Lumension® Scan - Vulnerability Assessment Scanner

Complete, Real-Time Network Visibility and Proactive Vulnerability Assessment and Prioritization with Lumension Scan

Vulnerability Assessment Business Issues and Challenges

Today’s enterprise has virtually become borderless; devices are brought in and out of the environment due to increased workforce mobility. Organizations no longer have visibility into what systems and applications are running on the network at any given time. This makes it almost impossible to identify which vulnerabilities may exist within the network environment.

Security vulnerabilities are growing exponentially. Malware has increased by 500%, and major AV firms are falling behind on documenting known signatures.¹ A July 2008 study² highlighted that 6437 new vulnerabilities were disclosed and nearly 410,000 new examples of malware, including viruses, worms, back doors, key loggers, Trojans, spyware, and rootkits were released the previous year.

Even more alarming is that 90% of security vulnerabilities could be exploited remotely, i.e. over the network³. It’s evident that organizations need a solution that addresses all of these concerns and improves their security posture; one that allows real-time visibility and proactive vulnerability management.

Overview

Lumension Scan, a component of Lumension Vulnerability Management, is a complete stand-alone, network-based scanning solution that performs a comprehensive external scan of all devices connected to your network, both managed and unmanaged. Once assets are identified, the powerful, yet easy-to-use Lumension Scan detects weaknesses on these devices before they can be exploited.

Lumension Scan provides:

rapid and complete asset discovery and inventory of all devices on the network
thorough and accurate network-based software and configuration vulnerability assessment
risk-based vulnerability prioritization for identified threats
continuously updated vulnerability database for orderly remediation
comprehensive management and audit reporting

How it Works

1. Your network is swept to identify and inventory all network devices
2. A comprehensive vulnerability and configuration assessment scan is then performed for software threats and missing patches
3. Threats are prioritized and risk mitigation is identified to aid in the remediation process
4. A multitude of actionable reports are available for you to evaluate assessments against the vulnerability database and prepare executive, administrative and compliance reports

Features & Benefits

Key Product Features	Benefit
Complete Asset Discovery Automated discovery of all network devices (i.e. servers, desktop computers, laptops, routers, printers, switches, wireless access points, etc.), major Operating Systems and infrastructure.	Delivers Full Network Visibility Visibility of what’s on your network in order to make it actionable.
Comprehensive Vulnerability Coverage Over 4000 vulnerability audits with wide support across major OS platforms (Windows, Linux, MacOS, Sun Solaris, HP, etc.), POSIX and infrastructure devices. Vulnerability audits include security configurations, OS and application vulnerabilities, null passwords, patch-level related vulnerabilities, known hacking tools, malware, common worms, and P2P software checks.	Ensures Proactive Risk Management Broad vulnerability assessment provides better security posture and lower TCO.
Adaptive and Targeted Scanning The most accurate vulnerability assessment scan using flexible network-based scanning techniques Various access-levels including credentialed- and null-based Performs ad hoc scans that can target one or many machines, Active directory, IP ranges, OUs, specific vulnerabilities, etc.	Delivers Complete Visibility and Flexibility Run comprehensive or targeted scans independent of user availability and access levels. Real time and on-the-fly visibility of your environment.
Customizable Vulnerability Set Define the scope of vulnerabilities to include in your scan Offers a predefined list including CVE, Bugtraq, SANS, MS Advisory, NVD.	Aligns with Your Corporate Policy Customize vulnerability set in-line with corporate policy.
Role-based Administration and Control Enables distributed management of scan activity by user roles. Delegates remediation and reporting activities to improve productivity while maintaining security.	Delivers Flexible Deployment Scenarios Customized role-based access to information, reports and activities. Designate individual administrators their portions of the network and have compliance managers report across the entire network.
Distributed Discovery and Assessment Effectively scan & assess even complex and geographically distributed network environments across the WAN.	Provides Flexible Deployment Scenarios Adapt your scan administration to your organizational setup. Centralized management and reporting with decentralized, distributed scanning. Timely scan results. Reliable load off the network.
Automated and Template-based Scanning Schedule and automate recurring scan tasks to run on a daily, weekly or monthly basis.	Reduces IT Operating Costs Automation allows you to focus your resources on more critical tasks Continuous visibility and assessment of heterogeneous environments.
Consolidated Vulnerability Library Extensive vulnerability database with informational resources and remediation recommendations Provides details of identified vulnerabilities, cross-mapping identifiers, and impact to the organization, description of attack, options to fix, and additional references for further investigation.	Saves Time and IT Operating Costs Actionable information to use to rapidly remediate critical vulnerabilities. Centralized repositories of all vulnerabilities save costs, time, and resources.
Risk-Based Prioritization All scanned systems are evaluated and prioritized according to asset value and vulnerability criticalities using straight-forward equations. All systems are listed by risk severity (High, Medium, Low, Warning and Information).	Enhances IT Productivity, Lower Costs Helps you focus and prioritize your remediation efforts on the most critical vulnerabilities. More efficient use of your resources. Lower TCO. Stronger security posture. Reduced risk exposure.
Comprehensive Reporting Ability to create and export numerous high-level or detailed reports of all scan data. Documents changes and demonstrates progress toward audit and compliance requirements with enterprise and local reporting of asset inventory, network or agent-based scans, vulnerability remediation and much more.	Delivers Executive & Technical Reporting Customized documentation to meet different audience requirements for security posture. Be ready for comprehensive executive & management as well as technical reporting at a moment’s notice. Lowers TCO for Demonstrating Compliance Maintain constant audit readiness through the automated collection and centralization of security configuration and vulnerability assessment results. Customize reports to fit audit requirements.
Non-Disruptive Scanning Designed to safely scan for vulnerabilities using standard networking protocols with minimum impact to your network. Never employs malicious vulnerability attacks.	Ensures No Downtime or Disruptions Can be used to scan production and tactical networks without causing disruption. Keep your systems running safely. Stay productive.
Supports Heterogeneous Platforms and Applications MAC OS, Linux, Unix, Windows, and infrastructure devices. Vulnerability audits include security configurations, OS and application vulnerabilities, null passwords, patch-level related vulnerabilities, known hacking tools, malware, missing patches, out-of-date antivirus signatures, worms, Trojans, and more.	Delivers One Solution for Complex Environments Actionable information delivered for heterogeneous and dispersed environments. Composite discovery using agent and agent less methodologies will help you gain complete visibility and actionable intelligence.
Highly Scalable Modular components can be installed on the same or separate systems and scaled-up as needed. Multiple instances of the scan engine can be deployed across the enterprise, controlled remotely or locally. As the number of systems on the network increase so can the number of engines performing the scans.	Adapts to Your Growing Business As your business grows, Lumension Scan will be there for you. Adapts to various organizational setups, so you can always integrate the scanner into new business structures.
Common Criteria EAL2 Certified The Common Criteria Evaluation and Certification Scheme (CCS) Certification Body has asserted that Lumension Scan complies with all the specified security requirements.	Provides Secure Scanning Customers and vendors are supplying best practices to ensure quality and security of software solution. Gives you peace of mind knowing that your scanning experience will be safe and that you comply with security requirements.

Requirements

Minimum System Requirements:

System Requirements
Processor Requirements:	Pentium-Compatible 2 GHz Processor
Memory Requirements:	2 GB RAM
Disk Space Requirements:	20 GB available disk space
Internet Connection	A single 100 Mbps network connection (with access to the internet)
Display:	Monitor resolution 1024 x 768
Operating System 32 bit	Windows XP Professional SP3+ Windows Vista SP2+ Windows 7 Windows Server 2003 SP2+ Windows Server 2003 R2 SP2+ Windows Server 2008 SP2+
Database	Microsoft SQL Server 2008 Note: Scan setup program will install SQL Server 2008 Express Edition SP1 with an instance name of Guardian during installation.

Supported Systems:

OS / Version	Discovery	Assessment
3com / Router, Switch
BSD Unix / Net, Free, BSDI
Cisco / IOS, CatOS, PIX
Cisco VPN
Foundary / Router, Switch
HP / HP-UX 10.x and later
HP / Tru64 4.0F and later
IBM AIX
Juniper / JunOS
Linux / Fedora (6,7)
Linux / Mandriva (7.0, 7.1)
Linux / Red Hat (Enterprise 3, 4, 5)
Linux / SuSE Open/Enterprise (9, 10.0, 10.1, 10.2, 10.3)
Linux / Oracle (4, 5)
Mac OS X
Nortel Switch
OpenBSD / 3.8 and later
Printers / Canon, Epson, Tektronix
Printers / HP Networked
Printers / Lexmark
Sun Solaris / 2.5 and later
Windows (generic)
Windows / 2000, XP, 2003
Windows / Vista, 2008, 2008 R2, 7
Windows / XP Embedded
Wireless Access Point

Sources:

AV-test.org
Aberdeen Group, Vulnerability Management Report, July 2008
Aberdeen Group, Vulnerability Management Report, July 2008

Lumension® Risk Manager

Lumension Risk Manager automates IT risk management and compliance workflows and provides enterprise-wide visibility to ensure effective measurement of your security posture

IT Risk Management and Assessment: Business Issues & Challenges

Most organizations have implemented a variety of operational and security controls to address today’s dynamic threats, but they lack the means to assimilate security data from multiple sources and continuously measure their security posture. Enterprise-wide visibility of IT risk posed by applications, devices, business processes, and users engaging with data is vital to ensuring continuous protection of critical business systems and information.

The ability to manage IT risk across the organization has traditionally been challenging, due to the inability to correlate data across disparate security products in the environment. Another challenge is the inability to identify, prioritize and communicate key IT risk and security metrics to senior management and line-of-business executives in a consistent and straightforward manner.

The failure to understand and communicate the business impact of IT risk across the organization can lead to business disruption, loss of sensitive information and non-compliance with both internal policies and external regulations. By aligning IT risk with business decision-making, IT and business leaders can effectively reduce business risk, minimize brand and reputation loss, and address initiatives that improve the business.

Overview

Lumension Risk Manager, a component of the Lumension Compliance and IT Risk Management solution, enables IT security professionals and business leaders to collaborate in the effective creation and measurement of IT risk to protect critical business systems and information and to ensure continuous compliance with internal policies and external mandates.

Lumension Risk Manager provides comprehensive, real-time trending views across the organization to display continuous measurement of your security posture through the following capabilities:

Measuring Security Posture: Lumension Risk Manager consolidates multiple sources of IT risk information from 3rd party vulnerability scans, antivirus solutions and more and correlates this assessment data across all of the IT assets in the organization, providing trending analysis and security posture scores at any time.
Identifying and Prioritizing IT Risk: Easily model the relationship between your IT assets and business processes to identify IT-borne business risk. Lumension Risk Manager categorizes areas of IT risk into technology, people and processes, and then develops a powerful risk profile through its patent-pending risk intelligence engine. The risk profile information is automatically correlated with internal policy and external compliance requirements and suggests mitigating IT controls to address critical risk to the business.
Streamlining Controls and Assessment: - Leveraging the industry-standard Unified Compliance Framework (UCF), Lumension Risk Manager harmonizes controls across hundreds of different regulations including PCI DSS, HITECH, HIPAA, SOX, FISMA, NERC, CobiT, NIST, ISO frameworks, and many more, along with internal policy controls. This means that no control is ever duplicated in your assessments and the structure and language of each control follows the same predictable format. Lumension Risk Manager also enables you to streamline and automate the workflow for assessing technical, physical and procedural controls by interfacing to either Lumension security solutions or third party point products such as vulnerability scanners. Utilize automated surveys to complete your assessment of physical and procedural controls.
Demonstrating Compliance: Generate reports to highlight compliance with both internal policies as well as with external regulations such as PCI DSS, HIPAA, HITECH, FISMA, and more. Lumension Risk Manager enables you to continuously demonstrate compliance with key metrics to satisfy a diverse IT risk and compliance audience through compliance and IT risk reporting, operational security reporting and remediation modeling and forecasting. Create “what-if” scenarios to better estimate how a project or remediation effort will improve your IT risk and compliance posture. Assign and track remediation projects to measure and reflect improvement in compliance and IT risk metrics.
Reducing IT Security and Compliance Time and Expense: In a challenging economic climate, reducing cost is always top of mind for CISOs. By streamlining visibility and measurement as well as IT risk management workflows; Lumension Risk Manager enables organizations to reduce audit preparation, cost and reporting of the compliance and security posture.

