Protect Against Malware with Policy-Based Endpoint Security

The security landscape is shifting from large, widespread malware outbreaks to targeted, quiet threats. Traditional solutions cannot provide adequate protection against malware as evidenced by Gartner’s prediction that 75% of enterprises will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses¹. Furthermore, 70 percent of all serious incidents are sparked by insiders², who inadvertently or maliciously introduce malware, spyware, viruses and zero-day threats through endpoints and removable devices.

Traditionally, all forms of malware, viruses, worms, etc. were solely introduced via rogue executables downloaded off the Internet, but now these can also be introduced via removable devices. If an audio player, flash drive or USB stick becomes infected, the user could plug it into the corporate network and unknowingly unleash a crippling virus. Recent examples of this include:

  • The SillyFD-AA worm, which spreads by copying itself from infected machines onto removable drives such as USB memory sticks before automatically running when the device is next connected to a computer.
  • TomTom’s announcement that an isolated amount of GO 910 devices were shipped with a virus pre-installed. Infected versions of the GO will try to copy the malicious software to a PC when connected.
  • McDonald’s recalling MP3 players it offered as a prize, after discovering that the prizes were loaded with a particularly nasty strain of malware. Up to 10,000 people might have been exposed the QQpass spyware Trojan after claiming a Flash MP3 player.
  • Apple’s announcement that a small percent of Video iPods -- pocket-sized devices that can play music and video clips - left its contract manufacturer carrying the virus RavMonE.exe, which affects computers running Microsoft Windows operating system.

Lumension Endpoint Protection and Data Protection Solutions Prevent Malware, Spyware, Viruses and Zero-Day Threats

Lumension Endpoint Protection solution is comprised of Lumension Application Control, which protects against targeted threats and enables only authorized applications to execute or connect to a network server, terminal services server, thin client, laptop or desktop. Lumension simplifies the discovery phase so that administrators can uncover all of the applications that are executing on the endpoints. Once known what applications are on the network, a policy can be established and enforced. Lumension Data Protection solution, comprised of Lumension Device Control, prevents the introduction of malware through removable media devices.

Lumension enables administrators to rapidly identify applications and to assign permissions for applications to users, user groups or a particular computer. Once these access rights have been set, any executable not on the authorized list will simply not be able to run. Detailed audit capabilities log all application execution attempts, as well as any administrator actions, including changes of any application policy authorizations.

The final result is a network free of malware.

Lumension Endpoint Protection and Data Protection Solutions Prevent Malware, Viruses and Zero-Day Threats by:

  • Enforcing policies that do not allow known and unknown threats to execute, such as malware, viruses, spyware and zero-day threats
  • Providing a detailed audit trail of all device and application execution attempts
  • Identifying organizational security holes in the protection of sensitive information through comprehensive auditing capabilities
  • Safeguarding against network security breaches where confidential data could be exposed to fraud
  • Disabling suspicious executables that are locally authorized on too many computers

Sources:
Gartner Research, “Gartner’s Top Predictions for IT Organizations and Users, 2007 and Beyond”, Daryl C. Plummer, December 1, 2006
IDC Worldwide Security Products and Services 2007 Top 10 Predictions