Lumension News RSS

Lumension Recognizes National Data Privacy Day With Employee Education Event

Fri, 27 Jan 2012 00:00:00 GMT

In support of National Data Privacy Day on January 28, Lumension®, a global leader in endpoint management and security, announces an employee education event that further raises awareness of today’s cyber crime trends and encourages safe online best practices. Held on Friday, January 27at Lumension headquarters in Scottsdale, Ariz., the event will engage employees with social media advice and password assistance for the protection of their personal and company data.

ldquo;We employ some of the savviest security software engineers in the industry,” said Pat Clawson, chairman and CEO, Lumension. “But the reality is data theft can happen to anyone. National Data Privacy Day is the perfect opportunity for us to further raise awareness of the state of cyber security today and offer our employees practical tips for making improvements in the protection of data.”

Planned for 7am – 9:30am Friday, the Data Privacy Day event will encourage employees to:

Test password strength and, if necessary, offer assistance in creating new passwords;
Learn approved methods for backing up data and;
Test their knowledge on how hackers most commonly deceive unsuspecting individuals, including social engineering and spear phishing.

Beyond employees, Lumension has also set up a website for other organizations’ IT departments to share with their company employees. Be Aware of What You Share is an educational resource center for companies to rely on when educating their employees on the dangers of cyber crime.

Supporting Resources:

Lumension Recognized as a Visionary in Gartner’s Magic Quadrant for Endpoint Protection Platforms

Wed, 25 Jan 2012 00:00:00 GMT

Lumension®, the global leader in endpoint management and security, today announced their Endpoint Management and Security Suite (L.E.M.S.S.) was recognized as a Visionary in Gartner’s latest “Magic Quadrant for Endpoint Protection Platforms.” Recognized for the second consecutive year after adding an anti-malware engine to its PC configuration life cycle management (PCLM) suite, L.E.M.S.S. was commended this year for its historical strength in patch management as well as its encryption and application control capabilities.

In order to be included in the Magic Quadrant for Endpoint protection, vendor solutions had to first demonstrate a wide array of expertise in protecting the endpoint before further being considered. Specific qualifications include: detect and clean malware features, provide a personal firewall and HIPS for servers and PCs; include centralized management, configuration and reporting capabilities for servers and PCs and to sufficiently support companies of 5,000 geographically dispersed endpoints; and provide global service and support.

Gartner defines “visionary” companies as those investing in “leading-edge features, such as advanced malware protection, data protection and/or management capabilities – that will be significant in the next generation of products, and will give buyers access to improved security and management.” Visionaries are often chosen for their best-of-breed features.

“We’re honored to be selected as part of Gartner’s elite Endpoint Protection Platforms Magic Quadrant for the second year running,” said Pat Clawson, CEO and chairman, Lumension. “We’ve worked very hard over the last year to continuously improve our products, including the integration of Device Control onto the L.E.M.S.S. platform and renewing our Security Content Automation Protocol certification with the National Institute of Standards and Technology.”

L.E.M.S.S. simplifies system management, expands operational visibility and delivers more effective security through the integration of Lumension Patch and Remediation, Security Configuration Management, Power Management and Content Wizard. Lumension Intelligent Whitelisting is available on L.E.M.S.S., as well as additional modules, including Lumension Application Control, Lumension AntiVirus, Lumension Device Control and Lumension Disk Encryption.

¹ The Magic Quadrant for Endpoint Protection Platforms was written by Peter Firstbrook, John Girard and Neil MacDonald and published January 16, 2012. Gartner's ID number for the report is G00219355. Gartner clients can access the report from www.gartner.com.

Supporting Resources:

Lumension Examines Escalating Threats And Increased Endpoint Vulnerability In 2012

Mon, 09 Jan 2012 00:00:00 GMT

The workplace has become increasingly mobile, resulting in a year-over-year decline in IT’s confidence in securing new technologies, according to the State of IT Endpoint Risk, a new Ponemon Institute study commissioned by Lumension®, the global leader in endpoint management and security. New mobile devices combined with increased use of third-party applications and cloud computing have caused IT to invest more in securing the new technologies entering the workforce rather than malware prevention strategies.

To further identify and discuss the State of IT Endpoint Risk survey’s key findings and bring awareness to the importance of data security in conjunction with the 2012 Data Privacy Day, Lumension will be hosting a webinar Tuesday, January 17, 2012 at 11:00 a.m. EST. Hosts Larry Ponemon, Ph.D., Chairman and Founder of the Ponemon Institute and Paul Henry, Security and Forensics Analyst for Lumension, will explore the factors that have lead to the decreasing confidence of IT professionals in the security of their network and the disconnect between risk and security strategies. Specifically, the webinar will examine:

How organizations are creating a perfect storm for hackers
The top three new threats impacting the workplace; and,
Perceived risks and corresponding strategies to combat today’s evolving endpoint environment.

“This year’s State of IT Endpoint Risk survey uncovered an interesting trend in how IT is keeping their organization secure,” said Larry Ponemon. “Malware attacks have continued to increase for the third consecutive year, yet IT’s concern and investment in this areas has continued to decrease. Despite the escalating threat, organizations aren’t spending their budgets on basic malware prevention strategies, nor are they collaborating with security departments to formulate centralized plans for the enterprise network. Instead, their primary concern this year seems to result from the new technologies entering the workplace, such as mobile devices, cloud computing and virtualization.”

This year’s study also found that many organizations are investing in technology solutions that aren’t able to effectively reduce endpoint risk. As a result, organizations are wasting valuable time, money and resources while continuing to expose their IT environment to unnecessary risks.

“Business drivers have given IT no choice but to support organizations’ increased reliance on mobile technologies,” said Pat Clawson, CEO and chairman of Lumension. “Because of this, investment has shifted from malware prevention to securing the endpoint. Unfortunately, many IT professionals remain unsure where to start. Without more education for end users and collaboration between IT operations and IT security leaders, organizations are leaving the door wide open for hackers and malware.”

To register for the webinar, please visit A Perfect Storm: 2012 State of the Endpoint.

Supporting resources:

Lumension Debates 2012 Endpoint Security Trends

Mon, 05 Dec 2011 00:00:00 GMT

Over the last year corporations once again saw the volume and sophistication of malware dramatically increase. In fact, in a recent Ponemon survey, 66 percent of IT professionals surveyed said their networks are no more secure than they were last year – a frightening statistic given how rapidly malware is continuing to spread and grow in complexity. This rising threat level is what inspired Lumension, a global leader in endpoint management and security, to consult leading security experts regarding their views on what’s next for cybersecurity in 2012.

Discussing their views in a 2012 prediction podcast is Lumension’s own Pat Clawson, chairman and CEO, and Paul Henry, security and forensic analyst, along with Randy Franklin Smith, founder and president of Monterey Technology Group and author of the Ultimate Windows Security Blog. Eric Ogren, founder and principal analyst of the Ogren Group, will host the discussion and will engage Clawson, Henry and Smith regarding the trends they foresee in the realm of cybersecurity in 2012. Specifically, they will examine:

The virtual enterprise – how hardware and physical security strategies are ineffective in this environment
Cloud insecurity
Escalating numbers of mobile device hacks, resulting in costly breaches
The need for a SSL infrastructure overhaul
IPV6 concerns

“As an endpoint security provider, we hope to give IT administrators and the general public insight into what the future might bring, so that they can best prepare for next year’s IT security landscape,” said Pat Clawson, chairman and CEO, Lumension. “It’s no surprise securing endpoints will only become more challenging in 2012 as the number of endpoints continues to grow with the explosion of mobile devices and as threats continue to become harder to detect and increasingly damaging.”

Listen to the conversation and read the participant’s blog posts at Optimal Security, the Lumension blog.

Supporting Resources:

Lumension® Endpoint Security Solutions Gain Momentum

Wed, 30 Nov 2011 00:00:00 GMT

After announcing several accolades for the Lumension^® Endpoint Management and Security Suite (L.E.M.S.S.) in the third quarter, Lumension^®, the global leader in endpoint management and security, continues their strong momentum in the fight against cyber attacks with their comprehensive endpoint security suite.

L.E.M.S.S. simplifies systems management, expands operational visibility and delivers more effective security through the integration of Lumension^® Patch and Remediation, Security Configuration Management, Power Management and Content Wizard. Lumension^® Intelligent Whitelisting is available on L.E.M.S.S. as are additional modules, including: Lumension® Application Control, Lumension^® AntiVirus, Lumension^® Device Control.

Enhanced Features and New Certification
With the launch of L.E.M.S.S. v 7.1 SP1 in October, a new security configuration management assessment reporting feature became available and accordingly, renewal of the SCAP certification from the National Institute of Standards and Technology (NIST) was achieved. The Security Content Automation Protocol (SCAP) combines a number of open standards used to enumerate software flaws and configuration issues.

SMB Security
In partnership with Intel® AppUp Small Business Servicerunning on the Intel Hybrid Cloud platform, small business customers may now instantly and remotely download L.E.M.S.S. Patch and Remediation for greater security.

“The Intel AppUp Small Business Service catalog continues to expand its offerings with powerful core services, like Lumension Endpoint Management and Security Suite," said Bridget Karlin, General Manager, Intel Hybrid Cloud. "Intel is excited to work with Lumension to offer industry leading patch remediation solution across heterogeneous OS’s and configurations. This is an excellent solution for our reseller partners to provide their small business customers peace of mind they have the latest and most secure software without the need for an IT staff. "

“As threats continue to grow and evolve, IT’s visibility into what is really happening on their endpoints is decreasing,” said Pat Clawson, Chairman and CEO, Lumension. “And consequently, so is overall security. An integrated endpoint management and security solution means simpler systems management, improved operational visibility and more effective security. Further validation of this idea by certification and partnership is great kudos.”

Lumension Endpoint Intelligence Center (L.E.I.C.)

Bringing together the latest information on threats, vulnerabilities and patches for improved understanding and mitigation of risk posture, Lumension has expanded the Lumension Endpoint Intelligence Center to include a number of new risk assessment tools and file validation utilities. In addition to continuously updated threat information, IT staff can now access improved data including a real-time assessment of world-wide IT risk and a product library which provides a comprehensive view into what files belong to what applications/products. Extensive new patch content for operating systems and third party applications has also been added. As a whole, L.E.I.C. brings together different silos of operational and security data to provide an intelligent understanding of and visibility into endpoint risk.

“A significant portion of endpoint security risk is found in the third-party application layer,” said Jerome Bei, Director, L.E.I.C., Lumension. “But it is of course difficult for IT to keep up with patching all of those applications. We developed L.E.I.C. as a convenient tool for IT to find the most up-to-date application intelligence information and improve their endpoint security.”

Supporting Resources

IT Reports Growing Insecurity As Endpoint Complexity Explodes With Proliferation Of Mobile And Virtual Environments, According To 2012 Lumension-Ponemon Endpoint Risk Study

Mon, 14 Nov 2011 00:00:00 GMT

While malware attacks continue to be a significant risk and operational cost driver, today’s IT security teams are more concerned about threats brought on by their organization’s reliance on personal mobile devices, virtualization technologies and cloud computing, according to the State of the Endpoint, a new Ponemon Institute study commissioned by Lumension®, the global leader in endpoint management and security. While IT’s focus on the enablement of business productivity is a mind shift expected by other business leaders, inadequate collaboration and lacking resources for security create a perfect storm for hackers to capitalize on.

For the third consecutive year, IT reports growing caution in the overall security of their network, with 66 percent of respondents reporting their networks were not more secure than last year – a figure slightly more than 2010 (64 percent) and 2009 (59 percent). The State of the Endpoint indicates the primary circumstance impacting organizational security is evolving, exceedingly vulnerable endpoints, ineffective policies for both technology implementation and organizational prioritization of security and the inability to educate employees on security best practices.

While many organizations continue to invest in traditional technology solutions, more and more recognize they aren’t able to effectively reduce endpoint risk within today’s environment. Additionally, there is little alignment with other business areas and, as a result, organizations are wasting valuable time, money and resources while continuing to expose their IT environment to unnecessary risks.

State of IT Endpoint Risk Key Findings:

Malware continues to be a threat and operational cost driver for IT, but their ability to reduce it is being challenged as the focus shifts to enabling business productivity with less cost.
- 31 percent of respondents noted a major uptick in the frequency of malware incidents over last year with 43 percent estimating that they deal with more than 50 malware attempts on a monthly basis. This equates to nearly two intrusions per day.
- 23 percent of organizations expressed that zero-day attacks are there biggest headache with targeted attacks coming in a close second at 22 percent.
In comparing the 2010 survey results to current findings, the top five areas for the greatest rise of potential IT security risk within IT environments, include:
- Third-party applications were ranked number one in terms of “most concerning” risk, yet only 23 percent of respondents consider patch and remediation as a “top five” risk mitigation strategy.
- Concern for securing mobile devices and platforms saw a huge jump from nine percent in 2010 to 48 percent in 2011.
- Concern over negligent insider risk has been consistent over the past three years with 43 percent of organizations polled seeing this as the greatest risk moving into 2012.
- New worries over cloud computing infrastructure risk also jumped from 18 percent in 2010 to 43 percent in 2011, and while most anticipate their use of cloud will increase, 41 percent of those surveyed said they do not have a security strategy in place for assets stored in the cloud.
- More than 72 percent of respondents reported their organizations will see an increase in the use of social media applications in 2012.
Continued downward pressure on IT security investment and organizational security prioritization continues to elude. Further evidence shows:
- Overall security budgets remain as one of most concerning items for 2012 (32 percent) and 40 percent of respondents said collaboration between security and IT is poor and/or non-existent.
- 25 percent respondents said their budgets would increase in 2012, yet respondents showcased concern over insufficient collaboration with business operations (16 percent) and the lack of an organizational wide security strategy (13 percent).
- 48 percent of respondents said collaboration between IT operations and IT security could be improved.
As the use of Mac products become increasingly common in the workplace, mistrust in their invulnerability to malware grows – 85 percent say they are very concerned or increasingly concerned.
Given the impact of new risks associated with remote workers, social media, mobile platforms and cloud computing, organizations are now looking to implement a more robust mix of effective solutions to tackle these mounting endpoint risks. According to those polled, the top five technologies that IT plans to increase usage over the next 12 months are:
- Application control/whitelisting (56 percent)
- Application control firewall/gateway (55 percent)
- Integrated endpoint security suite (46 percent)
- Mobile device management (45 percent)
- Security Event and Incident management (SIEM) (38 percent)

Supporting Quotes:

C. Edward Brice, Senior Vice President, worldwide marketing, Lumension

“This years’ State of the Endpoint Survey reveals a large disconnect between the perceived risks and corresponding strategies to combat today’s evolving endpoint environment. Also evident is the need for a fundamental mind shift across the enterprise to ensure prioritization is given to organizational security. Clearly IT is concerned about this but it is evident they struggle with actionable next steps.”

Larry Ponemon, Chairman and Founder, The Ponemon Institute

“The State of the Endpoint survey uncovered some interesting truths to how organizations are faring in the battle to protect their endpoints. Probably most surprising this year is the fact that malware attacks continue to increase for the third-consecutive year, yet IT’s concern in this areas is decreasing and they aren’t spending their budgets on basic malware prevention strategies, nor are they collaborating with security to formulate centralized plans for the enterprise network. Most of their concern this year seems to reside on the new technologies entering the workplace, such as mobile devices, cloud computing and virtualization.”

Patrick J. Clawson, Chairman & CEO, Lumension

“Organizations continue to lose the battle when it comes to staying ahead of today’s threat landscape, as the study results confirmed for us. This is further compounded by a lack of collaboration among IT operations and IT security leaders to support information sharing, as well as ineffective anti-malware technologies currently being used to protect today’s IT endpoint risks. As we look to 2012, we are encouraging our customers and the larger security industry to further educate end-users to help in the fight against malware to improve the pain points associated with employees using mobile platforms, social media and cloud computing applications in the enterprise.”

Methodology
The State of the Endpoint was derived from a survey of 688 IT and IT security practitioners within the U.S. spanning key industries including financial services, public sector and healthcare, all of whom have active responsibility for their data security and compliance efforts.
Resources:

State of the Endpoint Infographic and Whitepaper

Complexity and Cost Reduction Focus of Lumension® SMB Endpoint Security Education Series

Wed, 02 Nov 2011 00:00:00 GMT

To provide the growing number of small and mid size organizations dealing with data breaches with endpoint security best practices that are both practical and efficient, Lumension®, the global leader in endpoint management and security, will host the second of a two-part webcast series for improved SMB endpoint security on Tuesday, November 8 at 11am ET.

Beyond which technologies to deploy, How to Reduce Endpoint Complexity and Costs is led by security expert and author, Roger Grimes and Chris Merritt, director of solution marketing, Lumension. Participants will learn:

How to improve uptime without additional management burden;
How to reduce complexity by limiting the number of security agents and consoles and;
How to reduce overall costs by getting more from limited IT resources and budget

Registration is now open for How to Reduce Endpoint Complexity and Costs, which is a follow-up to the first webcast held in September, How to Improve Endpoint Security on a SMB Budget.

Supporting resources:

Security Mistakes Users Make Topic of New Webinar

Wed, 12 Oct 2011 00:00:00 GMT

The biggest risk in many organizations today isn’t the software or hardware, it’s users. Specifically, users being tricked into running a Trojan horse malware program that bypasses installed defenses according to the recent Microsoft Security Intelligence Report. To help educate users on the should and should-not’s of IT security, Lumension®, the global leader in endpoint management and security, will host a webinar, The Security Mistakes People Make on October 13.

Given the significant challenges presented by users, are traditional IT approaches solving the wrong problems? This question and others will be discussed by webinar leaders, security analyst, Mike Rothman of Securosis and Paul Zimski, vice president of solution marketing with Lumension. In the one-hour webinar, participants will learn:

Learn how to better educate uses on online security basics and explain why certain policies are needed;
Learn how to use a phased approach in introducing new security technologies without impacting user experience and;
Learn what key technologies can most effectively ward off the bad guys without bogging down systems and staff.

Participants may register now as well as join an ongoing, live Q&A where they are encouraged to share their user security experiences.

Supporting resources:

Lumension® Elevates Brand with New Awareness Campaign

Tue, 27 Sep 2011 00:00:00 GMT

Lumension®, a global leader in endpoint management and security, launched a global brand campaign late this summer to boost awareness across broader IT audiences, further position the IT security software developer as an industry leader and support the company’s recently launched endpoint management and security application suite. Early campaign results show the effort has so far generated nearly twice the number of new contact inquiries in comparison to more traditional advertising campaigns previously used.

To educate the market on how to regain control of their endpoints, Lumension launched an online branding campaign in September across top IT media portals. Developed with The Loomis Group, the advertising campaign positions Lumension as the bridge between superior and elegantly designed IT security solutions and a way to help IT managers meet the challenges of increasingly risky endpoint environments without negatively impacting business productivity.

As demonstrated by the recent high profile data breaches found in many of today’s headlines, organizations of all sizes are faced with an increasingly complex threat environment. Hackers want their data and have found sophisticated ways to disrupt, deny and steal data at alarmingly rapid rates. As the enterprise become more mobile and employees’ personal and professional lives intertwine on socially collaborative environments, insider risk is adding more fuel to the onslaught of malicious software companies must deal with daily.

“Our research indicated that IT leaders felt they were losing control over the endpoint environment and point product technologies had limited their visibility over what was really happening on their endpoints. While a solution was needed, IT did not want to control the environment in a way that would negatively impact business productivity” said C. Edward Brice, Senior Vice President, Worldwide Marketing for Lumension. “This formulated our brand positioning strategy of Control Made Simple as the ideal theme in which to position our innovative endpoint security suite offerings.”

Pre-campaign research indicated that Lumension has very strong brand loyalty among audiences who consider their products. “Because of this, our goal was to extend our reach and encourage new audiences to consider us,” Brice said.

The campaign supported two new Lumension product roll outs this year, Lumension® Endpoint Management and Security Suite and Lumension® Intelligent Whitelisting. Execution called for an endpoint management and security suite focused microsite with various solution areas. “We wanted to have the flexibility in our campaign that enabled broader suite awareness but that also served as an umbrella over more targeted, demand centric executions.”

The campaign kicked off in summer and will run throughout 2011. Included are several high impact awareness executions as well as a mobile component targeting leading mobile IT portals, smart phones and tablets. “When we looked at our overall website traffic we found that upwards of 15% of our traffic was coming from smart phone and tablet operating environments. This led us to pilot a mobile campaign to learn more about the mobile media and our audiences’ preferences for engaging with our messaging in that environment,” Brice said.

Additionally, Lumension kicked off a thought leadership program featuring the eBook, “What Every CEO Should Know About IT Security” by Lumension CEO, Pat Clawson. To help IT also address IT security challenges often created by company employees and other organizational technology users, a video, Be Aware of What You Share was created to aid the education process.

“Technology will only take you so far in combating the cyber-security risk we face today. The IT Security industry needs to do more to help educate all consumers about dangerous but real cyber risks and the simple steps necessary for protecting yourself online,” Brice said. “So as part of our branding initiative, we wanted to provide resources that help companies provide basic education to their employees.”

Supporting Resources:

New Lumension® Education Effort Focuses on Basic IT Security Awareness for Company Leaders and Employees

Wed, 21 Sep 2011 00:00:00 GMT

Data shows the cost of global cyber crime is now estimated at $114 billion annually and while the focus is often on technology to fight cyber security threats, the reality is business leaders and company employees must also play a significant role in helping their organization block cyber attacks. To help IT leadership educate their organizations, Lumension®, a global leader in endpoint management and security, has launched an IT Security education program with specific resources tailored for CEOs, business leaders, and employees.

To better wage war against loss of personal information and hacks into organizational data stores and even governments, many security experts and government officials are calling for an increased sense of responsibility and understanding on behalf of individual technology end-users.

“The biggest risk to an organization is often the behavior of the people inside,” said Pat Clawson, Chairman and CEO, Lumension. “Our country and the IT security industry have not yet done enough to encourage and teach basic cyber security to internet users so they can conduct safe data practices – both for the protection of their own information and their employers.”

Recognizing the need to go back to the basics, Lumension has launched a new eBook and video series for business leaders, What Every CEO Should Know About IT Security. A candid explanation of IT risk and what organizations stand to lose, the information is a wake-up call for the many executives who focus solely on meeting regulatory compliance requirements and fail to implement and review a comprehensive security strategy, a need identified by the recent PriceWaterhouseCooper report.

Additionally, Lumension hopes to help IT leaders educate their organization’s employees through a series of simple, entertaining videos that deliver basic cyber security understanding and best practices. To protect both personal information and organizational data, Be Aware of What You Share illustrates basic online dos and don’ts for users. Other animated videos in the Lumension end-user resource center include topics like phishing scams, secure websites, secure passwords and what is a computer virus.

“While security breaches will continue to happen, we wanted to create a compelling educational program that IT could use to broaden the understanding of cyber-security risk from the C-Suite to all employees. The goal is to recruit all available partners in an organizational fight against cybercrime to reduce the chances of a serious data breach that could cause irreparable harm to both finances and reputation,” said C. Edward Brice, senior vice president, worldwide marketing, Lumension.

“Security is not just a technology problem,” said Clawson. “It is also a behavior issue among the global workforce and basic best practices need to be taught to everybody in order to ensure better security across both the enterprise and for someone’s personal information.”

Supporting Resources:

Lumension® To Showcase Application Control Benefits in Virtual Environments at VMworld® 2011

Mon, 29 Aug 2011 00:00:00 GMT

More than 1.6 million new malware signatures are identified each month according to research from independent research institute, AV Test and traditional approaches to endpoint security can no longer keep up. In a virtual environment the risks are equally as great and traditional security approaches can lead to agent proliferation that seriously impacts manageability and performance. Agent-less application control allows virtual datacenters to take a proactive stance in securing against rising stealth and zero-day attacks and minimizes agent proliferation, preserving performance and simplifying system management.

To deliver improved security in virtualized environments, Lumension^®, a global leader in endpoint management and security will integrate their industry-leading application whitelisting technology with the VMware vShield^™ Endpoint security solution and its associated EPSEC application programming interface (API.) Lumension will be demonstrating this recent innovation at VMworld® 2011 in the Lumension booth, #353.

“VMware vShield™ Endpoint and the EPSEC API will provide a platform on which our partners can build innovative security solutions to address the rapidly changing security landscape,” said Parag Patel, Vice President, Global Strategic Alliances, VMware. “Lumension’s integration of advanced whitelisting capabilities with VMware vShield Endpoint via the EPSEC API is an exciting example of this type of innovation.”

Lumension Application Control is a technology that defines and ensures only the use of trusted applications in an endpoint environment definition. When combined with VMware vShield Endpoint, it will deliver agent-less protection that defines the trusted applications and eliminates the need to deploy and manage an additional agent on each virtual machine and avoids the associated performance impact. This transparent, always-on protection will not only address “stealthware”, it will also protect virtual machines where antivirus is uninstalled, lacking the latest updates, or malfunctioning. Un-patched virtual machines will also be automatically protected.

"Our customers have challenged us to combine the power of whitelisting with the benefits of virtual environments,” said Mike Wittig Lumension President/CTO. “By integrating with VMware vShield™ Endpoint, we are responding with a technology that is truly synergistic. This will advance IT security beyond what can be achieved in purely physical environments.”

At VMworld® 2011 Las Vegas, Lumension will showcase the innovative use of Lumension Application Control to secure and manage VMware software-based virtual environments. Leveraging VMware vShield EPSEC API, Lumension Application Control will deliver the following benefits within a VMware virtual environment:

Leverage the Power of Hypervisor Introspection – Lumension Application Control integrated with VMware vShield EPSEC API will provide visibility into application events via the hypervisor, enabling essential application control capabilities without deployment of a policy enforcement agent.
Improved Consolidation Ratios and Performance – Operational efficiencies are gained by reducing security agent overhead and the aggregate security load on host systems.
Simplified Application Control Management – Lumension integration with VMware vCenter™ Server will simplify the management of application control policy and enforcement across all guest virtual machines immediately improving security across the entire virtual environment.
Continuous Endpoint Protection – Immediately protect new virtual machines coming online with malfunctioning or off-line agents. Effectively prevent the installation and use of unauthorized software and the introduction and execution of malicious code.
Protection Against Zero-Day Attacks– Automatically block zero-day attacks by default, without waiting for an anti-virus and or patch content to be developed and provided.
Reduced Local Admin Account Risk – Ensures standardized system configurations by enforcing policies that enable only trusted and authorized applications to run – without taking away local admin rights.
Increased Performance and Reduced TCO - Improve the stability and performance of the virtual environment and lessen operational support costs. This is accomplished by leveraging VMware vShield and reducing many duplicate functions.

To offer this new technology, Lumension has joined the VMware Technology Alliance Partner (TAP) Program at the “Elite” level.

“The VMware TAP program continues to facilitate creative and important customer solutions from the VMware partner ecosystem,” said Parag Patel, Vice President, Global Strategic Alliances, VMware. “We are excited to have Lumension join the TAP program and add their security leadership and expertise to the growing VMware partner community.”

Supporting Resources:

Recent Cyber Attacks Against Federal IT Prompts Lumension And Security Expert Discussion

Mon, 08 Aug 2011 00:00:00 GMT

Recent reports have revealed that U.S. government servers are faced with 1.8 billion cyber attacks every month. With such an alarming number, it is painfully obvious that status quo security measures are not keeping pace with today’s threats. In response to today’s seemingly endless attacks, Congress has introduced the Cyber Security Public Awareness Act of 2011, but more evolution of government agency cyber defenses needs to occur.

In an effort to offset the growing numbers of attacks, and regain control of our cyber defenses, Lumension will be presenting a webcast titled “Reorganizing Federal IT to Address Today’s Threats.”

Government agency IT staff will learn from hosts Richard Stiennon of IT Harvest and author of Surviving Cyber War, and Lumension vice president of solution strategy, Paul Zimski as they examine:

Today’s threats and attacks currently targeting government IT systems;
How federal IT departments can reorganize to improve security and operations;
What key endpoint security capabilities should be implemented

“The overwhelming amount of cyber attacks in recent months further proves the critical importance of having a well-thought, structured defense plan in place,” says Zimski. “Our government IT is perhaps single handedly one of the most important aspects to homeland security and is no exception when it comes to cyber attacks. We need to reorganize, refresh and restructure to ensure that our governmental departments are just as safe as any other organization.”

The webcast will take place Thursday, Aug. 11 at 11 a.m. EST. For more information or to register for free, please visit http://www.lumension.com/Resources/Webinars/Reorganizing-Federal-IT-to-Address-Todays-Threats.aspx/?rpLeadSourceId=L2022.

Supporting Resources:

Windows 7 Applocker Capabilities and Limitations Topic of Lumension Sponsored Webcast

Mon, 01 Aug 2011 00:00:00 GMT

Seventy percent of today’s security threats are targeted at the application layer according to market researcher Technavio. Windows 7 AppLocker provides an additional layer of security to control unknown, unwanted and malicious apps, but for heterogeneous IT environments additional capabilities are needed to secure the many applications users and the enterprise now rely on. To provide IT professionals with an understanding of AppLocker capabilities and gaps in its protection, Lumension®, a global leader in endpoint management and security, will sponsor a webcast on Wednesday, Aug. 3 at 12 pm EST.

Windows 7 AppLocker: Understanding its Capabilities and Limitations will be hosted by Randy Franklin Smith, founder and CEO of Monterey Technology Group and the voice behind Ultimate Windows Security, and will examine AppLocker’s capabilities through live demonstrations and also take an in-depth look at the limitations of AppLocker, including how the native functionality stacks up against the realities of today’s desktop and laptop environments where there are many exceptions to the rule; many users have unique needs; there are multiple configurations, OS versions and applications; and change is constant.

“AppLocker is designed for fairly homogenous environments but in many real world environments each PC is really unique – this can stretch the exception capabilities of AppLocker,” says Smith. “Endpoint change is constant and IT professionals don’t want user productivity to screech to a halt due to updating an application without updating the AppLocker policy. Then there’s the issue of reporting and visibility into what your software restriction policies are actually doing and what impact there is to your end users.”

According to Smith, these are just some of the considerations IT professionals should take into account before implementing AppLocker. He will also point out additional caveats attendees should be aware of. While AppLocker does have limitations that can leave security holes, webcast attendees will learn that there are ways to address these issues. For instance, they can implement an application control solution, such as Lumension^® Intelligent Whitelisting.

“It’s frightening how rapidly today’s corporate network can become overrun with unapproved software and various applications,” said Chris Merritt, director, solution marketing, Lumension, who will also be participating in the webcast. “It’s critical that IT technicians address these issues immediately; however, they need to be aware that AppLocker is not a fix-all. Due to the gaps outlined by Mr. Smith, technicians must supplement AppLocker by leveraging a tool such as application control. I’ll explain how to do so, along with the benefits of this technology.”

For more information on the webcast or to register for free, visit https://www.ultimatewindowssecurity.com/webinars/register.aspx?id=141&source=4.

Supporting Resources:

Lumension Endpoint Management and Security Suite Receives 3rd Party NIST Validation, Industry Praise and Enhanced Capabilities

Wed, 13 Jul 2011 00:00:00 GMT

After announcing the addition of Device Control to the Lumension^® Endpoint Management and Security Suite (L.E.M.S.S.) last month, L.E.M.S.S. continues to gain momentum as the most robust and agile suite in the industry. As evidence of this momentum, Lumension^®, a global leader in endpoint management and security, today announced further industry recognition.