Features & Benefits

	Key Product Features	Benefit
IT Risk Profiling These features model the relationship between IT assets and business interests to identify IT-borne business risk.	IT Asset Catalog with Comprehensive Resource Types IT Asset repository includes all resource types, including applications, databases, servers, networks, data centers, people, and processes.	Ensure Comprehensive Visibility of IT Risk Exposure Security breaches can occur through many different avenues - servers, applications, data centers, endpoints, stolen/lost USB drives, etc. By cataloging all of these different asset types, you can gain visibility into all of the areas of potential IT risk exposure.
	Business Interest Mapping Create a catalog of key information and processes unique to your business that need to be protected from IT risk. Business interests are mapped to assets and risk scenarios to provide a business risk context for IT resources.	Correlate IT Risk to Business Impact Ensures risk-based analysis of your IT posture to provide valuable insight into prioritizing security control gaps that should be addressed.
	Business Impact Analysis through Stakeholder Surveys Use stakeholder surveys to determine the business impact of a risk scenario that compromises the confidentiality, integrity, or availability of a business interest.	Automate Survey Workflow Provides an automated effective means for identifying, capturing and incorporating business stakeholder input into the risk analysis process.
	Risk Profile Surveys Use automated surveys to allow system owners to set risk profile attributes for assets.	Automate Previously Manual Tasks Provides an efficient manner for obtaining system owner input into the risk analysis process.
	Reasonably Anticipated Risks Automatically enumerate all of the reasonably anticipated risks that should be mitigated for each asset.	Effective Communication of IT Risks to Business Audience Natural language IT risk statements enable the security team to clearly communicate IT risks to non-technical audiences.
	Dynamic Groups Define asset groups with attribute-based criteria. Membership in a group is determined dynamically based on whether an asset’s risk profile matches the group’s criteria.	Improve Visibility into IT Environment Provides flexibility and efficiency in metrics and reporting.
	Patent-Pending Risk Intelligence Engine Analyzes each assest’s risk profile to automatically identify: Risks the asset is exposed to Required compliance mandates Controls that must be implemented to satisfy both compliance and mitigate risk	Optimize IT Resources Automatic risk profile analysis saves time over manual risk analysis practices. The intelligence-based approach eliminates the need for highly-skilled security experts to spend time performing manual risk analysis.
IT Controls Framework Harmonizes control requirements for compliance mandates and risk mitigation.	Controls Framework Controls Framework includes technical, procedural, and physical controls.	Comprehensive Controls Risk and security cover more than just the technical controls you assess. Lumension Risk Manager’s comprehensive controls model ensures end-to-end visibility of all control activities needed to ensure protection of information.
	Unified Compliance Framework(UCF) Network Frontiers’ industry-vetted, harmonized mapping of unique controls to compliance regulations is developed and maintained in collaboration with industry experts, legal advisors, and standards-setting bodies across global regulations.	Support Multiple Compliance Mandates Automatically harmonizes IT control frameworks with industry regulation requirements to ensure that controls are reasonable and sufficient to satisfy multiple compliance mandates
	Control Harmonization Common controls (e.g. “Strong Passwords”) are normalized into a single control, which is cross-referenced to all standards and regulations that call for the requirement.	Assess Once, Comply with Many Eliminates overlapping control requirements that result from multiple standards and regulatory requirements.
	Compliance Library Over 400 Regulations and Standards documents are included with full cross-references to supporting IT controls.	Optimize Compliance Workflows Immediately understand the controls required to implement on Subjects and avoid time spent performing custom cross-walks across multiple requirements documents.
	Internal Compliance and Security Policy / Control Mapping Import internal compliance and security policies and cross-reference them to the harmonized controls framework.	Prove Compliance with Internal Policies Demonstrates compliance with internal policies through a common assessment process.
	Controls Linked to Risk Mitigation Controls are automatically linked to the risk scenarios they help prevent, detect, or correct.	Quickly Mitigate IT Risk Demonstrates how IT controls can mitigate actual business IT risk.
IT Controls Assessment Automated assessment of technical, physical and procedural controls.	Workflow for Assessing Physical and Procedural Controls Automated risk assessment workflow provides structure around the process of collecting scores and evidence for physical and procedural controls.	Streamline IT Risk Management Workflow Saves time by organizing the data collection efforts associated with scoring physical and procedural controls into a single view.
	Automated Self-Assessment Surveys Send multiple-choice question surveys to system owners to receive up-to-date control implementation status. Once approved, survey responses automatically update scores.	Automate Previously Manual Tasks Saves time over in-person interviews and manual data collection methods.
	Survey Delegation Survey recipients can delegate surveys to other team members as needed.	Ensure Effective Survey Workflow Ensures that survey questions are routed to the appropriate person to answer the question without extensive up-front org-chart discovery by the security team.
	Control Score Aging Configurable timers track the age of every control score to determine when controls need to be re-assessed.	Ensure Current Assessment Information Automatically detects when score information has expired and needs to be updated to keep compliance and risk metrics up-to-date.
	Interfaces to Security Point Products Built-in connectors to Lumension security solutions and other third party vulnerability scanning tools, with field-configurable connectivity via SQL and automated data import and processing of XML and flat-file data, enable you to synthesize detailed data from disparate security tools.	Automate Vulnerability and Configuration Assessment Saves time by eliminating the need to manually parse through technical security reports to update high-level risk and compliance control scores - giving you a single place to access both roll-up and drill-down level reports about your security posture.
	Attachments for Evidence Collection Attachments on control scores provide evidence of the asserted score. Attachments can be files or URLs (for example, a URL to an internal document repository containing policies).	Simplified Management Provides a convenient way to manage the myriad evidence artifacts required to demonstrate the validity of self-assessment scores.
	Accountability for IT Risk Scores Every score record contains the UserID corresponding to who made the change.	Ensure Audit Accountability Provides accountability for score information.
	Exception Management Exception Management includes exception requests, approval/rejection, expiration and notification.	Enhance Compliance and IT Risk Management Provides flexibility to mark certain scores as “exempt” for a fixed period of time so that the exception state is visible, but not counted in compliance and IT risk calculations.
	Control Scoring History All historical control scores are automatically archived.	Proof of Compliance Ensures that historical scoring information is available when needed.
	Custom Control Score Status Indicator Score items within the assessment workflow can be flagged to indicate status.	Rapid Evaluation of Control Scores Flagging score status allows for quick triage of scores that require follow-up.
	Auditor Self-Service Scoring Panel The direct score entry panel is optimized for rapid scoring and data entry of assessment test results.	Optimize Audit Results Documentation Allows auditors and security analysts to quickly document the results of their security testing activities.
	Approval-Based Workflow Scores entered from self-assessment surveys and the auditor self-service panel can be reviewed and approved prior to committing them to the permanent scoring record.	Ensure Accuracy of Scoring Information Provides an opportunity for internal quality assurance on scoring information, and ensures that incorrect survey responses don’t affect trend data or scoring history.
Risk and Compliance Reporting Generate reports and metrics to satisfy a diverse risk and compliance audience.	Compliance Reporting Compliance reports demonstrate section-by-section status of your compliance with industry regulations, compliance mandates, and your own security policy	Deliver Comprehensive Reports Provides detailed reports to satisfy internal and external auditors.
	IT Risk Reporting IT Risk reports catalog security gaps and how they could affect key business interests.	Measure IT Risk to Business Impact Enables the communication of security gaps in a way that is easily understood by non-technical business stakeholders.
	Operational Security Reporting Operational security reports provide detailed security gap information for departments within IT operations.	Deliver Metrics for Rapid Security Enforcement Enables the communication of security gaps to IT operations teams and sets specific expectations on remediation.
	Risk and Compliance Index Distill mountains of security gap analysis information into risk and compliance index scores.	Improve Internal Communication Regarding IT Risk and Compliance Provides simple metrics that communicate your overall security, risk, and compliance posture.
	Trending Analysis Metrics on compliance, IT risk, and operational security are trended on a daily basis.	Quickly Determine Trends Demonstrate trends of security, risk, and compliance program improvement over time.
	Key Performance Indicators Track the aggregate score for a user defined subset of controls and subjects against a target value.	Focus on Metrics Vital to Your Business Enables you to keep a watchful eye on specific areas of interest with a simplified report-card view of your security posture.
	Customizable Dashboard Views Combine existing dashboard widgets into a personalized custom view.	Highlight Metrics that You Need to See Allows individual users, such as executives, business owners, system owners, external auditors, and security professionals to easily view the key metrics that are important to them.
	Consolidated Findings Analysis Employ the heuristics engine to effectively analyze control scores to discover patterns, such as a certain group of subjects that contribute disproportionately to a poor compliance score, or a certain type of control that fails across a broad array of subjects.	Ensure Rapid Remediation for High Priorities Allows you to quickly spot patterns in scoring information so that you can identify high-value remediation efforts.
	Remediation Tracking to Improve Security Control Deficiencies Provide assignment and status tracking of remediation projects. Projects can be tracked according to ownership and deadlines. Upon completion of a project, scores can be automatically updated.	Highlight Improvements in Security Posture Enables you to prioritize resources to pursue remediation activities that will have the greatest impact to the business and reflect improvement in your security and IT risk metrics.
	Remediation Modeling and Forecasting Create "what-if" project scenarios to optimize IT resources to see how that project or remediation will improve your risk and compliance metrics.	Improve Operational Efficiencies Enables the prioritization of IT resources and remediation efforts based on the impact to metrics, and compare remediation projects by cost and time estimates across all controls.
	Automated E-mail Notificationss Alerts are configurable to specific users/groups and provide notifications of key conditions and state changes within your security posture.	Improve Visibility on Changes Ensures that users are aware of security policy changes and that security administrators are notified of security posture changes, such as a server that is failing a critical control or an application that is overdue on an assessment.

Requirements

Requirements	Version
Hardware	Dedicated Server Dual-Core Processor preferred, single core processor is suitable 2GB RAM 50 GB of available disk space 7200 RPM Drive and/or RAID configuration preferred A single 100 Mbps network connection (with access to the Internet)
Operating System	Microsoft Windows Server 2003 / 2005 / 2008
SQL Server	Microsoft SQL Server 2005/2008 – can be installed locally or on a remote database server. Microsoft SQL Server 2005 Express Edition
Internet Browser	Firefox 3 or higher Microsoft Internet Explorer 7 or higher Safari 3 or higher

Lumension® Enterprise Reporting

Increase visibility of the IT environment to improve security and regulatory audit compliance with Lumension Enterprise Reporting

Compliance and IT Risk Management Business Issues & Challenges

The expanding influence of security and business regulation and the increasing need to demonstrate compliance with internal polices make corporate governance and risk management a top priority for organizations worldwide. As companies plan for the future, the link between IT and business consistently ranks as one of the top three priorities for CIOs¹.

IT senior executives need timely, accurate system visibility, configuration conformance data, vulnerability management analysis and reporting to help assess business risk and meet regulatory compliance.

Overview

Lumension Enterprise Reporting, is a fully customizable, centralized business intelligence solution that enables organizations to:

Provide centralized visibility of IT assets and consolidates vulnerability and configuration data across the enterprise
Assess business risk through powerful and granular data vulnerability, configuration and inventory analysis
Demonstrate security policy and regulatory compliance status through flexible, customized vulnerability and security reporting

How it Works

1. Gather data snapshots from multiple Lumension Patch and Remediation servers in your environment, on a pre-defined, automated basis. The data is uploaded to a separate Enterprise Reporting server, via secure RSA encrypted transmissions. This ensures that data analysis does not interfere with critical assessment and remediation activities. Once uploaded, the data is consolidated into the central Enterprise Reporting data warehouse repository for centralized analysis and reporting.
2. Start your analysis at a global level, and then drill down to view specific Patch and Remediation Servers. For granular analysis, you can further drill into the results for individual groups or network devices. Graphical representations for vulnerability management, asset management, configuration conformance and trending analysis are also available.
3. Role-based access to data and reports makes it fast and easy for users to identify data that is critical to their area of responsibility. This ensures information is viewed only by individuals with proper authority. Lumension Enterprise Reporting’s open database schema integrates with any ODBC/OLEDB compliant reporting tool, including leading third party report generators from Business Objects, Crystal Reports and Microsoft.
4. Create policy-based vulnerability management reports that accurately demonstrate in real-time the status of your security posture. The reports you create will support internal policy enforcement and compliance with IT security aspects of government regulations such as Sarbanes-Oxley, HIPAA, PCI and FISMA.

