Microsoft Windows Embedded Partner

Establish a trusted device and applications environment based on Microsoft Windows Embedded platforms and never worry about the risk of data loss or malicious attacks that could cost your organization thousands of dollars in damages.

Easily control your organization's entire thin client desktop configuration from one central location.

Embedded Endpoint Security and Policy Enforcement for ATMs, Kiosks, PoS, Thin Clients, Gaming Devices and Terminals.

Lumension offers advanced device and application policy enforcement solutions for thin client devices based on the Windows Embedded for Point of Service (WEPOS) and Windows XP Embedded platforms such as Retail Point-of-Sale Terminals, ATMs, Gaming devices, Thin Clients, and other Network Connected Systems. Most of the latter are equipped with connectivity ports (e.g. USB) as well as connected to networks and the Internet, leaving them exposed to malware or misuse by end users.

Together, Microsoft and Lumension have collaborated to bring the first policy enforcement solution to the WEPOS and Windows XPe platforms.

Lumension offers advanced device and application policy enforcement solutions for thin client devices based on the Windows Embedded for Point of Service (WEPOS) and Windows XP Embedded platforms such as Retail Point-of-Sale Terminals, ATMs, Gaming devices, Thin Clients, and other Network Connected Systems. Most of the latter are today equipped with connectivity ports (e.g. USB) as well as connected to networks and the Internet (for updates services or maintenance), leaving them exposed to malware or misuse by end users.

Lumension for Embedded Devices is a componentized version of Lumension’s award-winning Lumension Endpoint Security policy enforcement suite. Lumension Endpoint Security, which is comprised of Device Control and Application Control, provides unified policy enforcement for centrally managing and monitoring application and device usage that proactively secures your organization from data threats, including data leakage, malware and spyware.

Using an automated whitelist approach, Lumension Endpoint Security enables only authorized applications to run and only authorized devices to connect to laptops, PCs, servers, terminal services servers, thin clients and embedded endpoint technologies.

Through a central console, application and device control policies are quickly established and enforced through two simple steps. Lumension Endpoint Security enables the administrator to rapidly identify devices and applications and then assign permissions regarding who can access what I/O devices and what code can execute on embedded endpoint devices.

Lumension® Application Control: enforces application usage policies to authenticate applications that have the access rights to execute on your embedded endpoints.

Lumension® Device Control: provides policy-based enforcement of removable device use to control the flow of inbound and outbound data and control your organization’s entire embedded devices and desktop configuration environment.

Solution Advantages

• Lumension for Embedded Devices is the first solution designed specifically to enforce device and application use policies for WEPOS and Windows XPe, enabling control of what I/O devices are allowed in order to remotely secure, schedule and monitor your embedded device access.
• Lumension Endpoint Security client’s small footprint is fully-functional and on par with Lumension Endpoint Security desktop/laptop and server solutions.
• Lumension Endpoint Security allows Embedded device administrators to set remotely online/offline policies as well as audit user activity on their embedded endpoints. Administrators can even lock down the embedded endpoint for maximum security (e.g. ATMs).
• Central management console enables organizations to manage WEPOS and Windows XPe endpoints from the same console with the exact same features, control and reporting capabilities.features, control and reporting capabilities.
• Developers can now use Lumension for Embedded Devices components to easily customize thin client images specific to the customer’s software and hardware needs.
   

Lumension Endpoint Security components used for an XPe image in MS target designer

Lumension for Embedded Devices: Use Cases

Suppliers of retail PoS terminals, self-service kiosks, ATMs, thin clients, medical equipment and many other special-purpose devices can now offer the same level of protection for their WEPOS and Windows XP Embedded devices that Lumension Endpoint Security products provide for endpoints running on any other Microsoft Windows platforms. The components of Lumension for Embedded Devices have been specially optimized for Windows Embedded environments where Cost of Goods Sold (COGS) and Total Cost of Ownership (TCO) play an even greater role in deployment decisions.