Growing Industry Recognition

FIPS 140-2 Validation: The Lumension Cryptographic Kernel within L.E.M.S.S. Device Control achieved FIPS 140-2 (Federal Information Processing Standards) Validation by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC). Lumension joins a small list of software modules with level 2 validation. FIPS 140-2 is a US government computer security standard used to accredit cryptographic modules and to certify private sector vendor products for use in government and regulated industries that collect, store, transfer, share and disseminate sensitive information. Validation is mandatory for any cryptographic product used in U.S. government agency work.

SC Magazine Product Review: L.E.M.S.S. was also recognized in the July 1 edition of SC Magazine with five out of five stars overall review rating. SC Magazine researchers found the product, server implementation, policy creation and client deployment to be easy and intuitive. They also found that L.E.M.S.S. to be unique among traditional endpoint security devices due to its asset management capabilities which were considered an innovative and effective approach on endpoint management and protection.

Virus Bulletin Magazine’s VB 100 Review: In its very first independent antivirus test, L.E.M.S.S. AntiVirus achieved a VB100 award in Virus Bulletin Magazine’s comparative review, published in the June issue. This VB100 recognition was awarded as L.E.M.S.S detected 100 percent of “in the wild” malware samples without any false positives. In addition, L.E.M.S.S. detected 99.98 percent of polymorphic viruses, 96.69 percent of worms and bots and 96.41 percent of Trojans. The VB100 is a widely recognized, independent testing of antivirus products. In this review, products were tested on the Windows Server 2008 R2 platform and L.E.M.S.S. was compared to a number of well-known, well-respected AV products.

L.E.M.S.S. customer Jason Brown, Network Engineer with EM Solutions, implemented Lumension^® Intelligent Whitelisting – a L.E.M.S.S. solution that integrates Patch Management, AntiVirus and Application Control – and reported favorable experiences with the new platform.“We have not had any virus outbreaks on the machines with Intelligent Whitelisting and we have transitioned away from our former antivirus solution. Intelligent Whitelisting has kept more machines running optimally while reducing the amount of time I need to spend on re-imaging downed endpoints.”

New Enhanced Features

Lumension also announced additional functionality for the latest version of its free Application Scanner tool, which identifies an environment’s known and unknown applications. In addition to enhanced scoring metrics, the Application Scanner is now interfaced with L.E.M.S.S. and able to reconcile discovered applications against the Lumension Endpoint Integrity Service.

“The unprecedented level of malicious content in today’s corporate networks means that if a breach occurs, security managers don’t have time to hunt through a number of products to find the one that will plug a vulnerability. They are fighting malware by the second, thus a more robust security suite is absolutely critical,” said Pat Clawson, CEO and chairman, Lumension. “That was our goal in creating L.E.M.S.S. – we wanted to provide security professionals with an all-encompassing product that can be accessed from a single console. And while we have received praise from a number of customers, recognition for L.E.M.S.S. from a prestigious government research agency and two industry publications furthers what our customers have been saying all along.”

Supporting Resources:

Webcast to Discuss Application Control's Role In Effective Endpoint Security With Windows IT Pro and Lumension

Mon, 11 Jul 2011 00:00:00 GMT

Deploying firewalls and keeping your servers and clients patched with the latest security updates can only go so far, making securing enterprise IT environments a challenging job even under ideal conditions. More unwanted and unmanaged third party applications are running in organizational environments. And the volume and sophistication of today’s attacks has exploded with an increasing focus on the vulnerabilities in these third-party applications. As a preemptive measure, Windows IT Pro Industry News Analyst and security columnist Jeff James and Chris Merritt, director of solution marketing for Lumension, will discuss tips and best practices for managing and securing third-party applications in an IT environment in a webcast titled, “Why Application Control is Vital for IT Security.”

James, who was previously editor in chief of Microsoft TechNet Magazine and editorial director at the LEGO Company, has more than 15 years of experience as a technology writer and journalist. Merritt leads the market positioning and strategy for Lumension’s endpoint and data protection solutions, which makes them both well-suited to discuss the ends and outs of application control within complex endpoint environments and how to enhance an organization’s security posture – without impacting productivity.

This webcast is intended for:

IT administrators wanting to understand the important key roles application control plays in their environment
IT Professionals willing to learn how to discover, analyze and patch or remove third-party applications

“Stand-alone anti-virus no longer provides an effective defense against current enterprise environments, making additional layers of security necessary to address the rising volume and sophistication of threats,” said Merritt. “Not only is the volume and sophistication of malware increasing, but so is the number of applications downloaded and installed by employees – making continued education on the topic of application control even more important.”

The webcast will take place on July 14 at 2:00 p.m. ET. Register for the webcast here.

Supporting Resources:

Lumension enriches core Endpoint Security Suite and enhances data protection with Device Control

Mon, 20 Jun 2011 00:00:00 GMT

Removable media continues to be a valuable productivity tool that facilitates quick and easy data access while improving collaboration, but the looming risk of data loss and the introduction of malware through removable media is a very real, costly concern for organizations. In fact, the latest estimated cost of a data breach incident, according to the 2010 annual study by the Ponemon Institute, is up to $7.2 million – or $214 per compromised record; and this figure will only continue to increase as new regulations are put into effect that impose criminal penalties on the organizations involved.

In order to better enable organizations to gain control of their increasingly unsecure removable media, Lumension®, a global leader in endpoint management and security, today announced that Lumension^® Device Control is now available as a modular offering on the Lumension® Endpoint Management and Security Suite (L.E.M.S.S.) alongside other best-in-class capabilities that include: patch management, configuration management, power management, antivirus, application control, and asset management.

Lumension® Device Control automates the discovery of devices, defines and enforces device use and data encryption policies by user or group, and provides detailed forensic information to track data events. Additional key features include:

Data loss / theft protection – Protect valuable organization and customer data from loss or theft via removable devices.
Media encryption – Require users to encrypt data being copied to removable devices / media in compliance with policy and regulation.
Malware prevention – Prevent malware intrusion and propagation via removable devices which adds a layer of protection to the network.
Detailed forensics – Monitor all files being transferred onto and off the network by file metadata or the patented bi-directional full file shadowing capability.
Defense – in – depth – Leverage a seamless layer of protection with a defense-in-depth strategy on the Lumension Endpoint Management and Security Suite.

“Recent headlines remind us of the importance of protecting our data while also ensuring the ability to keep employees productive,” said C. Edward Brice, senior vice president, worldwide marketing, Lumension. “By integrating Device Control onto L.E.M.S.S., we are able to offer a more complete, multi-layered, defense-in-depth endpoint security approach with simplified management of systems, agents, and policies because of the centralized endpoint management platform.”

Lumension’s Device Control will debut at Gartner’s Risk and Security Summit in Washington, DC, where Lumension’s security and forensics analyst, Paul Henry will speak on the topic, “Rethinking Your Endpoint Security Strategy” on June 21. General availability is the end of June.

Supporting Resources:

Lumension® partners with Sophos to offer Full Disk Encryption

Mon, 20 Jun 2011 00:00:00 GMT

In today’s global, 24x7 business environment, organizations need real-time access to data; and balancing access with potential associated risks is key to ensuring data is not lost or stolen and business productivity is not negatively impacted.

In order to help organizations with this balancing act, Lumension®, a global leader in endpoint management and security, today announced it has partnered with Sophos, a global IT security and data protection company, to offer full disk encryption capabilities available as a modular add-on offering on the Lumension® Endpoint Management and Security Suite. (L.E.M.S.S.).

Through this partnership, Lumension now offers a full endpoint PC data protection solution that includes full disk and device encryption as well as removable media data egress policies. On L.E.M.S.S., full disk encryption capabilities join other best-in-class capabilities that include: patch management, configuration management, power management, device control, antivirus, application control, and asset management.

“When it comes to security and protecting confidential data, businesses are finding themselves playing a relentless game of offense and defense,” said vice president of global strategic alliances and OEM Michael Rogers, Sophos. “Keeping pace with changing compliance regulations, rapidly evolving enhancements to technology, and a far more nomadic workforce, businesses must cover all bases when it comes to protecting confidential data on the corporate network – especially the endpoint. Adding Sophos’s full -disk encryption to Lumension’s Endpoint Management and Security Suite will ensure that confidential data remains confidential and accessed by authorized users only.”

Enforcement of IT security policy is becoming increasingly important in today’s world of extensive regulations, which range from global to country to industry-specific. Attempting to comply with these external and internal regulations adds another layer of complexity and failure to comply with external regulatory compliance such as SOX, HIPAA and PCI can result in very real economic damage, both directly in the cost of loss data and indirectly in terms of lost customers and brand value.

“By partnering with Sophos to extend our data protection capabilities, we are providing IT security professionals with the assurance that they are completely compliant and that their customers’ sensitive information is more secure,” said Rich Hlavka, senior vice president of business development, Lumension.

Supporting Resources:

Enabling Local Admin Rights Without Risk topic of Lumension Webcast

Mon, 13 Jun 2011 00:00:00 GMT

In today’s Windows environment, end-users are accustomed to having local administrator privileges, which allows them to download a variety of applications and potentially misconfigure their PCs. While standard wisdom may be to simply solve the problem by revoking local administrator rights on users’ systems, the reality is that this may not be a realistic option for all organizations. And removing local admin rights does not address applications such as Google Chrome or browser plug-ins for which admin access is not required. In order to address the issue of how IT administrators can give users what they want, without comprising security, Lumension®, a global leader in endpoint management and security, will be hosting a webcast titled “How to Enable Local Admin Access Without the Risk.”

In this webcast, which will take place Thursday, June 16 at 11:00 a.m. EDT, Chris Merritt, director of solution marketing for Lumension, and Roger Grimes, security consultant, columnist, and author, will discuss how IT administrators can gain control over Windows environments while still offering local admin rights to the user base – through application whitelisting. Attendees will learn how they can gain power over what types of applications their users install, while limiting access to under-the-hood controls that determine how well configured the machine remains. Specifically, Merritt and Grimes will examine:

Why revoking local admin rights will not solve the problem of unwanted and malicious applications;
How to promote productivity through local admin access while achieving control over configuration changes; and,
Additional benefits of application whitelisting, including the prevention of zero-day attacks.

“IT administrators often face a dilemma when attempting to limit privileges for end-users so that their machine setup remains optimally secure, while also ensuring that users are given the level of access they want and need,” said Grimes. “We want them to understand that they don’t have to sacrifice one for the other; rather they can have the best of both worlds by employing application whitelisting. Application whitelisting enables only a predetermined list of applications to run, so that users can still have access to the things they want and IT administrators can ensure users are not inadvertently downloading malicious applications.”

In order to register for the free “How to Enable Local Admin Access Without the Risk” webcast, visit http://www.lumension.com/Resources/Webinars/How-to-Enable-Local-Admin-Access-Without-the-Risk.aspx?rpLeadSourceID=L1890.

Supporting Resources:

Lumension provides industry resources for new Endpoint Security campaign

Wed, 08 Jun 2011 00:00:00 GMT

Today, as more than two million new malware signatures are identified each month and more organizations are falling prey to “zero-day” attacks, traditional antivirus simply cannot keep up in the malware arms race. In fact, 48 percent of organizations recently reported an increase in IT operating expenses, according to the 2011 State of Endpoint Risk study by the Ponemon Institute and commissioned by Lumension. Building on continued momentum, todayLumension ® , a global leader in endpoint management and security, launched its “Think Before You Renew AV” campaign which further expands upon the company’s expertise in endpoint security and management.

A recent report on endpoint security by Aberdeen Group compared “best-in-class” and “laggard” organizations and found that while both best-in-class and laggard companies had deployed baseline security technologies such as AV, only the best-in-class organizations were more likely to be early adopters of best-in-class security technologies. Among those technologies were application controls, such as application whitelisting. One benefit achieved by best-in-class organizations was a year-over-year reduction in costs, leading to a savings of $24 per endpoint, which was achieved by decreasing the number of endpoint security incidents, as well as the average time needed to identify and address them.

“What we’ve been hearing from customers and prospects is that while antivirus is still a relevant technology within endpoint security and one that should be used consistently to help manage fast-spreading and widely known malware, relying on AV as your primary defense against malware is wholly ineffective,” said C. Edward Brice, Senior Vice President Worldwide Marketing, Lumension. “To this end, we are now meeting a real industry need by making resources available that IT security professionals can use when evaluating existing, traditional antivirus solutions, as well as more advanced solutions, such as application whitelisting, and endpoint management and security suites.”

While malware continues to grow at an exponential rate and hackers continue to become uniquely sophisticated in their attacks, many industry professionals, along with their customers and partners, are beginning to wonder how anyone can stay safe and ahead of the security game. In order to help answer this question, Lumension has launched a number of resources in its new “Think Before you Renew AV” campaign, including a online resource center that features “True Cost of Malware Calculator” which helps organizations identify the many direct and indirect malware-related cost drivers, above and beyond the operational cost of AV software.

“In recent months we have seen a new risk environment emerge and as a result we are urging companies of all sizes to stop and rethink their approach to IT security. For too long, data protection has been viewed from the center out but with the proliferation of mobile devices and open and collaborative 3^rd party software, it really needs to be viewed from the perimeter in. Now is the time to take a step back and determine if the status quo approach to endpoint security is the right choice to make,” Brice said.

The campaign encourages companies to comparatively quote Lumension’s integrated suite-based endpoint protection solutions against their current AV renewal quote to better understand the true costs of various security tools. It also includes detailed demos of Lumension® Intelligent Whitelisting™, which is the only application whitelisting solution to combine the strengths of patch management and antivirus with new innovations in application control. In addition, use of the Lumension® Endpoint Management and Security Suite is shown in several “how-to” video vignette workflows including:

• Automating Your Whitelist Management
• Simplifying Whitelist Creation
• Eliminating Unwanted Applications
• Getting Application Visibility
• Reducing Local Admin Risk
• Promoting Acceptance Within a Customer End User Experience
• How to Remove Mac Defender

Supporting Resources:

Webcast to outline what to look for in an Endpoint Security Suite

Mon, 06 Jun 2011 00:00:00 GMT

Today's IT network is more distributed and virtual than ever with the added use of remote endpoints and cloud-based applications. Unfortunately, this increase has also translated into an explosion of increasingly sophisticated malware attacks targeting these endpoints and applications. As point-based endpoint security technologies are added to mitigate each new challenge, so amplifies the cost and complexity of managing the overall IT environment. In order to provide insight into how security administrators can more effectively manage this ever-growing network, Paul Zimski, vice president of solution strategy at Lumension, a global leader in endpoint management and security, and Mike Rothman, analyst and president of Securosis, an information security research and advisory firm will be participating in a Ziff Davis – hosted webcast titled “Stronger Security and IT Operational Excellence: How to Achieve Both from Your Endpoint Management and Security Suite.”

The webcast, which will take place Thursday, June 9 at 12:00 p.m. EDT, will also feature Salvatore Salamone, executive editor of strategic content for Ziff Davis Enterprise, publisher of eWEEK, Baseline, CIO Insight and Channel Insider. Zimski, Rothman and Salamone will discuss how security administrators can effectively and cost-efficiently manage and secure endpoints in today’s evolving IT environment. Specifically, they will examine:

Strategies that enable IT operations and security to effectively break down the traditional silos to reduce IT risk and improve overall productivity;
How to centralize management and visibility of your entire endpoint environment – across physical and virtual machines, online and offline systems and a variety of operating systems and applications;
How to ensure an effective, in-depth defense security approach;
Key capabilities to look for in an endpoint management and security suite; and
Cost benefits of consolidating best-of-breed endpoint operations and security technologies into one unified solution.

“What we want people to understand is that throwing additional products at the situation does not solve the problem, it only adds to it,” said Zimski. “The hole in secure network infrastructure is growing at an exponential rate, making it critical that we find a way to streamline and better understand these products in order to make them work together more effectively.”

Zimski, along with his fellow speakers, plans to demonstrate that the key to endpoint security is not about simply adding new security layers, such as antivirus, patch management and configuration management, but rather how these capabilities work together without degrading endpoint performance and, subsequently, end-user and IT productivity.

In order to register for the free “Stronger Security and IT Operational Excellence: How to Achieve Both from Your Endpoint Management and Security Suite” webcast, visit Ziff Davis Enterprise Digital Events page and simply sign in if you are already a member or sign up by filling in the information required.

Supporting Resources:

Lumension® Partners with Intel® AppUp Small Business Service to Deliver Patch and Remediation

Tue, 24 May 2011 00:00:00 GMT

Vulnerabilities and exploits are on the rise. To protect growing businesses from the cybercriminals focused on confiscating organization’s data and otherwise disrupting business, Lumension®, the global leader in endpoint management and security has partnered with Intel® AppUp Small Business Service. Intel’s new Hybrid Cloud servers, a subscription-based model for providing small businesses software on a pay-as-you-go basis, which run on locally-hosted Intel-based servers, will now deliver Lumension® Patch and Remediation via the Lumension® Endpoint Point Management Security Suite, L.E.M.S.S.
Microsoft operating systems and applications are not the only concern to organizations – other applications have four times more vulnerabilities than Microsoft and currently lead the path in cybercriminals’ attack vector of choice.
“It’s no secret cyber criminals are busy developing bigger and better hacking tools to help themselves to your data,” said Rich Hlavka, senior vice president, business development, Lumension. “Ongoing patching for all vulnerabilities is still an organization’s best first line of defense against potential attacks.”
However, with so many vulnerabilities to patch and seemingly countless IT assets to manage, it is increasingly difficult for a growing business to keep up. Lumension Patch and Remediation delivered through L.E.M.S.S. automatically identifies and patches vulnerabilities across heterogeneous operating systems, configurations and all major third party applications. The single console allows IT seamless management of the patching process while at the same time enables small business customers of the Intel AppUp Small Business Service to improve their endpoint security.
“The Intel AppUp Small Business Service is an opportunity for companies like Lumension to provide small businesses with needed security-enhancing tools that have cloud-like flexibility at a competitive price,” said Bridget Karlin, General Manager, Intel Hybrid Cloud.
Resources
• Lumension Patch and Remediation on the Intel AppUp Small Business Service
• Optimal Security Blog

Lumension® Partners with Intel® AppUp Small Business Service to Deliver Patch and Remediation

Tue, 24 May 2011 00:00:00 GMT

Lumension Intelligent Whitelisting Nabs Spectrum Award from American Marketing Association Phoenix

Mon, 16 May 2011 00:00:00 GMT

Lumension® the global leader in endpoint management and security, today announced that its Intelligent Whitelisting launch campaign has received a Spectrum Award for the Best Integrated Marketing Campaign for a Product from the American Marketing Association Phoenix. The campaign, which took place from December 2010 to February 2011, aimed to generate awareness of Lumension’s soon-to-be-introduced Intelligent Whitelisting product through multiple online social media channels and to then move these leads into the consideration phase through email nurturing efforts.

The campaign was successful in that it created buzz about the long-held perceptions of application whitelisting and the need for change when it comes to effective endpoint security. Specifically, it led to dialogue among industry insiders and reporters about application whitelisting as a viable security approach for endpoints and also invoked well-known industry analysts to recommend the technology.

“There is a lot of misconception about application whitelisting among the information security market,” said C. Edward Brice, senior vice president of worldwide marketing, Lumension. “As a smaller company, we don’t have the budget to drive large awareness or educational campaigns so we needed to think differently and look at a more socially enabled, integrated marketing approach.”
Lumension’s strategy in this campaign was to accelerate market adoption of its application control solution by developing an integrated marketing program that generated awareness and thought leadership by first establishing intelligentwhitelisting.com, an open and social forum designed to educate readers on application whitelisting. The site featured several prominent industry experts.

“What made this approach unique was we didn’t want our brand to be center stage in this industry forum. We wanted the participant experience to focus on the experts and their points of view. We even invited competitors to join the forum to ensure an evenly distributed view point and minimized our brand presence onsite as much as possible while still fully disclosing our role within the site,” Brice continued.

Corporate communication used content from IntelligentWhitelisting.com to place several articles from intelligent Whitelisting.com alongside Lumension thought leaders. Additionally, associated leads received through content offers or virtual events were moved from the awareness phase of the buying cycle into the consideration phase through email nurturing efforts that leveraged Intelligent Whitelisting.com as a resource in helping drive faster education and acceleration through the buying cycle. A number of additional tools were used to move leads, including social media; email newsletters; and a three-part podcast hosted on Lumension’s corporate blog, Optimal Security. Lumension teamed with Tempe agency Keane Creative for Intelligentwhitelisting.com site design and development.

The Spectrum Awards recognize outstanding efforts in the fields of marketing research, direct marketing, advertising, online marketing, multi-cultural marketing and public relations. These prestigious awards give marketing professionals an opportunity to gain peer recognition and reward for their outstanding work in local communities.

Supporting Resources:

Lumension Intelligent Whitelisting

Optimal Security Blog

Intelligentwhitelisting.com

The American Marketing Association Phoenix

Lumension Webinar Addresses Endpoint Security Risks with Intelligent Whitelisting

Mon, 09 May 2011 00:00:00 GMT

Lumension®, the global leader in endpoint management and security, will host a webinar with Randy Franklin Smith, Information Security Consultant and CEO of Monterey Technology Group , to outline a new approach, specifically one that offers defense-in-depth protection now necessary to combat today’s targeted and blended attacks.

Beyond standalone anti-virus, which has proven to be decreasing in its effectiveness,Lumension ® Intelligent Whitelisting on the Lumension® Endpoint Management and Security Suite is a layered approach to protecting endpoints from malware, including patch management, anti-virus and newly enhanced application control on a single console, server and agent architecture.

The webinar will take place on Thursday, May 12, at 12:00 pm ET with host Randy Franklin Smith, who will further explain what intelligent whitelisting is and how it addresses the old problems associated with original whitelisting technologies. The innovative, intelligent and flexible approach to the original application whitelisting concept has grown in adoption among organizations and is a viable method for implementing a proactive defense.

“The signature based model of classic AV and the teams and infrastructure behind it are increasingly stretched to keep up with the pace and sophistication of today’s financially motivated malware developers,” said Randy Franklin Smith. “On the other hand, patch is getting more complicated as the bad guys target more and more software vendors. Moreover both patch and AV are reactive – not a proactive effort to stay ahead of the bad guys.”

“In this Webinar, we will demonstrate how our consolidated endpoint security suite unifies all three levels of endpoint malware defense,” said Chris Merritt, Director, Solution Marketing at Lumension. “With Patch, AV and intelligent whitelisting all integrated into our single solution we will show customers how they can leverage Lumension to combat malware efficiently and effectively.”

To register for this webinar, please visit: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware

Supporting Resources:

Lumension Intelligent Whitelisting

Learn more about Windows Security

Visit the intelligentwhitelisting.com
industry forum

Lumension Partners With Namtek To Advance Layered Approach To Endpoint Security

Wed, 04 May 2011 00:00:00 GMT

Lumension®, a global leader in endpoint management and security, today announced it has forged a new partnership with Namtek Corp, a leading provider of governance, risk management, and compliance solutions. As a number of endpoint security vendors continue to provide ineffective, antiquated point products, the number of malware exploits is increasing exponentially by the day. In fact, there are now more than 2 million new malware signatures identified each month. As part of this partnership, Lumension and Namtek will work together to better equip both government entities and private organizations in the fight against malware.

“This partnership is an opportunity to increase awareness about the necessity of a layered endpoint security approach,” said Matt Mosher, Senior Vice President of Worldwide Sales, Lumension. “We are always striving to educate customers on the evolving threat landscape and the need to think differently. With Namtek, we are furthering this message by providing our solutions, coupled with Namtek’s expertise, to a wider audience.”

Because malware is capable of finding holes that security administrators may not even know exist, a layered approach is critical in protecting endpoints. Namtek will provide customers with Lumension® Patch and Remediation, Lumension® AntiVirus, and Lumension® Application Control, Lumension® Device Control on or off the Lumension® Endpoint Management and Security Suite as well as Lumension® Compliance and IT Risk Management, Security Configuration Management, and Lumension® Scan. These products will be coupled with Namtek’s services, providing users with a defense in depth approach that effectively combats the multitude of security threats that exist in today’s networks.

“We chose to develop this partnership with Lumension because of the superb level of integration offered with Lumension’s wide-ranging products,” said Darrin Maggy, Area Director of Commercials Sales, Namtek. “We’re thrilled to now have a dedicated, focused partner in Lumension.”

Most IT professionals that manage security requirements within an organization end up spending much of their time chasing compliance regulations and taking a siloed approach. According to Maggy, when you implement the Lumension integrated security suite, customers will literally be able to buy back their time and resources while increasing overall effectiveness.
To learn more about a layered approach to endpoint security, visit Namtek Corp’s website at Namtek Corp
Resources:
         Lumension Security

         Optimal Security Blog

Lancashire Care NHS Foundation Trust Protects Over A Million Mobile Patient Records With Lumension

Mon, 02 May 2011 00:00:00 GMT

In order to minimise data loss and restrict malware and viruses from entering, Lancashire Care NHS Foundation Trust, a major mental health trust with over 150 sitesacross Lancashire, selected Lumension® Device Control. The Trust partnered with Lumension®, the global leader in endpoint management and security, for its industry leading data protection solution to prevent data loss and theft by enforcing removable device usage and encryption policies for USB sticks.

The Trust, which comprises of 3,500 staff^* and 9,000 Foundation Trust members^* needed to ensure that its mobile teams could access data securely on the move. Although The Trust had policies in place in order to try and control data leakage, the organisation wanted to encrypt data, as well as control access to mobile devices. Lumension®Device Control was the perfect choice for The Trust as it fulfils both the device control need as well as encrypting all data on the devices

“IT is all about getting the right data to the right place at the right time, securely. We had policies in place that tried to minimise data loss but we needed to go a step further to be able to guarantee the integrity of sensitive data stored on USB sticks. We were able to implement the Lumension® Device Control solution in less than 48 hours meaning that all data stored on USB sticks was fully encrypted as well as the access to the devices fully managed,” said Alan Boardman, IM&T technical systems manager at Lancashire Care NHS Foundation Trust.

“In fact our biggest challenge in rolling out the solution was changing corporate culture and communicating the fact that USB sticks not managed by the new technology would be denied access after a certain point in time. The implementation of this security solution has helped change the organisation’s attitude to security as well as meant that I’m now able to sleep at night knowing that if a USB device is lost, the data within is secure and inaccessible.”

Lancashire Care NHS Foundation Trust went live with Lumension Device Control in 2010. The software prevents data loss or theft by enforcing security policies onto all mobile storage devices and enables the IT team to centrally view and control every device that connects to the Trust’s PCs, workstations or laptops. The team can also detect and address known vulnerabilities by tracking every mobile storage device that has ever connected to the network.

Lumension Device Control’s “whitelisting” technology is key to the Trust’s requirements for sustained mobility, as it allows the IT team to specify which removable storage device can be used to transport data and which cannot be connected to the network. Where additional devices are permitted, such as to enable an employee to carry out a specific task, all data transferred to or from this device may be audited by the software and a copy of the data can be created using Lumension’s patented bi-directional Shadowing Technology. Furthermore, the Trust can view an audit trail of all data that has been moved to or from removable storage media.

Commenting on the deployment, Alan Bentley, Senior VP International, Lumension said: “We are delighted to work with Lancashire Care NHS Foundation Trust. Public sector organisations are recognising the need to ensure the integrity of data regardless of whether it is on or off site. Lancashire Care NHS Foundation Trust has demonstrated the value of using our technology to reinforce existing policies designed to safeguard data, by gaining control and visibility of all data transferred to portable devices.”

To see a video on how the Trust is proactively protecting data on mobile devices please see here.

- Ends-

Figures accurate in 2010

Lumension® Announces General Availability of Lumension Intelligent Whitelisting

Wed, 20 Apr 2011 00:00:00 GMT

The security market has reached a tipping point as the sheer volume of malware exceeds manageable levels and standaloneantivirus solutions can no longer keep up, proving ineffective. Lumension®, a global leader in endpoint management and security, today announced the April 29^th general availability of Lumension® Intelligent Whitelisting™, a fully integrated endpoint security solution on the Lumension Endpoint Management Security Suite (L.E.M.S.S.).

Lumension® Intelligent Whitelisting™ is the industry’s first application control solution that increases endpoint security effectiveness without impacting business productivity. By integrating traditionally disparate, stand-alone technologies of antivirus, application control and patch management and delivering new innovations in application whitelisting technology, Lumension is delivering a more effective security solution with added flexibility and ease of use.

Intelligent Whitelisting overcomes many of the traditional challenges of stand-alone application control technology. Flexibility has been enhanced through a trust-centric change management engine that allows IT administrators to extend automated whitelist policy management across trusted publishers of digitally signed code, updating software, installation paths, as well as deny unwanted applications. New features also enable IT to fully deploy an application whitelist policy in an audit only mode and log all execution attempts within the whitelisted environment. Policy definition has also been made easier with a local snap-shot capability that captures all existing applications on endpoints and enables IT to quickly define unique whitelist policy baselines in highly variable environments.

In addition to enhanced security, IT operational productivity has been improved with the integration of Lumension® AntiVirus™ and Lumension® Patch Management™ within a seamless application control solution workflow. Anti-Virus can now be used to identify and clean any known malware across the endpoint environment prior to being whitelisted, along with the automatic authorization of new application files every time patches are deployed.

“With one integrated platform, IT now has effective tools to address the rising risk of malware which, as we know, is increasingly focused on 3^rd party application vulnerabilities,” said Mike Wittig, President and CTO, Lumension. “By integrating what used to be stand-alone products across common endpoint-management architecture, IT can now improve endpoint security and reduce overall operating costs.”

“Anti-malware agents cannot be the only defense against the bad stuff out there - not if you actually want to protect your devices, anyway. I've harped on this many times, especially regarding the importance of using other tactics on the endpoints (including running updated software and secure configurations) and within the network to compensate for the fact that anti-malware is an inexact science,¹” said Mike Rothman, Analyst & President of Securosis.

Lumension Intelligent Whitelisting enables organizations to:

Stop Unknown or Unwanted Applications from Running;

Increase Endpoint Security Effectiveness;

Improve Application Visibility on Endpoints;

Enjoy Flexible, Effective and Easy-To-Use Application Control;

Optimize Organizational Productivity;

Reduce Overall Endpoint TCO.

“At the end of the day, it isn’t about blacklists vs. whitelists,” said Pat Clawson, Chairman and CEO, Lumension. “It’s more about addressing the risk in the gray area of unknown applications which are exponentially growing and enabling a larger target area for malware to exploit. To reduce this risk and the costs that go with it, IT must regain control over their application and endpoint environments and do so in such a way that doesn’t impact end user productivity. Until now, that type of IT security solution wasn’t available, but with the Intelligent Whitelisting, organizations can improve endpoint management and security while also reducing the operational headaches associated with traditional stand-alone products.”

Additionally, Lumension announced general availability of its free Application Scanner tool that enables IT professionals to gain new found visibility over applications within their endpoint environment.

Supporting Resources:

Intelligent Whitelisting Industry Forum

Lumension® Embraces 2011 With Impressive Recognition

Mon, 21 Mar 2011 00:00:00 GMT

Continuing to show notable growth, Lumension®, the global leader in endpoint management and security, announced today a strong start to 2011. This is marked by several successes, including key industry product recognition and continued leadership in advancing application control and whitelisting technology with the success of the Intelligent Whitelisting Early Adopter Program.