Features & Benefits

Key Product Features	Benefit
Auto Report Generation & Distribution Schedule automated report generation and immediate email distribution of reports to authorized users.	Improves Efficiency of IT Operations Optimize IT staff productivity and improve information flow with the organization.
Comprehensive Pre-Defined Report Library 29 standard reports for vulnerabilities, patch deployment, configuration, inventory, compliance, and more are included Further, these reports are not fixed and may be extended to meet the organization’s needs.	Ensures Audit Readiness Eliminate and automate routine administration tasks to provide productive immediately actionable system information.
Data Mining Interactive reports allow you to “drill down” into report data, drilling from a global view of all users down to individual groups and entire Update servers down to individual devices.	Delivers Multiple Views of Information Linked data allows IT and compliance staff to efficiently find and process the system and regulatory information.
Efficient Data Consolidation Enterprise reporting utilizes a separate server to minimize disruptions to Lumension Patch and Remediation, enabling you to run reports without interrupting key vulnerability management tasks.	Maintains Security Reporting system independence ensures no degradation of security within your enterprise.
Enterprise Dashboard Global view of vulnerability status for all enterprise assets provides a unified look at the health of your enterprise.	Delivers Quick, Unified View of All Assets Provide your organization an at a glance understanding of risk and system status.
Extensible to 3rd Party Reporting Tools Works seamlessly with third party reporting tools including SQL Reporting Services, Business Objects, Crystal Reports, and more.	Integrates with Existing Systems Integrate vulnerability management information into your existing IT management systems to provide a unified solution for enterprise reporting.
System Configuration Reporting Allows information targeting to an organization’s specific functional groups, as well as summary views and trending.	Provides Easy Risk Assessment Provide the ability to assess enterprise wide risk due to configuration conformance.
Instantaneous Results View current status of vulnerability management efforts with up-to-minute reports.	Ensures Audit Readiness Timeliness of reporting ensures no hidden compliance or security system status will be overlooked.
Open Reporting Schema Data views make it easier to find reporting data; underlying queries are exposed to easily create custom reports.	Increases Productivity Improve IT productivity through easy to use, rapid report creation.
Policy-Based Reporting Flexible policy-based reporting enables you to substantiate compliance with security aspects of government regulations such as Sarbanes-Oxley, HIPAA, FISMA and others.	Maintains Compliance By aiding in the achievement of regulatory compliance, the enterprise helps to minimize its legal, financial, and reputational concerns.
Automated Data Transfer Data from multiple Lumension Patch and Remediation Servers is automatically transferred to a secure central repository using RSA encryption.	Saves IT Time and Enhances Communication Reduce your operational IT staff burden and improve information flow within the enterprise.
Data Purge Management Remove dated data and conserve disk space.	Saves IT Time and Costs Reduce system storage requirements to minimize implementation and maintenance costs of reporting.

Requirements for the host server

Minimum System Requirements:

	< 5,000 Devices	>5,001 to 10,000 Devices	> 10,000 Devices
Processor*	One Single Core 3.0 GHz Intel® Xeon®	One Single Dual-Core Intel® Xeon®	Please contact Lumension Professional Services
RAM	4 GB	4 GB
Disk Capacity	125 GB	150 GB
Network Connection	Single FE (100Mbps)	Single FE (100Mbps)

*Note: If SSL will be implemented, an SSL Acceleration card is recommended.

Minimum Software Requirements:

	< 5,000 Devices	5,001 to 10,000 Devices	> 10,000 Devices
SQLr	Microsoft SQL Server 2005 Standard (or Enterprise) Edition SP2 Microsoft SQL 2005 Reporting Services SP2	Microsoft SQL Server 2005 Standard (or Enterprise) Edition SP2 Microsoft SQL 2005 Reporting Services SP2	Please contact Professional Services
Other	Microsoft Internet Information Services (IIS) 6.0 SP1 Microsoft .NET Framework v 1.1 SP1 and v2.0 Microsoft Internet Explorer 6.0 SP1	Microsoft Internet Information Services (IIS) 6.0 SP1 Microsoft .NET Framework v 1.1 SP1 and v2.0 Microsoft Internet Explorer 6.0 SP1	Please contact Professional Services

Supported Operating Systems:

Microsoft Windows Server™ 2003, Standard Edition with SP1 or later
Windows Server 2003, Enterprise Edition with SP1 or later
Windows Server 2003 R2, Standard Edition (SP2 recommended)

* Note: If SSL will be implemented, an SSL Acceleration card is recommended.

Sources:

Gartner EXP's annual CIO survey 2007 and 2008

Lumension® Device Control

Enforce Security Policies for Port Protection, Removable Device Usage, and Data Encryption with Lumension Device Control

Device Control Business Issues and Challenges

The problem of data leakage due to the accidental or sometimes malicious use of removable devices and/or removable media has reached alarming levels. In fact, over 85% of privacy and security professionals reported at least one breach and almost 64% reported multiple breaches that required notification.¹

To enhance productivity, organizations need to allow employees and partners access to data; and more employees are working remotely, thus requiring access from outside the network. But the potential impact of data loss is a very real concern, be it accidental or malicious. And today, removable devices (such as USB flash drives) and media (such as DVDs/CDs) are the most common data leakage routes – no file copy limits, no encryption, no audit trails and no central management.

The information contained in customer data, corporate data and intellectual property is worth billions to some. And the costs for recovery of data and lost business are rapidly rising as well, with the average per incident cost now estimated to be $6.75 million.²

Lumension Device Control:

Centrally manages security policies regarding use of removable devices (e.g., USB flash drives) and media (e.g., DVDs/CDs) using a whitelist / "default deny" approach
Enforces encryption policies when copying data to removable devices / media
Prevents malware intrusion via removable devices / media, adding a layer of protection to your network
Provides the visibility, forensics and reporting needed to demonstrate compliance with applicable laws

Overview

Lumension Device Control, the stand-alone implementation of Lumension Data Protection solution, enforces organization-wide usage policies for removable devices, removable media, and data (such as read/write, encryption). Using a whitelist / “default deny” approach, administrators can centrally manage your devices and data. Lumension Device Control enables organizations to embrace productivity-enhancing tools while limiting the potential for data leakage and its impact.

How It Works

1.Discover - Identify all removable devices that are now or have ever been connected to your endpoints through the use of a “learning” mode that allows you to collect information without disrupting business.
2.Assess - Define rules at both default and machine-specific levels for groups and individual users with regards to device access by class, model and/or specific ID, and uniquely identify and authorize specific media. These permissions can be linked to the user and user group information stored in Microsoft Active Directory or Novell eDirectory.
3.Implement - Enforce device and data usage policies by: file copy limitations (amount per day, time of day) and file type filtering. You can also enforce the encryption of data moved onto removable devices / media and apply permissions to specific and/or groups of endpoints, ports, devices and users (both on- and off-line), including scheduled / temporary access.
4.Monitor - Continuously monitor the effectiveness of device and data usage policies in real time and identify potential security threats by logging all device connections, recording all policy changes and administrator activities, and tracking all file transfers by file name and content type. You can even keep a copy of every file that is transferred to or from a removable device using our patented bi-directional shadowing technology.
5.Report - Create both standard and customized reports on all device and data activity showing allowed and blocked events, which can be saved into a repository, shared via email, and/or imported into 3rd party applications. Detailed forensic reports and comprehensive auditing capabilities enable you to demonstrate compliance with government statutes (such as SOX, GLBA, HIPAA, HITECH, and others),industry regulations (such as NERC, PCI DSS and others)and especially your internal security policies.

Where It Works

Lumension Device Control supports any ports and devices recognized by Windows, including all Plug-and-Play and user-defined devices.

Physical Interfaces	Wireless Interfaces	Device Types
USB FireWire PCMCIA ATA / IDE SCSI LPT / Parallel COM / Serial PS/2	WiFi Bluetooth IrDA Wireless NICs	Removable Storage Devices External Hard Drives DVD / CD Drives Floppy Drives Tape Drives Printers Modems / Secondary Network Access Devices PDAs and other handhelds Imaging Devices (Scanners) Biometric Devices Windows Portable Devices Smart Card Readers PS/2 Keyboards User-Defined Devices

Features & Benefits

Device / Port Access Control

Feature	Benefit
Per-Device Permissions Granular permissions to control access at device class (e.g., all USB flash drives), device group, device model and/or even unique ID levels; for instance, restrict access rights to a specific device of a company-approved model.	Delivers Granular Permissions Control Provides greater control at lower levels for effective access management.
Device Whitelist / "Default Deny" Assign permissions for authorized removable devices (such as USB sticks) and media (such as DVDs / CDs) to individual users or user groups; by default, those devices / media / users not explicitly authorized are denied access.	Allows Only Authorized Devices onto Your Network Eliminates unknown or unwanted devices in your network, reducing the risk of data leakage / data loss. Limits uploading of unknown or unwanted files (i.e., malware or other unauthorized files). Eliminates need to keep up with every new device being brought into your environment; new devices are denied access until you have vetted them and permitted access.
Flexible Policy with Granular Control Permission settings include read/write, forced encryption, scheduled / temporary access, online / offline, port accessibility, HDD / non-HDD devices and much more; can be set for individual and/or groups of users, machines, ports and devices.	Provides Comprehensive Policy-Driven Protection Eliminates risk of unauthorized devices connecting to the network while providing the flexibility users need. Allows business needs to drive security implementation, not technology limitations. Permits blanket policies to be fine-tuned via exception management.
Read-Only Access Define any device (e.g., a floppy drive, DVD / CD writer, USB external hard drive, and so on) as read-only; other device permissions include: write, and encrypt / decrypt restrictions.	Prevents Data Leakage Limits potential leakage paths of sensitive data.
Temporary / Scheduled Access Grant users temporary access to removable devices / media, which can be used to grant access "in the future" for a limited period. Also, limit device usage during a specific time period; allows for development of sophisticated security policies where certain devices can only be used at certain times (e.g., from 9 A.M. to 5 P.M., Monday to Friday).	Enhances Security Policy Enforcement Switches access on without having to remember to switch it off again later. Limit unauthorized device usage during off-hours. Provides another method to manage access to sensitive data.
Offline Enforcement Permissions / Restrictions remain effective even when endpoint is offline; these can be the same as when online or different (see Context-Sensitive Permissions).	Protects Beyond Your Network Maintains security posture even when endpoint is not connected to network (e.g., laptops on travel), including all device usage and encryption rules. Provides enforcement flexibility required to support business productivity without sacrificing security.
Uniquely Identify and Authorize Specific Media Authorize and manage DVD / CD collections, by granting access to specific users or user groups and encrypting removable media with unique IDs.	Secures Data from Loss / Theft Limits DVD / CD access to your organization’s standard discs, to avoid use of unauthorized content, and/or encrypts removable media to prevent unauthorized viewing.
Context-Sensitive Permissions Apply different permissions / restrictions depending on network connectivity status. For example, disable WiFi cards when laptops are connected to the network, but enable them when the machine does not have a wired connection to the network.	Increases Endpoint Security Provides deeper, finer-grained control over access to endpoints, reducing possible problem areas in all anticipated environments.
Offline Updates Update permissions of remote endpoints that cannot establish a network connection; new permissions are saved to a file that is imported and installed onto the client computer.	Maintains Security & Access Outside Your Network Permits permission updates no matter the status of the endpoint to ensure uniform security policy enforcement.
Device Management Detect and manage all devices – including Plug-and-Play and non-standard / user-defined devices – "on the fly" within the system.	Improves Network Security Provides flexibility needed to handle unique needs and environments. Ensures user productivity is not disrupted by applying permissions for Plug-and-Play devices when detected.
File Type Filtering Restrict and manage the types of files that are moved to and from removable devices (such as USB sticks) and media (such as DVDs / CDs); combine with forced encryption for added protection.	Blocks Malware Attacks and Protects Data Reduces risk of sensitive files leaving your network, and unwanted files (i.e., malware or other unauthorized files) entering your network. Filters data being copied to removable devices and enforces encryption for deeper granularity and better control.
Data Copy Restriction Restrict the daily amount of data copied to removable devices (such as USB flash drives) on a per-user basis; can also limit usage to specific timeframes / days (e.g., only from 0900 to 1700 during weekdays).	Limits Data at Risk Removes risk of large amounts of data leaving your network at any given time.

256-bit AES Encryption

Feature	Benefit
Policy Controlled Encryption for Removable Storage Use central security policy to force 256-bit AES encryption of all removable devices (e.g., USB sticks) and media (e.g., DVDs / CDs) across all endpoints on network; options include: centralized (by admin only) vs. decentralized (by end-user), and non-portable (network accessible only) vs. portable (accessible outside network).	Increases Security Compliance Ensures that data cannot be accessed if removable devices or media are lost or stolen. Reduces the risk of data leakage / data loss. Strongest levels of ciphering (256-bit AES encryption) to protect data from unauthorized access.
Decentralized vs. Centralized Encryption Require users to encrypt removable devices / media locally, freeing the users to encrypt "on the fly" and not have to wait for admin availability. Alternatively, it can be restricted to a centralized, admin-only process (e.g., limit users to authorized encrypted devices only).	Balances Productivity and Protection Ensures that sensitive data is not inadvertently exposed while providing flexibility in encryption approaches.
Portable vs. Non-Portable Encryption Enforce policies which enable users to access encrypted devices outside the organizational network, or limit it to network-attached endpoints only.	Secures Data Inside & Outside Your Network Self-contained portable encryption of large removable devices which allows authorized users access to the data while obscuring it from others.
PGP® PKI Support Allow use of existing PGP keys to encrypt / access devices and media in managed PGP environments. Enforce policies controlling PGP encrypted devices using Device Control.	Extends Encryption Compatibility Perfect complementary solution to an existing or planned PGP Universal managed environment.
Enforce "Strong" Password Requirements Use existing password length and complexity rules in compliance with Microsoft® standards.	Ensures Password Consistency Reduces administrative burden and end user confusion by maintaining consistency with organization-wide policies. Increases security of password protected data saved onto removable devices / media.
Password Lockout / Recovery Lock users out after five (5) failed attempts; administrators can recover access when passwords are forgotten or user leaves the organization.	Increases Data Protection Reduces risk of hackers breaking into lost or stolen removable devices (such as USB memory drives) and media (such as DVDs / CDs) using brute force methods (e.g., "dictionary attacks").

