Recent Speculation re: LANDESK Product Security, 11/2015

Version 5

    LANDESK recently became aware of some unusual activity on our IT systems. With the help of a leading computer forensics firm, we took immediate steps to further enhance our security measures and began conducting a thorough investigation to determine what happened.

     

    In the course of the investigation, we discovered that some personal information may have been exposed for a few former and current employees. Those employees have been notified, but we have no evidence that any personally identifiable information was exposed for any other employees or for any of our customers.

     

    Given the recent online speculation about the security of our product, we want to reassure you about the security of our products and provide some best practices to help you increase your security posture if needed.  We can’t comment on the specifics of the investigation, but based on the information we know so far, we have not confirmed a risk to our customers’ environments, and there are no known primary attack vectors using LANDESK software.

     

    Security is, and will continue to be, a high priority for LANDESK.

     

    Over the years LANDESK has done significant work to ensure our products are secure and safe to use. Additional security measures are added with every new release, and we encourage all customers to keep up-to-date with the latest versions of our products.

    As always, we recommend organizations adopt IT security best practices. Systems and security management tools are extremely powerful, and must be controlled to ensure they are only used by authorized personnel for their intended purposes.  If you haven’t already, we recommend you:

    • Ensure your servers are physically secured.
    • Take advantage of security enhancements built into our tools and the platform by regularly applying patches and other updates.
    • Apply appropriate server security protocols to the Server and SQL Server where LANDESK installed.
    • Ensure your systems administrators have the correct level of access they need to perform their jobs, but not to perform all functions on all devices or servers.
    • Regularly audit LANDESK and other systems to ensure there is no unauthorized use.
    • For other recommendations, including recommendations specific to the LDMS Core, see: Securing LANDESK Environment Best Practices