GFI LanGuard

GFI LanGuard is an on-premise network security scanner and patch management solution designed for SMB and enterprise environments running Windows infrastructure. The product operates through a central management console backed by a SQL Server database, with scanning performed either agentlessly over the network or via lightweight agents deployed to endpoints. The vulnerability assessment engine cross-references discovered configurations against a continuously updated database of over 60,000 known vulnerabilities, drawing from authoritative sources including OVAL, CVE, SANS Top 20, and BugTraq. Scans enumerate open ports, running services, user accounts, shared directories, installed applications, and hardware inventory simultaneously.

The patch management component automates the full patch lifecycle — auto-downloading missing updates from Microsoft, Apple, and over 60 third-party vendors, staging them centrally, and pushing deployment on administrator-defined schedules. Both agent and agentless deployment modes are supported, with rollback functionality enabling reverting problematic patches without manual intervention. LanGuard also integrates with over 4,000 third-party security tools including antivirus, firewall, disk encryption, and SIEM platforms.

LanGuard includes pre-built compliance reporting templates aligned to PCI DSS, HIPAA, SOX, and GLBA regulatory frameworks. Scanning scope extends beyond traditional endpoints to include virtual machines, network infrastructure devices (Cisco, HP, Juniper), and mobile devices. A single installation scales to 3,000 managed nodes, making it a practical choice for mid-market organisations that need integrated vulnerability scanning and patch management in one tool.