Lumension Power Management Recognized for Key Product Benefits
In a recent report commissioned by Lumension and conducted by The Tolly Group, Lumension® Endpoint Power Management was found effective at providing endpoint uptime reporting and the enforcement of policy by standardizing power settings across the network and automating standby and hibernation based on system activity. Overall, the study found that implementing the endpoint power management software could result in an annual savings of $36,000 for an enterprise with 1,000 end-point systems. That meant an average savings of 266 kWh of energy per typical desktop.
Additionally, the Power Management solution was listed in the Manitoba Hydro Commercial Network Energy Management Program as well as the EPA Energy Star Power Management Software Program, a low-carbon IT program that promotes power management by providing technical information on different software options so that businesses can make informed decisions when selecting a power management provider and in turn, reduce their energy consumption.
Expanding Industry Accolades

JMP Securities 2011 Report: Lumension was also named in the JMP Securities 2011 report, “Hot 100: The Best Privately Held Software Companies.” JMP Securities is a full-service investment bank that provides equity research, institutional brokerage and investment banking services to public and private growth companies and their investors.

SC Magazine Lumension Scan attained high marks in a recent Product Review: Vulnerability Assessment test. Lumension Scan is part of Lumension’s larger portfolio of Vulnerability Management solutions , and allows users to identify and manage their assets in the enterprise by scanning for vulnerabilities in software applications and network configurations.:Product Review

Windows IT Pro Product Review: Lumension Application Control was reviewed and received four out of five stars. Application Control offers automatic application discovery, software update authorization, application whitelisting, script and macro protection, application review options, local application authorization, and heuristics in order to protect endpoints from malware and reduce overall TCO.

Ashlar Foundation : Paul Henry, forensic and security analyst at Lumension was appointed Founding Board of Directors member for the Ashlar Foundation, an organization established by the Security Industry Association to provide support for organizations and projects that promote life safety and security initiatives.

Along with the industry product recognition, earlier this year, Lumension also announced the launch of its Lumension Endpoint Intelligence Center , (LEIC), which brings together four once disparate streams of information: threats, vulnerabilities, viruses, and application hash look up. Additionally, Lumension also launched the beta of its free Lumension Application Scanner v2.0 . This premium tool performs an in-depth scan of all executable files across the endpoint network and identifies both known and unknown files. Armed with this information, IT administrators can quickly check their applications with the Lumension Endpoint Integrity Service and identify which endpoints have the most both known applications.

“At the beginning of this year, we hit the ground running by focusing on customer feedback and incorporating new enhancements to our core product line, as well as fostering community interaction,” said Pat Clawson, Lumension’s Chairman and CEO. “We already have seen huge success in the industry that positions Lumension very well in this competitive market. This recognition helps us stand out in a crowded industry and further validates the market need for products that reduce complexity and increase visibility across IT operations and key security tasks to help businesses protect sensitive data and reduce endpoint cost.”

Innovative Endpoint Intelligent Whitelisting Leadership
Earlier this quarter, Lumension announced the launch of its Intelligent Whitelisting Early Adopter Program, which is aimed at creating a partnership with users so that they can take part in the industry’s most innovative approach to endpoint security. Intelligent Whitelisting delivers a more dynamic, operational application whitelisting solution by integrating both blacklisting and whitelisting technologies, along with patch management, resulting in a more effective endpoint security solution that won’t negatively impact organizational productivity. Early Adopter participants continue to receive on-site installation and training by Lumension personnel, priority support call queuing, dedicated level 3 support engineers and monthly status calls with the Lumension Early Adopter Program Support Team.
The rollout of this program came just after the release of Gartner’s “ Magic Quadrant for Endpoint Protection Platforms” report, which positioned Lumension as a Visionary. To be included in the Gartner Magic Quadrant for Endpoint Protection Platforms, vendor solutions had to be able to detect and clean malware (including spyware, rootkits, trojans and worms); provide a personal firewall and HIPS for servers and PCs; include the ability to centrally manage, configure and report capabilities for servers and PCs and sufficiently support companies of at least 5,000 geographically dispersed endpoints; and provide global service and support.
Supporting Resources:
         Lumension® Power Management Report
         Optimal Security Blog
         Twitter
         Intelligentwhitelisting.com

Lumension to Announce Top Malware Trends for 2011

Tue, 15 Feb 2011 00:00:00 GMT

Over the last year, organizations once again saw the volume and sophistication of malware dramatically increase. Today, more than 1.6 million new malware signatures are identified each month and the volume of zero-day attacks continues to rise. The days of pranksters conducting minor hacks have been replaced by extensive cyber criminal syndicates looking to steal personal information and intellectual property for financial gain. This increase and shift in intent has led Lumension®, the global leader in endpoint management and security, to host a webcast titled “Paul Henry’s 2011 Malware Trends.”

Henry is one of the world’s foremost global information security and computer forensic experts. With more than 20 years of experience, Henry is a seasoned speaker, author and contributor for some of the leading security events and publications and is a SANS Certified Instructor. His technical background includes MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI, CCE certifications. Given this breadth of expertise, Henry is well qualified to identify the threat trends this year will bring. In this webcast, he will discuss these malware trends and more importantly, outline the practical steps organizations can take to better protect themselves. Specifically, Henry will examine:

The unending arms race with financially motivated “bad guys;”
Evolving paths into corporate networks, including social media and removable devices;
Why traditional defenses are not effective; and,
How to ensure an effective depth-in-defense security strategy that includes application whitelisting.

“As malware becomes increasingly prevalent and sophisticated, a lot of organizations are losing in the fight against cybercrime,” said Henry. “What so many don’t understand is that the security solutions of yesterday, such as antivirus, are no longer effective as standalone defense strategies. A layered approach that includes Intelligent Whitelisting is much more effective.”

Henry’s webcast will take place on Feb. 23 at 11:00 a.m. ET. To register for this webcast, please visit: 2011 Malware Trends.

Supporting Resources:

Greater Visibility into 3rd Party Application Risk and Malware Threats is Achievable with Newly Launched Lumension Endpoint Intelligence Center

Mon, 14 Feb 2011 00:00:00 GMT

To provide IT administrators with improved visibility into their increasingly vulnerable endpoints, Lumension®, a global leader in operational endpoint security, today announced the launch of theLumension Endpoint Intelligence Center, (E.I.C.).

To address the rising need to identify and validate known applications, E.I.C. consolidates malware, vulnerability, patch, and application information with relational cloud based intelligence and empowers IT administrators to stay ahead of emerging threats and application risk.

Fueled by Lumension’s Endpoint Integrity Service, a cloud based service enhanced through partnerships with leading software application developers that began in 2009 and validates the integrity of software for both operating systems and applications found on endpoints, the E.I.C. brings together four, once disparate, streams of information: threats, vulnerabilities, malware, and application validation. This capability is vital in today’s diverse and dynamic endpoint environment where third-party application risk visibility continues to be a leading challenge for IT, as evidenced by the 2011 State of Endpoint Risk study conducted by the Ponemon Institute and commissioned by Lumension. In it, the study found increasing malware attack vectors are focusing on exploiting third-party applications and with respect to Web 2.0 challenges, respondents reported the ability to identify applications in use across the IT network as their greatest concern.

While endpoint risk continues to increase via third-party application vulnerabilities, there is still little done to manage that risk. One-third of respondents admitted to putting absolutely no restrictions on which applications run on their network while another one-third employ application policies, but did not actively enforce them.

“There has been a fundamental shift in endpoint security risk away from servers and operating systems to the PC/Laptop/Tablet and third-party application environment. Most IT departments’ internal policies and processes have not caught up to this reality and as a result both risk and the operational total cost of ownership are exponentially increasing,” said Pat Clawson, CEO of Lumension. “The Lumension Endpoint Intelligence Center provides IT with the most up-to-date application intelligence in one, convenient location.”

One unique feature of the E.I.C. is an application search and validation that maps known applications to their explicit hash. IT can insert a hash digest from an application in their environment and query the Lumension Endpoint Integrity Service to verify if the application is from a known and validated publisher or unknown. “By marrying our Endpoint Integrity Service together with the E.I.C. we have provided IT with a new capability to quickly query any unknown hash files found on their network and provide context as to the type of application, software category and whether it is from a known or unknown source,” continued Clawson.

Additionally, Lumension has also launched the beta version of its free Lumension Application Scanner. The premium tool does an in-depth scan of all executable files across the endpoint network and identifies all applications within the endpoint environment. Armed with this information, IT administrators can then rely on the tool to quickly check their applications with the Lumension Endpoint Integrity Service and identify what endpoints have the most validated known applications, and pinpoint those endpoints with un-validated applications for further investigation.

“In developing the Lumension Application Scanner v2.0 we took a thin slice of our Lumension Intelligent Whitelisting solution and provided IT with a tool that can be used to help address one of their biggest challenges - identifying applications that reside on the endpoint environment,” said Jerome Bei, Director, L.E.I.C. at Lumension.

Supporting Resources:

Lumension Endpoint Intelligence Center
Lumension Application Scanner v2.0 Beta Download
Optimal Security Blog
Follow us on Twitter

Lumension Intelligent Whitelisting Early Adopter Program Lays the Foundation for Market Momentum

Mon, 14 Feb 2011 00:00:00 GMT

Lumension®, a global leader in operational endpoint security, today announced the launch of its Lumension Early Adopter Program (L.E.A.P) for the Intelligent Whitelisting software solution. As malware continues to grow in volume and sophistication, it is vital that organizations employ the proper measures to protect end-user data and endpoints, especially as evidence grows that relying on antivirus as a standalone security defense is wholly ineffective. Lumension® Intelligent Whitelisting delivers a more dynamic, operational application whitelisting solution by integrating both blacklisting and whitelisting technologies, along with patch management, resulting in more effective endpoint security solution that won't negatively impact organizational productivity.

L.E.A.P. is aimed at providing early adopter customers who wish to move ahead of the market curve with access to innovative pre-General Availability (GA) software technologies along with increased support from a dedicated team of experts from Lumension’s software development and professional services organizations.

"Through our Early Adopter Program, we are committed to fostering a deeper relationship with those customers that want to be on the leading edge of endpoint security software technology and solutions,” said Pat Clawson, CEO of Lumension. “All Lumension customers will ultimately benefit from this program as additional feature enhancements and overall application improvement will inevitably result.”

“We are thrilled to join Lumension’s Early Adopter Program to prevent the use of unauthorized applications or devices and further protect our client’s endpoints by staying ahead of the unknown threats,” said William Bell, director of information systems at PhoenixNap. “Lumension’s innovative approach to intelligent whitelisting provides us a single, seamless view into our network and gives us a new level of visibility into the network than was previously possible and we look forward to continuing our education through Lumension’s stellar support team.”

The rollout of this program comes just after the release of Gartner’s “Magic Quadrant for Endpoint Protection Platforms” report ¹ which for the first time positioned Lumension as a Visionary. According to Gartner, “visionaries” are vendors that “invest in leading-edge features — such as advanced malware protection, data protection and/or management capabilities — that will be significant in the next generation of products, and will give buyers early access to improved security and management.”

¹ The Magic Quadrant for Endpoint Protection Platforms was written by Peter Firstbrook, John Girard and Neil MacDonald and published December 17, 2010. Gartner's ID number for the report is G00208912. Gartner clients can access the report from www.gartner.com.

Inclusion into L.E.A.P. is by invitation only. Interested parties can find out more information and apply for the Intelligent Whitelisting Early Adopter Program here. General Availability (GA) for Lumension Intelligent Whitelisting will be in April 2011.

Resources

Whitepaper - Intelligent Whitelisting: An Introduction to More Effective and Efficient Endpoint Security
Optimal Security Blog

Lumension’s Innovative B2B Nurture Marketing Campaign Takes the Gold in MarketingSherpa Email Awards

Fri, 04 Feb 2011 00:00:00 GMT

Lumension®, the global leader in endpoint management and security, today announced that their Automated Nurture Campaign has been recognized with Gold Honors in the 6th Annual MarketingSherpa Email Marketing Awards. The campaign, where an automated email platform was implemented to drive leads through nurturing tracks to help contacts through three months of solving a specific business challenge, was honored with the highest level of recognition in the Best Triggered Email or Auto-Responder Series.

Having received many very impressive marketing campaigns, Lead Judge Daniel Burstein, Director of Editorial Content for MECLABS Primary Research was finally able to determine Lumension the winner by answering key questions such as "what can the MarketingSherpa audience learn," which ultimately enabled them to decide to name Lumension as the Gold Honor for automated responder email campaigns.

"We are honored to be recognized by Marketing Sherpa who is known throughout the marketing community as a leader in identifying marketing best practices," said C. Edward Brice, Senior Vice President of Worldwide Marketing at Lumension. "To be recognized for nurture marketing is even more satisfying, as we believe it to be one of the most important undertakings of a B2B marketing organization as we now operate in a business environment where 80% of your customers find you."

"In the last year, Lumension has developed eight integrated and automated email nurturing tracks, based on industry and/or product focus, which was then optimized to a four-month program. Leads only receive emails if they further engaged and took offers from emails," explained Annie Wacker, Senior Marketing Programs Manager at Lumension. "The more a lead engages, the more emails they will receive. We know that in order to successfully market, especially in the B2B IT security industry, you need high quality, specific targets and messaging or you will struggle to find success."

In aiding their Sales Team, the Marketing Team at Lumension sought to increase their qualified lead engagement by 12% which initially proved to be quite a challenge. Over the course of 18 months, the Marketing organization developed and optimized a fully integrated and automated nurturing program that converted top-of-funnel leads and or/stagnant leads in the prospect database and found the top sales-qualified leads. "The goal of the program was to take contacts who indicated they were looking to solve a specific business challenge and provide them content, in the context of their buying process," said Sam Erdheim, Director of Marketing Programs for Lumension. The nurture program was designed to provide additional content centric offers that delivered specific information as a prospect progressed along their buying cycle. The ultimate goal was to drive a potential prospect to a product trial and ultimately becoming an accepted sales lead.

"Annie Wacker, Sam Erdheim, and their team at Lumension hit it out of the park," said Daniel Burstein, lead judge. "The team tackled a pain point that many other marketers likely face as well – a need to work together with sales and deliver high-quality (not mass-quantity) leads and what was most impressive for this particular category is that the team achieved this goal in a way that puts the customer first."

For more information on the success customers have had in using the Lumension product suite, please visit http://www.lumension.com/Customers/Success-Stories.aspx

Supporting Resources:

Visit the Optimal Security blog
6th Annual MarketingSherpa Email Awards 2011 Special Report
How to Become a Lumension Partner

New Lumension Ponemon Endpoint Risk Study Reveals Growing Application Risk and Increasingly Sophisticated Malware are Adding to Endpoint Costs

Mon, 06 Dec 2010 00:00:00 GMT

A constantly shifting IT risk environment, led by increasingly sophisticated malware attack vectors that focus on exploiting third-party and web-based application vulnerabilities, has left traditional endpoint security approaches behind. This, coupled with ever more powerful, portable, and connected computing platforms has resulted in organizations feeling less secure today than they did one year ago, according to the State of Endpoint Risk, a new Ponemon Institute study commissioned by Lumension®, the global leader in endpoint management and security.

After an examination of how these new challenges impact IT operating resources as well as IT’s ability to secure networks, this year’s study found that many organizations do not have the right arsenal of technologies in place to most effectively reduce endpoint risk. As a result, organizations are wasting valuable time, money and resources while continuing to expose their IT environment to unnecessary risks.

The cost of protecting an organization’s most valuable assets living on the endpoint is both a necessary evil but a hindrance, too. According to State of Endpoint Risk survey respondents, 48% of respondents report an increase in IT operating expenses and a main driver, says 59% of those respondents, is malware. All told, IT organizations are now faced with a very vulnerable endpoint. And, they have limited visibility into the endpoint to truly and effectively mitigate the risk of malware and data loss. Yet, respondents indicated a lack of effective technology to support policies already in place.

State of Endpoint Risk Key Findings:

Reducing endpoint risk resides largely at the application layer, yet most respondents do not actively manage the applications that live on their networks. One-third of respondents admit to putting absolutely no restrictions on which applications run on their network while another one-third employ application policies but do not actively enforce them. This lax approach to application control is a gaping hole for intruders who can, and will, easily leverage these weaknesses in the endpoint to find entry-points into the network.
The top 5 applications that concern IT the most when it comes to security are those that pose the greatest increase in vulnerabilities and IT risk. They include:
- 3rd party applications outside of Microsoft (58%)
- Adobe (54%)
- Google Docs (46%)
- Microsoft OS/applications (44%)
- Oracle applications (39%)
Preventing applications from being installed (55%) or executed (47%) on the endpoint, especially Web 2.0 applications, is a top challenge for IT security managers. Nearly two-thirds (59%) of those surveyed responded to that effect, citing that the management – and even the knowledge and visibility into which web 2.0 applications are running on their network – is a major challenge today.
Despite this influx of new technologies to better-address mounting endpoint risks, organizations are mainly sticking with the “tried and true” technologies even though more effective technology solutions exist today. This gap was most notable vis-à-vis the following technologies:
- Vulnerability assessment (used by 51% but considered effective by 70%);
- Application whitelisting (used by only 29% but considered effective by 44%);
- Device control (used by 26% but considered effective by 57%); and
- Endpoint management & security suites platform (used by 40% but considered effective by 61%).

Increasingly Sophisticated Malware in 2011:
The majority of respondents (64%) acknowledged that their networks are not more secure than last year. According to the State of Endpoint Risk study, a main factor towards this feeling of insecurity is a severe lack of visibility into the endpoint, especially from an application perspective. Not having that visibility, paired with seemingly ineffective technology solutions, is an expensive problem, one only exacerbated by a lack of budget that respondents also reported in this year’s study. The following data points underscore the threat landscape both today and anticipated landscape shifts heading into 2011:

43% of respondents noting a dramatic uptick in malware in 2010 – and increasingly sophisticated/hard to detect malware, too.
98% organizations experienced a virus or malware-based network intrusion; and over one-third (35%) have experienced 50 malware attempts in just a one-month span. This equates to more than one intrusion per day.
Mobile/remote workers (50%), PC desktop/laptop vulnerabilities (48%), and the introduction of third-party applications onto the network (39%) are the greatest areas of endpoint risk currently. This is a shift from last year where endpoint security concerns were mainly focused on removable media and data center risks.
An increasing volume of cyber attacks and malware incidents (61%), negligent insiders (50%), and cloud computing (internal and third party providers; 49%) are the top three security threats anticipated in 2011.

Supporting Quotes:
C. Edward Brice, senior vice president, worldwide marketing, Lumension

“This years’ State of Endpoint Risk survey underscores the dramatic shifts we’re experiencing within today’s threat landscape. We’re seeing a clear transition in endpoint risk away from servers and operating systems and towards third-party and browser-based applications than ever before. With an increase in mobility, storage capacity, and connectivity trends impacting the modern IT environment, IT must adapt their current approaches to endpoint security in order to effectively protect sensitive data while minimizing IT risk and lowering overall total-cost-of-ownership costs.”
“The bottom line in all of this? Malware is not going away anytime soon. Technologies exist that will help organizations better-manage the malware threat in a much smarter, more cost-efficient and effective way than it’s being done currently. This should be a major focus for organization as we head into the new year.”

Larry Ponemon, Chairman and Founder, The Ponemon Institute

“The State of Endpoint Risk survey uncovered some interesting truths to how organizations are faring in the battle to protect their endpoints. Probably most surprising this year is that companies are doing themselves no favors by not using the technologies they themselves have identified as most effective at combating endpoint security risks and threats.”
“Hand in hand with that is a need for IT security pros to convince senior management of the perils of ignoring the threats of this new information risk environment. There is a real need to put the appropriate technologies and personnel in place to best-position organizations of all sizes and in all industries for success in the ongoing battle to ward off cyberthreats as we head into 2011.”

Patrick J. Clawson, Chairman & CEO, Lumension

Today’s threat landscape is clearly in an evolutionary period. No longer are we seeing brute-force attacks but smaller, more sophisticated and advanced persistent threats. Yet, organizations are still treating the problem with an old remedy. Instead, organizations must adapt – which means a change in mindset, a shift away from ‘staying the course’ with technologies that are no longer effective at combating the growing risks facing the endpoint today. For example, a technology approach that includes application whitelisting housed on an endpoint management and security suite and coupled with traditional approaches like antivirus, is a more prescriptive approach to addressing endpoint risk.”
“It’s this revised remedy that can better-arm IT to more effectively address growing and changing endpoint risks. In tandem, this type of approach can reduce overall complexity at the endpoint and, hopefully, improve and reduce overall IT operating expense, which is clearly a major pain-point for organizations currently, as the State of the Endpoint study confirmed for us. However, this requires an open mind regarding less ‘traditional’ approaches to endpoint security, and is something we’re actively recommending and advocating for amongst our customer base as we head into 2011.”

Methodology
The State of Endpoint Risk 2010 was derived from a survey of 782 IT and IT security practitioners within the U.S. and spanning key industries including financial services, public sector and healthcare, all of whom have active responsibility for their data security and compliance efforts.

Resources:

Download the State of Endpoint Risk 2011 Survey
Visit the Optimal Security blog for more insight into key survey findings
Register for the State of Endpoint Risk 2011 webinar

Lumension Expands Market Leadership

Thu, 02 Dec 2010 00:00:00 GMT

Despite a challenging economic environment, Lumension®, the global leader in endpoint management and security, announced today several successes, including key industry accolades, a nod of approval for reduced IT energy consumption, and continued leadership in the advancing technology of application whitelisting.

Growing Industry Accolades

Deloitte Technology Fast 500: Lumension was ranked 467 on the 2010 Deloitte Technology Fast 500, a ranking of the 500 fastest growing technology companies in the United States and Canada.
Software 500: Lumension ranked 247 in the 2010 Software 500, a ranking of the world’s largest software companies, up from 261 in 2009 and 282 in 2008.
Inc 5,000: As a result of the company’s strong revenue growth, Lumension ranked 2,283 in Inc’s 2010 ranking of the fastest growing private companies in the US; ranked number 152 in the top software companies, and was one of 6 Arizona companies to make the list.
Forrester Wave™: Earlier this year, Lumension was named a leader in vulnerability management for having the strongest strategy/vision due to the company’s portfolio of endpoint remediation products.

Recognized for IT energy savings

By adding enhanced Power Management capabilities with distributed Wake-On-LAN as core functionality to the Lumension® Endpoint Management and Security Suite earlier this year, Lumension Power Management received validation for meeting specific requirements such as centralized control at the server level of desktop power management settings and reporting that allows monitoring and validation of energy savings. The Network Desktop Computer Power Management Software program is administered by Pacific Gas and Electric Company (PG&E) under the auspices of the California Public Utilities Commission.

Endpoint Application Whitelisting Leadership

To help enterprises address the rapidly expanding risk caused by the exploding volume and sophistication of malware, Lumension has launched its Early Adopter Program for the Lumension® Intelligent Whitelisting solution. Lumension® Intelligent Whitelisting overcomes flexibility and ease of use challenges associated with traditional application control technologies through stronger integration with other security tools like patch management and antivirus. It also assists IT administrators in applying and enforcing application policy across groups, departments, and individuals through an advanced trusted change engine. These advances and others allow for improved security without impacting employee productivity.

“Unfortunately, most IT departments have fewer resources to manage mounting costs and risk,” said Pat Clawson, Lumension’s Chairman and CEO. “Malware has exploded and so has the cost associated with it, including rising help desk calls, and lost employee productivity due to remediation needs. Our recent market introduction of the Lumension® Endpoint Management and Security Suite helps IT managers reduce complexity and increase visibility across IT operations and security tasks and serves as the basis for enhanced integration across Lumension application technologies. These developments position Lumension at the forefront of market leadership in helping businesses protect sensitive data and reduce endpoint cost.”

Lumension has also sponsored the development of a new industry forum focused on furthering the understanding and adoption of application whitelisting technology. Intelligentwhitelisting.com discusses the current and future threat landscape and debates the role application control and whitelisting technologies can play as an integral part of a modern day endpoint security strategy. Conversation is jump started by intelligent perspectives and thought-provoking insights from a panel of IT security experts including:

Rich Mogull and Mike Rothman, Securosis analysts and bloggers;
Richard Stiennon, IT-Harvest analyst and blogger;
Larry Seltzer, contributing editor of PC Magazine and author of Security Watch blog;
Eric Ogren, founder, The Ogren Group;
Paul Henry, forensic analyst, Lumension;
Toney Jennings, CEO, CoreTrace.

“Our goal in supporting the development of IntelligentWhiteliting.com was to provide an open, independent, and social forum where IT professionals can get different points of view and questions answered related to their adoption and use of application whitelisting within their endpoint environments,” said C. Edward Brice, SVP Worldwide Marketing Lumension. “We have welcomed industry experts, competitors, and thought leaders to actively participate in online conversation to explore the use of application whitelisting technology as a means to effectively battle the growing onslaught of malware risk and associated endpoint total cost of ownership all companies are facing today.”

Multimedia:

Lumension Examines How to Streamline Patch Management to Include Applications and Operating Systems Beyond Just Microsoft

Thu, 21 Oct 2010 00:00:00 GMT

A shift is occurring in today's endpoint environment as more than two-thirds of all endpoint vulnerabilities are now found in third-party desktop applications. This shift in IT risk away from operating systems to desktop applications is why the SANS Institute now ranks patching client-side software as the number one IT security priority. This shift is also what led Lumension, a leading provider of endpoint management and security, to sponsor a webinar titled "Beyond Windows Patching: Dealing with the New Imperative to Patch Adobe, Apple, Linux and More."

The webinar, which will take place tomorrow, Oct. 26 at 12 p.m. EST, will discuss the predominant issues many organizations face when patching end user machines and how to resolve them. Host Randy Franklin Smith, founder and CEO of Monterey Technology Group and the voice behind Ultimate Windows Security, will examine what goes into patching operating systems other than Windows, such as Linux, UNIX and Apple as well as the applications that run on them.

According to Smith, the issue that many companies have is that they use numerous platform-specific patch management tools, such as Windows Server Update Services (WSUS) from Microsoft, RedHat's patch utilities, VMWare's Update Manager, etc. While these work well for each individual platform, three significant gaps remain, which Smith will discuss:

The inability to patch third-party applications that lack enterprise patch management utilities
The inability to exert organization-wide control over patch management policies and being able to demonstrate that to auditors and regulators
The great deal of care and feeding required to run and maintain each platform and vendor specific patch management utility

"When people think patching, they often think only of Microsoft, but these days, it's so much more than that," said Pat Clawson, chairman and CEO, Lumension. "As employees continue to bring their own laptops, tablets and smartphones to work and businesses invest in less traditional devices, such as iPads, the enterprise is becoming more diverse than ever. We consider it important to demonstrate the criticality of properly patching this hodgepodge of devices and the myriad of applications that run on them, as failure to do so can be catastrophic."

"Because Microsoft has implemented what is now a routine standard for vulnerability response, cyber criminals are following the course of least resistance and have intensified their efforts to reach a much wider array of software – especially popular products like Acrobat and Flash from Adobe and iTunes from Apple," said Smith. "That's not to say Microsoft patches are a thing of the past – hardly – we are on track for 90 Microsoft security patches by the end of the year. But while Microsoft follows a predictable monthly patch schedule, many other companies don't and patching can be much more complicated with some products."

Smith, along with Lumension, hopes to make this process less complicated by showing why – even if various teams within IT are responsible for patching specific systems – each organization should have a centralized patch tracking team that keeps track of each hardware and software vendor in use at the company and subscribes to their respective security bulleting services.

Lumension will also further demonstrate how to streamline the patching process by showing how its Endpoint Management and Security Suite provides centralized patch management for heterogeneous IT environments. Register for the free "Beyond Windows Patching: Dealing with the New Imperative to Patch Adobe, Apple, Linux and More" here.

Supporting Resources:

Lumension Brings Together Industry Leaders in Support of National Cybersecurity Awareness Month

Tue, 19 Oct 2010 00:00:00 GMT

Lumension Security, Inc. today announced its support for National Cybersecurity Awareness Month by providing a never before released podcast discussion with industry leaders including Toney Jennings, president and CEO, CoreTrace; Brian Beard, vice president and U.S. country manager, Norman and Pat Clawson, chairman and CEO, Lumension. Eric Ogren, founder and principal analyst of the Ogren Group leads the discussion around the uncertainties surrounding cyber threats to U.S. infrastructure, as well as what is and what is not being done at the government level to reign in national cybersecurity efforts in the U.S.

The podcast, which is available for download today , covers several issues the U.S. is currently facing in the realm of cybersecurity, such as the disconnect between the public and private sectors regarding the inability to share and exchange data; threats to intellectual property from other countries via data breaches; the limited scope of the federal government's regulation and why leaders such as cybersecurity czar Howard Schmidt should have more power; security initiatives recently enacted in other countries that the U.S. can learn from, etc.

October marks the seventh annual National Cybersecurity Awareness Month, which is an initiative sponsored by the Department of Homeland Security, the National Cyber Security Alliance, and the Multi-State Information Sharing and Analysis Center to make Americans more aware of the constant barrage of online security threats they face on a daily basis, so that they can take steps to keep their personal assets and information secure while also helping to improve the overall security of cyberspace.

"Our intention behind the podcast was to provide an informal discussion to get honest and straightforward information out to businesses and consumers alike," said Pat Clawson of Lumension. "By rallying well-respected industry insiders together, we are able to lead the charge and provide a unique perspective from organizations at the forefront of several major endpoint security initiatives."

The danger with politically motivated cyber attacks is real and the need for both defensive and offensive responses to such attacks is crucial, especially in today's rapidly changing online landscape. Lumension's goal is to educate enterprises and the public as a whole on the risks involved with accessing the Internet and the preventative measures that can be taken in order to ensure end user information is safe and secure. This podcast is just one step in a series of initiatives to ensure that essential information is available and easily accessible, as cyber threats continue to become more frequent and severe.

"The fact that Lumension is making this information open and available to everyone for free furthers the initiatives set forth by National Cybersecurity Awareness Month as well as Lumension's own resourcefulness in increasing awareness and promoting online safety," said Eric Ogren, founder and principal analyst, The Ogren Group.

In the coming weeks, Lumension will announce further efforts to educate organizations on cybersecurity. Visit Lumension to gain access and stay up-to-date on the latest information.

Supporting Resources:

Lumension Advisory Board Drives Innovation

Mon, 20 Sep 2010 00:00:00 GMT

Lumension customers from around the globe came to Scottsdale, Arizona for the third annual
Lumension Advisory Board (LAB) meeting September 14-16. Discussion focused on the needs of
today’s IT security teams and more specifically, how Lumension products can continue to support
those needs.

Along with providing the Lumension team with innovative insights on current and future products and
services, board members also had a unique opportunity to learn from each other. “LAB was a great
experience,” said Mike Hernandez, senior server engineer, Hines. “I was able to share what we do at
our company with peers and then got great feedback. We all have crazy ideas on how to use different
products – it’s great to share those and get other ideas in return.”

New Lumension customers like Bill Meeks of Southern Company considered LAB “a valuable
experience because he could hear from both Lumension staff and other industry professionals on how
they use the products.” John Iraci of DJO Global, a long-time Lumension customer, said “it was nice to
see how Lumension continues to revitalize as a company. Interacting with them and talking with other
LAB members on how they are using the product and addressing any challenges they face was very
beneficial.”

