Ivanti Security Controls

Unified patching across your entire infrastructure

Ivanti Security Controls delivers comprehensive, automated patch management that eliminates silos and reduces complexity. Our unified platform secures your complete infrastructure — physical servers, virtual machines, workstations, and cloud instances — across Windows and Linux environments. With support for Red Hat Enterprise Linux, Ubuntu, Oracle, and alongside industry-leading Windows patching, you gain a single point of control for your heterogeneous environment.

Always-ready virtual infrastructure

Discover and secure your entire virtual environment with comprehensive patching across online and offline workstations, servers, and virtual machines. Scan for missing patches and deploy updates seamlessly to operating systems, applications, and VMs. Deep VMware integration extends protection to the hypervisor itself, enabling you to patch ESXi hosts alongside guest operating systems — all from a single console.

The solution maintains offline VM templates in a continuously patched state, eliminating the traditional workflow of provisioning a new VM and then patching it. Instead, deploy production-ready virtual machines instantly, already secured and compliant, dramatically reducing time-to-deployment while closing security gaps before systems go live.

Agentless and agent-based flexibility

Choose the deployment approach that fits your environment with flexible agentless and agent-based options. Agentless technology assesses and deploys patches to network-connected workstations and servers with minimal impact on both IT resources and system performance, eliminating the overhead of agent installation and maintenance.

For environments with remote workers, disconnected devices, or specialized security requirements, deploy the agent to gain enhanced accuracy and control. Create unlimited agent policies tailored to different device groups, network segments, or business units—each with its own update schedules, approval workflows, and deployment rules.

This flexibility ensures optimal patch coverage whether devices are continuously connected or frequently offline, while giving you granular control over how different parts of your organization receive updates.

Cross-platform patching simplified

Manage your entire heterogeneous infrastructure from a single console with unified Windows and Linux patch management. Today's enterprises can't afford platform silos; your security is only as strong as your least-patched system.

Security Controls eliminates complexity by consolidating patching across all operating systems into one automated workflow. This unified approach accelerates remediation, reduces administrative overhead, and minimizes human error while strengthening your security posture across the entire environment.

Whether you're securing Windows servers, Linux workstations, or mixed environments, you gain consistent visibility, control, and compliance from a single platform.

Third-party application coverage

Stop attackers where they strike most frequently: vulnerable third-party applications. Cybercriminals consistently target applications like Adobe Acrobat, Google Chrome, Mozilla Firefox, and Oracle Java because these widely-deployed tools offer easy entry points into your environment. Security Controls defends against this critical attack vector with the industry's most extensive application patch catalog, covering the browsers, plugins, and productivity tools that hackers exploit daily.

Our dedicated content team rigorously tests every patch before release, ensuring stability and compatibility — so you can confidently deploy updates without risking system disruptions. This removes the testing burden from your team, freeing valuable IT resources to focus on strategic initiatives rather than patch validation, while dramatically reducing your exposure to application-based attacks.

Modern device and application support

Ivanti Security Controls stays ahead of the technology curve by supporting the latest platforms and architectures across your environment:

• Next-generation architecture support: Deploy and manage ARM-based applications to client devices, ensuring compatibility with the latest modern hardware and enabling organizations to adopt emerging computing architectures without sacrificing security.
• Comprehensive OS coverage: Full support for current Windows and Linux distributions as vendors release them, keeping pace with platform evolution to ensure your endpoints remain secure and current.
• At-a-glance patch visibility: Visual indicators instantly highlight missing and installed packages, reducing the time administrators spend assessing patch status and enabling faster response to vulnerabilities.

Contentless Linux patch management

Ivanti Security Controls delivers a modern approach to Linux patching that streamlines operations and accelerates remediation. By leveraging contentless patching, the solution pulls updates directly from native distribution repositories rather than maintaining a separate patch repository. This approach provides several key advantages:

• Faster patch delivery: Updates are pulled directly from vendor repositories, eliminating the delay associated with downloading, testing, and republishing patches to a central repository.
• More complete coverage: Access to the full breadth of patches available from Red Hat, Oracle, Ubuntu and other distribution vendors without dependency on third-party patch catalogs.
• Patch-to-latest model: Inherently follows a "patch-to-zero" approach, automatically applying the latest available patches to close vulnerabilities completely rather than applying individual updates incrementally.
• Reduced infrastructure: No need to maintain and synchronize large patch repositories, reducing storage requirements and administrative overhead
• Enhanced workflow: Administrators can right-click patch tests to assign or create patch groups, and drag-and-drop updates into patch group lists for streamlined patch management.

Agent-based maintenance windows

Gain precise control over when patching and endpoint activities occur with flexible maintenance window capabilities. Administrators can define maintenance windows in terms of length (time) and recurrence (days), then apply these schedules to groups of endpoints to ensure that patching operations and associated reboots only occur during configured time slots.

This powerful capability helps organizations:

• Streamline operations: Coordinate patching activities during designated timeframes that align with business requirements and minimize disruption.
• Reduce risk: Ensure critical systems remain available during peak business hours by scheduling maintenance during approved windows.
• Improve compliance: Demonstrate adherence to change management policies by enforcing patch deployment only during authorized maintenance periods.
• Increase flexibility: Configure different maintenance windows for different endpoint groups based on business unit requirements, geographic locations, or system criticality.

Enterprise integration and automation

REST APIs for seamless integration

Ivanti Security Controls provides comprehensive REST APIs that enable deep integration with other security and IT management tools, allowing you to:

• Automate workflows: Integrate patching operations into your existing automation frameworks and orchestration tools.
• Access real-time data: Query machines, patch scans, deployment status, and Linux advisory metadata programmatically.
• Centralize reporting: Pull patch compliance data into enterprise dashboards and SIEM platforms.
• Extend functionality: Build custom applications and integrations leveraging Security Controls capabilities.
• Linux-specific APIs: Enhanced REST APIs provide detailed information about Linux packages, advisories, CVEs, and deployment status for contentless Linux patching.

From CVE to remediation in minutes

Eliminate the manual translation between security findings and IT action. Security Controls automatically maps Common Vulnerabilities and Exposures (CVEs) from any vulnerability scanner directly to the specific patches that address them. Import your vulnerability assessment, and the platform instantly builds targeted patch groups ready for deployment — transforming hours of manual cross-referencing into a streamlined, automated workflow.

This tight integration between security intelligence and patch operations accelerates your response to critical vulnerabilities, reduces the window of exposure, and ensures that remediation efforts focus precisely on the threats that matter most to your environment.

Security and compliance excellence

Independent security certification

Ivanti Security Controls has earned CorSec Security certification, validating our commitment to rigorous security standards and industry best practices. This independent third-party assessment confirms that organizations can trust our platform to protect their most critical assets. When you choose Security Controls, you're deploying a solution that's been thoroughly evaluated and certified to meet the demanding security requirements of today's threat landscape.

Protected agent authentication

Security Controls enforces strong authentication between endpoints and management infrastructure through enhanced agent registration requirements. Minimum complexity and length standards for registration passphrases prevent brute-force attacks and unauthorized device enrollment, ensuring that only legitimate endpoints can join your managed environment. This foundational security layer protects the integrity of your entire patch management infrastructure.

Trusted domain enforcement

Control which domains can communicate with your Security Controls console through the Trusted Domains feature. By defining permitted domain suffixes, you establish an additional security boundary that prevents unauthorized access attempts and strengthens your defense-in-depth strategy. This granular access control ensures that only authorized systems can interact with your patch management platform.