Network security and patch management solution GFI LanGuard
Product: GFI LanGuard
Product home page: click here
Free trial: click here
I’ve always said that network security ultimately comes down to answering two really basic questions: where are the vulnerabilities on my network and what can I do to fix those vulnerabilities. As simple as these questions may be, they have always been very difficult questions to answer. Recently, I had the opportunity to review a product from GFI that might better equip security administrators to answer both of these questions. GFI LanGuard is designed to perform vulnerability assessments of devices on your network and then help you remediate detected vulnerabilities.
In preparation for writing this review, I downloaded the free trial version of LanGuard and installed it on a virtual machine in a dedicated Windows domain. In doing so, I found the installation process to be quite straightforward. LanGuard requires SQL Server, but since my lab environment contains less than 500 machines, I was able to use the included copy of SQL Server Express, which was automatically installed as part of the deployment.
Once I was done installing GFI LanGuard, the next thing I tried to do was tell LanGuard which computers I wanted it to monitor. For the purposes of this review, I decided to monitor several domain-joined virtual machines running Windows Server 2016. It should be noted that while I am limiting my review to machines running Windows, GFI LanGuard is also designed to work with Linux and Apple OS Systems X
I found the process of adding virtual machines to the GFI LanGuard console to be relatively straightforward. Since my LanGuard server was domain joined, LanGuard already knew my domain. So I was able to right click on the domain name and then use the Synchronize with Active Directory option to populate LanGuard with a list of domain joined computers.
The next step in the process was to deploy an agent to the managed computers. The agent deployment process occurs automatically on a scheduled basis. However, there is a way to speed things up by forcing an immediate agent deployment.
Although the agents deployed smoothly, it took some time for all agents to poll their respective computers and populate the LanGuard console. I was told that this process takes about a day. In my case, I set up the agents just before leaving town for the weekend. By the time I returned Monday morning, the console was fully populated.
You can see how the computer information looks like in the screenshot below. Incidentally, the reason the last machine in the list shows a deployment error is that memory limitations prevented me from powering on that particular VM. As such, the error is not an indication of a problem with GFI LanGuard.
Treatment of vulnerabilities
If you look at the previous screenshot, you will notice that the list of computers contains a column called VL, which is short for “vulnerability level”. The VL column contains a color code that corresponds to the level of perceived vulnerability. In my case, every computer is considered highly vulnerable.
Clicking on an individual computer takes you to a dashboard that provides information about that specific system. If you look at the screenshot below, you can see that in addition to providing some basic IT details, LanGuard lists the top five issues to address, along with the trend of the vulnerability over time.
As useful as it may be to know what vulnerabilities may exist on a particular machine, fixing those vulnerabilities is far more important. While you can, of course, manually address vulnerabilities, LanGuard gives you remediation capabilities. You can right-click on a computer, a group of computers, or even an entire domain to be redirected to the Correction Center. The Fix Center provides options to install or uninstall software updates, deploy custom software, uninstall unauthorized applications, troubleshoot malware protection issues, and provide remote assistance via an RDP connection.
One of the key features of GFI LanGuard is the detection and application of missing patches. LanGuard is not just limited to finding missing operating system patches. The software has built-in patch management capabilities for software from a large number of vendors. You can see some of these vendors listed on the auto-approve screen, shown in the screenshot below.
This raises an important point. GFI LanGuard automatically downloads patches, but the administrator has some control over the download process. For example, an administrator can choose to only download patches from specific vendors or for specific products. There are also ways to control the number of download threads used and the patch languages downloaded. Incidentally, if you have a WSUS server, LanGuard can be configured to use that rather than performing redundant patch downloads.
Missing patch scans
Although GFI LanGuard allows you to perform a comprehensive scan of computers on your network, the product also provides several different scan profiles. These profiles are handy if you want to check something specific without taking the time to scan everything. I decided to try the scanning profile named Missing Patches to see how it worked. This of course meant running a manual scan, but scans can be set to happen automatically. You can see how the scanning process looks like in the following screenshot.
The scanning process was completed relatively quickly. It took about 15-20 minutes to scan my test VMs. In fairness, however, all of these VMs are on the same host, and the host server’s resources were nearly exhausted. I guess a scan would probably complete faster in a production environment.
Once the scan is complete, you can easily perform a remediation that collectively deploys all the missing patches. GFI LanGuard also includes a very good report engine where you can find detailed information about the health of your systems. In addition to general reports such as Vulnerability Status Reports and Patch Status Reports, the reporting engine includes a number of compliance reports that will definitely be useful to those who need to comply with regulations such as PCI DSS or HIPAA. You can see the report screen in the following screenshot.
Whenever I write a review for TechGenix, I like to conclude the process by giving the product a numerical rating, ranging from zero to five stars, with five stars being the highest possible rating. In the case of GFI LanGuard, I decided to go with a score of 4.7, which is a gold star review. Overall, I really liked the software. I found it quite intuitive and think it would do a great job of helping administrators determine which computers on their networks need special attention.
While writing this review, I encountered errors referring to low memory. However, once I added some memory, GFI LanGuard worked exactly as expected. Incidentally, working through these memory issues gave me the opportunity to review the product documentation, which I found well-written and easy to follow.