To see photos of the event, visit the Lumension Facebook page.

LUMENSION ENDPOINT PROTECTION SOLUTION AWARDED 5-STAR PRODUCT REVIEW RATINGS BY SC MAGAZINE

Tue, 03 Aug 2010 00:00:00 GMT

Lumension today announced that its solution for medium and large-sized enterprises, Lumension® Endpoint Protection, which is comprised of Lumension® Device Control, Lumension® Application Control and Lumension® AntiVirus, has been recognized with 5-star product ratings by SC Magazine.

In its technical review, SC Magazine lauded Lumension Endpoint Protection for its excellent integration with existing environments and wealth of features and benefits available across application control, device control and threat management capabilities. With Lumension’s Endpoint Protection suite, organizations can prevent known and unknown malware as well as centrally manage, monitor and control applications. By employing an application whitelisting approach, users can ensure that only authorized applications are allowed to run on laptops, PCs, mission-critical servers and POS terminals, preventing the execution of unknown or malicious code.

With Lumension Endpoint Protection, operational desktop management is improved by eliminating unnecessary support calls and performance issues that come with managing unauthorized and illegal software. And, you can easily demonstrate compliance by enforcing software license policies and by providing a detailed audit trail of all application execution attempts. In addition, with Lumension Device Control capabilities, also available as part of the Lumension® Endpoint Protection suite, users can easily enforce organization-wide usage policies for removable devices, removable media, and data. Using a “default deny” approach, administrators can centrally manage devices and data, allowing organizations to embrace productivity-enhancing tools while limiting the potential for data leakage and its impact.

SC Magazine also recognized Lumension’s product for its simple installation process, superior protection features and product documentation, saying the product is “a great value for the money and customer can also purchase any of the three components separately depending on their needs, which provides flexibility.”

“We are thrilled to be recognized by SC Magazine for our superior endpoint security offerings, it further validates what we are hearing from customers, that organizations are looking for a seamless view of everyone accessing or attempting to access the network through corporate endpoints from a device and application perspective,” said chairman and CEO of Lumension, Pat Clawson. “Our continued philosophy is that security efforts should proactively stay one step ahead of emerging threats, not simply react to them and Lumension’s Endpoint Security solutions have been integral components to this approach, keeping customer’s sensitive information safe from both external and internal threats.”

The recent 5-star ratings follow a string of recent positive reviews of Lumension corporate products. This includes a 4-star rating by SC Magazine of Lumension® Scan, a component of the larger Lumension® Vulnerability Management suite that is a complete standalone, network-based scanner that performs a comprehensive scan of all devices connected to the network.

Supporting Resources:
* About Lumension Endpoint Protection
* To view full SC Magazine Product Review

Lumension Endpoint Protection Solutions Awarded 5-Star Product Review Ratings by SC Magazine

Mon, 02 Aug 2010 00:00:00 GMT

Supporting Resources:
* About Lumension Endpoint Protection
* To view full SC Magazine Product Review

Lumension Named a Leader in Vulnerability Management by Independent Research Firm

Tue, 20 Jul 2010 00:00:00 GMT

Lumension, the global leader in endpoint management and security, today announced that the company was among the select companies that Forrester Research, Inc. invited to participate in its July 2010, Forrester Wave report, “The Forrester Wave™: Vulnerability Management, Q2 2010.” Cited as a leader in this evaluation, Lumension was recognized for its end-to-end vision, unique product portfolio and broader value proposition.

Listed among the reasons for citing Lumension as a leader in this report, Lumension was lauded for having “the strongest strategy/vision due to its portfolio of endpoint remediation products, such as [Lumension® Patch and Remediation (formerly Patchlink)]. Straddling both assessment and remediation gives customers a one-stop shop for vulnerability management capabilities.”

Lumension was also highlighted in the report as “the only vendor in this evaluation that has its own endpoint patch management functionality, Lumension Patch and Remediation (formerly PatchLink), and its own GRC product, Lumension® Risk Manager. Unlike the other vendors that may have a focus on assessment, Lumension’s value proposition is much broader – instead of dealing with separate consoles from assessment, remediation and compliance, Lumension aims to deliver a consolidated platform to manage the lifecycle of vulnerabilities – from discovery to remediation to analytics.”

“We believe this report by Forrester validates our vision that taking an integrated, end-to-end approach, is the right one. Today, the endpoint is where corporate data is truly housed and it is rampant with growing risk. As more of us use Facebook and download applications through our browser, we have inherently shifted traditional IT risk away from the server and operating systems to that of applications and desktops,” said Patrick J. Clawson, chairman and CEO, Lumension. “As a result, organizations absolutely need greater visibility across configurations and into vulnerabilities, to better understand if and how these threats have been remediated. A platform-based approach like ours that provides a view across all of these areas is critical.”

“Given this shift, now more than ever before, IT security and operations teams have a collective eagle eye on vulnerability management within their organization,” added C. Edward Brice, senior vice president of worldwide marketing, Lumension. “We’re also pleased that remediation and security analytics are fast becoming the newest differentiators, as it’s a development we’ve seen our own customers continue to seek – a consolidated assessment and remediation strategy to address shifting threats and risks across their IT environments.”

Supporting Resources:
• Subscribers can download The Forrester Wave™: Vulnerability Management, Q2 2010
• More about Lumension Vulnerability Management

Reduced PC Power Consumption and Stronger Endpoint Security with Lumension Endpoint Management & Security Suite

Mon, 12 Jul 2010 00:00:00 GMT

According to the U.S. Environmental Protection Agency (EPA), the average desktop PC wastes nearly half the power it consumes. Additionally, vulnerability risks have increasingly shifted from the operating system level to third-party application vulnerabilities on endpoints, making continuous monitoring and centralized endpoint patch management paramount to effective IT risk management.

Desktop management continues to be one of the most costly and complex areas for the enterprise to address, organizations are looking more and more towards integrated endpoint management platforms that deliver PC lifecycle management, endpoint security, data protection and IT risk management capabilities to reduce complexity and total operating expenses while improving endpoint security and optimizing IT operations.

Lumension, the global leader in endpoint management and security today announced the general availability of the Lumension® Endpoint Power Management solution delivered within the Lumension® Endpoint Management and Security Suite. Lumension® Endpoint Power Management centralizes the management of power policy settings, utilizes enhanced Wake-on-LAN capabilities to power on systems for routine maintenance and application of security patches, and demonstrates overall power consumption savings with dedicated power reporting functionality. These new enhancements result in dramatically reducing PC power consumption costs without the required investment of additional PC power management products and without sacrificing IT security.

“Interest in PC power management suites is on the rise as IT professionals look to overcome many of the common barriers while at the same time maximizing the financial and environmental savings,” wrote Doug Washburn in the August 2009 Forrester Research, Inc. report, PC Power Management Suites Help Overcome Barriers To Maximize Financial Savings. “This technology — now offered by many of the existing client management suite vendors — allows IT professionals to centrally provision, administer, and report on their PC power management initiatives.¹”

Delivering easy enforcement of power conservation policies ensures inactive systems are powered down throughout the organization, saving time, resources and additional expenses. IT organizations should recognize that the greatest savings come from employing power management features not from switching off and unplugging PCs.

“In speaking with our customers, organizations are looking for more cost-effective ways to operate more efficiently, but we are finding that many do not take full advantage of potential IT energy cost savings as there are really no integrated PC power management capabilities within their existing endpoint security solution suites,” said chairman and CEO of Lumension, Pat Clawson. “We’re now delivering these IT power consumption policies combined with Wake-on-LAN and enhanced endpoint power reporting within the Lumension Endpoint Management and Security Suite to streamline routine IT system maintenance, ensure application security patches are in place, and reduce power consumption without impacting organizational productivity. Our customers can now optimize IT energy efficiency, while simultaneously reducing endpoint security risk within one unified endpoint management platform.”

Key Benefits of Lumension Endpoint Power Management Include:

Reduced energy consumption, improved security and lower TCO;
Simplified power policy creation and deployment in complex environments;
Increased visibility and control over the IT environment;
Optimized power savings through enhanced power management reporting;
Continuous compliance with green IT policies throughout the organization.

“When power management is not centralized nor built into your overall IT operations it can often impede system maintenance, patching and vulnerability scans,” said Paul Zimski, vice president of market strategy, Lumension. “Organizations must carefully consider their tools, strategies and policies around power management if they're seeking to go green without compromising their operational efficiency or security posture."

Through these new PC power management capabilities, the Lumension® Endpoint Management and Security Suite helps IT organizations reduce energy consumption costs, improve business productivity, and reduce IT risk across their endpoint environment. The Lumension® Endpoint Power Management solution is now available; for more details on pricing or to receive a demonstration, please visit Lumension® Endpoint Power Management.

Supporting Resources:
•    Tips and Tricks to Understanding Power Management
•    Power Management Savings Calculator
•    Qualifying for an Energy Savings Incentive with Lumension® Endpoint Power Management

¹August 2009 Forrester Research, Inc. report, PC Power Management Suites Help Overcome Barriers To Maximize Financial Savings

Lumension Announces Migration Program for Cisco Security Agent (CSA)

Tue, 29 Jun 2010 00:00:00 GMT

Lumension, the global leader in endpoint management and security today announced the launch of a migration program for customers of the Cisco Security Agent (CSA) endpoint security solution, which is scheduled for end-of-life. Cisco customers looking to transition away from their current CSA solutions can access several packaged offerings with special pricing terms now through December 31, 2010.

One example of a packaged offering available to Cisco customers is the Lumension® Endpoint Security Solution Pack designed to help CSA customers migrate to a proactive endpoint security approach and includes:

Traditional signature-based antivirus protection, and advanced behavioral-based zero-day threat protection
Application whitelisting, which prevents undesirable or unknown code from executing on IT assets
Centralized control and policy management over device/media usage, including Lumension’s patented shadowing technology
Data encryption enforcement to protect sensitive data being transferred onto removable devices/media
Endpoint protection, whether they are connected to the organizational network or not

The Lumension Endpoint Security Solution Pack includes Lumension® Application Control, Lumension® Device Control as well as Lumension® AntiVirus, all packaged together with terms designed to make the migration away from CSA easier, simple and cost-effective for Cisco customers. Additional packages and capabilities are also available to address areas of concern in vulnerability, compliance and IT risk management.

“Cisco’s decision to end-of-life the CSA endpoint security solution will leave customers searching for alternative solutions and measures to address current threats, risks and compliance requirements across their IT environment,” said Pat Clawson, chairman and chief executive officer, Lumension. “Lumension has several technologies available to help Cisco customers immediately meet their endpoint security and management needs and we’ve designed our program to make the migration process less painful and costly.”

Lumension is a preferred data security partner on the newly established Cisco Secure Borderless Network Systems Initiative. As such, customers who look to Lumension to help address their endpoint security needs can rely on future integration into the Cisco ecosystem to address complex business challenges, common use cases and end-to-end security concerns with greater efficiency as their continued investment in Lumension takes advantage of the Cisco platform.

Organizations interested in learning more about Lumension’s CSA migration program can visit the Lumension® Cisco Migration Program resource center.

.Supporting Resources:

RSA, The Security Division of EMC and Lumension Team Up to Help Businesses Better Secure Sensitive Data

Tue, 22 Jun 2010 00:00:00 GMT

RSA, The Security Division of EMC (NYSE:EMC) and Lumension, a global leader in endpoint management and security today announced the execution of an agreement to help organizations better protect sensitive information and share it in a more secure manner. The businesses plan to work together to further expand information-aware capabilities into the IT infrastructure by embedding parts of the RSA® Data Loss Prevention Suite into Lumension products.

Organizations are faced with the challenge of explosive digital data that needs to be secured and managed, along with increased collaboration and support for mobile and open devices and platforms. There are point solutions that can address these challenges, but they require that multiple policies and technologies be pulled together and independently managed, which is costly and complex. To help address these issues, RSA and Lumension plan to work together to provide the market with a more robust and comprehensive data protection solution that will be designed to help provide greater data security with less complexity, reduced total cost of ownership, and less impact to business productivity. By building DLP technology into the infrastructure, RSA and Lumension plan to be able to offer customers a complete data protection solution from gateway to endpoint with common policies and common classifications of sensitive data.

“Organizations are looking for ways to leverage their existing infrastructure to prevent threats that originate externally and internally", said Charles Kolodgy, research vice president for Security Products at IDC. "The collaboration between RSA and Lumension is designed to provide organizations the capability to deploy granular policies on permissible data protection activity on the endpoints without the need to install multiple agents resulting in simplified security operations and management."

As part of their technical agreement, Lumension will license the RSA® Data Loss Prevention (DLP) Suite software development kit (SDK), with the goal of building RSA DLP classification technology and expert RSA DLP policy libraries into future versions of its Lumension® Device Control product module. The RSA DLP SDK would also be engineered to enable Lumension endpoint security products to work seamlessly with the rest of RSA’s DLP offerings for networks and datacenters. The goal of the resulting integration and collaboration would be designed to deliver the following capabilities:

A Common DLP Policy from network gateway to storage to endpoint and onto removable media such as USB devices and recordable CD/DVD ROM.
Comprehensive content awareness across data transferred off the endpoint and onto removable media. This would enable organizations to not only apply policy to file types but to also apply policy to data within file types such as social security numbers etc.
Ability to define highly granular polices on permissible activity and data types on the endpoint without impacting organizational productivity.
Single console, single agent solution that increases visibility across data location, policy and movement while reducing administrative burden.

“Companies continue to struggle to protect sensitive data across the enterprise,” said Christopher Young, senior vice president of products at RSA, The Security Division of EMC. “RSA is continuing to expand our ecosystem of DLP partners that can help solve this problem, by building security into the infrastructure as opposed to bolting on costly and complex point tools. Our relationship with Lumension, along with our strategic partnership with Microsoft and Cisco are designed to help customers protect sensitive information as it moves within and across organizational boundaries.”

“Today, businesses need more agility in ensuring their workforce can be as productive as possible. However; agility no longer needs to come with an increased risk of data loss or breach,” said Rich Hlavka, senior vice president of business development for Lumension. “This collaboration with RSA will eventually provide our customers with enhanced data protection capabilities from content aware device control to a complete end-to-end DLP solution that leverages market leading DLP technology from RSA, and superior endpoint management and security solutions from Lumension. We believe this new enhanced solution will be providing superior data loss protection with less TCO while affording maximum business productivity.”

University Health Care System Selects Lumension As Its Cure To Prevent Data Loss

Wed, 26 May 2010 00:00:00 GMT

As one of the largest healthcare providers in Georgia, University Health Care System (UHCS) has a deep commitment to the health of the community it serves. Through its long tradition of caring, UHCS has set the highest standards for quality among comprehensive healthcare networks. George Ward, information security and computer operations manager for the past five years, has seen the threat landscape change as hackers’ strategies and attacks have become more sophisticated and as the industry has embraced a mobile workforce. This combination has made information security — especially within the healthcare industry — harder to track and manage, opening the door to a wider range of IT risk.

“Being in the healthcare industry, our organization is widely exposed to insider threats and outside vulnerabilities – to combat this, we reviewed multiple solutions from many different companies for our endpoint needs,” said George Ward, information security and computer operations of UHCS. “We decided to go with Lumension® Device Control since it met all of our endpoint security requirements and did so much better than the others we tested.”

Since implementing Lumension Device Control in early 2009, UHCS is able to automatically and more efficiently protect its 3,000 employees and more than 2,500 workstations. To date, the solution has successfully enforced their data protection policy, blocking 354 unauthorized users and more than 20,000 unauthorized access attempts. Ward’s IT staff now has the ability to enforce encryption and add devices by type or serial number.

“As a result of working with Lumension, we have been able to decrease administrative costs, reducing the database footprint and increasing database query and maintenance speed,” explained George Ward, information security and computer operations of UHCS. “We are able to now continuously monitor the effectiveness of device and data usage policies in real time as well as identify potential security threats. The customized reports on all device and data activity have enabled us to better organize and maintain our security goals while remaining business-focused.”

The need for device management continues to grow as more and more workers use mobilewww.lumension.com devices to access enterprise data and with hundreds of workstations that are subject to an infinite amount of devices being transferred both inside and outside the organization. With Lumension Device Control in place, Ward is very confident that UHCS customers’ personal data will remain secure.

Supporting Resources:

New Study Reveals National IT Security Challenges Mounting; Growing Sophistication of Cyber Attacks Pose Greatest Risk to U.S. Infrastructure

Tue, 06 Apr 2010 00:00:00 GMT

According to a new Clarus Research Group survey commissioned by Lumension, nearly three-quarters of federal IT decision-makers who work in national defense and security departments or agencies say the possibility is “high” for a cyber attack by a foreign nation in the next year. Additionally, a third of these respondents say they have already experienced such a cyber attack within the last year.

The survey of 201 federal IT decision-makers and influencers, conducted February 18-26, 2010, also identifies the growing volume and sophistication of cyber attacks as the top IT security risks facing federal IT in the coming year. Yet, more than half of those surveyed expect only minor policy changes as a result of the recently created federal cyber security coordinator position. Of federal IT personnel surveyed, 41 percent said they spent less than 10 percent of their time over the past year working on the Comprehensive National Cyber Security Initiative -- and a solid majority, 62 percent, said they spent less than 25 percent of their time on it.

Key Findings:

33 percent of respondents who work for departments or agencies affecting national security say they have experienced an attack by a foreign nation or terrorist organization in the last year;
61 percent of respondents view the threat of a cyber attack from foreign nations against critical U.S. IT infrastructure in the next year as “high”;
42 percent of respondents believe the U.S. government’s ability to prevent or handle these attacks is only fair or poor;
64 percent of respondents identified the increasing sophistication and growth in the volume of cyber attacks as the number one IT security risk; and,
49 percent of respondents believe that negligent or malicious insiders/employees are the largest IT security risk.

Additional Findings:
Only six percent of respondents rated the federal government’s overall ability to prevent or handle possible threats from cyber attacks on critical IT infrastructure in the U.S. as “excellent.” Difficulty integrating multiple technologies, aligning IT needs with department objectives and in complying with requirements were identified as the greatest challenges in managing IT security operations today. While the majority of respondents felt more confident in their level of IT security today versus a year ago, this was mainly due to improved IT security technology, collaboration between IT operations and security and internal compliance and audit requirements. However, increasing audit burdens and a lack of resources were identified as major challenges in meeting ongoing compliance requirements.

In addition, the introduction of new technologies, such as application whitelisting, whole disk encryption and device control for removable media, were identified as having an anticipated expanded use within federal IT environments. According to the survey, 76 percent of federal IT professionals expect an increased use of virtualization technology; 57 percent expect an increase in cloud computing; 63 percent say they will increase their use of social networking; and 66 percent will increase use of mobile platforms, all within the next year.

Key Conclusions:
According to the survey results, federal IT decision-makers expect that over the next few years there will continue to be a growing threat to America’s critical IT infrastructure from foreign entities and terrorist organizations. Survey respondents also view compliance as a double-edged sword: on the one hand, it helps IT departments acquire additional resources that can be used to enable new security technologies, but is also placing a growing strain on departmental resources through increasing audit burdens.

“Unfortunately, when it comes to our infrastructure, we are already under attack and are faced with the reality of a growing and advanced persistent threat from foreign entities that are targeting our critical U.S. infrastructure,” explained chairman and CEO of Lumension, Pat Clawson. “The traditional government responses we’ve seen so far, such as naming a security coordinator, announcing a cyber security initiative and focusing on compliance initiatives will not alone successfully address this problem.”

According to Clawson, “We must do three things if we are to truly empower and implement a robust national cybersecurity plan. One – we need to have an empowered cyber security czar, with budget and policy authority, reporting directly to the President. Next – given that 90 percent of our critical infrastructure is owned or managed by private entities, we need a collaborative government and private sector partnership to better understand the risks at hand and to better define IT security standards, practices, and contingency plans in the event of a major attack. And finally – we need to shift from an absolute focus on being compliant with ad-hoc audits for verification, to one of being secure and continuously monitoring our IT environment to ensure that the proper controls are always in effect.”

Methodology:
The Federal Cyber Security Outlook for 2010 survey was conducted by Washington, D.C.-based Clarus Research Group and commissioned by Lumension. The survey included interviews with 201 federal government IT security decision makers and influencers who work in federal government agencies and departments that deal with national security – such as defense, foreign policy, and homeland security– as well as agencies and departments that are not dealing with national security affairs.

National Security = Respondent department or agency is related to national defense, homeland security or foreign policy.

Non-National Security = Respondent department or agency is not included in the above category and includes personnel in departments involving domestic issues and program administration.

Supporting Resources:

Download the Federal Cyber Security Outlook 2010 Survey
View Interviews with Experts
Register for the Federal Cyber Security Outlook 2010 Survey Webinar
View the Optimal Security Blog for more insight into key survey findings

Lumension Partners with Citrix to Advance Desktop Virtualization Security

Tue, 30 Mar 2010 00:00:00 GMT

Lumension, a global leader in endpoint management and security, today announced it has forged a new partnership with Citrix Systems, a leading provider of virtualization, networking and cloud computing technologies, to extend its leading-edgeLumension® Endpoint Integrity Service (EIS) to Citrix customers. As insecure applications and software plaguing organizations with newly introduced vulnerabilities, the new partnership will allow Citrix users to validate endpoint software integrity by definitively identifying compromised or unapproved software before being deployed in Citrix desktop virtualization environments to further eliminate risks.

The collaboration between Lumension and Citrix will empower users to gain access to Lumension’s in-depth, comprehensive library of digital signatures and applications to ensure customers are fully protected to handle the rapidly changing landscape as well as use the Lumension EIS within a Citrix XenDesktop® or XenApp™ environment. Further, Citrix will join a powerful community that includes Microsoft to contribute its hash metadata into Lumension’s EIS repository, which is consistent with Lumension’s method of received application hashes directly from the software publisher to ensure provenance, and that the application is being delivered from a trusted source.

Lumension EIS is a cloud-based service that enables Internet Service Vendors (ISVs) to determine software integrity and authenticity by providing software validation to endpoint security products and solutions. Lumension EIS is designed to support a wide range of advance security solutions such as software policy compliance, application whitelist audit and enforcement, security configuration validation and drift avoidance, software license and security management as well as change control process enforcement. Additionally, Lumension EIS includes the following:

Provides key information necessary to validate the integrity of software for both operating systems and applications running on endpoints (servers, desktops, laptops, and virtual machines).
Leverages relational intelligence from Lumension’s industry-leading security content database (which includes security configuration, vulnerability and patch management information, and over 2500 harmonized controls across 400 regulatory compliance requirements), to facilitate truly seamless updates within highly secure (“locked down” or “whitelist enforced”) IT system environments.

“While desktop virtualization enables tremendous levels of business agility, it doesn’t eliminate the security risks posed by hackers and malware,” said Rich Hlavka, senior vice president of business development for Lumension. “This partnership with Citrix provides its customers the added security blanket they need in today’s dynamic threat environment to stop any unknown applications or software from executing, and only allowing trusted ones to run. As one of the first vendors to the market our comprehensive endpoint integrity service, Lumension is proud to be able to offer a more sophisticated approach to application whitelisting and trusted change management for Citrix users by verifying that all applications are in pristine condition. We believe this service will be critical and foundational to every organization’s security program – in ensuring software and applications are up-to-date with all relevant patches from vendors before deploying them in their environments.”

“As a key player in the virtualization space, the collaboration with Lumension will help Citrix ensure optimal virtual desktop and application performance while increasing security and compliance across the board,” said Kurt Roemer, chief security strategist, Citrix. “Further, the participation with the Lumension EIS will help customers build more trust in virtualized environments while at the same time ensure that their operating systems are fully protected with an application control-based approach. Contributing metadata in the Lumension’s EIS repository will allow for a centralized trusted source.”

For more information on how you can include validation information for your software products or understand how EIS can enhance your security or systems management software click here.

Resources:

Lumension Delivers Enhanced Power Management Capabilities for Reduced IT Energy Consumption

Tue, 02 Mar 2010 00:00:00 GMT

With the budget pressures of today’s economic environment, more organizations are realizing that their greatest opportunity to reduce utility costs lies in more efficient power management across their IT environments. According to Gartner research, organizations actively employing some form of IT power management can expect to save $43,000 dollars per year, compared with an unmanaged 2,500-PC organization.¹ The challenge for many organizations is that IT environments are extremely complex and power management policies can be burdensome if they are not centralized or enforced.

To help enterprises address the growing concern of energy consumption costs, Lumension, the global leader in endpoint management and security, today introduced Enhanced Power Management capabilities with distributed Wake-On-LAN directly added as core functionality to the Lumension® Endpoint Management and Security Suite.

“Much attention on power consumption has focused on the data center, but PC power consumption in an organization can also be significant,” said Charles Smulders, managing vice president at Gartner. “IT organizations should recognize that the greatest savings come from employing power management features not from switching off and unplugging PCs. They should investigate the power management capabilities of their PC life cycle management tools and PC power management point solutions to implement these policies and to better support management activities.”

Lumension’s Wake-On-LAN functionality delivers a distributed relay-based Wake–on-LAN architecture that provides IT managers with full schedule control over maintenance windows enabling optimized remote management and configuration of endpoints during both business hours and evening/ weekend downtime. IT organizations can now automatically “wake up” powered down machines during off hours, apply all required patches and policies and then allow the affected machines to power down according to centrally managed power policies. This capability helps IT to eliminate blind spots in ongoing network maintenance and ensures that offline machines receive critical system updates, while not negatively impacting business productivity.

Lumension® Content Wizard enables organizations to centralize and simplify the creation and deployment of endpoint power management policies. By deploying an enterprise-wide endpoint power management policy, companies can reduce their overall power consumption and carbon footprint. Enhanced power reporting capabilities will also be added to help IT departments demonstrate power and carbon footprint savings across all monitored endpoints.

“Today, more than ever, organizations are looking for ways to operate more efficiently, but they are unable to take full advantage of energy cost savings across their PCs when power management is not centralized or easily enforced,” explains Paul Zimski, vice president of solution marketing, Lumension. “This oftentimes results in a struggle between security and operations as proponents of system maintenance and cost optimization duke it out. Through Lumension’s Enhanced Power Management Capabilities, organizations can now better optimize IT energy efficiency by dramatically reducing power consumption while reducing overall IT security risk.”

Key Benefits of Enhanced Lumension Power Management Capabilities Include:

Centralized Endpoint Power Management Policy Wizard: Allows organizations to create and centrally manage “Green” policies across complex environments while dramatically reducing power and carbon consumption, disruption to user productivity, or additional costs for power-management point products.
Hours of Operation Maintenance Windows: Improves IT operational energy efficiency and business productivity by automatically waking up offline machines for maintenance and system updates during off-peak hours.
Enhanced Wake-on-LAN: “Wake Now”: Organizations can improve their security posture with Lumension’s promotable agent architecture which allows any agent to be easily converted and act as a relay to broadcast WOL packages throughout your IT environment. Devices can be commanded to “wake up” at any given time to deploy highly critical patches or urgent software updates.
Power Consumption Reporting Functionality: Organizations will be able to monetize the effect of the power management policies with integrated power savings reports. These reports can be used to take advantage of potential power savings rebates, available from local power management companies or for showing a reduction in the overall carbon footprint.

Through these new capabilities, Lumension Endpoint Management and Security Suite helps IT organizations optimize energy consumption and costs, improve business productivity and simultaneously reduce IT risk across their endpoint environment. Lumension Enhanced Power Management Capabilities will be demonstrated at RSA 2010, booth 923 from March 1-4, 2010 in San Francisco, CA.

Multimedia:

1. Gartner Research, PC Power Management Activation Leads to Significant Power and Cost Savings, January 2009

Lumension Enhances Compliance and IT Risk Management Solution for Greater IT GRC Efficiency

Mon, 01 Mar 2010 00:00:00 GMT

Executives around the world are looking for ways to converge their company’s disparate governance, risk and compliance initiatives, improve risk management, and reduce costs. A recent survey (February 2010) conducted by KPMG indicates that 64 percent of executives consider convergence of GRC projects a top priority. To help organizations and agencies effectively manage IT risk and cut costs through a centralized approach to compliance and IT risk management, Lumension, the global leader in endpoint management and security, today unveiled the latest version of Lumension® Risk Manager v4.1, part of the Lumension Compliance and IT Risk Management Solution. Lumension Risk Manager is designed to help organizations demonstrate continuous compliance and improve their security posture through a framework that automates audit workflows, harmonizes controls with policy requirements, and remediates key risk areas.

Further, through its partnership with Network Frontiers’ Unified Compliance Framework, Lumension extends its support for over 420 regulatory requirements with 26,320 citations mapped to over 2,500 harmonized controls by including Security Breach Notification Laws, Health Information Technology for Economic and Clinical Health Act, and FTC Red Flag Rules.

“Many times organizations can feel like they’re suffocating under a blanket of so many compliance rules and regulations. They feel constant pressure to demonstrate compliance with limited budgets and resources for recurring compliance projects,” said Jeff Hughes, director of solution marketing for IT GRC, Lumension. “Organizations cannot afford to take a scattered approach to compliance; reacting to every new compliance mandate with another new product or procedure. They need a focused compliance solution that centralizes compliance and IT risk management by bridging and streamlining disparate compliance programs, controls, policies and procedures while reducing redundancies.”

Enhanced Key Benefits of Lumension Risk Manager:

Expanded Controls Coverage/Intelligent Assessments: LRM 4.1 includes integration with the Unified Compliance Framework (UCF) database updates that include additions to the UCF database around State Level Security Breach Notification Laws and FTC Red Flag Rules.
- By utilizing the UCF, Lumension’s patent pending risk intelligence engine automatically identifies critical controls needed to achieve compliance and secure any IT asset. Controls are assessed once across and reported across all regulations, saving time and consolidating compliance projects.
Actionable Remediation and Alerting: Through its enhanced tracking and notification features, LRM 4.1 can assign mitigation efforts to business owners and track ongoing remediation progress. LRM improves operational workflows, automatically updating assessment scores and giving administrators clear visibility of progress made towards compliance and remediation activities. Email notifications can alert administrators when levels of compliance have changed or surveys are past due.
Expanded Flexibility & Automation through the Lumension Connector Development Kit: Most IT GRC companies provide limited integration to third-party systems. Lumension Risk Manager’s open connector ecosystem allows scan and inventory data to be imported from virtually any database system. Customers and consultants can use the Lumension Connector Development Kit to create custom connectors and import data from their network scanner, asset inventory system and other databases.
Exception Management: Helps administrators produce more realistic risk and compliance scores where there are certain exceptions that have to be made for circumstances unique to the network. This gives security professionals greater flexibility to make exceptions where needed and allows them to approve, reject or create exceptions from scratch.

Lumension Risk Manager is now available. For more information, please click on Lumension Risk Manager.

To find out how Lumension Compliance and IT Risk Management Solution addresses compliance requirements such as PCI DSS, click to view our On-Demand Demo.

Lumension Unveils Intelligent Application Whitelisting that Operationalizes a Proactive Endpoint Security Approach

Tue, 23 Feb 2010 00:00:00 GMT

Shift happens. In today’s dynamic threat environment, more sophisticated and targeted malicious threats continue to rapidly increase, plaguing organizations worldwide. There has been exponential growth in known malware that now exceeds 30,000 identified signatures each day. Web 2.0 technologies and the social business environment of today’s workforce has introduced unprecedented levels of unknown malware, and IT risks that traditional threat-centric endpoint security approaches (i.e., blacklisting) technologies were never designed or intended to protect against. While more effective proactive security approaches (i.e., application whitelisting) have been used in limited pockets for critical locked-down systems, these solutions have been limited in their ability to adjust to the dynamic needs of today’s business environment.

