Multi-factor authentication for the Endpoint Security Console

With cybercriminal attacks becoming smarter and more difficult to prevent, traditional authentication methods using username and password have become less secure. This is mainly due to techniques such as account takeovers and brute force attacks.

Multi-factor authentication is now considered to be one of the most effective ways to provide authentication security. Ivanti Endpoint Security 8.6 introduces multi-factor authentication for accessing the Console. This optional feature is disabled by default but can be enabled by the administrator. If your business requires, the feature can also run in PCI compliance mode.

Multi-factor authentication works with authenticators provided by Google and Microsoft.

ivanti endpoint security authentication

CVE Import

The Common Vulnerabilities and Exposures (CVE) list is a public reference of known cybersecurity vulnerabilities. The list, maintained by the MITRE corporation, continually changes as new vulnerabilities are detected. If your organization uses the CVE list, it can be difficult to determine exactly which patches you need to deploy to protect your machines from the threats identified.

Many organizations utilize separate vulnerability analysis tools to detect vulnerabilities in their environment.  In most cases it is the responsibility of the IT team to remediate those vulnerabilities and it can be a time-consuming exercise to determine which patches you need to deploy to protect your machines from the threats (CVEs) identified.

With the new CVE import feature, you can import vulnerability lists into Ivanti Endpoint Security and automatically create patch lists that contain fixes for the imported CVEs. This is a tremendous time saver since it removes the manual overhead involved and eliminates potential errors.

cve import

Deployment Wizard Enhancements

The deployment wizard is a tool within Ivanti Endpoint Security that patch administrators use frequently. The associated enhancements are designed to improve usability and reduce errors. We continuously improve the deployment wizard, and your experiences and ideas are an important contributor to that development. Keep your enhancements requests coming through our Ideas Portal.

Ivanti Endpoint Security release 8.6. includes many customer requested enhancements, let’s have a look: 

Default option on Licenses screed change to “I ACCEPT…” – On the Licenses screen, the ‘I ACCEPT…” option will be selected by default when going through the deployment wizard.  Previously, the default setting was “I DO NOT ACCEPT…” and users had to click the “I ACCEPT…” radio button.  However, it was not possible for the user to click “Next” to move on to the next screen until they selected the “I ACCEPT…” radio button setting.  As such, forcing the user to make the selection change was a redundant and unnecessary additional step and we’ve had multiple requests to change this.

  • Default Job Name updated to deployment start time – On the Deployment Information screen, we have changed the default Job Name to align with the deployment start date and time the user has selected.  Previously the default Job Name was based on the date and time when the deployment was created.  Feedback from customers showed this information was not useful, and preference leaned toward having the Job Name contain the deployment start date and time.  When users review the deployments and tasks screen, they can more easily determine when deployments are going to occur based on the Job Name.

*Note that the initial Job Name on the Deployment Information screen will still reflect the current date and time.  However, once the user sets the deployment start time, as they are now required to do, the Job Name will update accordingly.

*Note that users will still have the option to update the job name to another name of their choosing.

  • Default deployment start time – On the Deployment Information screen the deployment start time will no longer be populated automatically using the current time. Instead, the user is required to select the deployment time.  This change has been introduced to help avoid situations where users accidentally trigger deployments to occur immediately after clicking “Finish” on the wizard.

deployment wizard

  • Number of affected endpoints – On the deployment confirmation screen, the “Total selected endpoints/groups” have been updated to better highlight the groups and endpoints that may be affected by the deployment. This can be used as a sanity check that you have selected the correct groups and help avoid pushing the updates to more than the desired number of targets.
    Note that numbers shown are simply a confirmation of the number of endpoints and groups that have been selected for the deployment.  This is not the same as the number of endpoints or groups for which the deployment is applicable, as this calculation is only performed when the deployment executes.  However, highlighting the overall number of groups and associated endpoints on the deployment confirmation screen should help to reassure the administrator that they have selected the correct targets for the deployment.

Watch the on-demand release here - Ivanti Endpoint Security 8.6 Webinar