|
|
LANDesk Software Inc.
www.landesk.com
LANDesk Security Suite
http://www.landesk.com/products/security-suite/
Provide a short description of how and where your capability is made available to your customers and the public (required):
Each of our vulnerabilities definitions contains CVE_ID which are updated regularly and are based on the most recent updates made by MITRE. Customers can access this information through the LANDesk Security and Patch Manager products.
Describe how and where your capability indicates the most recent CVE version used to create or update its mappings (required):
Our definition's CVE_ID is linked directly to the CVE data in the MITRE database, so we do not reference CVE versions
Indicate how often you plan on updating the mappings to reflect new CVE versions and describe your approach to keeping reasonably current with CVE versions when mapping them to your repository (recommended):
When we generate or maintain vulnerabilities definitions, we will add or update the hanging the mapping VE_ID mapping based on the MITRE database
Describe how and where you explain to your customers the timeframe they should expect an update of your capability's mappings to reflect a newly released CVE version (recommended):
We do not provide an explanation, but we do provide regular updates which reference the newly released CVE version.
Provide a copy, or directions to its location, of where your documentation describes CVE and CVE compatibility for your customers (required):
The LANDesk Security and Patch Manager online Help provides information regarding CVE compatibility. Please see the following excerpt from the Help documentation:
Using CVE names
LANDesk's Security and Patch Manager tool supports the CVE (Common Vulnerabilities and Exposures) naming standard. With Security and Patch Manager you can search for a downloaded vulnerability by its CVE name. You can also view the CVE name(s) associated with an individual vulnerability.
What is CVE?
LANDesk compatibility with the CVE standard
Using CVE names with Security and Patch Manager
What is CVE?
CVE is short for Common Vulnerabilities and Exposures, a collaborative initiative by several leading security technology organizations to compile and maintain a list of standardized names for vulnerabilities and other information security exposures. CVE is a dictionary of names rather than a database.
In short, the stated purpose of the CVE naming standard is to make it easier to search for, access, and share data across vulnerability databases and security tools. For more details about CVE and the CVE Editorial Board, visit the MITRE Corporation's Web site.
LANDesk compatibility with the CVE standard
LANDesk security products, including the flagship LANDesk Management Suite as well as LANDesk Security Suite and LANDesk Patch Manager, offer tools for vulnerability definition updating, viewing, and reporting that fully support the CVE standard.
When you use the LANDesk Security and Patch Manager tool to download vulnerability definition updates, the vulnerability data contains CVE name references that are based on the most recent information from the CVE board. Additionally, the vulnerability definition includes a hyperlink to the CVE dictionary Web site where you can find the most recent CVE version information at its source. The accuracy and currency of the CVE data is validated by this direct link.
Provide a copy, or directions to its location, of where your documentation describes the specific details of how your customers can use CVE names to find the individual security elements within your capability's repository (required):
Using CVE names with Security and Patch Manager
Security and Patch Manager lets you search for vulnerabilities by their unique CVE names. You can also find CVE names for downloaded vulnerabilities as well as access the CVE Web site for more information about the vulnerability and its CVE status.
To find security vulnerability definitions by using CVE names
In Security and Patch Manager, select Vulnerabilities from the Type drop-down list. A complete list of downloaded vulnerability definitions displays.
Enter the CVE name (CVE ID) in the Find field, select Any or CVE ID from the In Column drop-down list, and then click the Search button. (You can enter the entire CVE ID, including the cve- prefix, or as much of the ID as you know, and search your downloaded security repository for matching vulnerabilities.)
If a vulnerability with a matching CVE ID is found in the repository of vulnerabilities you've downloaded with Security and Patch Manager, it displays in the list.
Right-click the vulnerability to access its shortcut menu for available options.
Provide a copy, or directions to its location, of where your documentation describes the process a user would follow to find the CVE names associated with individual security elements within your capability's repository (required):
To find CVE names for downloaded security vulnerability definitions
In Security and Patch Manager, select Vulnerabilities or All Types from the Type drop-down list. A list of downloaded definitions displays. (If the column for CVE ID data has been selected, you can view CVE IDs in the item list. To configure columns, right-click a column title bar, select Columns, and make sure the CVE ID column is in the Selected Columns list.)
Double-click a vulnerability definition (or right-click the definition and select Properties) to open its Properties dialog.
Click the Description tab.
If the selected vulnerability has a CVE name, it displays in the CVE ID drop-down list. Some vulnerabilities might have more than one CVE name, which you can access by scrolling through the drop-down list.
To access the Web page for a specific CVE ID,click the More information for CVE ID link. The CVE Web site provides detailed information about each vulnerability with a CVE name, including its current status with the CVE board (approved Entry, or Candidate under review).
If your documentation includes an index, provide a copy of the items and resources that you have listed under "CVE" in your index. Alternately, provide directions to where these "CVE" items are posted on your web site (recommended):
LANDesk online help does not include an Index.
If CVE candidates are supported or used, explain how you indicate that candidates are not accepted CVE entries (required):
LANDesk Security and Patch Manager supports CVE candidates, but all the candidates and entries use "CVE-" as the prefix, the user can determine candidate status by clicking More information for CVE_ID from vulnerability properties to connect to the MITRE database.