To ensure effective endpoint protection in today’s increasingly connected and “always on” business arena, organizations must now look beyond traditional threat-centric models and more towards effective endpoint security approaches. The focus is no longer on identifying the known bad, but rather on identifying the known good, and managing change based on trust.

“Organizations are at risk from malware that targets user data and settings, rather than system files,” said Neil MacDonald, VP and Gartner Fellow, Gartner Research. “Application control solutions address these issues and provide organizations with more flexibility and granularity for all users regarding the applications that can and cannot be run. Users can be left running as administrators, allowing them to update client software as needed, including Web applications. Software that’s detrimental can be automatically blacklisted, but resources may be needed to keep the list current.”

To address these emerging endpoint security requirements, Lumension, the global leader in endpoint management and security, shifts the industry debate away from Blacklisting vs. Whitelisting with the unveiling of Intelligent Whitelisting as part of its Lumension® Endpoint Management and Security Suite, the first integrated solution to enable IT organizations to meet endpoint and application risks head on without the operational headaches of traditional application whitelisting.

Lumension’s Intelligent Whitelisting focuses on leveraging the best of both blacklisting and whitelisting approaches to deliver a more effective and operational endpoint security solution that meets the needs of the organization without impacting employee productivity. The approach extends beyond simply looking for malicious threats; rather, it determines whether change should be allowed to occur in the IT environment by providing the necessary control to define and enforce security policy without disrupting business operations.

“In the past, traditional application whitelisting approaches were a challenge because it was nearly impossible to anticipate and manage the changing needs of the business. This relegated traditional application whitelisting solutions to very static environments like Point-of-Sale (POS) or server environments where there isn’t a lot of change taking place,” said Patrick J. Clawson, Chairman and CEO, Lumension.“As a result, companies were left with two choices: a reactive endpoint security approach that was efficient but ineffective, or a proactive approach what was very effective, but not operational. Nobody was focused on how to bring the best in both approaches together, and manage change in a way that would better meet the needs of the business.”

Lumension’s Intelligent Whitelisting solution is centered on a rules-based trust engine that can define what types of change is acceptable. By setting up rules around how change can be introduced, rather than focusing solely on what kinds of change should be stopped, a balanced and more effective operational model of endpoint security management can be achieved. Lumension’s Intelligent Whitelisting Solution accomplishes this by integrating Lumension® Application Control together with Lumension® AntiVirus and a trusted change management model. This enables IT organizations to work across a very simple yet effective unified workflow:

Clean IT: Using Lumension’s integrated anti-malware technology (Lumension AntiVirus) IT administrators can scan the IT environment for any known malware. With potentially more than 50 percent of existing systems having some form of malware on it, this time-tested approach ensures that production systems are as clean as possible. Once existing malware is identified, it is automatically removed.
Lock IT: With Lumension’s Easy Lock Down technology, a “snapshot” of the entire system is taken and a whitelist is automatically created. From this point on, nothing new is allowed to execute without first proving that it’s wanted and trusted.
Trust IT: Utilizing Lumension’s Trusted Change Manager, IT managers can quickly and simply identify the rules by which they want to manage and introduce change into their whitelisted environment. Change can come from many sources, including application vendors, trusted software updaters, trusted locations and even trusted users. Lumension’s trusted change policy can be as flexible or tightly controlled as needed by the organization.

Lumension’s Intelligent Whitelisting solution has eliminated traditional operational friction associated with maintaining application whitelists, and ongoing patch management by automatically updating the whitelist manifest each time a patch is applied. IT managers no longer have to be concerned with maintaining the security level of their whitelisted environment, or manually managing the whitelist each time a patch is applied.

“Apart from the obvious endpoint security benefits, there are many operational benefits as well, explains Paul Zimski, vice president of solution marketing, Lumension. “Intelligent Whitelisting allows IT to create and maintain a clean ecosystem through an automated, yet flexible, trust model where IT management can automate better risk-based decisions about what can be introduced into an IT environment, who is introducing it, and whether or not they should be allowed to introduce it. This added change management capability will go a long way in reducing the operational headaches encountered by IT managers due to user-introduced change in their IT environments. As a result, not only will overall security posture be enhanced, but reduced endpoint TCO can also be achieved.”

As part of the Lumension Endpoint Management and Security Suite, endpoint TCO and productivity is enhanced as the Intelligent Whitelisting workflow is managed through a single console and deployed on a single server, single agent architecture. Lumension can also enable the use of existing non-Lumension anti-malware and patching solutions while still deploying its intelligent whitelisting capabilities, thus offering a non-disruptive solution to the customer.

Lumension’s Intelligent Whitelisting solution will be showcased at the RSA Conference 2010, booth 923 on March 1-4 in San Francisco, CA.

Multimedia:

Lumension Issues Best Practice Patch Management Survival Guide to Reduce Overall Endpoint Security Risk

Thu, 11 Feb 2010 00:00:00 GMT

Patch management continues to be the first and last line of defense against existing exploits and the speed of assessment and deployment of security patches across your complex IT infrastructure is key to mitigating risks and remediating vulnerabilities. As the world’s largest vulnerability management solution provider, Lumension, the global leader in endpoint management and security, has identified best practices approach to help organizations effectively and efficiently manage their patching process.

The need to speed up patch deployment across today’s highly complex IT environment has never been more important. The heat is on to proactively safeguard your systems and endpoints from the newest exploits as the time it takes hackers to exploit a known vulnerability continues to shrink. Using patch management as the principal component of your risk mitigation strategy and taking prudent measures to establish a best practices approach can help reduce costs and risks in the long term.

In the whitepaper titled “Four Steps to Cure Your Patch Management Headache,” Lumension outlines the best practices approach organizations need to take to elevate their patch management process:

Laying the ground work
A week before Patch Tuesday
On Patch Tuesday
After Patch Tuesday

“The bad guys learned long ago that organizations are doing a poor job of patching their systems and have taken advantage of the opportunity that these vulnerabilities present,” said Paul Henry Security and Forensics Analyst, Lumension. “Unfortunately the reaction time of patching has not kept pace with aggressive hackers, leaving organizations dangerously exposed with outdated patch management and lifecycle programs. To combat this, we thought it was critical to create a checklist for organizations to better prepare their IT environments in a phased, four-step approach.”

Supporting Resources:

Free 30-day trial of Lumension Vulnerability Management Solution.

Lumension Launches New EBook, "Shift Happens: The Evolution in Applicaton Whitelisting"

Tue, 09 Feb 2010 00:00:00 GMT

Shift happens. The threat landscape has changed for the worse as evidenced by the recent highly publicized attacks by hackers who used sophisticated methods to steal core intellectual property from Google, Adobe, and other high profile companies. Cyber criminals have become more agile than ever, insiders have increasingly taken advantage of trust and new Web 2.0 technologies have given both parties open access to sensitive data stores. Traditional technologies such as antivirus and firewalls can no longer act as the mainstay of modern security programs. The year 2009 was believed to be the tipping point of a cybercrime epidemic in which more malware was identified than any other time in the history of computing. With current growth rates of malware, it is feasible to see billions if not trillions of malware signatures within the span of a few short years. Organizations must begin to shift from a threat centric approach where the focus is on stopping what is known to be bad, to a trust centric model where the focus is on protecting what is known to be good and trusted in order to achieve greater intelligence around endpoint risks. In doing so, organizations will better eliminate risk, reduce complexity, lower TCO and improve overall endpoint security and compliance posture.

Lumension, the global leader in endpoint management and security, today unveiled a new eBook titled, “Shift Happens: The Evolution in Application Whitelisting.” The eBook is designed to arm security professionals with a better understanding of the new endpoint security risks to confidential data and proprietary systems and why organizations must make a shift away from traditional approaches to endpoint security models and look to adopt a trust centric model with application whitelisting.

“Whitelisting may be perceived as a new novel idea, but the old oak trees of IT security will tell you that it is hardly a new approach to shoring up systems,” Paul Zimski, vice president of solution marketing, Lumension. “The shift in the threat landscape, sophistication of hackers, and growing insider risks to intellectual property and proprietary systems is forcing organizations to re-evaluate and assess the effectiveness of their current IT security strategy and to look at the key benefits of application whitelisting. The latest generation of application whitelisting technology offers a quantum leap of protection and reduced operational costs without stifling productivity and, it’s easy to implement.”

The new eBook unveils how a fundamental shift in the threat landscape and the evolution in whitelisting technology enables organizations to benefit within static environments, but also reveals how current and future advances in the technology make whitelisting operationally feasible even within dynamic business environments.

To download the free eBook, click on Shift Happens: The Evolution in Application Whitelisting.

Multimedia:

Lumension Rallies Employees to Raise Money for the Haiti Earthquake Relief Effort

Tue, 02 Feb 2010 00:00:00 GMT

Lumension, the global leader in endpoint management and security, today announced the company has raised $10,000 to aid in the Haiti earthquake relief effort. To help raise money for Doctors Without Borders, a highly respected international medical humanitarian organization working around the clock to deliver vital medical supplies to the affected areas and help victims, Lumension launched a raffle contest by giving away a vacation package for two. The company also committed to a matching contribution, which in total raised $10,000 for Doctors Without Borders.

“We recognize the urgency of the matter and the immediate need to help the suffering victims and their families in Haiti,” said Lumension Chairman and CEO Pat Clawson. “When we first got word of the events in Haiti, we were deeply moved. We sent out a call to our employees and executive team to help in the Haitian relief effort, and amazingly, they came together to really answer that call. We have a great team who understands the global issues impacting every facet of our society, and their generosity is overwhelming. We want to do anything possible to help make a dent in this relief effort.”

“In life there are events that inspire and ignite us all, regardless of our background, profession, religion or ethnicity,” said C. Edward Brice, senior vice president of worldwide marketing. “The recent tragedy in Haiti was one of those events that sparked something in us to act and lend a helping hand for a worthy cause.”

Lumension and Shavlik Technologies Announce Resolution of Patent Dispute

Tue, 05 Jan 2010 00:00:00 GMT

Lumension Security, Inc., the global market leader in endpoint management and security, and Shavlik Technologies, LLC, the market leader in the simplification of complex enterprise network configuration, compliance and security, are pleased to announce that they have reached a settlement of their patent dispute.

The dispute centered on the validity of U.S. Patent No. 6,990,660, or the “‘660 Patent,” which Lumension obtained to protect the proprietary patching technology found in the Lumension® Patch and Remediation line of products. Both Lumension and Shavlik filed separate reexamination requests with the U.S. Patent and Trademark Office (“PTO”). Lumension amended the ‘660 Patent as a result of these reexamination requests, and in May of this year, the PTO issued an Ex Parte Reexamination Certificate to Lumension, finding that more than 50 of the amended claims of the ‘660 patent were considered patentable.

Pat Clawson, chairman and CEO of Lumension, stated, “We are pleased by the PTO’s conclusions regarding the patentability of our core patching technology, and ultimately satisfied with the results of our settlement with Shavlik.”

Mark Shavlik, CEO of Shavlik Technologies, commented, “This dispute had become a distraction to building on the success of Shavlik’s businesses and we are happy to be moving forward with this issue resolved.”

Per the terms of the settlement, both Shavlik Technologies and Lumension will continue to market their full range of products. By mutual agreement, details of the settlement are confidential.

KACE™ Eliminates "Patch Tuesday Wipeout" with Strengthend Endpoint Security Solution

Tue, 08 Dec 2009 00:00:00 GMT

KACE, the leading systems management appliance company, now offers expanded security capabilities for addressing new vulnerabilities with integrated endpoint security support for Windows 7 and Mac OS 10.6, including easily automated patching of key client applications, along with additional international language support that includes simplified Chinese and Japanese. KACE is the only vendor to include patching as a base component of an appliance PC life cycle management offering, delivering the most comprehensive integrated security solution to enterprises of all sizes.

Recent research shows malware attacks for 2009 peaked in October, a four-fold increase over the previous month. As the number of vulnerabilities increase and shift from the OS to applications, the challenge of keeping client-side software patched in a timely and effective manner is becoming increasingly difficult for IT organizations. To keep end users protected, application vendors are releasing ever-growing waves of patches, and some are doing so on Microsoft’s notorious “Patch Tuesday.” For many organizations, patching clients effectively and reliably is becoming a time-consuming and never-ending process, demanding a robust and dynamic infrastructure to ensure protection. With expanded patch management and fully automated detection and remediation, the KBOX™ family of systems management appliances helps organizations of all sizes stay ahead of incoming patch updates and ensure client security.

“The record number of cyber threats, along with the growing severity these threats pose underscore the need for vigorous protection of computer endpoints which are increasingly among the most vulnerable in a network,” said Rob Meinhardt, co-founder and CEO of KACE. “The KACE approach is designed to dramatically simplify the patching process while at the same time ensuring customers automatically receive the most up-to-date patches saving IT administrators time and their organizations money.”

Highlights of KACE’s strengthened integrated endpoint security solution include:

Broadened patch coverage depth – KBOX patch management now includes support for Windows 7, Windows Server 2008 R2, Mac OS 10.6 and a wide range of Microsoft, Apple and third-party applications;
Extended international language support for Japanese and simplified Chinese patch support for Windows;
Easy automated patching policies – critical patches are automatically released and can be applied across highly complex and distributed IT environments without the need for manual intervention, minimizing vulnerability remediation response times and always keeping systems up to date
Dynamic group policies – the KBOX appliance-based approach utilizes dynamic group policies for patch management integrated with inventory, assets and software distribution capabilities, enabling customers to efficiently maintain a broad endpoint security footprint.

“What has changed in the last few years is while organizations were ramping up their protection methods for their operating systems, the hackers have found a new fertile ground for attack – the application layer – to launch botnets, malware, blended threats and cyber attacks,” said Rich Hlavka, senior vice president of business development for Lumension. “While enterprises have large numbers of IT staff to proactively combat these new threats, small and medium sized business are challenged with remaining agile while building a defensive and in-depth approach with limited budget and resources. KACE offers a unique approach and business value, allowing organizations to optimize endpoint security while staying ahead of threats. KACE’s out-of-the box, comprehensive vulnerability management solution, which includes leading patch management capabilities from Lumension® Patch and Remediation, is easy to use and offers depth and breadth of coverage and protection for all major applications and operating systems.”

Join KACE and Lumension for a free webinar titled, “Avoid the Patch Tuesday Wipeout: Ride the Endpoint Patching Wave,” being held on Tuesday, December 15 at 10 a.m. PT/1 p.m. ET. Attendees will learn how a broad, reliable and easy-to-use implementation of patching can quickly and cost-effectively secure your organization. To register, go to: http://www.kace.com/resources/Avoid-Patch-Tuesday-Wipeout.

KACE saves its customers both time and money. Systems managers are increasingly forced to wear many hats throughout the day to work on a myriad of IT functions. KACE helps consolidate these functions by providing a single appliance for all projects, while delivering easy-to-use, comprehensive systems management that is affordable. The KBOX™ family of systems management and deployment appliances fulfills all of the systems management needs of an enterprise, from initial computer deployment to ongoing management and retirement.

Helpful Links

New Lumension Endpoint Management and Security Suite to Deliver End-to-End Endpoint Management Capabilities

Tue, 01 Dec 2009 00:00:00 GMT

Lumension, a global leader in endpoint management and security, today unveiled its new Lumension® Endpoint Management and Security Suite (LEMSS) that will be delivered as part of the Lumension® Endpoint Management Platform and enable organizations to optimize their security and compliance posture while achieving greater agility, performance and reduced TCO. Lumension Endpoint Management and Security Suite provides a holistic approach to managing endpoint security through its single, integrated Web console, extensible single agent architecture and comprehensive asset discovery to help organizations harmonize and streamline existing workflows while reducing overall complexity.

The core management and architecture of Lumension Endpoint Management and Security Suite delivers key enhancements across a powerful set of capabilities, including:

Redesigned and intuitive workflow-based management console for easier, smarter navigation
Enhanced asset discovery for full network visibility and continuous control
An extensible single agent architecture with improved, control and deployment
Advanced implementation support for remote SQL, Windows 2008, and Windows 7

The initial release includes two of the company’s leading product modules — Lumension® Patch and Remediation and Lumension® Security Configuration Management (SCM) with plans to release additional product offerings in 2010.

Lumension Patch and Remediation
Newly enhanced Lumension Patch and Remediation reduces corporate risk and optimizes IT operations by accurately and proactively eliminating vulnerability risks across all operating systems and applications. Lumension Patch and Remediation additionally delivers operational capabilities targeted at reducing the complexity and cost of endpoint management, including power policy management, software deployment and removal, desktop configuration templates and custom task scripting support. In addition, Lumension Endpoint Management and Security Suite key capabilities delivered in Lumension Patch and Remediation will include:

A single, intuitive management console for easy patch and remediation administration across multiple platforms, including Windows, Unix, Linux and Mac OS, as well as many other applications.
Visibility and control of both physical and virtual environments with effective management at a significantly reduced TCO.
Automated policy baselines to ensure that patches, configurations, remediations, and other custom and repetitive tasks are continuously and automatically enforced.
Policy enforcement to reduce desktop and system power consumption.
Integration with Network Access Control (NAC) solutions to remediate ‘non-compliant’ machines to a compliant state before granting access to the corporate network.

Lumension Security Configuration Management
Lumension Security Configuration Management ensures that endpoints are securely configured and in compliance with industry best practices and regulatory mandates. Lumension SCM provides continuous assessment of policy templates including Microsoft Windows Security Guides, NIST Special Publication 800-68, Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG), National Security Agency (NSA) and Office of Management and Budget (OMB) Federal Desktop Core Configurations (FDCC).

“According to a recent Worldwide State of the Endpoint Survey 2010 by the Ponemon Institute, three of the IT security risks for 2010 were insider risks, insufficient budget resources and increasing complexity due to the lack of integration between endpoint operations and security technologies,” said Mike Wittig, president and CTO of Lumension. “In the face of increasing pressure to drive efficiency, security and optimization, organizations are responding by adding on technologies to solve new threats and compliance issues. This proliferation of technologies continues to further increase technical complexity and costs.”

“Lumension’s charter is to provide a unique approach to endpoint management and security by unifying operations and security tools under a single architecture to help organizations manage IT risks, optimize security and compliance posture, and reduce complexity and costs.”

Lumension Endpoint Management Platform provides a flexible and scalable architecture that allows organizations to achieve lower TCO, greater agility and enhanced security and compliance posture through consolidation, optimization and automation. This new platform will deliver the following:

Trust-Centric Model for Comprehensive Endpoint Protection
Scalable, Single Agent Architecture Provides Agility and Efficiency
Enhanced Operations and Assurance via Unified Relational Content and Integrity Services
Lumension Endpoint Management and Security Suite for Reduced TCO and Complexity

Lumension is planning on delivering upgrade options to existing customers beginning in Q1 2010. For more information, please visit the Lumension Endpoint Management Security Suite.

Supporting Resources:

Lumension Endpoint Management Platform Strategy to Reduce Complexity, Enhance Security & Compliance, and Expand Visibility Across IT Operations and Security Functions

Wed, 18 Nov 2009 00:00:00 GMT

Lumension, a global leader in endpoint management and security, announced its comprehensive Lumension® Endpoint Management Platform (LEMP) strategy that will deliver tighter integrations and workflows across IT security and operations to help organizations optimize security and compliance posture, reduce technology complexity and decrease TCO. As part of this platform launch, Lumension will be releasing its Lumension® Endpoint Management and Security Suite (LEMSS), which includes initial product capabilities across integrated vulnerability management and security configuration management to deliver greater agility, security and compliance.

According to a recent Ponemon Institute survey commissioned by Lumension, titled Worldwide State of the Endpoint 2010, collaboration between security and operations is considered poor or non-existent by 53 percent of IT security and 38 percent of IT operations practitioners. Further, a majority of IT security and IT operations executives said they feel less secure today than a year ago as a result of complexities in disparate technologies. According to the survey findings, the top three challenges in endpoint management are improving security posture, reducing costs and decreasing complexity. Current challenges are compounded by the growing gaps within IT operations and security groups that have been slow to adapt to the evolving endpoint security risks and approaches, adding to the inflexible and high-risk IT environments that exist today.

The company’s strategy is underpinned by Lumension’s unique strength across its foundational assets in vulnerability management, application whitelisting, data encryption, device management, compliance and IT risk management, and security and operational content.

“Today’s security landscape has fundamentally shifted,” said Pat Clawson, Chairman and CEO of Lumension. “As financially motivated attackers continually develop increasingly clever and stealthy means of compromising systems and stealing confidential data, businesses need to wake up to the reality that the old threat-centric approach is no longer effective against a new generation of attacks. The industry’s traditional approach to IT security has remained the same — very threat-centric. Organizations continue to add to an existing stack of niche technologies to address individual threats and compliance issues, which only exacerbates the problem with limited risk visibility and policy enforcement, resulting in increasing overall TCO.

“Today’s approach requires a combination of things to be successful. First and foremost, organizations need to break down the silos between the security and operations groups and open up the channels of communication and visibility. By doing this, you can start to build a more holistic and collaborative approach to endpoint management and security by tightly integrating processes and policies with enabling technologies and people,” continued Clawson.

“Security vendors are starting to understand that they need ‘operations’ expertise and tools … to maintain increasingly complex Endpoint Protection Platforms,” said Peter Firstbrook, research director, Gartner Inc. “By 2011, leading enterprise endpoint protection platform and PC lifecycle management vendors will offer mature integrated security and operations tools. IT organizations should understand the benefits of these tools and develop a strategy for adoption. Operations tools that address more than just the security status of the EPP suite provide for a more holistic view of the potential attack surface of endpoints.”1

Lumension believes its Endpoint Management Platform will provide an agile and scalable architecture that allows organizations to achieve lower TCO, greater agility, and enhanced security and compliance posture through consolidation, optimization and automation. Lumension’s approach to endpoint management is centered on these key strategic areas:

Trust-Centric Model for Comprehensive Endpoint Protection

With the dynamic shift in the IT environment, organizations need to move from a threat-centric approach to trust-centric model. Lumension will focus on establishing a trusted ecosystem where all changes are analyzed against a dynamic “trust engine” around multiple variables such as trusted updater, installer and publisher. The result will be a convergence of protection leveraging blacklisting, whitelisting, trusted change and security configurations to ensure endpoints are protected from vulnerabilities and running in a trusted state that eliminates malicious or unwanted elements.

N-tier Architecture Provides Scalability, Extensibility, Agility and Efficiency

Lumension’s extensible platform architecture is expected to provide consolidated management infrastructure, visibility and control across highly complex, distributed IT environments. The Lumension Endpoint Management Platform will be designed to leverage common messaging and distributed service delivery to provide a wide range of modular products through a single promotable agent and management console. In addition to the consolidated delivery of both operational and security services for the endpoint, Lumension Endpoint Management Platform is planned to support distributed environments via flexible N-tier distribution services. Lumension expects the new architecture to provide customers with improved scalability, adaptability and ease of integration, allowing them to gain centralized visibility and real-time control across mobile and distributed IT environments.

Enhanced Operations and Assurance via Unified Relational Content and Integrity Services

Building off its recent announcement of the Lumension Endpoint Integrity Service and the company’s unique position in managing many different types of endpoint content — both operational- and security-oriented — Lumension plans to expand cloud-based content services, which will provide an intelligent approach to application identification and assurance while delivering impact analysis for endpoint operations and security decisions. Through this unified relational approach to content, the Lumension Endpoint Management Platform will be designed to proactively alert on the security impact of operational actions (such as new vulnerabilities introduced by newly deployed software) and the operational impact of security actions (such as operational impact to security configuration changes.)

Lumension Endpoint Management & Security Suite for Reduced TCO and Complexity

Lumension intends to deliver its Endpoint Management Platform capabilities through its newly integrated Lumension Endpoint Management and Security Suite, delivering a single integrated management console with solution capabilities that span operations, security and IT risk management to provide a comprehensive endpoint management solution that improves security and compliance posture while reducing overall IT risk and TCO. The unified and streamlined console workflow will provide centralized visibility and control, while reducing the overhead and complexity associated with multiple-point products and solutions.

Lumension’s modularly licensed suite capabilities are planned to include:

Endpoint Operations
Vulnerability Management
Endpoint Protection
Data Protection
Compliance and IT Risk Management

Lumension is scheduled to bring to market the first phase of its new platform strategy with the general availability of Lumension Endpoint Management and Security Suite in November 2009. This initial solution suite will include elements of Lumension’s single-agent architecture and two of its leading product modules (Lumension Patch & Remediation and Lumension Security Configuration Management) with plans to release additional product functionality throughout 2010.

To learn more about Lumension Endpoint Management Platform or Lumension Endpoint Management Security Suite, please visit Lumension® Endpoint Management Platform Strategy Overview.

1) Gartner Inc. "Operationalizing Endpoint Security" by Peter Firstbrook, July 31, 2009

Other Resources:

New Ponemon-Lumension Study Reveals Companies Slow to Adapt to Changing Security, Technology Environment

Tue, 17 Nov 2009 00:00:00 GMT

The adoption of mobile devices, cloud computing and collaborative technologies is happening faster than companies are able to adapt security policies, resulting in greater risk to sensitive corporate and personal data, according to Worldwide State of the Endpoint 2010, a new Ponemon Institute study commissioned by Lumension. Insufficient resources and a lack of C-level support for security initiatives were cited among the reasons for these shortcomings.

Key Findings:

56 percent of individuals surveyed said mobile devices are not secure, representing a risk to data security;
49 percent of individuals surveyed said data security is not a strategic initiative for their companies;
48 percent of individuals surveyed said their companies have allocated insufficient resources to achieve effective data security and regulatory compliance;
47 percent of individuals cited a lack of strong CEO support for information security efforts as a reason for ineffective data security programs; and
41 percent of individuals said there was a lack of proactive security risk management in their organizations.

Key Insights:

The Worldwide State of the Endpoint 2010 study was conducted to better understand how emerging technologies, such as Web 2.0, mobile computing and the “consumerization” of IT – the accommodation and integration of employee-owned mobile devices within the corporate enterprise – are affecting business environments and how organizations are managing security risks across IT operations and security; and,
Significant perception gaps exist between IT security and IT operations professionals related to the complexity of security technologies, misalignment of IT and business objectives, technology integration, and employee skill and knowledge.

Other Findings:

44 percent of organizations subsidize or plan to subsidize employees’ mobile devices, 40 percent of organizations say employees can connect their own devices to the company network, and 26 percent have policies permitting employees to connect their own devices to the company network;
31 percent of respondents said collaboration between IT security and IT operations was non-existent;
72 percent of respondents view negligent insiders as a top security threat heading into 2010; and,
The five most important features for managing endpoint security were identified as:
- Anti-virus and anti-malware technology (80 percent)
- Whole disk encryption (70 percent)
- Application control (69 percent)
- Patch and remediation management (68 percent)
- IT asset management (61 percent)

Supporting Quotes
Patrick J. Clawson, chairman & CEO, Lumension

“This year’s Ponemon Survey reinforces the need for IT security and IT operations practitioners to continually look for better alignment points within their organizations. It’s clear that the level of collaboration between these two groups is still very poor and, as a result, organizations are still grappling with how to most effectively manage and protect their endpoints.”
“For organizations to feel truly secure in 2010, two things need to happen, in my opinion. One — organizations need to address the growing endpoint complexity that has been exacerbated by point technologies. Central to this would be to look at adopting an endpoint platform- or suite-based approach where several technologies can be integrated and operation and security functions can be addressed with greater efficiency. And two, organizations must think about how to generate greater convergence across their IT operations and security functions for better communication, collaboration and visibility in order to better optimize security to address risks. Threats to the endpoint are not going to disappear in 2010, so it’s time for organizations to be more aggressive, more proactive and much more collaborative.”

Larry Ponemon, chairman and founder, The Ponemon Institute

“The State of the Endpoint provides still more evidence that companies are racing to adopt new technologies faster than they can understand their impacts on data security and develop effective use and integration policies. As a result, networks are growing more and more complex, making the task of securing sensitive data more and more difficult.”
“Endpoint security has always been a challenge, but the State of the Endpoint has identified the factors IT professionals say are responsible for their biggest headaches. Not surprisingly, a lack of CEO support and insufficient resources are among the culprits.”

Methodology:

The Worldwide State of the Endpoint 2010 was derived from a survey of 1,427 IT security practitioners and 1,582 IT operations professionals across the U.S., Germany, Australia, New Zealand and the UK who have active responsibility for their data security and compliance efforts.

Supporting Resources:

Download the Worldwide State of the Endpoint 2010 Survey
Follow us on Twitter
Visit the Optimal Security blog for more insight into key survey findings
View the Worldwide State of the Endpoint 2010 webinar

Lumension Announces General Availability of its Data Protection Solution for Microsoft System Center and Joins Microsoft System Center Alliance

Mon, 09 Nov 2009 00:00:00 GMT

Lumension, a global leader in endpoint management and security, today announced the general availability of Lumension® Device Control for Microsoft System Center (DCSC) to enable users to protect corporate data while reducing operational costs. Through Lumension DCSC, Microsoft System Center customers can utilize Lumension’s advanced data protection capabilities to centrally deploy, manage, enforce and monitor device access, file transfer and encryption policies while reducing implementation costs. In addition, Lumension has joined Microsoft System Center Alliance to demonstrate its commitment to providing advanced security solutions for System Center customers.

With Lumension DCSC, System Center customers can minimize data leakage by controlling removable storage device usage, preventing unauthorized devices from connecting to the network, automatically encrypting and monitoring critical data, and preventing malware infection via USB devices. Lumension DCSC integrates into the System Center Configuration Manager 2007 environment, eliminating the need for a separate server console and leveraging already-established system and user groups. This allows faster device/port control deployment, reducing the acquisition and implementation costs related to “server sprawl” and associated training costs.

“Our participation in the Microsoft System Center Alliance validates our commitment to nurturing and growing this community of innovators,” said Rich Hlavka, senior vice president of business development, Lumension. “The majority of data breaches and leaks of sensitive company information today are inside jobs. Through our work with Microsoft, we are extending proven data protection solution on the market to System Center customers. By doing this, we take away the burden of having users purchase a separate console or adding new administration overhead to the already-stressed IT staff. They can leverage their current investment and add layers of defense to safeguard their crown jewel.”

“We are pleased to welcome Lumension to the Microsoft System Center Alliance, and we are excited about the opportunity to collaborate on future solutions that will benefit System Center customers,” said JD Marymee, director of strategic partner alliances, Management and Services Division at Microsoft Corp. “Our work with Lumension provides our customers with powerful endpoint security options for securing data and ensuring privacy and confidentiality with System Center.”

In conjunction with engaging the Microsoft System Center ecosystem, Lumension is expanding its channel partner program to include Microsoft partners with System Center expertise. Lumension DCSC will enable System Center- partners to provide customers with a new solution to protect their sensitive data in a cost effective manner.

