# Essential Eight Maturity Level Mapping

Endpoint Central is a trusted solution for organizations striving to meet the Essential Eight requirements. The table below highlights how Endpoint Central’s capabilities align with the maturity levels of the Essential Eight framework.

| Mitigation Strategy | Maturity Level One | Maturity Level Two | Maturity Level Three | How Endpoint Central helps |
|---|---|---|---|---|
| **Patch applications** | An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. | An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. | An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. | Endpoint Central uses its agents to fetch the complete details of the inventory present in your IT.<br><br>Refer to the types of [Inventory scans](https://www.manageengine.com/products/desktop-central/help/inventory/scan_systems_for_inventory.html) leveraged by Endpoint Central for monitoring your IT.<br><br>Admins can configure [Inventory Alerts](https://www.manageengine.com/products/desktop-central/help/inventory/configure_email_alerts_for_inventory.html) in case of any unauthorized changes taking place inside your IT network. |
| **Patch applications** | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | Endpoint Central provides comprehensive vulnerability management in terms of constant assessment and visibility of threats from a single console.<br><br>Apart from vulnerability assessment, it also provides built-in remediation of the vulnerabilities detected. |
| **Patch applications** | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in online services. | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in online services. | A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in online services. | Endpoint Central detects [web server misconfigurations](https://www.manageengine.com/vulnerability-management/help/how-to-harden-and-secure-web-servers.html) for widely deployed web server vendors like Apache, Tomcat, IIS, Nginx. |
| **Patch applications** | A vulnerability scanner is used at least weekly to identify missing patches or updates for vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. | A vulnerability scanner is used at least weekly to identify missing patches or updates for vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. | A vulnerability scanner is used at least weekly to identify missing patches or updates for vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. | Endpoint Central provides comprehensive vulnerability management in terms of constant assessment and visibility of threats from a single console. Apart from vulnerability assessment, it also provides built-in remediation of the vulnerabilities detected.<br><br>Endpoint Central also integrates with [Tenable](https://www.manageengine.com/products/desktop-central/tenable-integration.html) for extensive vulnerability detection.<br><br>Endpoint Central provides comprehensive patch support for Windows, Linux, and macOS and Windows Server OS. It also can patch [1,000+ third party applications](https://www.manageengine.com/patch-management/supported-applications.html), hardware drivers, and BIOS.<br><br>Endpoint Central has a vulnerability age matrix and vulnerability severity summary, which can provide rich insights about the impact of patch implementation. Besides, Endpoint Central also provides comprehensive reports on vulnerable systems and missing patches in your IT. |
| **Patch applications** | — | A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in applications other than office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. | A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in applications other than office productivity suites, web browsers and their extensions, email clients, PDF software, and security products. | Endpoint Central provides comprehensive vulnerability management in terms of constant assessment and visibility of threats from a single console. Apart from vulnerability assessment, it also provides built-in remediation of the vulnerabilities detected.<br><br>Endpoint Central also integrates with [Tenable](https://www.manageengine.com/products/desktop-central/tenable-integration.html) for extensive vulnerability detection.<br><br>Endpoint Central provides comprehensive patch support for Windows, Linux, and macOS and Windows Server OS. It also can patch [1,000+ third party applications](https://www.manageengine.com/patch-management/supported-applications.html), hardware drivers, and BIOS.<br><br>Endpoint Central has a vulnerability age matrix and vulnerability severity summary, which can provide rich insights about the impact of patch implementation. Besides, Endpoint Central also provides comprehensive reports on vulnerable systems and missing patches in your IT. |