Administration

Feature	Benefit
Filename Tracking / Full File Shadowing Patented bi-directional shadowing technology keeps a copy of all files (i.e., entire file contents) that are read from and/or written to removable devices (e.g., USB memory drives) and media (e.g., DVDs / CDs) on a per user (or user group) basis; can also track just file types & names; all events captured in logs and accessible by admin at any time for compliance auditing / forensics.	Delivers Audit Readiness Captures the flow of information into and out of your network. Enables you to quantify the risk and report for compliance purposes. Enables audits of filename and/or full file content for forensic purposes.
Integrated Reporting Fully flexible, customizable reporting can be saved into a repository, shared via email, and/or imported into 3rd party applications.	Provides Organization-wide Visibility Log and create standard and customized reports on all device and data activity showing … all (allowed/blocked) events; all policy changes and administrator activities; and all file transfers by file name and content type.
Syslog Support All event, audit and diagnostic logs are compliant with Syslog protocols.	Enables Integrated Event Management Allows for event correlation to other system logs for centralized forensics. Adds more options for administrator alerts and reporting to reduce the cost of compliance.
Centralized Management / Administrators’ Roles Centrally define and manage user, user groups, computers and computer groups access to removable devices / media on the network. Use role-based access control (RBAC) to customize and control access to different components of the Management Console (for example, restrict access to shadowing information to auditors only).	Delivers Precise Control with Access Limits Allows one administrator to manage a large installation (over continents); optionally, have multiple administrators managing appropriate portions of installation. Limits access to appropriate, authorized personnel (e.g., allow auditors to audit but not change policies). Delegates and distributes workload among administrators as needed / appropriate.

Infrastructure

Feature	Benefit
Tamper-proof Agent Install agents on every endpoint on the network, which are protected against unauthorized removal – even by authorized (local) administrators. Only (enterprise) Administrators may deactivate this protection.	Secures Endpoint at All Times Protects endpoints from unintentional and/or malicious tampering. Maintains security posture even in dire events.
Directory Synchronization Assign permissions to individual users or user groups based on their Microsoft® Active Directory or Novell® eDirectory identity, both of which are fully supported.	Reduces IT Workload and Improves Productivity Provides granular user permissions that remain with user login regardless of machine. Leverages existing directory information when enforcing policies. Reduces workload and improves productivity while enforcing security policy. Reduces set-up / start-up / ramp-up time.
Flexible / Scalable Architecture Organization-wide control and enforcement using scalable client-server architecture with a central database that is optimized to reduce its footprint. The system can be installed on a single machine for smaller organizations, and expanded to include multiple servers to support complex networks. Compatible with virtual servers, including VMware® Infrastructure 3 and Windows® 2008 Hyper-V. Endpoints can connect to one or more servers to facilitate load-balancing. One or more separate Management Console(s) provide administrative control from anywhere in the organization.	Adapts to Your Growing Business Supports entire range of organizations, from small, local start-ups to large, global corporations, from hundreds of thousands to hundreds of thousand endpoints; fast growing organizations can scale installation as needs dictate. Decreases administrative costs by reducing the database footprint and increasing database query and maintenance speed. Supports server-side cost reduction in capital expenses and enables full utilization of existing infrastructure.
Windows Infrastructure Support Install on all currently supported Microsoft 32- and 64-bit platforms, with support for any Windows-recognized ports / devices and multiple end-user languages; for details - view the Requirements tab.	Operates Across Your Diverse Network Provides security policy enforcement for heterogeneous Windows environments and across geographic regions.

Requirements

Supported Operating Systems

	Client	Admin	Server	Database
Windows® 2000 Professional
Windows 2000 Server
Windows XP Professional
Windows Vista
Windows 7
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows XP Embedded (XPe)
Windows Embedded Point of Service
Windows XP Tablet PC Edition
Windows 2008 Hyper-V
VMware® Infrastructure 3

Hardware and Software Requirements

Component
Database	Hardware	512 MB (4 GB recommended) memory Pentium® Dual-Core or AMD equivalent CPU 3 GB minimum hard disk drive 100 MBits/s NIC
Database	Software	One of the following: Microsoft® SQL Server 2005 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server 2008 Microsoft SQL Server 2008 Express Edition
Application Server	Hardware	512 MB (1 GB recommended) memory Pentium® Dual-Core or AMD equivalent CPU 3 GB minimum hard disk drive 100 MBits/s NIC
Application Server	Software	Install Microsoft Certificate Authority for encryption
Management Console	Hardware	512 MB (1 GB recommended) memory Pentium® Dual-Core or AMD equivalent CPU 15 MB hard disk drive for installation, and 150 MB additional for application files 100 MBits/s NIC 1024 by 768 pixels for display
Management Console	Software	No additional software requirements
Client	Hardware	256 MB (1 GB recommended) memory Pentium® Dual-Core or AMD equivalent CPU 10 MB hard disk drive for installation, and several additional GB for full shadowing (if enabled) 100 MBits/s NIC
Client	Software	No additional software requirements

Multi-Language Support: Supports 12 languages on client machines, including Traditional Chinese, Simplified Chinese, Dutch, English, French, German, Italian, Japanese, Portuguese, Russian, Spanish and Swedish.

Source:

Deloitte & Touche and Ponemon Institute, Enterprise@Risk: 2007 Privacy & Data Protection Survey, December 2007
Ponemon Institute, 2009 Annual Study: Cost of a Data Breach, February 2010

Lumension® Content Wizard

Extends the capabilities of the Lumension Endpoint Management Platform with custom scripting capabilities to centralize, automate and streamline desktop and system management, power management, configuration enforcement, software distribution and custom applications

Security and Operational Business Issues and Challenges

Every organization has IT needs that are not completely addressed with out-of-the-box software solutions. PC configuration-related issues increase the workload on administrators and IT help desk staff and introduce new sources of risk. Meanwhile, in a tough economic climate, organizations are facing greater pressures to optimize IT efficiencies wherever possible including reducing the hard costs of energy consumption.

Lumension Content Wizard extends the capabilities of the Lumension Patch and Remediation and Lumension Endpoint Management and Security Suite to cost-effectively streamline desktop and system management tasks with simple and customizable wizard-based policy creation, distribution and baseline enforcement – without requiring additional tools and costs. This powerful utility enables organizations to extend their Lumension solution capabilities to dynamically meet the needs of their diverse IT environments without the purchase of additional technologies.

Overview

Lumension Content Wizard is a powerful tool that automates tedious and time-consuming system and desktop management tasks to optimize your IT environment and take advantage of cost and resource saving options via power management capabilities. Extending the capabilities of the Lumension Endpoint Management Platform without requiring additional solutions, Lumension Content Wizard works in conjunction with Lumension Patch and Remediation to provide user-friendly development and centralized management and enforcement of capabilities throughout an organization, enabling:

Centralized Endpoint Power Management Policies: Reduce IT power consumption and meet organizational "green" policies by standardizing power settings of systems across the organization without requiring a centrally managed domain or impacting user productivity. Easily create and centrally manage power policy settings, including: standby, hibernation and sleep timing settings based on user and system inactivity. When combined with the Wake-on-LAN capability within Lumension Patch and Remediation, high levels of IT security can be attained with minimal power consumption.
Software Deployment, Upgrades and Removal: Optimize exsisting IT efficiencies and improve software usage compliance with policy-based deployment and removal of new and updated software, including automatic removal of outdated, unauthorized, or unsupported software, ongoing monitoring and baseline enforcement, identification of installed software on endpoints and policy and installation of new and updated software packages.
Local Enforcement of Security Configuration Policies: Enforce security configuration policies based on industry best practices, such as disabling guest accounts, turning off unnecessary services, enforcing password complexity and length, and forcing unattended systems log off.
Centralized Management of System Desktop Configuration Tasks and Policies: Automate time-consuming tasks across the entire network, including automated scheduling of disk defragmentation tasks, and policy enforcement for account, device control, domain, network, and system policy security settings.
Customizable Policy Creation and Syndication: Customize configuration settings to meet internal policy controls, extend patching to in-house developed applications and/or across several different operating platforms.
Centralized Deployment, Management and Reporting on all Scripts: Centrally deploy, manage, and report on all scripting actions throughout the organization including making sure AV is installed and distributing third party patches.
Content Exchange Forum: Content collaboration is made simple via a company-internal site access thru the Lumension Content Wizard, allowing custom created content to be shared among separate divisions to ensure standardized detections, deployments and reporting.
Lumension Connect Content Garden: Share best practice scripts with other Lumension customers within the Lumension Community.

How it Works

Simplified development, management, distribution and reporting of desktop and system management configuration tasks using Lumension Content Wizard.

Enforce Local Policies: Increase your overall security posture with automated management and enforcement of local security configuration policies (e.g. disabling guest accounts, turning off unnecessary services, enforcing password complexity) based on industry best practices.

alt

Power Savings: Easily reduce endpoint energy costs and enforce “Green” policies with centralized management and enforcement of power options including monitor, hard drive, standby, and hibernation settings.

alt

Features & Benefits

Key Product Features	Benefit
Flexible Content Creation and Management Easy-to-use wizard-based creation of custom software patch remediation packages as well as local security policy and system management configurations. Custom detection, deployment, patching and remediation packages can be created to address a wide range of software and configuration threats, distribute or remove applications and files, enforce configuration policies, and more.	Optimizes IT Efficiencies and Reduces IT Costs By allowing you to address multiple management needs through a single solution, IT efficiency is improved resulting in operational expense savings for the enterprise. Ensures Entire Network Security Provides 180-degree security coverage of both third party and custom in-house software.
Wizard-based Content Authoring A process-driven tool that guides users through the patch upload process and automatically creates the fingerprints for the patch being uploaded.	Optimizes IT Resources by Simplifying Patch Creation Rapid process-driven creation of patches.
Centralized Endpoint Power Management Policy Wizard Centralizes management and enforcement of power policies across complex environments, including standby, hibernation and sleep timing setting based on user and system inactivity.	Reduces Endpoint Energy Costs and Enforces Green Policies Dramatically reduces power consumption by standardizing policy-based power settings of systems across the organization without the required investment of an additional power-management relying on a centrally managed domain or impacting user productivity.
Custom Script Management and Development Centrally deploy, manage and report on all new and existing IT scripts. Automatically monitor and report on scripting actions taking place throughout your environment. A template based approach to the creation of remediation scripts which allows novice users to quickly author remediation scripts (VBScript, JavaScript, command line) to remedy identified system problems.	Improves Operational Efficiency Simplifies remediation package development and provides centralized deployment, management and reporting on all custom IT scripts.
Enforcement of Local Security Configuration Policy New policy wizard simplifies setting and enforcement of local security configuration policies, such as: disabling guest accounts, turning off unnecessary services, enforcing password complexity and length and forcing unattended systems log off. Sets policies based on industry best practices template with 24 pre-configured checks and policy elements that can be added and modified based on your specific security policies.	Increases Your Overall Security Posture Automates management and enforcement of local security configuration policies based on industry best practices.
Software Distribution and Removal Policy-based installation of new and updated software packages. Quickly identifies installed software on endpoints. Automatically removes outdated or unauthorized software. Ensures ongoing monitoring and baseline enforcement.	Optimizes IT Efficiencies and Improves Software Usage Compliance Policy-based distribution and removal of new and updated software enables the optimization of IT and ensures compliance with software license agreements.
Content Community Facilitates content exchange and information sharing within the corporation via a company internal ftp site accessed through Lumension Content Wizard.	Optimizes IT Efficiencies Makes it easier for IT departments to share content with other department members – especially in air-gap environments.
Patch Search by Title Provides rapid intuitive search of existing patches.	Minimizes IT Work Cycles Allows you to be more efficient through a reduction of time required to develop custom remediation packages.
Display Fingerprint Type based on OS Filtering based on OS enables quick location of relevant fingerprints.	Saves IT Time System usability is improved making remediation package creation more efficient.
Flexible Content Management Allows the deletion of obsolete patches.	Enables You to Stay Compliant Allows you to simplify and maintain an up-to-date patch repository.
Rapid Content Development Intuitive, easy-to-use interfaces allow the development custom packages in minutes to react to the latest threats.	Reduces Risk The ability to respond rapidly to Zero-day threats mitigates enterprise risk with significant potential financial benefit.
Content Creation Across Heterogeneous Environments Lumension Content Wizard allows development of packages across a multitude of Operating Systems.	Delivers One Solution for Complex Environments By providing system administrators a tool for addressing configuration and remediation, across operating systems, operation burden is reduced and efficiency improved.
Immediate Content Distribution Content is seamlessly ported into your Lumension Patch and Remediation repository for automated, enterprise-wide deployment.	Saves Time and IT Operating Costs Rapid application of content frees time for IT operations to focus on other corporate concerns.
Continuous Monitoring Custom packages created with Lumension Content Wizard can be continually monitored and reported on through the Lumension Patch and Remediation interface.	Simplifies Compliance Visibility of package status helps ensure compliance with corporate operation and security policies.