Availability:
Lumension DCSC is now available. For more information, please visit Lumension® Device Control.
For a free trial of the award-winning Lumension Device Control technology, please click on Free Eval.
Resources:

More about Lumension® Device Control for System Center
System Center Alliance
Optimal Security Blog
Twitter

Lumension Provides Enhanced Endpoint Protection and Support for the Latest Windows Platforms

Mon, 09 Nov 2009 00:00:00 GMT

News Facts

As businesses ready their IT environments for the migration to Windows 7 and Windows 2008 Server R2, Lumension, a global leader in endpoint management and security, understands the complexities and costs associated with migration to the new Windows platform.
To prepare organizations for the migration to Windows 7 and Windows 2008 Server R2, Lumension is delivering enterprise-ready solutions to support the new Windows platform and servers, while providing the critical information necessary to properly and successfully migrate enterprise-wide.
To best prepare its customers for the Windows 7 & Windows 2008 Server R2 migration, Lumension conducted a survey of its existing customers to better understand their migration plans and align internal Windows support efforts accordingly.
According to its survey, only a small portion of Lumension customers said they have immediate plans to deploy Windows 7, but a significant portion, at 32 percent, plan to deploy within 12 months.
Further, according to Lumension’s recent survey, 26 percent of customers have immediate plans to deploy Windows Server 2008 R2, while a total of 58 percent said they plan to deploy within 12 months, resulting in the new server adoption rate projected at almost twice the new workstation adoption rate in the enterprise.
According to InformationWeek Analytics Windows 7 survey, two-thirds of the 669 respondents with Windows 7 deployment plans cite the operating system’s new features as the primary driver or a contributing factor to migration. Yet, key Windows 7 features, including DirectAccess, BranchCache, improved search, power management and better offline folder access, depend on 2008 R2 server functionality.

Key Windows 7 Ready Solutions

Following a thorough assessment of its customer base on their plans for Windows 7 and Windows Server 2008 R2 adoption, Lumension has taken critical steps to ready and enable organizations to successfully migrate Lumension solutions to the new Windows platforms.
To that end, Lumension’s support for Windows 7 and Windows Server 2008 R2 includes its Lumension® Patch & Remediation, Lumension® Security Configuration Management, Lumension® Content Wizard, Lumension® Application Control, Lumension® AntiVirus and Lumension® Device Control to help organizations manage critical risk while proactively protecting vital information.
Lumension plans to extend support for Lumension Patch and Remediation v6.4 and Lumension® Scan to ensure compatibility with Windows 7 and Windows Server 2008 R2 in the next 90 days to ensure seamless support for customer migration goals.

Supporting Quote

Dee Liebenstein, VP of Product Management for Lumension
- “Our charter at Lumension has and continues to be focused on arming our customers with the solutions that fit their needs at the right moments in time. To ensure that our customers are fully prepared for the Windows 7 and Windows Server 2008 R2 migrations, we conducted an end-user survey to better understand their migration plans so that we could align with their needs, versus the alternative. As a result, we feel confident that our support of the new Windows platforms will further strengthen our customers’ security posture while lowering TCO associated with optimal endpoint management and security.”

Supporting Resources:

Lumension Delivers Additional Defense-In-Depth Layer with New Antivirus Solution for Comprehensive Endpoint Protection

Tue, 27 Oct 2009 00:00:00 GMT

News Facts:

As the sophistication of malware continues to increase, coupled with the expansion of Web 2.0 technologies and increased browser-based risk, malicious code is on the rise. More than 21 million unique instances of malware have been identified, and that number continues to grow exponentially.¹
To combat this, organizations need a comprehensive endpoint protection strategy that employs multiple techniques to identify and block both known and unknown malware and zero-day exploits.
To give IT administrators a solid view into both the known and unknown or dormant malware threats that exist, Lumension, a global leader in endpoint management and security, today unveiled Lumension® AntiVirus, a complementary technology to its whitelisting-based solution, Lumension® Application Control.
Combined with Lumension’s other endpoint protection capabilities, Lumension AntiVirus provides the protection against blended attacks needed to safeguard Windows-based endpoints, which are often the prime targets for malicious attack.
The combination of Lumension AntiVirus plus Lumension Application Control provides a total defense in-depth strategy– which helps customers address zero-day threats by blocking installation of unknown files on endpoints with malware quarantine and removal approach to provide multi-dimensional protection against current and future malware threats.
Taking this layered approach, enterprises now have more flexibility to achieve strong and comprehensive endpoint protection using complementary solutions from Lumension.

Key Features of Lumension® AntiVirus

Antivirus (AV) protection – provides in-depth signature matching to recognize, block and remove viruses, worms, Trojans and other varieties of malware.
Antispyware (AS) capability – protects against malicious spyware such as keyloggers, hijackers, rootkits and other malicious software that jeopardizes organizational IT security and/or network performance.
DNA Matching and SandBox – DNA Matching identifies fragments of malware code that are often reused in new variants and attacks; by identifying this remnant malware code, LAV can prevent new variants without relying on a full signature match. The LAV SandBox executes suspect code in a fully virtual environment to explicitly identify malicious behavior; this behavior-based approach to malware protection offers a powerful layer of security against new and unknown attacks not available in signature-only models.
Exploit Detection – detects and quarantines hidden or embedded malware inside of disguised files and documents to provide a protective layer against malicious attacks disguised as legitimate files (e.g., an executable in a PDF file).
Comprehensive Cleaning Functionality - ensures that any detected malware is removed or quarantined and not allowed to remain on network assets.

Supporting Quotes

Mike Wittig, President and CTO, Lumension
“While no current antivirus solution is 100 percent effective at combating signature-based attacks, there is a definite value in incorporating AV into an overall endpoint protection strategy. By bringing together the signature-based blacklisting and behavioral approaches of Lumension AntiVirus with our existing whitelisting technology, we are able to extend the level of protection with a truly multi-dimensional approach to endpoint protection. Adding Lumension AntiVirus to the endpoint security arsenal allows us to provide organizations with a multi-layered approach to endpoint protection all from a single vendor without all of the hassle of managing disparate technologies.”

Eric Ogren, Principal Analyst, Ogren Group
“As the explosion of viruses and data-stealing crimeware continues to wreak havoc on corporate networks, IT administrators need to take an increasingly more proactive and blended approach to endpoint protection. Lumension now offers solution layers that close system vulnerabilities, identify and remove attacks, and protect against malware from Web 2.0 threats. Organizations that adopt such a coordinated defense will be better-suited to protect against threats, keeping their network, endpoints, and business resistant to the daily influx of newborn malware.”

Supporting Resources:

More about Lumension AntiVirus
Relevant whitepapers:
- The Past, Present and Future of Whitelisting
Follow us on Twitter
Learn more about the Optimal Security blog

Lumension AntiVirus is available today. For more information, please visit Lumension AntiVirus.

New York City Department of Housing Preservation & Development Achieves High Level of Endpoint Security and Results with Lumension

Wed, 21 Oct 2009 00:00:00 GMT

As one of the largest municipal developer of affordable housing in the nation, the New York City Department of Housing Preservation and Development (HPD) has provided more than $6.3 billion to support the repair, rehabilitation and new construction of hundreds of thousands of housing units. Ray Jacob, serving as the agency’s Director for Network & Systems Management during the past ten years, is responsible for managing IT infrastructure development and overall IT security strategy. In the last five years, he’s witnessed an increased need to address security at multiple endpoints on the network and knew that implementing the right patch and vulnerability management solution was key to centrally managing endpoint risk and protecting vital information given the continued rise in data theft and the never-ending stream of vulnerabilities that exist today.

As a result of HPD’s deployment of Lumension® Vulnerability Management which consists of Lumension® Patch and Remediation and Lumension® Content Wizard (formerly PatchLink Developer’s kit), Jacob’s IT staff has more time to spend on projects that directly improve doing business, rather than being bogged down hunting risks and remediating breaches. Through the combined solutions, New York City Department of Housing Preservation and Development is able to rapidly and accurately assess risk and remediate unpatched vulnerabilities in a timely manner across a distributed environment. Jacob also credits Lumension, in part, with a reduction in help desk calls, which are down about 75 percent from a few years ago.

“You have thousands of workstations, so that’s thousands of endpoints where vulnerabilities could hurt you says Ray Jacob, director for network and systems management, NYC HPD.” “Without a vulnerability management solution to protect those endpoints, what exists is a gaping hole. Having Lumension in place gives us a very high level of confidence in that area; that confidence is supported by the positive results we’ve experienced in the last several years.”

NYC HPD deployed Lumension® Patch and Remediation for automated vulnerability management in 2004 to protect its IT environment from the latest threats and reduce IT risk exposure. To address its software updating concerns, HPD deployed Lumension® Content Wizard in 2009 as a means to push software enhancements and applications out to each of its workstations.

Supporting Resources:

For a free 30 day trial of our award-winning Lumension Vulnerability Management, please click on FREE EVAL.

Lumension Launches New Optimal IT Security Videocast Series

Wed, 07 Oct 2009 00:00:00 GMT

As cybercrime activity, workforce mobility, Web 2.0 and the growing number of data breaches continues to increase, organizations are faced with the challenge of staying ahead of these threats. To enable companies to do so, Lumension, the global leader in endpoint management and security, announced the availability of its Optimal Security Videocast Series which is now available on iTunes and the Lumension YouTube channel.

The first in the series, The Naked Truth about Compliance and Risk: Bottom Up Vs. Top Down, kicks off the Optimal Security Videocast with interviews with Lumension executives and security experts as well as testimonials from various industry leaders talking about such topics as reducing audit tax and turning compliance into a competitive advantage.

In the current videocast, featuring C. Edward Brice, SVP worldwide marketing and Bryan Fish, director of product management for Lumension, organizations will learn:

How to understand the key challenges companies face in addressing key IT GRC initiatives;
How to ask the right questions to effectively mitigate risks;
How to set boundaries and learn the best way to manage compliance mandates; and
The best practices for your organization.

“More than ever, organizations need to better understand how to proactively manage their security risks, to ensure effective security processes are in place,” said C. Edward Brice, SVP worldwide marketing, Lumension. “The Optimal Security Videocast Series was created as a resource for IT security professionals to gain insight into industry best practices for better understanding, monitoring, assessing and reporting on their organization’s security posture. We are thrilled to be able to continue to develop resources and toolkits that arm the security community with the solid foundation needed to ensure efficient security practices are always in place.”

Multimedia:

Lumension podcasts are viewable here. Users can subscribe to Lumension podcasts via the iTunes store or on the Lumension YouTube Channel.

Tolly Group Report Reveals Lumension Vulnerability Management Solution Saves Users 60 Percent in TCO Comparison Than Microsoft Windows Server Update Services

Mon, 28 Sep 2009 00:00:00 GMT

As organizations look to keep operating expenses down, “free” technology solutions start to look more attractive. In terms of vulnerability management solutions, although free patching products may look more attractive on the surface, they often reveal hidden costs and missing capabilities which result in a fragmented patch management process, a weakened security posture while also becoming a costly and burdensome option for organizations to maintain. It is important to also consider the total cost of ownership (TCO) and the difference in key capabilities between these point patching and comprehensive vulnerability management solutions.

In a recent report commissioned by Lumension, the global leader in endpoint management and security, and conducted by The Tolly Group, the study shows a total cost of ownership comparison of Lumension® Vulnerability Management solution against Microsoft’s Windows Server Update Services (WSUS). Although Microsoft provides their patching technology free of charge, Lumension provides a wider range of services including patching Microsoft, non-Microsoft applications, custom applications, built-in reporting, network visibility and more. Lumension Vulnerability Management solution also provides a much lower total cost of ownership in labor time, and can help enterprises with over 500 workstations save 64 percent or 400,000 dollars over a five year period.

“This is a strong indication that free patch management software doesn’t always prove to be efficient over time,” says Kevin Tolly, founder of The Tolly Group. “Lumension’s Vulnerability Management solution cost of ownership advantage over Microsoft comes from its diverse application support, powerful operational tools which include custom content creation, software removal and extensive built-in reporting capabilities which WSUS do not provide. While free tools appear to be the obvious choice, a complete patch management solution might be the better option to reduce long-term risk and operation expenses over time.”

“The findings from the Tolly Group reinforce the cost savings and level of security Lumension Vulnerability Management provides to our customers,” said C. Edward Brice, SVP worldwide marketing, Lumension. “Lumension Vulnerability Management solution provides a greater value in yearly cost savings and can save IT administrators almost half the labor and hours each month when patching Microsoft and non-Microsoft patches. While most organizations may be drawn to the concept of free software, security is a high priority where malware and vulnerabilities are continually increasing, posing greater risk to the enterprise security posture. This report was commissioned to help organizations better understand the risks and benefits of adopting a solution that can protect only one type of platform versus today’s unique IT environment that consists of complex, highly distributed IT infrastructure. Through Lumension Vulnerability Management, Lumension offers enterprises a comprehensive, cost-effective solution to manage critical risk and ensure security processes and policies are in place.”

For the complete report and analysis comparing the two solutions, please visit Lumension Vulnerability Management vs Microsoft Windows Server Update Services.

Multimedia:

Lumension Unveils Enhanced Compliance and IT Risk Management Solution that Enables Organizations to Continuously Monitor Compliance and IT Risk Posture While Reducing the Overall Cost of Compliance

Mon, 21 Sep 2009 00:00:00 GMT

News Facts:

A typical organization spends 30-50% more on compliance and IT risk policy management than it should, according to the IT Policy Compliance Group.
Given today’s highly regulated business environment combined with the rising cost of compliance, organizations need a comprehensive solution that provides high visibility and continuous monitoring of their compliance and IT risk posture, while supporting greater levels of automation across audit workflows.
In an effort to continually arm customers with technology solutions that address their growing security and compliance needs, Lumension, the global leader in endpoint management and security, today announced the general availability of the Lumension® Risk Manager (LRM) product, the latest addition to its Lumension® Compliance and IT Risk Management Solution.
Lumension Risk Manager helps organizations achieve lower costs of compliance by automating IT audit workflows, harmonizing controls with policy requirements, and providing greater visibility across IT assets for optimal security and compliance management.
Further, through a partnership with Network Frontiers, Lumension has integrated the Unified Compliance Framework within Lumension Risk Manager. This integration delivers a library of over 400 authoritative documents and 2500 harmonized controls. Periodic updates to the UCF framework ensure customers will always have the latest compliance and control requirements.
Lumension Risk Manager is further enhanced with the patent-pending Lumension Risk Intelligence Engine. This technology automatically identifies control requirements for compliance regulations and is determined by the IT assets’ risk profile inputs. This automated capability allows organizations to quickly identify controls required to support multiple compliance and policy initiatives and reduce their dependence on outside consultants. • This new offering from Lumension speaks to the company’s commitment to delivering on its compliance product roadmap, as outlined during the acquisition of Securityworks earlier this year.

Key Benefits of Lumension Compliance and IT Risk Management:

Reduction in External Audit Resources: Lumension Compliance and IT Risk Management Solution provides IT organizations with a comprehensive compliance and IT risk management framework. IT resources are associated with critical business interests, and harmonized controls are established to meet multiple compliance and policy mandates. This capability supports a reduction in third party consulting resources used to define control and policy requirements to support external regulatory mandates.
Assess Once, Comply with Many: With Lumension Compliance and IT Risk Management Solution, organizations can reduce their audit burden and overall cost of compliance by measuring and reporting on compliance across multiple industry and governmental regulations while harmonizing control requirements to best meet these mandates. These capabilities will enable organizations to assess once and report on many regulations simultaneously, rather than using multiple technologies that usually lack a complete, global view of regulations.
Focus on IT risk that matters most to the business: With Lumension Compliance and IT Risk Management Solution, companies can continuously monitor their overarching risk and compliance posture and proactively identify and prioritize IT risk deficiencies in the context of their overall compliance and policy requirements. This enhanced visibility allows organizations to more efficiently utilize existing IT resources to address those deficiencies impacting organizational compliance and IT risk posture the most.

Supporting Quotes

Rob Isarel, CIO, John C. Lincoln Health Network
- "For our organization, the key to compliance and IT risk management solution is that it gives us a high-level view of what regulations and policies we need to comply with regulatory requirements. One person can’t possibly be on top of all the details of the various regulations we’re faced with today. Likewise, no one person can be an expert on all of the IT and security systems needed to comply with these regulations. We wanted a solution that automates all of this for us – a shrink-wrapped solution that helps us focus on critical issues and ensures we don’t overlook anything. With Lumension Risk Manager, we can store information related to all our disparate systems – such as our asset and device management software, e-health analyzers, and help desk application – in one repository. And we can generate a single report on all of those systems all from a single vendor.”

Charles Kolodgy, Research Director, Security Products, IDC

“The IT risks that lurk within organizations today are immense. Regulatory requirements imposed on organizations makes proper risk management an increasingly daunting task. To ensure compliance and a solid security and risk posture, organizations can no longer afford to manage risk in a siloed or manual way. A technology solution that normalizes regulatory mandates is critical to success, but it is just one piece of the puzzle. The other piece is solid communication throughout the organization but especially within IT security and IT operations teams. With visibility, controls for regulatory compliance and security controls, and cross-organizational communications, enterprises will be better armed to mitigate, manage and understand their IT risks than ever before.”

Mike Wittig, President & CTO, Lumension

“Compliance, over the past few years, has become a four-letter word for many security practitioners as it conjures up visions of late nights spent poring over data points and audit profiles to ensure that their organization is fully compliant with the overwhelming number of IT compliance-related mandates that exist today. Our vision with Lumension Compliance and IT Risk Management and a main driver behind our acquisition of Securityworks this past spring, is to provide our customers with the technology they need to make their IT compliance and risk management processes more manageable, automated and repeatable. With Lumension Compliance and IT Risk Management Solution, our customers will gain the necessary visibility between operational endpoint security and strategic IT risk that’s required for a better connected, smarter run, more efficient IT organization than ever before.”

Supporting Resources:

Recent IT-GRC blog posts written by Lumension experts and guest blogger Rob Israel
More about Lumension Risk Manager
More about Lumension Compliance and IT Risk Management

Lumension Risk Manager will be made available on September 30, 2009. For more information, please click on Lumension Risk Manager.

To find out how Lumension Compliance and IT Risk Management Solution addresses compliance requirements such as PCI DSS, click to view our On-Demand Demo.

Lumension Unveils Lumension Connect, an Interactive Customer Community to Foster Co-Innovation and Collaboration

Tue, 25 Aug 2009 00:00:00 GMT

To help facilitate an open dialogue, collaboration, and co-innovation, Lumension®, the global leader in endpoint management and security, today announced the launch of Lumension Connect, an online community for its customers. This exclusive, online community provides an open and engaging forum for Lumension customers to build peer-to-peer relationships, share valuable information, and gain unique value through exclusive content, shared experiences and applied best practices.

The benefit of an online forum is that it provides a platform for peers to connect, interact and build relationships with one another, as well as share all kinds of information—including tips and tricks as well as new innovative ways to use and improve security solutions. Lumension Connect is an innovative platform for customers to share with key Lumension stakeholders about the pros and cons of current offerings and how they use it to fit their organizations’ ever-changing unique needs. Key features of Lumension Connect include:

Open forums full of rich media sharing of videos, images and audio content
Customer profiles that are individually customizable
Groups to support relevant content as organized by community members
Events that include live chat capabilities for real-time interaction
Polling features, including voting and ranking widgets for products, features, etc.

“Since its inception, Lumension has maintained a strong customer focus, developing critical solutions for our customers by involving them throughout the development process in order to make the products even better and more superior,” said Pat Clawson, chairman and CEO of Lumension. “The key aspect as well as the passion behind Lumension Connect is providing an interactive forum for our customers to connect, collaborate and fuel co-innovation. This collaborative forum is where our customers can talk about security challenges, exchange ideas and identify solutions for greater co-innovation to help create better products and services as well as shorten time-to-market and reduce costs – all of which enable our customers to have a more satisfying and educational Lumension experience.”

“Lumension has taken customer interaction to a new level with the creation of the Lumension Connect online community,” said William Bell, director of security, ECSuite.com. “The social networking aspects of the community really drive interaction between customers on a different level than what traditional message boards and knowledgebase articles can provide. As customers, we are always looking for new and innovative ways to work with the products that we purchase from a vendor. Lumension has stepped up and provided a location for customers to connect, collaborate and share ideas and best practices with their peers worldwide.”

“Our customers are our single most important asset and differentiator,” said C. Edward Brice, senior vice president of worldwide marketing at Lumension. “To that end, we are looking to build a stronger channel of communication with our customers through Lumension Connect by empowering them to define the way endpoint security software is developed and deployed to effectively address today’s evolving threats. Further, this powerful platform will enable our customers to freely exchange ideas, co-innovate, share best practices with their peers and our stakeholders and, most importantly, directly influence and impact the way we develop and market our solutions to meet their business needs.”

Multimedia:

Lumension Connect Videocast w/ Cindy Kim and Chris Hewitt on the key benefits of the online community
Lumension Optimal Security Blog: Lumension Connect: Fostering Collaboration and Co-Innovation for its Customers

Lumension Expands Global Footprint and Strengthens Capabilities with the Opening of a New Development Office in Ireland

Wed, 12 Aug 2009 00:00:00 GMT

Lumension®, the global leader in operational endpoint management and security, today announced the expansion of its global operations with the opening of a new office in Galway, Ireland. The establishment of the new office will serve as an expansion hub for Lumension’s product research and development functions. The new office will enable Lumension to further execute on its strategy to broaden its global footprint, strengthen its capabilities, and drive innovation in technology research and development while increasing operational efficiencies.

“Over the years, Ireland has proven itself to be a vibrant economy that boasts technological innovation at many levels,” said Pat Clawson, Chairman and CEO of Lumension. “The new office in Ireland offers important assets that will help Lumension accelerate its growth, including a talented workforce, modern infrastructure, ready to deploy business facilities, and lower cost of doing business.”

“Ireland provides a rich pool of talent in research and development. Despite the challenging economic landscape, Lumension is committed to continued efforts in recruiting and extend the advancement of research and development across all four key areas of the company’s solution suite, including Vulnerability Management, Data and Endpoint Protection, and Compliance and IT Risk Management,” Clawson continued.

Lumension firmly believes the new region will help drive operational excellence based on Ireland’s attractive tax incentives, further allowing the company to streamline costs across the entire organization while focusing on technology innovation. According to the U.S. Department of State, Ireland is attractive to many U.S. businesses based on numerous factors, the high quality and flexibility of the English-speaking work force; strong intellectual property protection; cooperative labor relations; political stability; pro-business government policies; a transparent judicial system; and an existing cluster of international corporations operating successfully.

Lumension initially plans to hire over 30 new employees in the region to build out development and technology research areas with plans to grow its operations in the coming years. The Industrial Development Agency of Ireland will launch an event to celebrate the opening of Lumension’s new business operations in Ireland on August 12, 2009.

Lumension has maintained a strong presence in Europe since 1991 and supports additional EMEA offices in Luxembourg, the United Kingdom and Spain. Worldwide headquarters for Lumension is located in Scottsdale, Arizona.

About Lumension Security, Inc.

Lumension Security, Inc., a global leader in operational endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Utah, Florida, Luxembourg, the United Kingdom, Ireland, Spain, Australia, and Singapore. Lumension: IT Secured. Success Optimized.™ More information can be found at www.lumension.com.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.

U.S Patent and Trademark Office Confirms Patentability of Lumension's Proprietary Patching Technology; Court Lifts Stay on Lumension/Shavlik Litigation

Tue, 11 Aug 2009 00:00:00 GMT

Lumension®, the global leader in operational endpoint management and security, today announced that the U.S. Patent and Trademark Office has issued an Action Closing Prosecution confirming all existing claims of Lumension’s U.S. patent to its proprietary patching technology. In addition, the U.S. District Court for the District of Arizona has granted Lumension’s request and lifted its stay on related Lumension/Shavlik litigation. Outlined below are specifics regarding the events:

On May 12, 2009, the U.S. Patent and Trademark Office (“PTO”) issued an Ex Parte Reexamination Certificate to Lumension Security, Inc., stating that more than 50 claims of Lumension’s U.S. patent relating to its proprietary patching technology (U.S. Patent No. 6,990,660, or the “ ‘660 Patent”) are considered patentable, as amended.
On May 19, Shavlik Technologies, LLC (“Shavlik”) filed an Inter Partes reexamination request with the PTO, asking the PTO to reexamine the Lumension patent. This was the second reexamination request filed by Shavlik, and was filed after the first reexamination had successfully concluded for Lumension on May 12, 2009, as stated above.
On July 24, 2009, the PTO granted the Inter Partes reexamination request, but simultaneously issued an Action Closing Prosecution where all existing claims of the ‘660 patent (i.e., reexamined claims 1-5, 8-23, 25-48 and 51-61) were confirmed as being patentable.
On July 27, 2009, the U.S. District Court for the District of Arizona lifted its stay on the related Lumension/Shavlik litigation and gave the parties a period of time within which to meet and confer prior to setting a scheduling conference.

"I am pleased to see that the U.S. Patent Office agrees, now for a third time, that our proprietary patching technology is patentable,” said Pat Clawson, Chairman and CEO of Lumension. “The U.S. District Court also lifted its stay on our pending litigation, giving us the opportunity to aggressively protect our intellectual property. Our IP is an important piece of our leadership in the vulnerability management market, and we will defend it vigorously.”

Lumension’s Patch and Remediation products are currently used by companies worldwide to prevent security breaches from occurring within corporate IT networks and endpoints. Lumension Patch and Remediation technology is a component of the company’s vulnerability management solution suite, which helps IT professionals proactively manage and automate their vulnerability management process in order to prevent malware from infiltrating or attacking vital corporate data.

To help protect your vital assets and effectively manage critical risks, download a free trial of Lumension’s award-winning Vulnerability Management, Data and Endpoint Protection, and/or Compliance and Risk Management.

About Lumension Security, Inc.

Lumension Security, Inc., a global leader in operational endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Utah, Florida, Texas, Luxembourg, the United Kingdom, Germany, Spain, France, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized.™ More information can be found at www.lumension.com.

Lumension, Lumension Patch and Remediation, Lumension Vulnerability Management Solution, “IT Secured. Success Optimized.” and the Lumension logo are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.

Lumension Launches Webinar Series that Exposes the Inner-workings of the Underground Cybercrime Economy and Its Impact to Business

Mon, 29 Jun 2009 00:00:00 GMT

News Facts

The combination of the ongoing recession and increasing cyber threats is only adding to the already heightened security risk for businesses today. To that end, Lumension, the global leader in security management, takes you inside the underground cybercrime economy through its newest webinar series, “Profiles of the World’s Top Hackers,” for an insider’s look at global hacker cybercrime, how threats are evolving and how it’s impacting today’s business environment.
The first in the series of live webinars – to be held on June 30 at 9am PT –features Michael Calce, a.k.a Mafia Boy, one of the most notorious cyber hackers in the United States; Bryon Acohido, reporter for USA Today and author of Zero Day Threats; as well as Paul Henry, security and forensics analyst at Lumension.
The current economic climate has undoubtedly created more opportunities for hackers, criminals, and industrial espionage firms who are targeting critical infrastructure and systems to steal sensitive information – an organization’s crown jewels. In fact, data theft and breaches from cybercrime may have cost businesses as much as $1 trillion globally in lost intellectual property and expenditures for repairing damage.
For the second webinar in the series, Lumension will feature experts from both sides of the industry – the cybercrime underground and the threat intelligence agency to discuss the next evolution in cyber attacks and how businesses can stay ahead of emerging threats.
The Profiles of the World’s Top Hackers campaign by Lumension is intended to be both educational and thought leadership-driven as a means to provide an insider’s look at the world of cybercrime, educate the business community on how hackers are evolving their techniques and to both inform the public and debunk any myths around cybercrime and cybercriminals.
To participate live, Lumension invites those on Twitter to ask questions to be addressed during the first webinar in the series, slated for June 30 at 9am PT. Please use the following hashtag: #TOPHCKR1. To register for the webinar, please click HERE.

Supporting Quote from Paul Henry, Security and Forensics Analyst, Lumension

“As the current economic climate continues to change, the security industry as a whole is seeing more and more how cybercrime impacting businesses’ bottomline. Through this webinar series, we have the unique opportunity to educate the industry on how hackers’ techniques have evolved and how and why motives and targets change. This gives businesses a chance to learn from past mistakes as well as talk with industry giants who can give real tips on how to continually be one step ahead of the changing threat landscape.”

Supporting Quote from Bryon Acohido, reporter for USA Today and author of Zero Day Threats

“As I’ve seen time and time again, the big missing ingredient with large data breaches and cybercrime in general is public awareness. Without a higher degree of transparency of major breaches and open discussion and collaboration among the good guys, movement toward a safer Internet will continue to be constrained. I’m excited to participate in this webinar in an effort to better educate the general public on what we can do moving forward to no longer lay victim to hacker activity.”

Please contact Jessica Sutera or Cindy Kim to arrange for further quotes regarding this announcement or to request an interview with a Lumension executive.

Relevant Links:

Lumension Integrates with Network Frontiers' Unified Compliance Framework to Simplify Compliance Challenges, Reduce Costs and Harmonize Controls

Mon, 29 Jun 2009 00:00:00 GMT

Lumension®, the global leader in operational endpoint security, has partnered with Network Frontiers, a leader in IT compliance, to deliver the world’s most comprehensive global compliance database for Lumension’s customers.

Network Frontiers’ Unified Compliance Framework helps enterprises simplify and centralize compliance efforts by providing a single framework to establish a common set of methods, procedures, and controls across industry mandates, standards, requirements, and guidelines.

The UCF rationalizes IT controls for more than 400 international regulatory requirements, standards and guidelines into a single set of straightforward requirements that clearly map the many points where global, state and industry regulations overlap. This enables organizations to easily define commonalities among regulatory bodies; to leverage policies, processes and tools already in place; and to establish a streamlined, cost-effective plan to achieve continuous compliance across the enterprise.

The integration of Network Frontiers’ UCF and Lumension® Risk Manager (shipping in the second half of 2009), enables enterprises to manage compliance requirements more effectively by utilizing controls and standards that have been clearly defined and eliminate redundancy.

Through Lumension® Risk Manager, customers will have direct access to the UCF’s comprehensive compliance database, allowing organizations to:

Create a single point of reference for hundreds of complex regulations, requirements and guidelines
Assert compliance across multiple authority documents simultaneously
Eliminate redundancies by eliminating overlapping requirements and documents
Drill down for comprehensive explanations and sources for each common control

“Key to simplifying compliance management and reducing costs is leveraging the appropriate tools and technologies,” said Brandon Dunlap, Managing Director of Research at Brightfly. “The Unified Compliance Framework allows security professionals to easily address hundreds of regulations by harmonizing a set of controls against which all regulatory standards and best practices are mapped. By adopting the UCF, compliance related technology vendors are providing a real value-add to their customers: to implement a single set of controls and comply with many different industry regulations and standards while reducing significant costs related to compliance with mandates such as PCI-DSS (Payment Card), Sarbanes Oxley, CobiT, NIST and many others.”

Director of Solution Marketing at Lumension Jeff Hughes commented: “As regulations and technology practices have mounted over the years, organizations continue to struggle to keep ahead of the latest requirements. Adding to the compliance chaos is the onslaught of new mandates that are introducing new standards, requirements, processes, controls, and guidelines. Enterprises need a way to link security activities with compliance mandates in order to fill gaps and provide visibility for auditors. Through the UCF, our customers can achieve a more cost effective, streamlined plan, reduce complexity and cut costs of compliance and audit by rationalizing their IT controls through a single framework for a cohesive look into the organization’s compliance and risk posture.”

