Sanctuary Application Control

Home \ Products \ Sanctuary Application Control

Lumension Sanctuary Application Control is now Lumension Application Control.

Eliminate Malware by Controlling Application Use

The battle to protect your network from malware can seem insurmountable. One anti-virus vendor expects to identify its 400,000th threat in early 2008. Unfortunately, anti-virus applications alone cannot control the problem. Out of the 99% of enterprises with anti-virus protection, 62% still suffered a malware infection¹. Analysts estimate that by the end of 2007, 75% of enterprises were infected with financially motivated, targeted malware that evaded traditional perimeter and host defenses².

How to Make Whitelisting Operationally Efficient and Manageable
Lumension Security's SVP of Americas, Matt Mosher sits down to discuss the advancements in Endpoint Security with Operational Whitelisting.

Sanctuary Application Control provides granular, policy-based enforcement of application use to proactively secure endpoints from data leakage, malware, spyware, keyloggers, Trojans, rootkits, worms and viruses, zero-day threats and unwanted or unlicensed software.

  • Eliminates the reliance on anti-virus subscription updates to secure your business
  • Enforces software license compliance, Sarbanes Oxley, HIPAA and GLBA and many other regulatory requirements
  • Enables application monitoring to avoid propagation of illegal, malicious or unwanted code on your endpoints
  • Prevents unauthorized application use throughout your organization
  • Allows you to test and plan patch deployment with no rush
  • Benefit from Standard File Definitions to rapidly load a predefined set of authorized OS and most commonly used applications

1 – Yankee Group, 2005 Security Leaders and Laggards Survey
2 – Gartner Research, “Gartner’s Top Predictions for IT Organizations and Users, 2007 and Beyond,”, Daryl C. Plummer, December 1, 2006

Overview

Sanctuary Application Control is the only comprehensive endpoint security solution to centrally manage, monitor and control applications on the corporate network. Sanctuary Application Control provides relief from the onslaught of malware by proactively controlling the applications that can execute on a network servers, terminal services servers, thin clients, laptops or desktops.

Proactive Approach to Endpoint Security

By employing a whitelist approach, Sanctuary Application Control enables only authorized applications to run on a network, laptop or PC - facilitating security and systems management, while providing the necessary flexibility to the organization.


Granular control over the use of all applications

Simple, Fast, Flexible Administration and Management

Sanctuary Application Control enables administrators to quickly establish and enforce application control policies by rapidly identifying applications and then assigning permissions at a high level or all the way down to specific application per users, user groups or even a particular computer. Sanctuary links application policies to user and user group information stored in Microsoft Windows Active Directory or Novell eDirectory, dramatically simplifying the management of endpoint application resources.


Detailed reporting of application usage

Endpoint Security Built to Scale

With a three-tier architecture and load-balancing capability, Sanctuary is designed to provide endpoint security to organizations ranging in size from 50 to 100,000 endpoints. Through integration with Active Directory or eDirectory, Sanctuary integrates with your existing technical infrastructure and logical organization. Sanctuary has also been ported to Windows Embedded platforms to protect the growing number of exposed embedded devices.

Sanctuary Application Control - Server Edition

Sanctuary Application Control - Server Edition secure mission critical servers from unauthorized, illegal or unwanted applications through the automated enforcement of application use policies. By blocking the execution of unwanted applications, Sanctuary Application Control - Server Edition proactively reduces the potential for malware intrusion on mail servers, CRM applications, web servers, database servers, and other mission-critical servers within your environment, preventing any interruption to the flow of your business.

Sanctuary Application Control - Terminal Services Edition

Sanctuary Application Control - Terminal Services Edition enforces application use policies to secure Windows or Citrix terminal services environments from unauthorized, illegal or unwanted applications. Terminal Services Edition provides a secure thin client terminal environment and enhances the availability and stability of your remote services.

Features & Benefits

Feature Function Benefit
Whitelist Assign permissions for authorized applications to users or user groups, and by default those not authorized are not allowed Eliminates unknown or unwanted applications in your network, reducing the risk of malware and spyware and ultimately improving network stability
Standard File Definitions Classified, pre-loaded whitelist of all supported OS files. Speeds and simplifies whitelist definition
Automated Application Discovery Process of identifying, categorizing and authorizing applications which produces a record of all executables on client computers, file servers and/or local directories Provides flexible and fast options to create or update whitelists
Automatic Authorization of Software Updates Automatic authorization of Microsoft software updates through integration with Windows Updates: SUS and WSUS Eliminates risk of accidentally restricting user access to frequently updated Microsoft applications
Script / Macro Protection Controls the execution of specific VBScript, Microsoft Office VBA and JavaScript with central authorization or a prompt to local users Extends application policy enforcement to include specific scripts/macros, enabling business without compromising protection
Path Protection Optional file authorization based on location or path rules; Create a trusted owner, such as administrator, to reinforce security Provides flexibility to support executable files for which hash definitions are not useful or applicable (i.e. auto-changing .exe files)
Non-Blocking Mode Execute and log activity for administrator review Enables Sanctuary to identify current state before defining and enforcing policy
Flexible File Authorization Versatile File Processor (FileTool.exe) enables directory and subdirectory scans to discover new applications and packages while online or offline Provides flexible and fast option to identify new and updated applications for review and ultimately to generate whitelists
Nested Executable File Groups Hierarchical structure of organizing file groups Provides fast administration of file groups and assignment of user permissions
Relaxed Logon Executes logon scripts without authorization and automatically switches system into blocking mode after either a set of time or at the end of the script Eliminates need to administer logon scripts in Sanctuary without compromising the security of the system
Local Authorization Trusted users can authorize applications locally, while maintaining a log for administrator review Delivers flexibility to the user, without giving up administrative control
Spread Check Disables suspicious executables that are locally authorized on too many computers Contains risk of malicious code spreading through network due to local authorization
Highly Scalable Architecture Three tier architecture with Database, one or more Application servers, and Client Provides flexible and scalable deployment options in large and complex networks
Powerful Log Analysis and Reporting Detailed log analysis with flexible filter, sort and display options and stored query templates as well as central reporting Demonstrates policy compliance and drills down on suspicious behavior for legal or management follow up
Offline Computer Protection Local copy of updated hashes and permissions is kept on each machine Ensures that remote/ disconnected users are constantly protected
Active Directory and eDirectory Support Leverages user and user group definitions in existing Active Directory and eDirectory Reduces setup and maintenance of users and user groups
Multi-Language Support Supports 12 languages on Sanctuary client machines Improves user experience in international organizations
Custom Reports Custom query templates can be scheduled to automatically generate reports in HTML, XML or CSV formats and delivered via email or network file share Extends application policy enforcement to include specific scripts/macros, enabling business without compromising protection

Requirements

Client (32-bit unless specified) Database Server Management Console
Windows 2000 (SP 3+) Professional, Windows XP Professional, Windows XPe, Windows Embedded Point of Service, Windows XP Tablet PC Edition, Windows Server 2003, Windows Vista (32 and 64 bit) Windows 2000 (SP 3+) Server or Professional, Windows XP Professional, Windows Server 2003 Windows 2000 (SP 4+) Server or Windows Server 2003 Windows 2000 (SP 3+) Server or Professional, Windows XP Professional, Windows Server 2003
For Sanctuary Server/Terminal Services Edition: Windows 2000 Server or Windows Server 2003 Microsoft SQL Server (2000/2005), SQL Server 2005 Express Edition or MSDE 2000