Requirements

Minimum Hardware Requirements

Intel® 1.3 GHz Processor or equivalent
1 GB RAM
20 MB of free disk space for installation
5 GB of free disk space after installation

Supported Operating Systems

Lumension Content Wizard v7.0 is supported on the following operating systems:

Microsoft® Windows XP Professional with SP3
Microsoft Windows Server™ 2003, Standard Edition with SP2
Windows Server 2003, Enterprise Edition with SP2
Windows Server 2003, Web Edition with SP2
Windows Server 2003 R2, Standard Edition
Windows Server 2003 R2, Enterprise Edition
Windows Server 2003 R2, Web Edition
Windows Server 2008 (32-bit / 64-bit), Standard Edition
Windows Server 2008 (32-bit / 64-bit), Enterprise Edition
Windows Server 2008 (32-bit / 64-bit), Web Edition
Windows Server 2008 R2, Standard Edition
Windows Server 2008 R2, Enterprise Edition
Windows Server 2008 R2, Web Edition
Windows Vista
Windows 7 (32-bit / 64-bit), Professional
Windows 7 (32-bit / 64-bit), Enterprise
Windows 7 (32-bit / 64-bit), Ultimate

NOTE: The Lumension Content Wizard database must be installed on the same server as the Lumension Patch and Remediation Server application. For Lumension Patch and Remediation v7.0, the database is already preinstalled.

Lumension® Application Control

Prevent Malware and Unauthorized Software Applications with Application Control

Application Control Business Issues and Challenges

The battle to protect your network from malware is a costly, ongoing struggle taking up valuable IT resources and time. When a new malware threat appears, you have to stop what you’re doing and update your antivirus signatures immediately to protect your data, taking valuable time away from daily activities.

The threats aren’t going to stop and antivirus software alone cannot control the problem as malware threats are being developed faster than the necessary fixes. Malware has grown exponentially with approximately 33 million unique samples of malicious software in existence that could harm your network or business information¹ and targeted attacks, which are designed to specifically bypass antivirus solutions, continue to increase.

Organizations need a product that prevents the execution of malicious code, instead of one that requires time-consuming and reactive antivirus signature updates.

Overview

Protect your organization against malware attacks before they occur by proactively controlling the applications executing on your desktops, laptops, servers, kiosks and POS systems with Lumension Application Control, a primary component of Lumension Endpoint Protection solution.

Centrally manage, monitor, and control applications with a whitelist approach that allows only authorized applications to run ensuring no malware, spyware, keyloggers, Trojans, worms, viruses, zero-day threats and unwanted or unlicensed software will execute on your network and disrupt your business.

Lumension Application Control provides complete malware protection and increases IT and end-user productivity by preventing unwanted applications from causing configuration issues and consuming network bandwidth.

You’ll be audit-ready with a detailed audit trail of all application and device execution attempts along with proof that software licenses are in compliance. With no viral attacks to thwart, malware to hunt down, or incompatible applications to invoke the blue screen of death, you can spend more time on other projects instead of constantly fixing computers.

How It Works

1. Discover - Identify all executable files and devices, collect profiles and organize into pre-defined file groups.
2.Implement - Assign permissions for applications to run based on executable, user, or user group attributes. Use an application whitelist approach to ensure that only authorized and legal applications can run on a computer. When a user wants to run an application, the OS request at the kernel level is intercepted by the Lumension driver. If the user has rights, then access will be granted. If the application is not known or the user does not have rights, then access will be denied.
3.Monitor - Monitor the effectiveness of endpoint security policies in real time and identify potential threats by logging all application execution attempts and recording all policy changes and administrator activities.
4. Report - Demonstrate policy compliance and ensure software license compliance to meet Sarbanes Oxley, NERC, HIPAA, PCI, and GLBA requirements by drilling down on suspicious behavior for security or legal follow-up.

Features & Benefits

Key Product Features	Benefit
Application Whitelisting	Blocks Malware Attacks Eliminates unknown or unwanted applications in your network, reducing the risk of malware and spyware and ultimately improving network stability
Automated Application Discovery	Saves Time and Improves Security Provides flexible and fast options to create or update whitelists.
Standard File Definitions	Saves IT Operations Time and Effort Speeds and simplifies whitelist definition with classified, pre-loaded whitelist of all supported OS files.
Automatic Authorization of Software Updates	Simplifies Software Updates and Decreases Risk Eliminates risk of accidentally restricting user access to frequently updated Microsoft applications.
Script / Macro Protection	Enhances Security Policy Enforcement Extends application policy enforcement to include specific scripts/macros, enabling business without compromising protection.
Path Protection	Delivers Flexible Support for Files Provides flexibility to support executable files for which hash definitions are not useful or applicable (i.e. auto-changing .exe files).
Flexible File Authorization	Improves Network Stability Provides flexible and fast option to identify new and updated applications for review and ultimately to generate whitelists.
Local Authorization	Maintains Administrative Control and Increases User Satisfaction Delivers flexibility to the user, without giving up administrative control by allowing trusted users to authorize applications locally, while maintaining a log for your review.
Spread Check	Ensures Network Security Contains risk of malicious code spreading through network due to local authorization by disabling suspicious executables that are locally authorized on too many computers.
Highly Scalable Architecture	Adapts to Your Growing Business Provides flexible and scalable deployment options in large and complex networks with a three tier architecture.
Powerful Log Analysis and Reporting	Ensures Audit Readiness Demonstrates policy compliance and drills down on suspicious behavior for legal or management follow up.
Offline Computer Protection	Delivers On-going Protection Ensures that remote/ disconnected users are constantly protected by keeping a local copy of updated hashes and permissions on each machine.
Active Directory and eDirectory Support	Reduces IT Operations Time and Effort Reduces setup and maintenance of users and user groups by leveraging definitions in existing Active Directory and eDirectory.
Multi-Language Support	Delivers Support for International Use Improves user experience in international organizations. Supports 12 languages on Application Control client machines.

Requirements

Supported Operating Systems

	Agent	Admin	Server	Database
Windows 2000 Professional
Windows 2000 Server
Windows XP Professional
Windows Vista
Windows 7
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows XP Embedded (XPe)
Windows Embedded Point of Service
Windows XP Tablet PC Edition
Citrix Access Gateway 4.5
Citrix Presentation Server 4.5
Windows 2008 Hyper-V
VMware Infrastructure 3

Hardware and Software Requirements:

Component
Database	Hardware	512 MB (4 GB recommended) memory Pentium® Dual-Core or AMD equivalent CPU 3 GB minimum hard disk drive 100 MBits/s NIC
Database	Software>	One of the following: Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server 2008 Microsoft SQL Server 2008 Express Edition
Application Server	Hardware	512 MB (1 GB recommended) memory Pentium® Dual-Core or AMD equivalent CPU 3 GB minimum hard disk drive 100 MBits/s NIC
Application Server	Software	No additional software requirements
Management Console	Hardware	512 MB (1 GB recommended) memory Pentium® Dual-Core or AMD equivalent CPU 15 MB hard disk drive for installation, and 150 MB additional for application files 100 MBits/s NIC 1024 by 768 pixels for display
Management Console	Software	No additional software requirements
Client	Hardware	256 MB (1 GB recommended) memory Pentium® Dual-Core or AMD equivalent CPU 10 MB hard disk drive for installation 100 MBits/s NIC
Client	Software	No additional software requirements

Multi-Language Support:

Supports 12 languages on client machines; this includes Traditional Chinese, Simplified Chinese, Dutch, English, French, German, Italian, Japanese, Portuguese, Russian, Spanish and Swedish.

Lumension® Antivirus

The Perfect Complement to Application Whitelisting to Achieve Total Endpoint Protection

AntiVirus Business Issues & Challenges

In today’s dynamic threat environment, organizations face an enormous variety of malware, including spyware, Trojans, rootkits, viruses and more, that is growing in volume, scope and sophistication. Much of today’s malware is fueled by financially motivated cyber criminals, trying to gain access to valuable corporate, consumer and/or personal data. More than 21 million unique malware samples have been identified, and that number continues to grow exponentially1. Organizations need antivirus software that provides fast and accurate identification of the vast amount of known malware. And with malware’s increasing sophistication, organizations need antivirus protection that employs multiple detection techniques to identify and block unknown malware (e.g. zero-day exploits).

Protect your organization by preventing malware attacks which disrupt your operations, cost you time and money in repair / remediation, and could lead to stolen data or other consequences.

Lumension AntiVirus is based on proven technology that incorporates a pioneering and industry-leading anti-malware engine to provide complete protection against all malware, including viruses, Trojans, rootkits, spyware and adware. It provides advanced protection via traditional signature-matching capabilities as well as innovative DNA Matching, SandBox and Exploit Detection technologies which provide proactive protection against zero-day threats.

And by combining the signature-based blacklisting and behavioral malware detection approaches of Lumension AntiVirus with the proactive whitelisting approach of Lumension Application Control, a continuum of total endpoint protection for your network is achieved. This provides you the flexibility to achieve strong and comprehensive endpoint protection using complementary solutions on different endpoints depending on your security requirements.

How It Works

1.Assess Use signature-based scanning to identify known malware, including viruses, worms, Trojans, keyloggers, hijackers, rootkits and other malicious software. Use behavioral analysis tools (including DNA Matching, SandBox, and Exploit Detection) to assess suspicious code / applications.
2.Remediate Prevent known malware and suspicious code from executing, and remove it from all network assets.
3.Monitor Use customized triggers to generate alerts (delivered via e-mail, SNMP, SMS, Syslog and/or the operating system’s event log) based on network-wide events (such as a spreading infection). Use Risk Level Indicator on web-based management console to understand overall network “health” and current event/client status of all endpoints.
4.Report Use comprehensive, customizable reporting facility to cover entire network status and any incidents.

Features & Benefits

Key Product Features	Benefit
Full Signature Matching Capabilities	Recognizes, blocks and removes viruses, worms, Trojans and other types of malware such as keyloggers, hijackers and rootkits.
Unique Behavioral Analysis using multiple methods including DNA Matching, SandBox, and Exploit Detection	Protects against new and unknown malware (zero-day exploits) to assess suspicious code / applications, keeping your network, endpoints and organization resistant to the daily influx of newborn and/or polymorphic malware.
Comprehensive Cleaning Functionality	Ensures that any detected malware is removed or quarantined and not allowed to remain on network assets.
Full Support for Third-Party Management Systems	Supports email, SNMP, SMS, Syslog, Event log with logging, reporting and alerting capabilities to provide necessary visibility into event.
Scalable with Small Footprint	Optimizes system resources to let organizations of all sizes conduct operations without disruptions.
Automated Detection of All New Endpoints	Searches the network to detect and report new and unknown devices in the environment.
Remote Endpoint Protection	Ensures that all endpoints are protected regardless of connectivity to internal network.
Automatic Signature Updates	Allows for automated, attendant-free operation, reducing administrative overhead and improving TCO.
Easy-to-Use Web-Based Management Console	Includes powerful policy-based engine for easy endpoint deployment throughout your infrastructure, with a built-in policy tool.

Requirements

Supported Platforms

Windows® 2000 Professional
Windows XP
Windows Vista
Windows 7
Windows 2000 Server
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2

Hardware requirements

Processor: Minimum 1GHz CPU
Memory: Minimum 512 MB RAM (1GB recommended)
Disk space: Minimum 300 MB for a network with approximately 100 clients, then 10 MB more for another 100 clients, and so on.

Internet Browsers

Microsoft® Internet Explorer (IE) 8 and IE 7
Mozilla® Firefox® 3.x and 2.x

Note: In general, OrcaTYDE AntiVirus makes extensive use of memory caching for its data handling. In larger networks, the management console will perform better with more available RAM.

Lumension® Endpoint Management and Security Suite
Security Configuration Management

Reduce Corporate Risk with Proactive Security Configuration Management

Security Configuration Management Business Issues and Challenges

As IT environments have become increasingly complex, supporting virtual and distributed platforms, companies must ensure that they maintain control of their information and system management. IT organizations must manage multiple point-based technologies, which add complexity and cost. A new approach is required to simplify the IT environment and ensure enhanced security and IT risk management with the lowest total cost of ownership possible.

Such a solution is particularly important to effectively manage endpoint configurations. With end users regularly able to download and install software, application conflicts can occur – ultimately reducing user productivity and increasing IT operating costs due to security incidents and help desk overhead. Proactively monitoring configurations is just as important as rapidly applying critical patches because 60 percent of all exploited vulnerabilities are due to insecure configurations.¹ Government regulations and industry standards are recognizing this, which explains the recent influx of security configuration management requirements.

Without holistic visibility and standardization of endpoint configurations, IT administrators can't possibly know or manage all of the applications in the environment. A solution is needed that allows organizations to enforce a consistent endpoint configuration policy and continuously monitor and report on its adherence.

Overview

Ensure That Endpoints Are Securely Configured, Remediated and Compliant with Industry Best Practices and Regulatory Mandates

Lumension Endpoint Management and Security Suite delivers an end-to-end suite of solution capabilities across endpoint operations, security, compliance and IT risk management to reduce complexity, optimize TCO, improve visibility and deliver control back to IT.