“Further, the UCF allows our customers to enhance their compliance and risk management efforts to manage critical risk and comply with multiple industry and global regulations under a single umbrella. I believe it’s a great way to provide value-add for our customers by further simplifying regulatory mandates and bringing sanity to the world of compliance chaos.”

The UCF includes controls from a variety of regulations and guidelines, including Sarbanes-Oxley (SOX), Basel Data Security Standard (PCI DSS), NASD Manual, HIPAA, FERC Security Program, Uniform Electronic Transactions Act, IRS Revenue Procedure and Federal Rules of Civil Procedure.

“The only way to take full advantage of the UCF is to leverage our common controls in a solution which incorporates the UCF,” said Craig Isaacs, CEO of Network Frontiers. “Lumension Risk Manager leverages the UCF to ensure enterprises can get a broad and deep view of their security and regulatory profile, automatically identify key concerns, and remediate risk effectively and efficiently within the context of standardized compliance regulations and controls.”

Links to Lumension’s Multimedia

Optimal Security Blog: Naked Truth about Compliance and Risk Management: Bottom Up vs. Top Down Approach
Optimal Security Videocast on Compliance and Risk Management
Whitepaper: Five Ways to Reduce Your Audit Tax

Lumension is currently finalizing the integration of the UCF database and it will be made available to all Lumension customers currently utilizing Compliance and Risk Management solutions.

Lumension Announces General Availability of its Next Version of Endpoint Security Solution to Protect Against Data Loss and Ensure Endpoint Protection

Mon, 22 Jun 2009 00:00:00 GMT

Lumension®, the global leader in operational endpoint security, today announces general availability of Lumension® Endpoint Security (formerly Sanctuary) version 4.4, which includes Lumension® Device Control and Lumension® Application Control. This latest version includes enhancements in encryption, platform support, and optimized reporting for powerful data protection and enforcement of policies for removable devices such as USB thumb drives and media to help protect organizations from the loss of sensitive data.

New enhancements and key features to Lumension® Endpoint Security v4.4 include:

Enhanced Encryption Capabilities– ensures customers are provided with the most reliable, safe and secure data protection solution with full, unlimited capacity encryption capabilities from the endpoint, administrator-defined passwords. The Lumension Cryptographic Kernel (LoCK) encryption technology is in the process of being validated for FIPS-140-2 (level 2) certification
Expanded OS Platform and Virtualization Support – extended support for Windows Server 2008, SQL Server 2008, and virtualized server configurations allow organizations to reduce total cost of ownership and supports server-side cost reduction and “green” initiatives
Extended Reporting and Database Optimization – new Syslog support and database optimization lowers administrative burden, reduces database footprint, increases query speeds, and improves maintenance for lower administration costs

“Data protection continues to remain a significant priority for many enterprises today and in order for enterprises to protect sensitive data, they need to adopt proactive security methodologies to safeguard confidential information,” said Dee Liebenstein, vice president of product management. “The new enhancements to Lumension® Endpoint Security are a continued effort to provide our customers with improved product features and functionalities, further help organizations mitigate and manage their risk and protect vital information with improved management in order to keep costs to a minimum.”

Availability

Lumension® Endpoint Security v4.4 is now available worldwide. For a free trial of the latest version of Lumension® Device Control and/or Lumension® Application Control, please visit http://www.lumension.com.

Resources

Portable Panic: The Evolution of USB Insecurity

New Insider Threat Emerges in the New Economy

American Marketing Association Phoenix Awards Lumension for Best Online Marketing Campaign

Wed, 03 Jun 2009 00:00:00 GMT

With the proliferation of the Social Web and high capacity portable devices such as media players and USB thumb drives, organizations face increasing security risks associated with newly emerging technologies and applications. To build awareness within the IT community and educate the IT audience at large on top security risks, Lumension®, the global leader in operational endpoint security, launched an interactive online initiative called The Office Campaign, in collaboration with Spark Design. For its innovative approach and thought leadership, the American Marketing Association Phoenix has awarded Lumension the best Online Marketing Campaign for 2009 at its seventh annual Spectrum Awards event on May 27, 2009.

“Today’s work environment is proving to be a challenge for IT administrators and security professionals as employees introduce new risks through the use of removable media, mobile devices, laptops, and Social Web applications without putting security at the forefront,” said C. Edward Brice, senior vice president of worldwide marketing. “In an attempt to bring awareness around Web 2.0 security risks and challenges, we took an innovative approach by working with Spark Design to develop an interactive game that would educate the IT audience on top security risks that may not be top of mind for IT professionals.”

“The Office Campaign is designed to educate IT professionals on how they can address these security risks with key technologies such as Vulnerability Management, Data Protection, and Endpoint Protection to cure common office headaches.”

The Spectrum Awards recognizes outstanding efforts in the fields of marketing research, direct marketing, advertising, online marketing, multi-cultural marketing and public relations. These prestigious awards give marketing professionals an opportunity to gain peer recognition and reward for their outstanding work in local communities. The complete list of finalists and winners for the American Marketing Association Spectrum Awards is available online at http://www.amaphoenix.org/spectrum09winners.htm.

Lumension Extends its Leading Device Control Solution to Enhance Data and Endpoint Security for Microsoft System Center Customers

Wed, 29 Apr 2009 00:00:00 GMT

Lumension®, the global leader in operational endpoint security, today announced it is extending its market-leading Device Control technology to Microsoft System Center Configuration Manager 2007 customers. Lumension® Device Control (formerly Sanctuary Device Control) is an industry proven solution that enforces enterprise-wide usage and enforcement of policies for removable devices such as USB thumb drives and media to help protect organizations from the loss of sensitive data, as well as the introduction of malware. With Lumension Device Control for System Center (DCSC), Microsoft customers can now leverage Configuration Manager 2007’s powerful centralized management capabilities to deploy and enforce device control and data encryption policies in both physical and virtual environments. Customers also receive an increased return on their System Center investment by avoiding the substantial costs associated with procuring, deploying and managing a parallel device control solution infrastructure.

The Lumension DCSC seamlessly integrates into the Configuration Manager 2007 environment, eliminating the need for Microsoft customers to implement separate hardware and software to employ data security across their network. Lumension DCSC allows customers to use the Configuration Manager 2007 console and standard user interface to create, deploy and monitor very granular device control policies across groups and devices managed by the System Center. Policies will be continually enforced even when systems are not connected to the System Center environment. Additionally, organizations managing virtualized systems with Configuration Manager 2007 can use Lumension DCSC to enforce policy on the virtual USB and CD/DVD hardware. The same policy and enforcement capabilities are supported for both host (physical) and guest (virtual) systems.

“Data security continues to remain a top priority for organizations everywhere and we are excited to extend the tried and proven capabilities of Lumension Device Control into the Microsoft System Center environment to help organizations better protect data against leakage while continually enforcing policies across their IT environment,” said Rich Hlavka, SVP Business Development, Lumension. “Customers have made it clear they want to leverage the power of Configuration Manager to implement more advanced security configurations. Lumension Device Control for System Center will enable them to add market-leading data protection and malware control capabilities quickly and efficiently across their existing System Center managed infrastructure.”

“By centrally managing, deploying, enforcing and monitoring device access and file transfer policies via the already established Configuration Manager environment, Microsoft customers can significantly reduce additional implementation costs and quickly enhance their security policy enforcement,” continued Hlavka.

“Microsoft System Center delivers the management and monitoring capabilities customers require for their IT operations, while providing an open environment for partners to extend the functionality to address additional needs within the complex enterprise environment,” said Ryan O’Hara – Director, System Center Product Management, Microsoft. “Lumension has extended our management capabilities by creating a Microsoft System Center Configuration Manager 2007 integrated solution delivering data protection and data encryption for customers, areas that are critical for data security within the enterprise and provide added security for customers.”

With Lumension DCSC, Microsoft customers can:

Minimize data loss or theft by enforcing USB device usage and data encryption policies;
Prevent unauthorized devices from connecting to endpoints within the organization;
Automatically encrypt critical information on removable devices and media; and,
Prevent introduction of malware via USB devices. I

In conjunction with the enhanced capabilities, Lumension is also announcing a Lumension DCSC beta test program for interested Microsoft System Center customers and partners starting May 4, 2009. Product and beta test information is available at Lumension Device Control for System Center..

Lumension DCSC is currently scheduled for general availability in Q3 2009.

For a free trial of the award winning Lumension Device Control, please click on Free Eval.

About Lumension®

Lumension Security, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Utah, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized. More information can be found at www.lumension.com.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.

Lumension Unveils Enhanced Data Protection and Vulnerability Management Solutions at InfoSecurity Europe 2009

Tue, 28 Apr 2009 00:00:00 GMT

As more IT organizations struggle to take a proactive versus a reactive approach to securing their data and networks, they are facing a whole host of emerging threats imposed by Web 2.0, social networking and consumer technologies in the workplace. These new workplace trends combined with an increasingly borderless enterprise, disaggregated supply chains, and an increasingly outsourced business model, create a daunting environment for IT professionals to successfully secure. To help enterprises protect their vital information and better manage critical risk, Lumension®, the global leader in operational endpoint security, today announced at InfoSecurity Europe 2009 the next iterations of its Lumension Endpoint Suite and Lumension Vulnerability Management Suite.

Improved Operational Efficiency and Lowered TCO with Endpoint Security Suite

With the combined power of Lumension® Device Control and Lumension® Application Control within the Lumension® Endpoint Security Suite, enterprises can dramatically reduce risk due to data loss and the insider threat with a minimum investment – an important factor for organizations large and small who are under the gun to improve overall security measures with flat or even reduced budget parameters. New enhancements and key benefits include:

Validated encryption capabilities via in-process FIPS 140-2 Certification – assures customers in both the public and private sector of the most reliable, safe and secure data protection solution
Expanded OS platform and virtualization support – allows organizations to take advantage of advances in virtualization technology to reduce operational costs
Extended reporting and database optimization – lowers administrative burden while significantly reducing database footprints (50% reduction), allowing for 64% increase in query speeds, thus lowering administrative costs

Lumension Vulnerability Management: Optimizing IT Operations

Considering that the vast majority of cyberattacks exploit known security flaws, vulnerability management has never had greater importance than today when it comes to managing risk. It remains the single most effective security defense a company can undertake to manage its greatest amount of risk with the lowest possible cost. To that end, the newest versions of Lumension Patch and Remediation and Lumension Scan were designed to optimize IT operations’ patch management efforts.

New enhancements and key benefits include:

The broadest non-Windows content coverage – now provides the deepest Linux and Unix coverage to optimize IT operations by automating patch and remediation across all systems and servers
Optimized management of Windows and non-windows patches – new account management capabilities provide simple sign-on for entitled non-Windows content along with prerequisite patch management to reduce administrative burden
Enhanced inventory visibility for virtual machines – now automatically identifies and groups virtual machines for more effective vulnerability management and visibility of both physical and virtual environments from a single console
Network Access Control (NAC) Integration – integrates with existing NAC infrastructure to automatically assess and remediate non-compliant endpoints that try to access the network, thus improving the organization’s overall security posture Security and Systems Management Capabilities – centralizes the management, policy enforcement, and reporting of security and systems management tasks

"As IT complexity increases, Lumension’s data and endpoint protection combined with vulnerability management solutions enhance customers' ability to protect vital information and manage critical risk," said Charles Kolodgy, research director for Security Products at IDC. "Lumension's comprehensive suite of solutions provides enterprises with smart, cost-effective tools that can mitigate the ever increasing range of security risks facing organizations today."

In addition to the enhancements to Lumension Patch and Remediation and Lumension Scan, Lumension has also made some important updates to Lumension Content Wizard, which simplifies the creation and management of custom software patches, scripts, and desktop configurations. The goal with this set of enhancements was to further improve IT efficiencies and overall security posture for enterprise organizations. Key enhancements to Lumension® Content Wizard include:

Power Management Wizard –Centralizes and enforces desired OS power options across the network, including monitor, hard drive, standby, and hibernation settings and timing. According to Gartner organizations that practice PC power management can save tens of thousands of dollars per year. For example, in a shop of 2,500 unmanaged PCs, Gartner projects annual savings of $43,300.1
Wizard-Based Content Creation – provides easy-to-use wizard-based creation of custom software patches and remediations along with security and systems management configurations
Software Removal Wizard - quickly identifies installed software on endpoints and determines which unsupported or unlicensed applications should be uninstalled.
Local Policy Set Wizard - easier setting of local security configuration policies, such as disabling guest accounts, unnecessary services, password complexity and length, unattended systems log off, via the new policy wizard
Content Exchange Forum – allows content collaboration made simple via a company internal site access thru the Lumension Content Wizard 1PC Power Management Activation Leads to Significant Power and Cost Savings, Gartner, February 2009

“The external and internal exchange of critical corporate data within the workplace is happening at an unimaginable pace, while the rise of malware and cyberattacks continue to occur at unprecedented levels. The only way companies can effectively combat today’s security threats is by proactively mitigating and managing risk,” said Mike Wittig, president and CTO of Lumension. “At the crux of the security issue is balancing the onslaught of new security threats with the total cost of ownership over your technology investment. With our new product enhancements, we are offering our customers a cost-effective solution to manage critical risk and protect sensitive corporate data.”

“Our goal behind the enhancements to our products is two-fold,” said Dee Liebenstein, senior director of product management. “First and foremost, we are continually evolving our product features and functionalities to further empower enterprises to simply security management and keep threats at bay. Second and equally important is to enhance PC power management capabilities through these product upgrades. Given the budgetary pressures, more organizations are realizing that the greatest savings come from employing power management features. By utilizing Lumension Content Wizard’s power management features, companies can achieve remarkable savings while supporting green initiatives and reducing total endpoint TCO.”

Availability

Lumension Vunerability Management is now available. Lumension Endpoint Suite will be made available June, 2009. For a free trial of the industry leading solutions, please visit Lumension Free Eval.

Lumension @InfoSecurity Europe

Please visit Lumension at booth # J60 Earl’s Court at InfoSecurity Europe 2009 where, at the top of every hour while the show floor is open, you can learn the latest trends and security best practices.

About Lumension Security, Inc.

Lumension Security™, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized. More information can be found at www.lumension.com.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension. All other trademarks are the property of their respective owners.

Lumension works with Microsoft to Deliver the Next Generation of Security Integrity Services

Tue, 21 Apr 2009 00:00:00 GMT

Lumension®, a global leader in security management, announced today that, as part of a newly forged partnership with Microsoft, it is offering a new service for establishing integrity for endpoint software. The service called Lumension® Endpoint Integrity Service (EIS) leverages validation information provided by Microsoft Corp and other Independent Software Vendors (ISV) to validate the integrity of software for both operating systems and applications running on endpoints.

In today’s Web 2.0 world, businesses face a tough IT environment – emerging Web threats such as polymorphic and stealth malware coupled with risks introduced by highly distributed software, leaving more organizations unsure of the secure state of the software running on their endpoints. In this dynamic IT environment, organizations need solutions that provide an effective way to regain control of endpoints by establishing a trusted application environment that prevents execution of unwanted software and eliminates security threats from unknown malware.

The Lumension Endpoint Integrity Service (EIS) will enable solutions from multiple vendors, including Microsoft and Lumension, to validate endpoint software integrity by definitively identifying compromised or unapproved software. These solutions will be designed to more effectively address the threat of unsignatured or unknown malware that evades traditional perimeter and host-based endpoint security solutions such as antivirus, antispyware, and intrusion prevention systems.

The Lumension Endpoint Integrity Service is designed to support a wide range of advanced security solutions such as: software policy compliance, whitelist audit and enforcement, security configuration validation and drift avoidance, software license and security management, and change control process enforcement. The Lumension EIS provides the following:

Key information necessary to validate the integrity of software for both OS and applications running on endpoints (servers, desktops, laptops, and virtual machines)
Leverages relational intelligence from Lumension’s industry-leading security content database (which includes security configuration, vulnerability, and patch management information) to facilitate truly seamless updates within highly secure (“locked down” or “whitelist enforced”) software environments
The foundation for enterprise-class application control for large heterogeneous environments

Lumension Endpoint Integrity Service leverages a software integrity information schema (or information structure) identified by Microsoft, Lumension and other leading security solution providers as holding the necessary information to validate software integrity. With this powerful information schema Lumension, Microsoft and other ISVs will deliver a more robust and feature-rich software verification and integrity solutions that are currently available.

The schema includes:\

Information trust rating system which rates provenance and integrity of metadata
Cryptographically strong SHA-256 hashes for all executable files
Complete certification information
Highly detailed and structured vendor, version, and installation date

As part of the agreement, Microsoft will provide validation information for its commercially available software for inclusion in the Lumension EIS. Additionally, Microsoft will license data from the Lumension EIS for use in their own commercial security products to provide fully-verified software validation information to its customers. Moreover, the Lumension EIS will include software integrity information for a wide range of independent software vendors and provide verified software integrity information with very high trust ratings, sourced directly from ISVs or from original media or images.

The trust rating system evaluates the provenance and integrity of the information in a specific entry. Another benefit of the trust rating system is that it overcomes serious concerns about many collections of software information that may contain information randomly harvested by Web crawlers that indiscriminately traverse the Internet, leaving the information’s provenance in question.

Lumension’s Senior Vice President of Business Development Rich Hlavka said, “With the proliferation and continued evolution of malware and cybercrime on the Internet, organizations are increasingly challenged to respond to the dynamic and ever-changing threats. This work with Microsoft is a significant step forward in helping companies effectively protect and manage endpoints while lowering the overall TCO, as a result achieving greater business success their IT investments.”

“Through this collaboration, we’ve established a seamless process for developing trusted software integrity information readily available for security ISVs to leverage in their endpoint management and security solutions. To that end, we look forward to partnering with the general ISV community in creating the world’s largest library of verified software integrity information and making it available for inclusion in a wide range of management and security products. This effort will significantly reduce risk that security ISVs take in developing security solutions that leverage application validation,” continued Hlavka.

“Together Lumension and Microsoft are helping lead the next evolution in endpoint security management,” said Greg Kohanim, Product Unit Manager for Microsoft. “We believe this effort will accelerate collaboration and development of solutions that can ensure only authorized software will run on customers’ endpoints. The newly announced Microsoft Reputation Services will leverage data from the Lumension EIS as part of delivering a reputation platform and service for Microsoft and Forefront solutions.”

Lumension is a long-standing Gold Partner of Microsoft, providing security solutions to the Microsoft customer community since 1991. For more information on the Lumension EIS, please visit http://www.lumension.com/endpointintegrity.

About Lumension Security, Inc.

Lumension Security, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Utah, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized.® More information can be found at www.lumension.com.

Lumension Acquires Securityworks to Deliver an Integrated Approach to Risk and Compliance Management

Mon, 20 Apr 2009 00:00:00 GMT

Lumension®, a global leader in security management, announced today that it has signed a definitive agreement to acquire the assets of Securityworks, Inc. (“Securityworks”), a Dallas, Texas-based provider of compliance and risk management solutions for the IT Governance, Risk and Compliance (GRC) market. Terms of the transaction were not disclosed.

The acquisition strengthens Lumension’s leadership position in operational endpoint security by extending end-to-end compliance and risk management capabilities to its existing solution portfolio. By integrating the IT compliance and risk management capabilities of Securityworks with Lumension’s operational endpoint security solution suite, Lumension is positioned to deliver a total, integrated solution suite that enables enterprises to immediately identify their business risks within the context of compliance regulations such as PCI, HIPAA, and Sarbanes Oxley, and automatically assess this risk and apply targeted risk remediation while automating compliance audit and reporting. Lumension is now in a position to offer security solutions to customers that will enhance automation, reduce the cost of compliance by 30-50 percent or more, improve availability of IT assets, and optimize risk management throughout the IT network¹.

Companies today face a unique set of business challenges – reduced IT resources, growth of compliance regulations, increasing multi-faceted threats and a lack of enterprise-wide risk visibility and verification. For example, according to a 2008 Enterprise Management Associates, Inc. report, 21 percent of companies that have a strategy in place to manage sensitive data do not believe it is effective. In response to these challenges, companies are increasing their investments in IT GRC-based technology. In fact, according to Forrester, the IT GRC market is projected to grow to $1.3 billion by 2011.

“The average organization’s risk environment is becoming increasingly complex as the threat from insiders continues to intensify. Growth and increasing sophistication in targeted malware and the ever-increasing number of compliance regulations with which companies must comply adds a daunting layer of complexity and increased costs to today’s business environment,” said Pat Clawson, chairman and CEO, Lumension. “What’s more challenging is organizations are implementing several siloed technologies to address these challenges, resulting in poor visibility across the enterprise risk environment and a disjointed, unmanageable approach to risk and compliance. Through this acquisition of Securityworks’ assets, Lumension will be able to deliver a unified solution suite that will enable companies to safeguard their valuable assets while managing their IT risk environment in a simple and cost-effective manner that our competitors cannot match.

“In combining these efforts under one holistic solution, customers gain peace of mind knowing they are able to implement a single solution that can address their compliance and reporting requirements, risk management and all endpoint security needs,” Clawson continued.

The risk and compliance management capabilities of Securityworks will empower Lumension’s customers to automatically identify key business interests and prioritize those interests against IT security-related risk within the context of standardized compliance regulations and controls. The combined suite provides enterprises with a more integrated approach to security and risk management which includes risk identification, prioritization and management, automated risk assessment, remediation, compliance management and reporting capabilities. As a result, organizations will have enhanced visibility and prioritization of potential risk exposure across their overall IT environment, enabling a much more focused deployment of IT resources in addressing the greatest areas of potential risk first.

“Securityworks is known for bringing its customers a complete and cost-effective compliance and risk management offering through automation that allows users to tap predefined compliance and control frameworks in order to quickly identify and prioritize IT risks to business interests,” said Bryan Fish, president of Securityworks. “By integrating these capabilities with Lumension’s market-leading solutions, customers can achieve greater visibility across their IT risk environment while reducing the cost of compliance through better automation of risk assessment and remediation processes. This is a solid step forward for organizations and one that we are proud to be part of.”

Lumension’s Risk and Compliance Management Solution will allow enterprises to more efficiently and effectively manage the end-to-end compliance and risk management process:

Identify Business Interests – Identify and prioritize risk to business interests across all types of IT resources within the framework of predefined compliance and control regulations, best practices and automated workflows.
Risk Assessment – Automatically assess IT network risks across vulnerabilities, configurations, applications and devices.
Risk Remediation – Apply and confirm targeted remediation efforts across vulnerabilities, configurations, applications and devices while also establishing security policies across applications and devices, roles and groups.
Compliance Management – Measure and report on compliance across industry, governmental regulations and control best practices, enabling the organization to assess once and comply with many.

The acquisition of Securityworks furthers Lumension’s commitment to providing complete endpoint security solutions for key vertical markets, including healthcare, public sector, financial services and retail. Furthermore, this acquisition opens up a new opportunity for Lumension to expand its reach into the IT GRC market.

For more information, please visit Securityworks-Lumension and visit Optimal Security Blog for more insight about the positive impact of this acquisition on Lumension’s current and future customers.
To schedule a media interview, please contact Cindy Kim at cindy.kim@lumension.com.

About Lumension

Lumension Security, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Utah, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized®. More information can be found at www.lumension.com.

About Securityworks

Securityworks, Inc. is a Dallas, Texas-based IT-GRC software solutions company delivering automated compliance and risk management capabilities to companies in the retail, healthcare, financial and manufacturing industries.

1 - Managing Spend on IT Security Spending and Audit for Better Results, IT Policy Compliance, February 2009

Lumension Unveils Proactive Approach to HIPAA Security Rule at HIMSS09

Wed, 01 Apr 2009 00:00:00 GMT

With the increasing urgency to computerize medical records for ease of access and increased productivity, along comes a daunting set of new challenges to implement administrative, technical and physical security procedures to appropriately protect sensitive electronic health information. Organizations require practical solutions that directly address the requirements set forth by the HIPAA Security Rulewhile reducing unnecessary cost and administration burden. To help healthcare organizations address these challenges, Lumension, a global leader in security management, will demonstrate how its security solutions reduce critical risk while simultaneously reducing the cost of HIPPA compliance at HIMSS09. Two interactive conference sessions will be hosted by Lumension to pragmatically discuss: how to enforce security policies designed to protect electronic protected health information (EPHI) while increasing end user productivity and how to reduce the cost of HIPAA compliance and audit-readiness. Joining Lumension at HIMSS09 will be the CIO of John C. Lincoln Health Network, Rob Israel, who will share how his organization leverages Lumension solutions to protect electronic medical records and to comply with HIPAA data security mandates.

Addressing HIPAA Compliance and Lowering Costs with Lumension Solutions

Lumension delivers vulnerability management, data protection and endpoint protection solutions which provides proactive risk management, powerful data and endpoint protection and an effective policy reporting platform for constant audit readiness to meet many aspects of the HIPAA Security Rule, including:

Complete asset identification of both managed and unmanaged assets
Proactive monitoring of security configurations
Automated vulnerability management and remediation of exposures before they are exploited by malicious entities.
Full control over how electronic protected health information (EPHI) is copied to removable devices/media with forced encryption to ensure the constant protection of EPHI even if it leaves the traditional network border.
Network integrity by preventing malware from downloading and/or executing on network assets.

These key capabilities help protect against attacks targeting health and personally identifiable information (PII), prevent loss, theft or misuse of data, enforce security policies, prepare organizations for compliance audits and lower the cost of IT security. To learn more about how Lumension’s security management software solutions can help healthcare organizations proactively address the HIPAA Security Rule requirements, please download the “Achieving HIPAA Security Rule Compliance with Lumension” whitepaper here.

“There is one certainty in this new economy: the risks to our networks, infrastructure and personal information are on the rise,” said Pat Clawson, Chairman and CEO of Lumension. “This couldn’t be more true than within the healthcare industry where the unprecedented initiative to make electronic records available must be tempered with ensuring appropriate protection is implemented. Those in the healthcare sector are faced with double-duty: protection of their patients’ electronic protected health information (EPHI) in compliance with HIPAA while ensuring operational efficiency, reducing IT costs and maintaining high levels of patient care.”

Lumension @ HIMSS09

At HIMSS09, Lumension will be sharing their expertise during two separate speaking engagements:

Track #1: Protecting Electronic Medical Records While Ensuring Compliance and Improving Productivity

Who: Scott Van Horne, vice president, western region, Lumension
When: March 6, 2009; 4:15-5:00 PM at booth #6263
What: Scott Van Horne will walk through the perfect storm scenario that’s been brewing given the current state of the economy coupled with the increase in threats facing enterprises and healthcare organizations today. From there, he will discuss three best practices for protecting medical records while ensuring HIPAA compliance and improving overall productivity.

Track #2: Leveraging Mobile Technology to Optimize Efficiency and Protect Medical Records

Who: Scott Van Horne, vice president, western region, Lumension; and Rob Israel, CIO, John C. Lincoln Health Networks
When: March 7, 2009; 11:15-12:00 PM at booth #5859
What: Rob Israel will share his organizations’ experience with Lumension's proactive endpoint security solutions. Through the use of Lumension’s endpoint protection technology, Rob Israel was able to tackle the security issues associated with mobile and consumer IT devices living on his company’s network to better safeguard sensitive customer and employee data. And, according to Forrester, not only did JCL hit a breakeven point within the first two years but they also saw a risk-adjusted 365% ROI.

To learn more about Lumension’s approach to the HIPAA Security Rule, please visit each speaking sessions as well as the booth (#8344) where Lumension will be demonstrating all of its endpoint security solutions.

Supporting Resources:

About Lumension, Inc.

Lumension, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Utah, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized.® More information can be found at www.lumension.com.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.

Lumension Delivers Total Conficker Worm Protection with Latest Enhancements to Endpoint Security Offering

Wed, 01 Apr 2009 00:00:00 GMT

As the Conficker worm continues to spread, Lumension®, a global leader in security management, announced today that it has added additional scanning detection, patching and remediation and malware removal support capabilities to its Vulnerability Management Solution, to better-arm enterprises against this growing malware threat. This additional detection capability will help organizations automatically identify the multiple variants of the Conficker worm – which has been wreaking havoc since November 2008. Lumension’s enhanced Conficker capabilities can be used to support the automatic identification and removal of Conficker from infected machines and then apply the necessary patches to mitigate this growing threat. These latest enhancements when combined with Lumension Data and Endpoint Protection Solutions offer complete protection against Conficker and other sophisticated forms of malware.

Conficker is an aggressively spreading computer worm that has been laying down a powerful botnet infrastructure that can then be managed by malicious controllers.

To better protect customers from the potential threat posed by the Conficker worm, Lumension has delivered the following enhanced capabilities within its Vulnerability Management Solution offering:

Lumension Scan detection for MS08-067 (W3492), available to Lumension Scan customers
Patch support for MS08-067, available to Lumension Patch & Remediation customers
Lumension Scan detection for Conficker infection evidence, available to Lumension Scan customers as part of Lumension Scan update #170
Malware Removal support as part of Microsoft’s Malicious Software Removal Tool, the latest definition files are now available to Lumension Patch & Remediation customers

The initial appearance of Conficker utilized a fairly sophisticated polymorphic approach that exploited a buffer overflow vulnerability to remotely distribute the malware code throughout IT networks. Later variants of the Conficker malware leveraged USB devices to propagate the malware code onto new endpoint systems. This combination of high-tech and low-tech approaches proved highly effective by evading traditional signature based perimeter defenses.

“Conficker is a wakeup call to everyone in that we need to realize that traditional signature based perimeter defenses are no longer effective in stopping sophisticated malware attacks said Pat Clawson, Chairman and CEO, Lumension. “Organizations must add new technologies and layers of defense such as device control and whitelisting based application security. By adding these latest enhancements to our Vulnerability Management Solution, and when combined with our Data and Endpoint Protection solutions, we offer the greatest amount of protection to our customers’ against this new breed of sophisticated malware like Conficker.”

For more information about Conficker and its continued propagation, please visit the Optimal Security blog for technical insight shared by Lumension’s team of security experts.

About Lumension Security, Inc.

Lumension Security, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Utah, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized.™ More information can be found at www.lumension.com.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.

Lumension Unveils Optimal Security Podcast Series on iTunes

Thu, 26 Mar 2009 00:00:00 GMT

Organizations today are facing a growing and rapidly evolving set of security threats including those imposed by IT outsourcing, cybercrime activity, workforce mobility, Web 2.0 and the growing number of data breaches. To help organizations stay ahead of these threats, Lumension, a global leader in security management, announced the availability of its Optimal Security Podcast Series which is now available on iTunes.

The Optimal Security Podcast Series contains interviews from security experts; customer success stories, industry webinars and audiocasts as well as testimonials from various industry leaders who are taking proactive steps to protect their information and critical systems, while reducing overall TCO.

Lumension’s latest audiocast “Evolving Threats and Countermeasures: Conficker Worm and SQL Injection, addresses the Conficker worm and SQL injection attacks, which has wreaked havoc for many months. In this audiocast, organizations will learn:

Why organizations need to streamline and automate their patch management software to support updates from vendors outside of simply Microsoft
How the Conficker Worm works, it’s global impact and some vulnerability management recommendations to prevent it from impacting your organization
And how you can protect your organization from the rising SQL injection attacks with patch management and application whitelisting

“With the increased sophistication of cybercriminals coupled with the rise in insider threats, organizations need to be incredibly proactive about managing their security risks, keeping security front and center on the agenda,” said C. Edward Brice, SVP worldwide marketing, Lumension. “The Optimal Security Podcast Series is a great resource for IT security professionals to stay up-to-date on the latest security threats in addition to our many social media initiatives such as our Lumension Optimal Security Blog, dedicated YouTube Channel, and Twitter feed. Our goal is to provide our customers and interested parties an in-depth look into vulnerability management and endpoint security which will ultimately arm them with the resources they need to better-protect their enterprises from malicious attacks.”