• Point of Sales (PoS) need regular updates, and today’s cash registers are all centrally connected and often provide local I/O device ports for service or PoS cashier user authentication (smart card, biotech device, etc.). Lumension for Embedded Devices allows you to securely manage what applications can run and what devices can be connected, when, how, and by whom. Lumension for Embedded Devices components allow you to seamlessly update your dedicated PoS image with I/O device rights and application rights when standard images are loaded during PoS device boot.
  
   
• Automatic Teller Machines (ATMs), even if highly standardized, still need application code change and updates. These are at risk due to their nature - small contact with large variety of users - rather than a consistent set of end-users who can identify misbehavior or malware infection symptoms. With ATMs connected to a network, Lumension for Embedded Devices provides a comprehensive and secure way for a detailed level of remote change control and maintenance. Scheduling features enable the establishment of a device application regime to allow technical maintenance access to machines when scheduled but at no other time, ensuring a higher level of security. Meanwhile, Lumension Application Control module will ensure that ATMs are malware-free with no overhead, insuring the highest system availability.
  
   
• Public Kiosks, such as photo stations, where users can download content from any type of device to the endpoint or voting machines are at risk - there is no control over what may be introduced by a variety of users. Lumension for Embedded Devices prevents any known or unknown malware from damaging the station, should it be standalone or connected to a network or the Internet. With Lumension Endpoint Security, organizations can ensure higher kiosk availability rates with no risk of malware infection, significantly reducing the need for on-site interventions.
  
   
• Thin Clients are chosen by many organizations to replace traditional PCs in order to reduce TCO. Should this be using Citrix infrastructure (Lumension Endpoint Security complies with Citrix Access Gateway) or commonly used Microsoft Windows Active Directory, Lumension for Embedded Devices helps organizations achieve their TCO goals by enforcing thin client usage policies for both devices and applications, increasing users’ productivity and enhancing endpoint device stability.
  
   
• The Healthcare industry is rapidly adopting virtualization as a necessity for contained cost, high level privacy and application management on professional healthcare machines and infrastructure. However, cost-effective computing is missing device control and true application control. Lumension Endpoint Security provides Windows XPe and WEPOS healthcare businesses with the definitive solution they need to contain security risks, and to help comply with patient privacy regulations such as HIPAA.
  
   
• Gaming Machines generally use Microsoft Embedded OS in top boxes but more importantly also in the player tracking. Depending on local regulations, organizations have game usage data storage requirements for regulatory compliance needs. Lumension for Embedded Devices allows organizations to ensure compliance by: not allowing unauthorized applications to execute on the gaming device, and by enabling a central auditable mirror copy of logged data to be made on a removable flash memory. Both these features provide the insurance of data integrity as well as non-repudiation. In addition, Lumension Endpoint Security can encrypt all data saved to the removable media memory (AES256) for a higher level of security.
  
   
• Geographical Positioning System (GPS) solutions are usually operating on embedded devices and are critical to transportation enterprises as well as military applications. Lumension for Embedded Devices helps you lock the embedded box from any I/O device access ensuring that the system cannot be compromised and continues providing accurate positioning data.
   

Benefit today from the first policy enforcement for Windows XPe and WEPOS environments

Unlike any other solution, Lumension for Embedded Devices enforces policy compliance at both device and application levels not only for standard Windows platforms but now also within Windows Embedded environments where standardization and TCO goals are even more challenging and important than most other network types.


Want to know more?

• Check Lumension Endpoint Security list of features on Lumension® Device Control and Lumension® Application Control product pages.*
• Read our press release.
• Request an evaluation request here (make sure to also select Lumension Device Control and/or Lumension Application Control to get relevant server side components).
• Customers of embedded devices can also request Lumension for Embedded Devices from their device manufacturer. The Manufacturer has a choice of selling the solution to the customer or includes it in all of their solutions.

*Note that when a full version of XPe with Windows installer is present on the Windows Embedded device and if the machine complies with memory requirements for standard Lumension Device Control and Lumension Application Control, there is no need to use Lumension for Embedded Devices components. Standard deployment tools can be used with standard driver.