Lumension Security Configuration Management provides out-of-the-box regulatory, standards-based assessment and industry best practices templates to ensure endpoints and applications are not only patched, but also properly configured. It seamlessly integrates with its proven, market-leading solutions, Lumension Scan and Lumension Endpoint Management and Security Suite: Patch and Remediation, to deliver a comprehensive network and agent-based risk assessment of software flaws and configuration vulnerabilities, rapid remediation, continuous validation and policy compliance reporting. Lumension Security Configuration Management provides:

Management of security configuration baselines for workstations, servers and mobile laptops from a single point of control
Continuous and proactive assessment to prevent configuration drift and ensure policy compliance
Out-of-the-box regulatory and industry standards-based configuration templates
Identification of configuration-based risk through monitoring and reporting on non-compliant systems
A NIST-validated solution

How It Works

1.Discover: Gain complete visibility of your heterogeneous network environment. Proactively discover all of your IT assets, both managed and unmanaged, through in-depth scans and flexible grouping and classification options.
2.Assess: Proactively identify security configuration issues against out-of-the-box checklists containing hundreds of configuration settings mapped to industry standards.
3.Prioritize: Focus on your most critical security risks first.
4.Remediate: Create automated policy baselines that simplify the process of maintaining a secure environment by continuously monitoring, detecting and remediating policy-driven environments across all major platforms and applications.
5.Report: Gain a holistic view your security configuration policy violations. Access a full range of operational and management reports that consolidate discovery, assessment, and remediation information on a single management console.

Demonstrate Compliance with Regulatory Policies and Industry Standards

As a NIST-validated solution, Lumension Security Configuration Management provides a comprehensive list of SCAP policies with hundreds of defined checks, allowing organizations to quickly evaluate their security posture and determine what must be fixed to meet configuration requirements according to:

Microsoft Windows Security Guide Series
NIST Special Publication 800-68
Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG)
National Security Agency (NSA)
Office of Management and Budget (OMB) Federal Desktop Core Configuration (FDCC)

In addition, customized templates ensure that assessments are tailored to the various compliance policies that fit an organization's specific requirements.

Lumension Scan Supported Target Systems

Operating System / Version	Discovery	Assessment	Remediation
Windows 2003 Server X86/X64
Windows 2008 Server X86/X64
Windows XP X86/X64
Windows Vista X86/X64

Features & Benefits

Key Product Features	Benefit
SCAP Validated FDCC Scanner This NIST validation ensures accurate assessments of policy checklists and configurations as defined in the National Vulnerability Database.	Increases Accuracy and Confidence SCAP validation provides another level of confidence. Agency endpoint configurations will be compliant with Mandate standards.
Leverages Open Standards and Protocols Ensures policy management via extendable and customizable architecture providing the ability to add, create, define, edit and import/export security configuration policies and checklists based on industry standards in an easy-to-edit XML format.	Reduces IT Costs Create and maintain your own policies. Manage and interpret different policies and results from different tools with integrated scanners and agents.
Policy Assessment and Compliance Management Delivers a flexible mechanism to assess and apply appropriate policies to applicable systems. Combination of standard configuration checklists from variety of sources with Lumension repository of software vulnerabilities delivers information with context to properly remediate. Delivers actionable information.	Simplifies Compliance Simplify compliance through best-practice configuration checklists. Lowers TCO Automation of configuration issue identification & correction lowers security operating costs. Reduces Endpoint Risk Reduce security incidents and strengthen your security posture. Continuously manage & enforce your policy.
Policy Assessment and Enforcement Leverages automated remediation and policy enforcement with Lumension Content Wizard.	Increases Compliance Maintain your compliance by enforcing policy.
Centralized User Interface Demonstrates policy compliance with high- and low-level reports on the status of your endpoint configurations. Technical controls and asset entities are consolidated into a single UI. Intelligent Dashboard Displays.	Reduces IT Costs Reduce IT overhead via standardized and secure configuration settings. Increase operational efficiency by managing all vulnerability activities from a single tool.
Security Posture Reporting Automates security checks including event log policy settings, file permission settings, local policies group, system services group, network settings, system settings, windows components, local user policy setting, security patches, firewall settings, IE settings application settings.	Increases Visibility of Security Posture Detail and roll-up results views provide instant visibility into configuration posture. Ensures Constant Audit-Readiness Maintain constant audit readiness through the automated collection and centralization of security configuration results.
Mature Delivery Platform for Assessment and Reporting Lumension Security Configuration Management is expanded functionality on top of leading products such as Lumension Patch and Remediation and Lumension Scan.	Security Configuration Management Capabilities Integrated into Proven Vulnerability Management Solution Ensure regulatory compliance through risk assessment of security configurations (e.g., screensaver configurations, password complexity, running services). These capabilities are built on top of proven vulnerability management solutions.

Requirements

Minimum Requirements - Server

Requirements	Version
Hardware	A dual-core processor (any speed) 1 GB RAM 32 GB of available disk space
Operating System	Windows Server® 2003, Web Edition with SP2 or later (x86) Windows Server 2003, Standard Edition with SP2 or later (x86) Windows Server 2003, Enterprise Edition with SP2 or later (x86) Windows Server 2003 R2, Standard Edition with SP2 or later (x86) Windows Server 2003 R2, Enterprise Edition with SP2 or later (x86) Windows Server 2008, Web Edition (x86/x64) Windows Server 2008, Standard Edition (x86/x64) Windows Server 2008, Enterprise Edition (x86/x64) Note: Lumension Endpoint Management and Security Suite must be installed on an English operating system using any English locale (en-US, en-UK, en-CA, and so on) in its default configuration.
Web server	Microsoft® Internet Information Services (IIS) 6.0 or later.
.NET Framework	Microsoft .NET Framework version 3.5 Note: If not present, Microsoft .NET Framework 3.5 is installed with Lumension Endpoint Management and Security Suite.
Web browsers	Microsoft Internet Explorer 7.0 or greater Mozilla®Firefox® 3.0 or greater.
DB Server	SQL Server 2005, Express Edition with SP3 (x86) SQL Server 2005, Standard Edition with SP3 (x86) SQL Server 2005, Enterprise Edition with SP3 (x86) SQL Server 2008, Express Edition (x86) SQL Server 2008, Standard Edition (x86/x64) SQL Server 2008, Enterprise Edition (x86/x64) Supported database servers can be installed in the following locations relative to the Lumension Endpoint Management and Security Suite server: Locally in named instances installed by Lumension Endpoint Management and Security Suite. Locally in named or default instances that are preexisting. Remotely in named or default instances that are preexisting. Note: If an instance of SQL Server is not present on your target server, SQL Server 2008, Express Edition with SP1 is installed with Lumension Endpoint Management and Security Suite (if you are not using a remote instance of SQL Server)

Lumension Patch and Remediation Agent Coverage - Supported Client OS

Vendor	Processor Family	OS Version	OS Edition	OS Bit
Microsoft Windows	X86/x64	Windows XP SP2	Professional	32/64
		Windows 2003	Web Standard Enterprise R2	32/64
		Windows Vista	Enterprise Business Ultimate	32
		Microsoft Windows 7	Professional Enterprise Ultimate	X86 X86_64
		Microsoft Server 2008	Web Standard Enterprise	X86 X86_64
		Microsoft Windows Server 2008 R2	Web Standard Enterprise	X86 X86_64

Minimum Requirements with Lumension Scan

Hardware	Pentium® compatible 1 GHz Single 100 Mbps network connection 20GB of available disk space 512 MB RAM
Operating System	Windows 2000 Server SP4 Windows Server 2003 SP1 Windows XP Professional SP2 Windows 2000 Advanced Server SP4
.NET framework	Microsoft .NET Framework 2.0+

Lumension® Endpoint Management and Security Suite
Patch and Remediation

Automatically identify and patch vulnerabilities quickly across heterogeneous operating systems, applications and endpoint configurations

Patch Management Business Issues and Challenges

As IT environments have become increasingly complex, supporting virtual, distributed, and disparate platforms, companies must ensure that they maintain control of their endpoints.

Ensuring secure and standard endpoint configurations and patch management for third party applications and operating systems is paramount to reducing IT risk and improving endpoint operations.

With the browser fast-becoming the new corporate desktop and third party applications being heavily targeted by cybercriminals it has become more challenging to effectively mitigate IT risk exposures across today's dynamic IT environments. In fact, the number one security priority listed by the SANS Institute is patching "client-side software"1.

To ensure that systems remain configured per policy and rapidly remediated against the growing list of application and OS vulnerabilities, a solution is needed that automates discovery, assessment and remediation for heterogeneous environments and alerts busy IT administrators to issues proactively so they can address them immediately.

Overview

Lumension Endpoint Management and Security Suite: Patch and Remediation, which is the worldwide market share leader in patch management solutions, provides rapid, accurate and secure patch management for applications and operating systems, allowing you to proactively manage threats and IT risk even in the most complex of IT environments. This optimization is achieved by automating the patching process from vulnerability identification to patch collection, distribution, remediation and verification reporting. Lumension Patch and Remediation significantly reduces the exposure to cybercriminal and malware risk while decreasing the cost of endpoint operations and compliance reporting requirements.

A single, intuitive management console for easy patch and remediation administration across multiple platforms - Windows, Unix, Linux and Mac OS.
The industry’s broadest third party vulnerability content available including the largest repository of Adobe vulnerability content.
Integrated asset discovery for full network visibility and continuous control across both physical and virtual environments.
Automated policy baselines to ensure that patches, configurations, remediations, and other tasks are continuously enforced.
Extensibility and customization via Lumension Content Wizard including power policy management, software deployment and removal, desktop configuration templates and custom task scripting.
Enhanced Wake-on-LAN to provide complete visibility and control over powered down systems and ensure that critical patches and software updates are successfully deployed. When used in conjunction with Lumension Content Wizard, power management polices and efficient patch management with maximum energy efficiency can be attained.
Power management reporting to effectively demonstrate the value of reduced power consumption and to use this information to apply for potential power savings rebates from your local power company.*
IT risk management integration via Lumension Risk Manager to automatically assess controls and potential deficiencies for IT risk management prioritization and compliance reporting.

* This is a separately licensed capability available through Lumension Patch and Remediation.

How it Works

1. Discover - Gain complete visibility of your heterogeneous network environment. Proactively discover all of your IT assets, both managed and unmanaged, through in-depth scans and flexible grouping and classification options.
2. Assess - Proactively identify known issues before they can be exploited. Perform a deep analysis and thorough OS, application and security configuration vulnerability assessments.
3. Prioritize - Focus on your most critical security risks first.
4. Remediate - Automatically deploy patches to an entire network. Simplify the process of maintaining a secure environment by continuously monitoring, detecting and remediating policy-driven environments across all major platforms and applications.
5. Report - Gain a holistic view your environmental risk. Access a full range of operational and management reports that consolidate discovery, assessment and remediation information on a single management console.

