMA, Payment Card Industry data security standards and any custom enterprise system security policy. SecurityExpressions has completed the certification process for more CIS benchmarks than any other competing product and is the only product to be certified on all Windows benchmarks as well as Solaris, HP-UX and Linux.

Second, Altiris(R) AuditExpress(TM) helps customers defend against security threats by finding common system vulnerabilities and prioritizing remediation tasks. AuditExpress goes beyond basic vulnerability scanning by using established policies to help determine general security status across multiple platforms. As opposed to scanners, AuditExpress specifies why vulnerabilities occur in addition to where vulnerabilities are located.

Steve Morton, Altiris VP of product management and marketing, said, “Altiris has delivered on its vision to help customers efficiently secure their IT environments by driving the convergence of configuration and security management technologies. Our unique service-oriented management approach helps eliminate hours of manual effort and significant cost while delivering rapid ROI and a healthy IT security posture.”

New integration combines AuditExpress vulnerability assessment with Altiris configuration management to provide customers with closed-loop remediation of common vulnerabilities. Vulnerability assessment data is now an integrated component of the Altiris configuration management database (CMDB) that can be leveraged across all Altiris solutions. Security assessment data can be applied to Altiris tasks to help make assessment and remediation more efficient and systems more secure, more rapidly.

n other news, Altiris has leveraged existing SecurityExpressions functionality to create more than 35 pre-built security policy files for user, group and heterogeneous systems. Altiris has created these policy files to help customers more rapidly assess Windows and UNIX-based user and group security settings. These new policy files deliver comprehensive audits for vulnerable user passwords, administrative privileges, file access and numerous others. SecurityExpressions also offers new CIS for HP-UX, Linux and Solaris, and UNIX vulnerabilities policy files.

Every organization establishes different security policies for system configurations and for access to heterogeneous operating systems, applications and databases. SecurityExpressions embraces policy diversity by offering best practice templates, customization of existing templates or the creation of new, custom templates.

Licensing and Availability

The AuditExpress Integration Component 6.0 is now available from Altiris Solution Center at no additional charge to AuditExpress customers. AuditExpress is available standalone and is included as a component of Altiris Total Management Suite(TM), Altiris Client Management Suite(TM), Level 2, and Altiris Server Management Suite(TM), Level 2. The SecurityExpressions Policy File Library can be accessed from

Leave a Reply