If CVE candidates are supported or used, explain where and how the difference between candidates and entries is explained to your customers (recommended):
Please see the item 11
If CVE candidates are supported or used, explain your policy for changing candidates into entries within your capability and describe where and how this is communicated to your customers (recommended):
Please see the item 11
If CVE candidates are supported or used, explain where and how a customer can find the explanation of your search function's ability to look for candidates and entries by using just the YYYY-NNNN portion of the CVE names (recommended):
Please see the item 11
Give detailed examples and explanations of how a user can locate tasks in the tool by looking for their associated CVE name (required):
LANDesk Security and Patch Manager provides a Find(search function) capability that allows a user to look for a specific CVE named vulnerability. Part of the information that is returned with the CVE search is a flag that lets the user know whether the vulnerability exists for a scanned set of computers. By identifying what computers are vulnerable from the CVE search the user can access from the context menu of the CVE named vulnerability the following tasks:
Repair the vulnerability
- Display all affected computers
- Download associated patches
- Autofix when scanning
- Add to Compliance group
- Clear scan/repair status
Give detailed examples and explanations of how, for reports that identify individual security elements, the tool allows the user to determine the associated CVE names for the individual security elements in the report (required):
In the LANDesk Security and Patch Manager tool there are several default groupings that are used for organizing security elements. Customers also have the ability to create their own personalized groupings based on company and organizational preferences. With these groups customers can perform a number of security related tasks for computers which are affected by detected vulnerabilities. From each of these groups the customer can generate a report of the contents of the list view panel which shows the associated security elements. The report lists both the LANDesk ID as well as the associated CVE ID(s). Thereby making access to the CVE information easy and reliable.
Give detailed examples and explanations of how a user can obtain a listing of all of the CVE names that are associated with the tool's tasks (recommended):
By default each security element in the LANDesk Security and Patch Manager product will display the corresponding CVE names. Additionally, the user can use the built-in Find feature to search for a specific CVE ID for which the customer would want to associate with a task or set of tasks.
Describe the steps and format that a user would use to select a set of tasks by providing a file with a list of CVE names (recommended):
There are two ways that this can be done from the LANDesk Security and Patch Manager tool. Once the list of CVE IDs are generated the customer can access the context menu of the selected CVEs to access the list of available tasks to perform. The second method is to select the CVE or list of CVE IDs and from the tool bar click on the "Create a task" button in order to access the available list of tasks to perform.
Describe the steps that a user would follow to browse, select, and deselect a set of tasks for the tool by using individual CVE names (recommended):
The user would use the Find function in the LANDesk Security and Patch Manager tool to select the specific CVE ID for which they wanted to remove an associated task. Once the user finds the CVE ID with its associated security element the user would then go to the list of "All affected" computers. From this list the user would identify the tasks to disassociate for these computer and perform that action in the Scheduled tasks tool.
Provide a description of how the tool notifies the user that task associated to a selected CVE name cannot be performed (recommended):
In the LANDesk Security and Patch Manager tool there is a GUI window "Security and Patch Manager Information", will display the result for any failed task relating to the remediation of any CVE named vulnerability.
Provide details about the different electronic document formats that you provide and describe how they can be searched for specific CVE-related text (required):
Double-click a vulnerability definition (or right-click the definition and select Properties) to open its Properties dialog.
Click the Description tab. Then click the help button
If one of the capability's standard electronic documents only lists security elements by their short names or titles provide example documents that demonstrate how the associated CVE names are listed for each individual security element (required):
Go to LANDesk and Security Manager main console, Choose the type from dropdown list select Vulnerabilities, user will see the vulnerability definitions with CVE ID.
Provide example documents that demonstrate the mapping from the capability's individual elements to the respective CVE name(s) (recommended):
If the selected vulnerability has a CVE name, it displays in the CVE ID drop-down list. Some vulnerabilities might have more than one CVE name, which you can access by scrolling through the drop-down list.
To access the Web page for a specific CVE ID,click the More information for CVE ID link. The CVE Web site provides detailed information about each vulnerability with a CVE name, including its current status with the CVE board (approved Entry, or Candidate under review).
Give detailed examples and explanations of how the GUI provides a "find" or "search" function for the user to identify your capability's elements by looking for their associated CVE name(s) (required):
Go to LANDesk and Security Manager main console, Choose the type from dropdown list select Vulnerabilities, in the "Find" text field input LANDesk defined element, user will see the vulnerability definitions with CVE ID.
Briefly describe how the associated CVE names are listed for the individual security elements or discuss how the user can use the mapping between CVE entries and the capability's elements, also describe the format of the mapping (required):
Go to LANDesk and Security Manager main console, Choose the type from dropdown list select Vulnerabilities, in the "Find" text field input CVE ID, user will see the vulnerability definitions with LANDesk defined element.
Provide details about the different electronic document formats that you provide for exporting or accessing CVE-related data and describe how they can be searched for specific CVE-related text (recommended):
All CVE related security elements can be exported to a report. This report can be saved as anyone of the following types; html, pdf, xls, doc, rtf, and csv. Once the report data has been saved in one of these formats a user can use the built-in tools for these application viewers to search for a specific CVE entry based on key-text phrases or words.
Have an authorized individual sign and date the following Compatibility Statement (required):
"As an authorized representative of my organization I agree that we will abide by all of the mandatory CVE Compatibility Requirements as well as all of the additional mandatory CVE Compatibility Requirements that are appropriate for our specific type of capability."
Name: Mark Ah Mu
Title: LANDesk Global Content Project Manager
Have an authorized individual sign and date the following accuracy Statement (recommended):
"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the mapping between our capability's Repository and the CVE entries our capability identifies."
Name: Mark Ah Mu
Title: LANDesk Global Content Project Manager
FOR TOOLS ONLY - Have an authorized individual sign and date the following statement about your tools efficiency in identification of security elements (required):
"As an authorized representative of my organization and to the best of my knowledge, normally when our capability reports a specific security element, it is generally correct and normally when an event occurs that is related to a specific security element our capability generally reports it."
Name: Mark Ah Mu
Title: LANDesk Global Content Project Manager