Features & Benefits

Key Product Features	Benefit
Integrated Endpoint Management Console Features Web-, role- and workflow-based navigation to simplify and optimize endpoint operations. Seamlessly integrates with other Lumension Endpoint Management and Security Suite product modules.	Simplifies Administration of Patch Management and Other Endpoint Management and Security Tasks Reduces administrative burden with a single, intuitive management console for easy patch and remediation administration across multiple platforms and many applications.
Automated Discovery and Assessment of IT Assets Provides comprehensive understanding of security posture for inventory and management of both physical and virtual environments via in-depth assessment of vulnerabilities, patch status, security configurations, installed software, and hardware inventory. Discovers both managed and unmanaged devices and provides swift agent deployment to any unmanaged assets.	Consolidates Visibility and Lower TCO Collects device, security and configuration information to provide consolidated visibility and lower TCO. Ensures visibility and control of both physical and virtual environments with effective management at a significantly reduced TCO.
Single Solution for Heterogeneous Environments Vulnerability audits and remediation with wide support across major OS platforms (Windows, including Windows 7 and Server 2008 R2; Linux; MacOS; Sun Solaris; HP; etc.), POSIX and infrastructure devices, as well as third party applications, including Adobe software — all from one single console. Vulnerability audits include security configurations, OS and application vulnerabilities, null passwords, patch-level related vulnerabilities, known hacking tools, malware, common worms, and P2P software checks.	Provides a Consolidated, Single Tool To Meet All Your Patching Needs Enforces corporate patch policies regardless of the endpoint platform or applications. Optimizes IT operations and provides an improved security posture and reduced TCO via a broad vulnerability assessment and remediation database. Eliminates software-defect vulnerabilities per policy on all platforms.
Continuous Policy Enforcement of Patches, Remediations and Configurations Automatically enforces patches, configurations, remediations and other custom and repetitive tasks. Baseline policies can be easily exported and applied across multiple groups and servers for consistency.	Enhances Security Posture and Lowers TCO Ensures that patches, configurations, remediations and other custom and repetitive tasks are continuously and automatically enforced. Simplifies the recreation of previous mandatory baseline policies and ensures consistency across the network.
Diverse, Flexible Reporting Provides detailed information across the patch and remediation management process, including agent policy status, vulnerability deployments, asset inventory and more.	Provides Comprehensive Visibility Delivers insight into the security status of the organization. Ensures Audit Readiness Enables rapid response to internal or regulatory compliance requirements.
Highly Scalable for Distributed Environments Ensures complete coverage for the largest worldwide networks with high-availability topologies and n-tier distribution architecture. Packages are cached locally, minimizing network traffic and optimizing bandwidth utilization.	Adapts to Your Growing Business Leverages your current network infrastructure in order to reduce TCO from day one of implementation through the life of the subscription. Adapts to various organizational setups, so you can always integrate the scanner into new business structures. Ensures inventory and management of both physical and virtual environments from one consolidated console.
Role- and Policy-Based Administration Enables the Patch Management Administrator to delegate/ approve patch management activities/ information across multiple employees, based on the employee’s role or security level. Ensures that all systems meet a mandatory baseline policy – a key aspect of corporate security and regulatory compliance.	Enforces Compliance In Your Organization Enables you to set specific policy and enforcement for each group in the enterprise. Provides maximum policy flexibility with automated enforcement, saving both time and effort by IT staff. Increases Productivity Significantly improves productivity while maintaining security.
Open Architecture Supporting open standards and multiple sources of content, Lumension Patch and Remediation delivers a customizable and diverse platform for operational security management. Seamlessly manages third party vendor content and automatically detects and obtains prerequisite patches.	Provides a Consolidated, Single Tool To Meet All Your Patching Needs Single tool's extensibility addresses the needs of customers and provides flexibility to easily accommodate new software and initiatives as they arise. Automates the management and reporting of Lumension and third party licensed content and prerequisite patches without complex or manual credentials management.
Extensible, Modular Agent Architecture Resilient, lower overhead agent with scalable architecture to secure on- and offline systems. Provides easy agent install and uninstall capabilities.	Provides Comprehensive On- and Offline Protection Protects laptops, servers, and desktops that are often disconnected from the network and reduces network bandwidth usage. Resilient agent offers self-monitoring and recovery capabilities for increased security.
Enhanced Wake-on-LAN Enables "wake now" capability for specific devices at any given time to deploy highly critical patches or urgent software updates.	Improves Security Posture for Offline Machines While Reducing IT Power Consumption Eliminates blind spots in ongoing network maintenance and ensures that offline machines receive critical patches and software updates. Ensures the attainment of maximum energy efficiency when used with power policies via Lumension Content Wizard.
Directory Services Integration Dynamic creation of groups based on existing Microsoft Active Directory environments with cascading inheritance for agent policy, mandatory baseline and user permissions.	Saves Time and Cost Saves time and reduces TCO by integrating with Active Directory which eliminates the need to recreate the logical organization of systems.
Automated Agent Distribution Automated deployment of the Lumension remediation agent to unmanaged (rogue) computers.	Saves IT Operations Time and Effort Ensures maximum coverage and protection, with minimal time and effort required by IT operations.
Automatic Notifications E-mail alerts can be sent to administrators to notify them of a variety of issues, including subscription or remediation failures, upcoming license expiration and more.	Improves Security Improves security through the timely response to issues. Improves Productivity Improves administrative productivity through proactive, automated alerts.
Flexible Operating Hours Administrators can define specific days and intervals of time during which the agent can communicate with the server and perform operations, in granular half hour increments	Ensures No Downtime or Disruptions Minimizes business disruptions and thus improves the productivity of the organization.
Flexible Group Management Creates custom computer groups based on the enterprise’s needs. Allows the administrator to represent multiple layers of geographical or organizational structure within the solution. Hierarchical "Nested" Grouping.	Increases Deployment Accuracy and IT Efficiency Enables you to increase deployment accuracy and IT efficiency by employing an organized approach via custom groups. Increases Productivity Reduces agent and group configuration efforts through more efficient creation and management of agents within groups. Improves Policy Management Facilitates the deployment of group-specific patches according to your corporate policy.
Key Indicator Dash Board Enables creation of a custom dash board for the most critical information in order to highlight the success of your organization's patch management process from a list of 8 key indicators.	Provides Visibility Into Real-Time Patch Status & Overall Security Posture Provides an informative snapshot of current patch status in order to report to executive management.
Multi-Patch Deployments Delivers multiple patches to multiple computers in one distribution.	Reduces IT Costs Simultaneously eliminates multiple vulnerabilities are simultaneously eliminated while minimizing IT costs.
Subscription Service Automatic and secure identification and notification of the latest patch vulnerabilities across multiple platforms and applications.	Saves IT Operations Time and Effort Eliminates the cost of manually monitoring, acquiring and staging patches for multiple platforms and applications throughout the enterprise. Enhances Your Security Posture Ensures systems stay patched and are automatically updated. Ensures unauthorized packages are not able to enter your network.

Requirements

Minimum Requirements - Server

Requirements	Version
Hardware	A dual-core processor (any speed) 1 GB RAM 32 GB of available disk space
Operating System	Windows Server® 2003, Web Edition with SP2 or later (x86) Windows Server 2003, Standard Edition with SP2 or later (x86) Windows Server 2003, Enterprise Edition with SP2 or later (x86) Microsoft Windows Server 2003 R2, Web Edition with SP2 or later (x86) Windows Server 2003 R2, Standard Edition with SP2 or later (x86) Windows Server 2003 R2, Enterprise Edition with SP2 or later (x86) Windows Server 2008, Web Edition (x86/x64) Windows Server 2008, Standard Edition (x86/x64) Windows Server 2008, Enterprise Edition (x86/x64) Microsoft Windows Server 2008 R2, Web Edition (x64) Microsoft Windows Server 2008 R2, Standard Edition (x64) Microsoft Windows Server 2008 R2, Enterprise Edition (x64) Note: Lumension Endpoint Management and Security Suite must be installed on an English operating system using any English locale (en-US, en-UK, en-CA, and so on) in its default configuration.
Web server	Microsoft® Internet Information Services (IIS) 6.0 or later.
.NET Framework	Microsoft .NET Framework version 3.5 Note: If not present, Microsoft .NET Framework 3.5 is installed with Lumension Endpoint Management and Security Suite.
Web browsers	Microsoft Internet Explorer 7.0 or greater Mozilla®Firefox® 3.0 or greater.
DB Server	SQL Server 2005, Express Edition with SP3 (x86) SQL Server 2005, Standard Edition with SP3 (x86) SQL Server 2005, Enterprise Edition with SP3 (x86) SQL Server 2008, Express Edition (x86) SQL Server 2008, Standard Edition (x86/x64) SQL Server 2008, Enterprise Edition (x86/x64) Supported database servers can be installed in the following locations relative to the Lumension Endpoint Management and Security Suite server: Locally in named instances installed by Lumension Endpoint Management and Security Suite. Locally in named or default instances that are preexisting. Remotely in named or default instances that are preexisting. Note: If an instance of SQL Server is not present on your target server, SQL Server 2008, Express Edition with SP1 is installed with Lumension Endpoint Management and Security Suite (if you are not using a remote instance of SQL Server)

Agent Coverage - Supported Client Operating Systems

Operating System	Version/Edition	Architecture
Apple Mac OS X	10.3 - 10.5	x86 (Intel)/PowerPC
CentOS	4-5	X86 X86_64
HP-UX	11.11 - 11.31	64 bit PA-RISC
IBM AIX	5.1 - 5.3	PowerPC
Microsoft Windows 2000	All (excluding Datacenter editions)	x86
Microsoft Windows Server 2003	All (excluding Datacenter editions)	x86 X86_64
Microsoft Windows XP	Professional (excluding Home, Media Center and Tablet PC editions)	x86 X86_64
Microsoft Windows Vista	All (excluding Home and Starter editions)	x86 X86_64
Microsoft Windows 7	Professional Enterprise Ultimate	X86 X86_64
Microsoft Windows Server 2008	All (excluding Core and Datacenter editions)	x86 x86_64
Microsoft Windows Server 2008 R2	Web Standard Enterprise	X86 X86_64
Novell SUSE Linux	9 - 11	x86 x86_64
Oracle Enterprise Linux	4-5	X86 X86_64
Red Hat Enterprise Linux	3.0 – 5.x (Enterprise AS, ES, WS)	x86 x86_64
Sun Solaris	8 – 10	SPARC x86 x86_64

Lumension® Endpoint Management and Security Suite
Endpoint Power Management

Endpoint Power Management reduces overall IT power consumption and costs without sacrificing productivity or security.

Endpoint Power Management Business Issues & Challenges

Optimization is often what determines business success, particularly in a challenging economic environment. As organizations search for ways to reduce their overhead costs and improve their competitive stance, the use of a PC power management solution can deliver dramatic operating cost savings.

Organizations can save $60 per machine by deploying power management policies. The challenge for many organizations is that IT environments are complex, and enforcing desktop power management policies can be burdensome if they are not centralized. Further, it is imperative that end-user productivity is not diminished and that visibility of IT assets is not impaired due to systems being dormant.

As organizations attempt to achieve IT cost savings by reducing PC power consumption, oftentimes security is put at bay - machines in the network that are offline or configured to sleep mode may not receive necessary patches or software updates. These operational "blind-spots" hinder effective endpoint management and reduce overall security. For example, in the case of a zero-day vulnerability, organizations must be able to access their IT environments in order to deploy risk-mitigating configurations and patches.

Overview

With Lumension's Endpoint Power Management solution, organizations can easily define and enforce power conservation policies, and automatically bring offline systems back online to perform system maintenance and/or IT security updates (including patching and configurations) during off peak work hours so that organizational productivity is not impacted. The end result is a more efficient and secure IT environment. Lumension's endpoint power management solution enables organizations to:

Dramatically reduce PC power consumption and IT TCO by defining and enforcing system-wide power management policies across endpoints without requiring additional investment in stand-alone power-management products.
Easily create and deploy power conservation policies to optimize IT operations and facilitate the enforcement of green policies in complex, distributed IT environments - without relying on a centrally managed domain.
Eliminate operational and security “blind-spots” and improve endpoint security through both scheduled and emergency maintenance windows to effectively patch distributed endpoints, while also taking advantage of aggressive policies that power-down inactive systems.
Effectively demonstrate the value of reduced power consumption through enhanced power management reporting and use this information to apply for potential power savings rebates from your local power company.
Ensure continuous compliance with green IT policies through ongoing monitoring of desktop and laptop uptime.

Features & Benefits

Key Product Features	Benefit
Centralized Endpoint Power Management Policy Wizard Easy-to-use, wizard-based creation and deployment of PC power policy settings, including: standby, hibernation and sleep timing based on user, and system inactivity.	Simplifies Creation and Management of Power Policies Optimizes IT operations and facilitates the enforcement of green policies in complex, distributed environments without relying on GPOs or impacting user productivity.
Hours of Operation Maintenance Windows Conveniently set regular endpoint wake up times during hours of operation, centrally deploy agent tasks to both online and offline machines and control machines individually, by group, or globally across domains – regardless of time zones.	Increased Visibility and Control Over the IT Environment By eliminating operational and security “blind-spots” through both scheduled and emergency maintenance windows organizations can effectively manage their distributed endpoints while also taking advantage of aggressive power policies that power-down inactive systems.
Enhanced Wake-on-LAN (WOL) Promotable agent architecture allows any agent to be easily converted and act as a relay to broadcast WOL packages throughout your IT environment. Devices can be commanded to “wake up” at any given time to deploy a highly critical patch or urgent software update.	Improved Security at a Lower TCO Enables rapid deployment of critical updates to machines that have been offline and provides the benefit of power management policies without having to sacrifice security efforts or employee productivity.
Integrated Power Management Reporting Take advantage of potential power savings rebates from local power management companies or for showing a reduction in the overall carbon footprint through power consumption and power savings reports.	Optimize Power Savings Monetize the effect of the power management policies with integrated power savings reports.
Continuous Power Monitoring Measure actual endpoint uptime and states, such as on/monitor off/sleep, and more. A Power Usage Dashboard provides comprehensive management and easy audit control.	Enforce Green IT Policies Ensure continuous compliance with green IT policies through

Technical Requirements

Lumension Endpoint Power Management is comprised of the following licensable modules:

Lumension Patch and Remediation
Lumension Content Wizard
Power Management Reporting (an add-on capability to Lumension Patch and Remediation)

Minimum Requirements – Lumension Endpoint Management and Security Suite: Patch and Remediation Server

Requirements	Version
Hardware	A dual-core processor (any speed) 1 GB RAM 36 GB of available disk space A single 100 Mbps network connection (with access to the Internet)
Operating System	Microsoft® Windows Server 2003, Web Edition with SP2 or later (x86) Microsoft® Windows Server 2003, Standard Edition with SP2 or later (x86) Microsoft® Windows Server 2003, Enterprise Edition with SP2 or later (x86) Microsoft® Windows Server 2003 R2, Web Edition with SP2 or later (x86) Microsoft® Windows Server 2003 R2, Standard Edition with SP2 or later (x86) Microsoft® Windows Server 2003 R2, Enterprise Edition with SP2 or later (x86) Microsoft® Windows Server 2008, Web Edition (x86/x64) Microsoft® Windows Servers 2008, Standard Edition (x86/x64) Microsoft® Windows Server 2008, Enterprise Edition (x86/x64) Microsoft® Windows Server 2008 R2, Web Edition (x64) Microsoft® Windows Server 2008 R2, Standard Edition (x64) Microsoft® Windows Server 2008 R2, Enterprise Edition (x64) Note: Lumension Endpoint Management and Security Suite must be installed on an English operating system using any English locale (en-US, en-UK, en-CA, and so on) in its default configuration.
SQL Server	Microsoft SQL Server 2005 Express Edition with SP2 (x86) Microsoft SQL Server 2005 Standard Edition with SP2 (x86) Microsoft SQL Server 2005 Enterprise Edition with SP2 (x86) Microsoft SQL Server 2008 Express Edition with SP2 (x86) Microsoft SQL Server 2008 Standard Edition with SP2 (x86/x64) Microsoft SQL Server 2008 Enterprise Edition with SP2 (x86/x64) Supported database servers can be installed in the following locations relative to the Lumension Endpoint Management and Security Suite server: Locally in named instances installed by Lumension Endpoint Management and Security Suite. Locally in named or default instances that are preexisting. Remotely in named or default instances that are preexisting. Note: If an instance of SQL Server is not present on your target server, SQL Server 2008, Express Edition with SP1 is installed with Lumension Endpoint Management and Security Suite (if you are not using a remote instance of SQL Server).
Internet Server	Microsoft® Internet Information Services (IIS) 6.0 or later
.NET Framework	Microsoft .NET Framework version 3.5
Web browsers	Microsoft Internet Explorer 7.0 or greater Mozilla®Firefox® 3.0 or greater.