| **Patch applications** | Patches, updates or other vendor mitigations for vulnerabilities in online services are applied within 48 hours of release when vulnerabilities are assessed as critical by vendors or when working exploits exist. | Patches, updates or other vendor mitigations for vulnerabilities in online services are applied within 48 hours of release when vulnerabilities are assessed as critical by vendors or when working exploits exist. | Patches, updates or other vendor mitigations for vulnerabilities in online services are applied within 48 hours of release when vulnerabilities are assessed as critical by vendors or when working exploits exist. | Endpoint Central supports [web server hardening](https://www.manageengine.com/vulnerability-management/help/how-to-harden-and-secure-web-servers.html) for widely deployed web server vendors like Apache, Tomcat, IIS, Nginx.<br><br>Endpoint Central also supports patching for Windows Server OS. |
| **Patch applications** | Patches, updates or other vendor mitigations for vulnerabilities in online services are applied within two weeks of release when vulnerabilities are assessed as non-critical by vendors and no working exploits exist. | Patches, updates or other vendor mitigations for vulnerabilities in online services are applied within two weeks of release when vulnerabilities are assessed as non-critical by vendors and no working exploits exist. | Patches, updates or other vendor mitigations for vulnerabilities in online services are applied within two weeks of release when vulnerabilities are assessed as non-critical by vendors and no working exploits exist. | Endpoint Central provides comprehensive patch support for Windows, Linux, and macOS and Windows Server OS. It also can patch 1,000+ third party applications, hardware drivers, and BIOS.<br><br>For mobile devices, Endpoint Central can provide firmware updates, [OS updates](https://www.manageengine.com/mobile-device-management/help/os_update_management/mdm_automate_os_updates.html) and [streamline app updates](https://www.manageengine.com/mobile-device-management/help/app_management/mdm-app-update-policies.html).<br><br>**Endpoint Central's SLA for patches:**<br><br>i) Third-party updates are supported within 6–9 hours from vendor release.<br>ii) Security updates are supported within 12–18 hours from vendor release.<br>iii) Non-security updates are supported within 24 hours from vendor release.<br><br>Endpoint Central's comprehensive patching solution helps you to achieve [high patch compliance](https://www.manageengine.com/patch-management/patch-compliance.html). |
| **Patch operating systems** | An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. | An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. | An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. | Endpoint Central uses its agents to fetch the complete details of the inventory present in your IT.<br><br>Refer to the types of [Inventory scans](https://www.manageengine.com/products/desktop-central/help/inventory/scan_systems_for_inventory.html) leveraged by Endpoint Central for monitoring your IT.<br><br>Admins can configure [Inventory Alerts](https://www.manageengine.com/products/desktop-central/help/inventory/configure_email_alerts_for_inventory.html) in case of any unauthorized changes taking place inside your IT network. |
| **Patch operating systems** | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | Endpoint Central provides comprehensive vulnerability management in terms of constant assessment and visibility of threats from a single console.<br><br>Apart from vulnerability assessment, it also provides built-in remediation of the vulnerabilities detected.<br><br>Endpoint Central integrates with [Tenable](https://www.manageengine.com/products/desktop-central/tenable-integration.html) for extensive vulnerability detection. |
| **Multi Factor Authentication** | — | Multi-factor authentication is used to authenticate privileged users of systems. | Multi-factor authentication is used to authenticate privileged users of systems. | Endpoint Central helps in leveraging [Windows Hello for Windows devices](https://www.manageengine.com/mobile-device-management/help/profile_management/windows/windows_hello_for_business.html). Admins can also configure two-factor authentication for Windows end users.<br><br>Endpoint Central console can be accessed using two-factor authentication. |
| **Regular backups** | Backups of data, applications and settings are performed and retained in accordance with business criticality and business continuity requirements. | Backups of data, applications and settings are performed and retained in accordance with business criticality and business continuity requirements. | Backups of data, applications and settings are performed and retained in accordance with business criticality and business continuity requirements. | Endpoint Central also provides [instant, non-erasable backup](https://www.manageengine.com/products/desktop-central/anti-ransomware.html) of the files in your network every three hours by leveraging Microsoft's Volume Shadow Copy Service.<br><br>If a file is infected with ransomware, it can be restored with the most recent backup copy of the file. |