Agent Coverage - Supported Client Operating Systems

Operating System	Version/Edition	Architecture
Microsoft Windows Server 2003	All (excluding Datacenter editions)	x86 X86_64
Microsoft Windows XP	Professional (excluding Home, Media Center and Tablet PC editions)	x86 X86_64
Microsoft Windows Vista	All (excluding Home and Starter editions)	x86 X86_64
Microsoft Windows 7	Professional Enterprise Ultimate	X86 X86_64
Microsoft Windows Server 2008	All (excluding Core and Datacenter editions)	x86 x86_64
Microsoft Windows Server 2008 R2	Web Standard Enterprise	X86 X86_64

Lumension® Endpoint Management and Security Suite

Find common ground between IT Security and IT Operations

Take control of your endpoints via a suite of modular products that provide endpoint security, patch management, power management and security configuration management

Managing the New Endpoint Environment Business Issues & Challenges

Today's rapidly changing IT network is more distributed and virtual than ever — the majority of data is stored on remote endpoint platforms, such as laptops and mobile PDAs, and accessed through public WiFi networks connected to an organization's IT network via the Internet. Mounting budget pressures are forcing companies to look increasingly at virtual and cloud-based computing alternatives. In addition, traditional point-based technologies and solutions have increased the complexity and cost to organizations, due to the management of many different consoles across multiple products.

With data flowing across a myriad of devices and platforms, organizations must have centralized visiblity and control of their networks in order to effectively manage IT risk and endpoint operations

New approaches and solutions are required to ensure enhanced security and compliance with the lowest total cost of ownership possible. The once-separate IT functions of operations and security must collaborate and share information seamlessly to gain the visibility needed to proactively address IT risk in a more effective and efficient manner. Lumension Endpoint Management and Security Suite is an extensible solution suite developed on the Lumension Endpoint Management Platform that reduces complexity, optimizes TCO, improves visibility and delivers control back to IT.

Lumension Endpoint Management and Security Suite provides:

Reduced complexity and TCO via an agile infrastructure, which delivers modularly licensed, best-of-breed product capabilities through an integrated console and single-agent architecture
.
Greater control and visibility with an end-to-end approach that includes capabilities to meet endpoint operations, security, compliance and IT risk management needs.
Enhanced security through a unique "trust-centric" approach that enables rules-based exceptions to security and change management.
Endpoint power management which reduces power consumption costs and enables the management and security of both online and offline endpoints.

Features	Benefits
Integrated Endpoint Management Console	Web-based console and workflow-based navigation to simplify, unify and optimize IT operations and security processes.
Modularly Licensed Capabilities	An extensible platform that enables both Lumension capabilities as well as third-party developed capabilities to be “pluggable.”
Scalable Architecture	Delivers both pull and push approaches to endpoint communication and policy distribution.
Single Promotable Agent	Flexible agent architecture delivers services on the fly without requiring burdensome upgrades or increased agent bloat, provides easy agent install and uninstall capabilities, and offers self-monitoring and recovery capabilities.
Power Management Policy Enforcement	Centralizes power management policies for both online and offline machines combined with enhanced Wake-on-LAN, via OrcaTYDE™ Patch and Remediation to ensure that offline machines receive critical patches and software updates and maximum IT energy efficiency is achieved.
Continuous and Full Discovery of the IT Environment	Integrates award-winning solution capabilities to provide complete discovery of what’s in your IT environment, including capabilities such as application whitelisting, device control, vulnerability management, data loss prevention, anti-virus and configuration management.
Optimized Compliance and IT Risk Management	Streamlines compliance and IT risk management workflows and ensures continuous monitoring of compliance and IT risk postures.

* Available as an integrated/interfaced product module within the Lumension Endpoint Management and Security Suite 2010. Product plans subject to change without notice.

Endpoint Operations Product Modules

Lumension Patch and Remediation - Reduces corporate risk and optimizes IT operations through the timely, proactive elimination of operating system and application vulnerabilities across all systems and servers.
Lumension Security Configuration Management - Ensures that endpoints are securely configured and in compliance with industry best practices and regulatory mandates.
Lumension Enterprise Reporting* - Provides centralized visibility of IT assets and consolidates vulnerability and configuration data across the enterprise.

Endpoint Security and IT Risk Management Product Modules

Lumension Application Control* - Enables the enforcement of application usage policies to ensure that only software that is explicitly authorized or trusted is allowed to execute.
Lumension AntiVirus* - Provides complete protection against all malware including viruses, spyware, Trojans and adware.
Lumension Device Control* - Identifies all removable devices that are now or have ever been connected to your endpoints and enforces device / port access and data encryption policies to prevent data loss / theft.
Lumension Risk Manager* - Automates compliance and IT risk management workflows and provides necessary visibility of people, processes and technology across the entire organization.

* Available as an integrated/interfaced product module within the Lumension Endpoint Management and Security Suite 2010. Product plans subject to change without notice.

Minimum Requirements - Server

Requirements	Version
Hardware	A dual-core processor (any speed) 1 GB RAM 32 GB of available disk space
Operating System	Windows Server® 2003, Web Edition with SP2 or later (x86) Windows Server® 2003, Standard Edition with SP2 or later (x86) Windows Server® 2003, Enterprise Edition with SP2 or later (x86) Windows Server® 2003 R2, Web Edition with SP2 or later (x86) Windows Server® 2003 R2, Standard Edition with SP2 or later (x86) Windows Server® 2003 R2, Enterprise Edition with SP2 or later (x86) Windows Server® 2008, Web Edition (x86/x64) Windows Server® 2008, Standard Edition (x86/x64) Windows Server® 2008, Enterprise Edition (x86/x64) Windows Server® 2008 R2, Web Edition (x64) Windows Server® 2008 R2, Standard Edition (x64) Windows Server® 2008 R2, Enterprise Edition (x64) Note: Lumension Endpoint Management and Security Suite must be installed on an English operating system using any English locale (en-US, en-UK, en-CA, and so on) in its default configuration.
Web server	Microsoft® Internet Information Services (IIS) 6.0 or later.
.NET Framework	Microsoft .NET Framework version 3.5 Note: If not present, Microsoft .NET Framework 3.5 is installed with Lumension Endpoint Management and Security Suite.
Web browsers	Microsoft Internet Explorer 7.0 or greater Mozilla®Firefox® 3.0 or greater.
DB Server	SQL Server 2005, Express Edition with SP3 (x86) SQL Server 2005, Standard Edition with SP3 (x86) SQL Server 2005, Enterprise Edition with SP3 (x86) SQL Server 2008, Express Edition (x86) SQL Server 2008, Standard Edition (x86/x64) SQL Server 2008, Enterprise Edition (x86/x64) Supported database servers can be installed in the following locations relative to the Lumension Endpoint Management and Security Suite server: Locally in named instances installed by Lumension Endpoint Management and Security Suite. Locally in named or default instances that are preexisting. Remotely in named or default instances that are preexisting. Note: If an instance of SQL Server is not present on your target server, SQL Server 2008, Express Edition with SP1 is installed with Lumension Endpoint Management and Security Suite (if you are not using a remote instance of SQL Server)

Agent Coverage - Supported Client Operating Systems*

Operating System	Version/Edition	Architecture
Apple Mac OS X	10.3 - 10.5	x86 (Intel)/PowerPC
CentOS	4-5	X86 X86_64
HP-UX	11.11 - 11.31	64 bit PA-RISC
IBM AIX	5.1 - 5.3	PowerPC
Microsoft Windows 2000	All (excluding Datacenter editions)	x86
Microsoft Windows Server 2003	All (excluding Datacenter editions)	x86 X86_64
Microsoft Windows XP	Professional (excluding Home, Media Center and Tablet PC editions)	x86 X86_64
Microsoft Windows Vista	All (excluding Home and Starter editions)	x86 X86_64
Microsoft Windows 7	Professional Enterprise Ultimate	X86 X86_64
Microsoft Windows Server 2008	All (excluding Core and Datacenter editions)	x86 x86_64
Microsoft Windows Server 2008 R2	Web Standard Enterprise	X86 X86_64
Novell SUSE Linux	9 - 11	x86 x86_64
Oracle Enterprise Linux	4-5	X86 X86_64
Red Hat Enterprise Linux	3.0 – 5.x (Enterprise AS, ES, WS)	x86 x86_64
Red Hat Enterprise Linux	9 - 10	SPARC x86 X86_64

* Denotes agent coverage for Patch and Remediation module. Other modules will vary.

Subcategories

Hardware Products

Nav view search

Navigation

Search

Hardware

Software

Solutions

Lumension® Scan - Vulnerability Assessment Scanner

Complete, Real-Time Network Visibility and Proactive Vulnerability Assessment and Prioritization with Lumension Scan

Vulnerability Assessment Business Issues and Challenges

Overview

How it Works

Features & Benefits

Requirements

Minimum System Requirements:

Supported Systems:

Lumension® Risk Manager

Lumension Risk Manager automates IT risk management and compliance workflows and provides enterprise-wide visibility to ensure effective measurement of your security posture

IT Risk Management and Assessment: Business Issues & Challenges

Overview

Features & Benefits

Requirements

Lumension® Enterprise Reporting

Increase visibility of the IT environment to improve security and regulatory audit compliance with Lumension Enterprise Reporting

Compliance and IT Risk Management Business Issues & Challenges

Overview

How it Works

Features & Benefits

Requirements for the host server

Minimum System Requirements:

Minimum Software Requirements:

Supported Operating Systems:

Lumension® Device Control

Enforce Security Policies for Port Protection, Removable Device Usage, and Data Encryption with Lumension Device Control

Device Control Business Issues and Challenges

Overview

How It Works

Where It Works

Features & Benefits

Device / Port Access Control

256-bit AES Encryption

Administration

Infrastructure

Requirements

Supported Operating Systems

Hardware and Software Requirements

Lumension® Content Wizard

Extends the capabilities of the Lumension Endpoint Management Platform with custom scripting capabilities to centralize, automate and streamline desktop and system management, power management, configuration enforcement, software distribution and custom applications

Security and Operational Business Issues and Challenges

Overview

How it Works

Features & Benefits

Requirements

Minimum Hardware Requirements

Supported Operating Systems

Lumension® Application Control

Prevent Malware and Unauthorized Software Applications with Application Control

Application Control Business Issues and Challenges

Overview

How It Works

Features & Benefits

Key Product Features

Benefit

Requirements

Supported Operating Systems

Hardware and Software Requirements:

Component

Lumension® Antivirus

The Perfect Complement to Application Whitelisting to Achieve Total Endpoint Protection

AntiVirus Business Issues & Challenges

How It Works

Features & Benefits

Requirements

Lumension® Endpoint Management and Security Suite Security Configuration Management

Reduce Corporate Risk with Proactive Security Configuration Management

Security Configuration Management Business Issues and Challenges

Overview

Ensure That Endpoints Are Securely Configured, Remediated and Compliant with Industry Best Practices and Regulatory Mandates

How It Works

Demonstrate Compliance with Regulatory Policies and Industry Standards

Lumension Scan Supported Target Systems

Lumension® Endpoint Management and Security Suite
Security Configuration Management

Lumension® Endpoint Management and Security Suite
Patch and Remediation

Lumension® Endpoint Management and Security Suite
Endpoint Power Management