Lumension podcasts are viewable here. Users can subscribe to Lumension podcasts via the iTunes store by typing “Lumension” in the search field at the top of the iTunes Store window.

About Lumension, Inc.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.

U.S. Patent and Trademark Office Issues Notice of Intent to Issue Ex Parte Reexamination Certificate Relating to Lumension's Patented Patching Technology

Wed, 18 Mar 2009 00:00:00 GMT

On February 12, 2009, the U.S. Patent and Trademark Office issued a Notice of Intent to Issue Ex Parte Reexamination Certificate. The Notice provides that over 50 claims of Lumension’s U.S. Patent to its proprietary patching technology (i.e., U.S. Patent No. 6,990,660) are considered patentable, as amended. The ‘660 patent, which relates to a key technological element underlying the Lumension Patch and Remediation (formerly known as Patchlink) line of products, entered the reexamination process two years ago after a patent infringement lawsuit was filed by Lumension against competitor Shavlik Technologies in 2007.

“To see our patch and remediation intellectual property emerge from reexamination successfully is outstanding news for our customer base – I am glad to see that the U.S. Patent Office has confirmed the patentability of the patching technology defined in our U.S. Patent,” said Pat Clawson, Chairman & CEO of Lumension. “This notice issued by the U.S. Patent Office strengthens our credibility as the premier leader in the vulnerability management market.”

The Lumension/Shavlik litigation is subject to stay pending the U.S. Patent and Trademark Office’s issuance of the reexamination certificate relating to Lumension’s ‘660 patent. Lumension expects the reexamination certificate to be issued later this year.

About Lumension™

Lumension Security, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized. More information can be found at www.lumension.com.

Lumension, Lumension Patch and Remediation, Lumension Vulnerability Management Solution, and the Lumension logo are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.

Lumension Achieves UK Government Certification to Verify Security Capability for its Industry Leading Data Protection Technology

Wed, 25 Feb 2009 00:00:00 GMT

Lumension™, Inc., the global leader in security management, today announced it has received CESG Claims Tested Mark (CCTM) accreditation for Lumension Device Control 4.3.2, formally Sanctuary Device Control which assures public bodies in the UK validity of its security functionality. Lumension Device Control enforces organisation-wide usage policies for removable devices, removable media and data.

“Lumension has an ongoing commitment to security certifications across the world, and in the UK,” said Mike Wittig, president and CTO of Lumension.” “The CESG Claims Tested Mark (CCTM) accreditation is part of our on-going certification efforts to reassure governmental and non-governmental organizations around the world that our award-winning security management software solutions meet rigorous government and industry security standards.”

The CESG Claims Tested Mark (CCTM) scheme provides a government quality mark for the public and private sectors based on accredited independent testing against ISO/IEC 17025 and designed to prove the validity of security functionality claims made by vendors. As a CCTM accredited product, Lumension Device Control can now be used within the public sector, Central Government and the MoD.

“Our UK government customers have requested that Lumension Device Control 4.3.2 which is being implemented to achieve Compliance to the UK Data Handling Procedures is subject to third party scrutiny said Andrew Clarke, senior vice president of international of Lumension.” “CCTM is designed to prove the validity of the security claims for the product which therefore provides confirmation that it is an effective security measure. CCTM re-enforces our commitment to provide the most effective and secure solutions for our customers to help safeguard their valuable and sensitive data.”

Lumension Device Control formally Sanctuary Device Control is also currently in progress for FIPS 140-2 (security level 2) validation, a US government computer security standard used to accredit cryptographic modules and to certify private sector vendor products for use in government departments and regulated industries that collect, store, transfer, share and disseminate sensitive information.

To download a free whitepaper on data handling compliance please visit Compliance to the UK Data Handling Procedures.

About Lumension, Inc.

Lumension, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized.™ More information can be found at www.lumension.com.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension, Inc. All other trademarks are the property of their respective owners.

Lumension Extends Data Protection for Mobile Devices

Tue, 24 Feb 2009 00:00:00 GMT

Windows mobile devices are becoming an enterprise necessity to improve productivity for an increasingly mobile workforce. As these mobile devices become much more common, new threats are being introduced when phones, often containing valuable information, are lost or compromised. A recent cyber threat report by the Georgia Tech Information Security Center states that one of the emerging threats for 2009 is botnets moving from PC’s to mobile devices. According to the report, financial motivation and increased user adoption will increase attacks to smartphones in the years to come, especially as payment infrastructure is placed on these devices. To help enterprises effectively protect the confidentiality and security of their data on their endpoints and mobile devices, Lumension™, Inc., the global leader in security management, today announced it is extending data protection for Windows mobile devices with the introduction of Lumension Mobile.

“As data continues to be the primary motive behind cybercime and insider threats, one of the real challenges security professionals have had to face is the mobile dilemma,” said Pat Clawson, Chairman and CEO, Lumension. “As the adoption of mobile devices continues to accelerate, organizations face new security risks to their IT environment and business critical data. To effectively address the mobile challenge, enterprises need a way to impose similar rules and policies on mobile devices as they do on their endpoints such as laptops, desktops and servers. To that end, we are extending our data protection beyond traditional endpoints to now include mobile devices starting with Windows. With Lumension Mobile, organizations can enforce security policies, encrypt data, impose authentication on these devices and even remotely wipe the device if it has been lost, regardless of where it is.”

In addition, Lumension is pleased to announce the launch of Lumension Workshop, a new website that accelerates its innovations to the community by making test-market and early-stage product concepts available for review and testing by its customers. Lumension Mobile is the first tool available from the Workshop and can be downloaded today at http://workshop.lumension.com.

“Creativity and innovation drive business success,” said Heather Dunn, director of solution marketing. “Our goal behind the launch of Lumension Workshop is two-fold – enhance product usability and drive customer experience. The launch of this new platform allows our team to jumpstart the launch of new and exciting products, such as Lumension Mobile, while accelerating market and customer adoption of our newly launched technologies. Incorporating valuable feedback from our customers allows us to ensure we deliver the best market-ready products while meeting the needs of our customer community today.”

Data Protection for Windows® Mobile Devices

Lumension Mobile allows users to centrally control and manage security policies on Windows Mobile devices to protect valuable data. This includes the following:

Enforce Passwords: Password protect mobile devices to secure valuable data
Encrypt Email: Encrypt valuable data sent through email to and from mobile devices - 64-bit, 128-bit or 256-bit
Block Removable Storage: Prevent malware introduction via removable storage cards
Prohibit Bluetooth File Transfers: Protect data from being intercepted over Bluetooth
Remote Device Wipe: Remotely wipe all information stored on mobile devices

For more information, please log onto http://workshop.lumension.com.

About Lumension™, Inc.

Lumension™, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized. More information can be found at www.lumension.com.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension. All other trademarks are the property of their respective owners.

Lumension Unveils Security Stimulus Package to Help Organizations Boost Their Security Posture

Thu, 19 Feb 2009 00:00:00 GMT

Today Lumension, the global leader in security management, announced the launch of its global campaign, “The Lumension Security Stimulus Package” to help organizations boost their security posture in a tough economy. With sensitive business data at increased risk due to insider threats, growing malware, un-patched endpoints, and decreasing IT budgets, Lumension thought it was time inject some badly needed security stimulus into corporate IT environments. The Lumension Security Stimulus Package will increase your security posture by managing your critical risks and protecting your vital information – all while reducing your total IT security costs.

With the recent economic stimulus issued by global governments paired with rising insider threats, increased malware, un-patched machines and reduced IT budgets, it became necessary for Lumension to take the lead in issuing a Security Stimulus Package to help manage critical risks and protect vital information while enabling enterprises to reduce their total operating costs. With Lumension’s Security Stimulus Package, enterprise security organizations can now decrease vulnerabilities as well as reduce overall IT security costs. This special Security Stimulus Package includes:

Free Risk Assessment Scanners
Best Practices Guide to Managing Critical Risks and Protecting Vital Information
Endpoint Security and Vulnerability Management ROI Calculators

To further improve security infrastructure and achieve operational efficiencies, Lumension is offering a special economic incentive for a free six-month subscription to any Lumension solution through June 30, 2009.

The package is available to any new or existing customer who calls into the offices and mentions the special offer code “Secure.”

“This past year has proven to be a rollercoaster for the industry, and as a result businesses are cutting back on their IT budgets in order to weather the current storm,” said Pat Clawson, Chairman and CEO of Lumension. “With the increased sophistication of cybercriminals and the rising insider threats, organizations need to put security front and center, especially given the bad guys are upping their game and increasing their efforts to steal our information without anyone detecting them. To that end, Lumension is offering companies free tools and resources necessary in managing critical risks and protect what’s most valuable today – data – without adding additional costs. All of which are vital to organizations that are currently struggling to maintain control over their IT security infrastructure despite the economic environment.”

Call today at 1-888 725-7828 / 1-480-970-1025 or visit us at Security Stimulus Package for more information on this special, limited time offer.

Multimedia:

This promotion is available to any new or existing customer who is interested in trying an extended (6 month) evaluation of any Lumension product that they do not currently have. To qualify, users must have between 10-100 seats or nodes and must use the promo code “Secure”.

About Lumension, Inc.

Lumension, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized.™ More information can be found at www.lumension.com.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension, Inc. All other trademarks are the property of their respective owners.

Promotion Conditions

Participating, eligible customers will receive a free, limited, six-month license for one title (the “Software”) that such customer selects from the defined software offering within Lumension’s solution portfolio. This promotion applies only to Software for which the customer does not currently have a license or for which the customer has not had a license that expired within the preceding six months. Both new and existing Lumension customers are eligible, subject to the other stated eligibility requirements. To qualify for this promotion, the customer must have between 10 and 100 seats or nodes, as calculated by Lumension. To qualify, the customer must use the promotion code “Secure” when calling or emailing Lumension to request the Software. This promotion does not apply to any hardware, any services or certain software offerings of Lumension other than the selected Software title referenced above. Some solutions may require the use of additional hardware, software or services, including without limitation a license for Lumension’s applicable server version software; the customer is solely responsible to provide any needed elements other than the selected Software. The terms and conditions of Lumension’s Omnibus End-User License Agreement (EULA) shall apply to all access to and Use (as that term is defined in the EULA) of the Software. Other terms, conditions and restrictions may apply; please contact your Lumension representative for more information.

Lumension Releases Annual Cybersecurity Report in Tandem with "Optimal Security" Blog Launch

Tue, 17 Feb 2009 00:00:00 GMT

Offering real-time practical insights on the ever-changing security threat landscape, Lumension™, Inc., the global leader in security management, has formally unveiled its blog, Optimal Security, in conjunction with new analysis made available in Lumension’s Annual Report. The research, conducted by network security and computer forensics veteran Paul Henry, looks back at the 552 data breaches of 2008, analyzing the root cause providing insight on how the 5.9 million records that were exposed could have been protected. It also assesses 2009 security trends to enable corporations to take a more proactive stance against emerging threats, including social engineered antivirus scams.

“Several security threats loom, but a major concern is the increased use of laptops and removable devices coupled with the number of companies affected by reduced IT budgets,” said Paul Henry, Lumension security and forensic analyst. “The proliferation of endpoints is a significant security challenge as our research shows network attacks using mobile devices as the entry point into the enterprise network are poised for unprecedented growth this year.”

Key Report Findings:

Web-borne malware will continue to thrive: Already in 2009, the industry has witnessed malware-based attacks aimed at social networking sites including Twitter and Facebook. As web-based threats loom, Lumension’s look back through history reveals that the threats will continue to build in 2009 until organizations learn to proactively and diligently manage their patching processes. According to Henry, “We need to bring some sanity back to the battle against web-borne malware, the common sense approach of addressing un-patched vulnerabilities needs to take priority over figuring out the next obfuscated delivery method posed by the black hats.”

USB device-based data leaks an ‘Achilles Heel’: Given the increased mobility of the workforce – especially as telecommuting continues to rise due to economic factors – USB devices are abundant in the enterprise. This, coupled with the fact that USB thumb drives tend to be most IT security professionals’ “Achilles heel” in terms of their lack of being 100 percent secure such removable media as well as data housed on USBs will continue to be at-risk. This is especially concerning given that a recent Ponemon study, commissioned by Lumension, revealed that 90 percent of IT security practitioners believe portable mobile device usage will increase security risks within their companies in the coming year.

Mitigation tactics need to evolve with botnet tactics: While botnets will continue to change tactics and evolve in ways determined to thwart current popular defenses, Henry points out that the real problem in 2009 is not the botnet threat, but how organizations are mitigating that threat. According to Henry, “Simply put, it [botnets] is a patch management issue – if the machines were patched to the most current software releases available, they would not be compromised in the first place. Until the underlying patch management issue is dealt with, botnets will continue their explosive growth on the public Internet.”

Optimal Security Blog Unveiling In tandem with findings, the company also formally launched its corporate blog – a portal for real-time insight into cybersecurity incidents from lead technical bloggers including Paul Henry, C. Edward Brice, Paul Zimski, and Don Leatham, coupled with high-level trends and insight from Chairman and CEO Pat Clawson. The goal in launching the blog is to provide yet another element to the company’s ongoing efforts to be a resource for their customers, partners and the industry at-large that are looking for practical advice, technical expertise and insight into the latest trends in endpoint security.

In addition to ongoing industry-wide commentary, the blog includes regular insight from Pat Clawson in “Clawson’s Corner” as well as ongoing podcast recordings and blog entries tied to Patch Tuesday and other big security events from industry pundit Paul Henry in “Security Insights.”

“The findings in our annual report reaffirm our stance that a dangerous mix of new threats – both internal and external – is brewing, we view the Optimal Security blog as an invaluable tool for organizations scrambling to stay abreast of the latest threats on the horizon,” said Pat Clawson, Lumension Chairman and CEO. “Although everyone is impacted by a slowed economy, the level of new and reenergized malicious attacks hatched each day is a major cause for concern for companies in the coming year. Our hope is that through our ongoing research efforts, coupled with regular communication to end-users via the blog and our endpoint security technical expertise, organizations will be armed with the defense mechanisms needed to win the war against cybercrime in 2009.”

For additional insight into the mega trends outlined in this year’s survey, please download the full results of the 2009 Annual Report.

About Lumension™, Inc.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension. All other trademarks are the property of their respective owners.

Lumension Expands Global Footprint, Extends Leadership in Endpoint Security and Unveils New Brand Identity

Wed, 04 Feb 2009 00:00:00 GMT

Despite an economic environment that has proven to be a challenge for businesses large and small, the high-tech industry continues to be a particularly challenging one in which to compete. Despite the current economic environment, Lumension Security, Inc., the global leader in security management, announced today that the past year has been a successful one, dotted with important customer wins in the US and beyond, key industry accolades and critical nods of approval from the industry analyst community. In tandem with that, the company also unveiled its new brand identity which better conveys its value proposition to IT security and IT operations professionals. These two disparate groups, as Lumension has found, need to better unify their efforts to thwart data theft in 2009, a year in which cybercrime has already been predicted to be on the upswing.

Key Customer Wins in 2008 Expand Lumension’s footprint in the US and EMEA:

Lumension closed 2008 with 30% year-over-year revenue growth, securing key customer and partner wins that effectively expanded the company's presence globally.

Key partner wins - in addition to an already strong partner ecosystem - included: PGP Corporation, Configuresoft, and KACE. Key customer wins in 2008 included: Seattle Children's Hospital, Sundt and the New Mexico Department of Health.

Industry Accolades Highlight Lumension's Consistent Growth:

For Lumension, 2008 marked a year for solid growth as evidenced by key award wins where revenue strength played an important role. Key accolades included:

Deloitte & Touche Technology Fast 500: Lumension was named to the 2008 Deloitte Technology Fast 500, ranking 203.
Software 500: Lumension ranked sixth among the top 10 companies in the $30 to $50 million in software revenue growth range and ranked 282 overall.
Inc 5,000: Ranked 1,296 in 2008 as a result of the company's strong revenue growth; ranked number 20 in the top security companies on the Inc. 5,000 and number 29 out of the top 100 Phoenix-based businesses on the list for 2008.

Analyst Support in 2008 Points to Lumension's Continued Leadership in Endpoint Security:

As the need to maintain a competitive advantage grows in an increasingly competitive industry environment, analyst support has become paramount to customer adoption. In 2008, Lumension received strong support from leading analyst firms including:

IDC, which ranked Lumension as the #1 vendor in Proactive Endpoint Risk Management Vendor for four consecutive years.
Frost & Sullivan, which awarded Lumension its Global Market Penetration Leadership Award for strong market share growth and technology innovation

New brand identity reflects the company's goal to bridge the gap between IT operations and IT security:

According to a recent study by the Ponemon Institute and Lumension, there is a growing divide across two traditionally diverse groups - IT operations and IT security - especially when it comes to risk within the IT network environment. With increasing security risks to systems and data from cybercriminals and insiders, combined with decreasing IT budgets, organizations need a more holistic approach to security. This is critical to maximizing security effectiveness across these disparate groups while maintaining strong IT operating efficiencies and compliance requirements.

Lumension understands the importance of bridging the gap that exists between these groups through a single consolidated, scalable and effective technology solution that works across both groups to optimize security and achieve success in this tough economy. To that end, Lumension recently unveiled a new brand strategy that uniquely positions the company and its offerings across the areas of IT operations and IT security. Lumension's "Optimal Security" approach will enable organizations to optimize their security resources to mitigate the greatest amount of business risk across people, technology, and processes in order to protect the information you value most today and tomorrow.

Supporting Quote from Pat Clawson, Chairman and CEO, Lumension:

"This past year has been quite a rollercoaster for the industry where a security 'perfect storm' has been brewing. The planned IT budget cuts expected and the impact of the economic downturn coupled with the increased sophistication of cybercriminals and the window of opportunity to attack is wide open," said Pat Clawson, Lumension's Chairman and CEO. "Now more than ever, enterprises need to protect themselves from attack from the outside in. Our company's performance this past year is a sure sign of our strength in the industry, and we're looking forward to continually arming our customers with the tools they need to defend themselves in an increasingly active cybersecurity environment."

Supporting Quote from C. Edward Brice, SVP Worldwide Marketing, Lumension:

"In a world where nothing can be 100% secure, IT Operations and IT Security must converge in order to optimize network and security resources across people, processes, infrastructure and technology," said C. Edward Brice, Senior Vice President of Worldwide Marketing for Lumension. "While the change to our brand is subtle - going from 'Lumension Security' to simply 'Lumension' - our goal is to better convey the company's vision, strategy and brand promise to our partners and customers. This means delivering a single source of highly integrated, adaptive, scalable and effective operational security solutions that eliminate risk from technology, protect vital information, and enhance overall IT efficiency and compliance posture."

Multimedia:

About Lumension Security, Inc.

Lumension Security, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized.™ More information can be found at www.lumension.com.

Lumension, the Lumension logo, are trademarks or registered trademarks of Lumension Security, Inc. All other trademarks are the property of their respective owners.

Lumension Leverages Social Media Tool to Educate and Bring Awareness to Data Protection Awareness Day

Wed, 28 Jan 2009 00:00:00 GMT

The threat landscape is quickly changing with cybercrime and insider threats increasing, as evidenced in recent data breaches. Sixty-seven percent of organizations do nothing to prevent confidential data leaving the premises on USB sticks and other removable devices.* Data protection is a global concern that results in hundreds of billions of dollars in theft, fraud and lost business every year. According to Forrester, despite the troubled economy, protecting the organization’s information assets is the top issue facing security programs.

To help companies stay ahead of the threat curve, Lumension™, Inc., the global leader in security management, is kicking off Data Protection Awareness Day to educate and bring awareness to organizations worldwide on the importance of securing information. Leveraging social media tool Twitter, Lumension highlights the evolving threats to your sensitive information and provides key steps to help organizations protect the privacy and security of their confidential information.

Join Lumension LIVE on Twitter (January 28, 2009) at 15:00 GMT / 16:00 CET to chat directly with our security experts on the following:

Understand the threats and risks to your data
Ways you can proactively identify risks within your network and endpoints
Steps to protect the privacy and confidentiality of your business’s critical information and systems
And, ask any other question you would like LIVE on Twitter
Understand the new insider threats that are becoming the greatest danger to your data.

For more information on how to reduce your threat landscape and increase your security posture, download a free whitepaper on ways to protect against new insider threats. For all other inquiries, please contact cindy.kim@lumension.com or uklumensionpr@lpp.com.

About Lumension™, Inc.

Lumension Security, the Lumension logo, are trademarks or registered trademarks of Lumension Security. All other trademarks are the property of their respective owners.

*Department for Business Enterprise and Regulatory Reform 2009 Information Security Breaches Survey

Lumension Achieves NIST In Process Listing for FIPS 140-2 Validation for its Industry Leading Data Protection Encryption Technology

Tue, 13 Jan 2009 00:00:00 GMT

Lumension Security™, Inc., the global leader in security management, today announced its Data Protection Technology has been placed on the In-Process List for the FIPS 140-2 (Federal Processing Standards Publication) Validation by the National Institute of Standards and Technology in the U.S. and by the Communications Security Establishment in Canada.

“This is a major development for us, as the certification re-enforces our commitment to providing the most effective and secure solutions for our customers to help safeguard IT systems and protect sensitive data,” said Mike Wittig, president and CTO of Lumension. “Achieving NIST’s In Process Listing for FIPS 140-2 Validation for our device encryption technology is a testament to our ongoing strategy of providing reliable, safe and the most secure data protection solutions for both private and public sectors. To that end, we remain focused on working with third party organizations such as NIST to ensure that our solutions meet the highest criteria levels set by these entities and exceed industry and regulatory standards.”

FIPS 140-2 is a US government computer security standard used to accredit cryptographic modules and to certify private sector vendor products for use in government departments and regulated industries that collect, store, transfer, share and disseminate sensitive information. FIPS 140-2 validation is a requirement for any cryptographic product which will be used in a US government agency network. The United States Federal Government is required to purchase cryptographic products validated to the FIPS 140-2 standard. In the international marketplace, ISO19790 is being adopted as a worldwide standard and is a direct adaptation of FIPS 140-2.

The testing process involves both an Algorithm validation (to test each algorithm implementation individually) and then a Module validation to test the operation of the module as a whole. The Federal Information Processing Standards (FIPS) 140-2 validation specifies security requirements necessary for a cryptographic module to be utilized within government security systems protecting sensitive, but unclassified, information. Security level 2 certified cryptographic modules meet all the basic level 1 requirements plus some additional requirements such as tamper evidence, role- or identity-based operator authentication and more.

Lumension is currently in the process of receiving Security Level 2 certification and is listed on the NIST website: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf. Final validation is expected to be completed midyear.

For a free 30 day evaluation of Lumension Data Protection Solution, please visit FREE TRIAL.

To download a free whitepaper on ways to protect business data from loss and theft, please click on Taking Control of Your Data.

About Lumension Security™, Inc.

Lumension Security™, formed by the combination of PatchLink® Corporation and SecureWave® S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension Security enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; security configuration management; application control and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide, including Virginia, Florida, Luxembourg, the United Kingdom, Spain, Australia, Hong Kong and Singapore. More information can be found at www.lumension.com.

Lumension Provides Leading e-Commerce Company Proactive Endpoint Security at a High Return

Tue, 16 Dec 2008 00:00:00 GMT

Demonstrating the value automated tools that align security and IT functions have on the enterprise, Lumension Security™, Inc., a leading global security management company, today made available a ROI customer case study with analysis conducted by the Ogren Group. The key findings of the report found that EC Suite, a major processor of credit card transactions for e-commerce organizations, saved considerable time and effort in their IT and security operations because of the preventive security measures and procedures available in Lumension’s security solutions.

Lumension’s advanced application whitelisting protects against malware and viral programs, while improving total data security and overall system performance to meet the needs of both IT security and IT operations. Additionally, Lumension’s Data Protection Solution provides the control and detailed forensics required to analyze and update security polices. As a result, organizations, such as EC Suite, can more efficiently detect risks, deploy patches and defend business information across a distributed environment to positively impact a company’s bottom line.

“IT security is difficult to justify from a financial return basis as security products seldom tie directly to revenue,” said Eric Ogren, principal analyst Ogren Group. “Adopting preventive, proactive security solutions to manage endpoint risk will improve security coverage of all devices in the network and multiple applications, and it will save operational expenses associated with attacks or inferior products. That’s a good combination that works for EC Suite.”

The Ogren Group’s analysis found EC Suite achieved an impressive 258 percent rate of return in the first year of operating Lumension security products, with a 964 percent average rate of return over the first three years. This calculation is based on the year-over-year cost savings of over $226,700 that EC Suite derives from integrating Lumension’s vulnerability patch process with its application control whitelisting technology.

"Leveraging Lumension’s security solutions has allowed us to take a proactive, integrated approach to operational security,” said William Bell, director of security, ECSuite.com. “As a result, we feel better-prepared to address the security challenges, such as increased spyware, Trojan attacks and intentional or unintentional information leakages that confront our organization, to preserve the integrity of our business.”

Lumension’s Endpoint Protection Suite protects against targeted threats and enables only authorized applications and devices to execute or connect to a network server, terminal services server, thin client, laptop or desktop. Lumension’s suite simplifies the discovery phase so that administrators can uncover all of the applications that are executing on the endpoints. Once known what applications are on the network, a policy can be established and enforced.

In addition, Lumension delivers the only vulnerability management solution that fully integrates network scanning, agent-based assessment and remediation in a single management console. For more information click here to access the new case study: “Lumension Security: a Case Study in Proactively Managing Endpoint Risk.”

For a free 30-day trial of Lumension’s award-winning solutions, please visit: http://www.lumension.com/Products/Evaluation-Request.aspx.

About Lumension Security™, Inc.

Lumension Security™, formed by the combination of PatchLink® Corporation and SecureWave® S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension Security enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; security configuration management; application control and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide. PatchLink, now Lumension, was founded in 1991 by Sean Moshir. More information can be found at www.lumension.com.

Lumension Security, the Lumension logo, PatchLink® and Sanctuary® are trademarks or registered trademarks of Lumension Security. All other trademarks are the property of their respective owners.

Survey Reveals Key Security Megatrends and Emerging Threats for 2009

Tue, 09 Dec 2008 00:00:00 GMT

Cybercrime and outsourcing were named top security concerns according to a new study commissioned by Lumension Security and conducted independently by The Ponemon Institute. The survey found that 50 percent of IT operations professionals viewed outsourcing as an imminent and near-time critical risk, while more than 75 percent of IT security professionals noted cybercrime a major issue –despite concerted efforts to thwart hackers in recent years. In tandem, survey results highlighted an increase in shared thinking between traditionally disparate IT functions within the organization – IT operations and IT security.

“With the emergence of consumer technology in the workplace, coupled with social networking and Web 2.0 technologies and the increased sophistication of cyber criminals, truly securing an organization’s IT environment is an uphill battle,” said Larry Ponemon, chairman and founder, Ponemon Institute. “In the next year or two, these challenges will increase in both the breadth and depth of threats – the companies we surveyed made this very clear. The key for both IT operations and IT security is to find the common ground necessary to better-wage this security battle together.”
The 2008 Security Mega Trends Survey was developed to better understand if certain publicized IT risks to personal and confidential data are truly a concern for organizations in the next two years. Based on interviews with IT experts in operations and information security, the following eight mega trends rose to the top: cloud computing; virtualization; mobility and mobile devices; cybercrime; outsourcing to third parties; data breaches and the risk of identity theft; peer-to-peer (P2P) file sharing and Web 2.0.

Key Findings from the 2008 Security Mega Trends Survey include:

Outsourced IT is a Major Concern: As companies look to reduce costs based on economic factors in 2009, outsourcing will continue to be an attractive option for efficiency gains. The security risks associated with outsourcing are tremendous according to survey data. The top risks posed by outsourcing according to IT security (50%) and IT operations (59%) respondents is the exposure of sensitive information to third parties and the threat that that data will be improperly protected in transit.
Data Breaches and Cybercrime are on the Rise: Survey results indicated that the biggest concern relative to data loss is the threat of data making it into the hands of cyber thieves (46% for IT security and 24% for IT operations), thus wreaking continued havoc not just on the customers whose data was stolen but also on the organizations responsible for that lost data. IT survey participants reported that 92 percent of the organizations have experienced a cyber attack The injury to corporate brands as a result of a major data loss incident is critical, especially in an economic downturn
Workforce Mobility Contributes to Data Loss: IT security and IT operations’ respondents (96% and 91% respectively) agree that employee mobility introduces a significant threat to securing corporate data as it diminishes IT’s ability to properly identify and authenticate remote users on the network.
Emerging technologies - Web 2.0, P2P, virtualization and cloud computing - are growing in prevalence with Cloud computing causing the most concern: The influx of new technologies – both business and consumer technologies – has opened additional avenues for cyber thieves to steal trade secrets and confidential business information. Cloud computing came out on top with 61 percent of respondents ranking it as a major security concern among the emerging technology trends. Virtualization was perceived as the least concerning at this time, though survey respondents cited all of these types of technologies as key concerns in the next year, where the increased risk to expose sensitive data ranked highest among both respondent groups.

“Given the breadth and depth of security breaches spanning the globe this year – all of which have had a long-lasting negative impact on organizations and consumers alike – IT security and IT operations professionals have an increasingly critical task at hand, to protect sensitive data wherever it lives in an organization,” said Pat Clawson, CEO & Chairman, Lumension Security. “What became clear, in conducting this research, is that while these threats will only increase over time, the gap between these distinct groups is starting to close. This is a great step forward in waging the data security battle – the less siloed and more collaborative IT security and operations groups operate, the more successful they will be in protecting their company’s most valued asset: sensitive corporate data and trade secrets.”

For additional insight into the mega trends outlined in this year’s survey, please download the full results of the 2008 Mega Trends Survey.

Multimedia

Lumension blog post with additional context and access to report charts
Customer podcast interview

About The Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About Lumension Security™, Inc.

Lumension Security™, formed by the combination of PatchLink® Corporation and SecureWave® S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension Security enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; security configuration management; application control and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide. PatchLink, now Lumension, was founded in 1991 by Sean Moshir. More information can be found at www.lumension.com.

Lumension Uncovers Results of Security Data Protection Survey

Tue, 18 Nov 2008 00:00:00 GMT

Securing business-technology systems isn’t getting any easier, according to the results of the Lumension and TechWeb Research “State of Data Protection” survey. The recent study details how users often dismiss internal security policies and even download unauthorized data and applications to their work machines for personal use.

Attackers have grown in the sophistication of their tactics and, as a result, are developing more varied types of spyware, Trojans, and keystroke loggers than the highly visible and destructive worms and viruses of the past. Survey results uncover:

72 percent of respondents view worms, viruses and spyware as the top threats to their IT security;
52 percent view the accidental dissemination of confidential and regulated data and outside hackers as the biggest concern;
55 percent cited the number of vulnerabilities and fast-changing threats among the greatest operational hurdles to optimizing their IT security efforts; and
22 percent of respondents who are considering outsourcing said that they currently are considering outsourcing the management of IDS/IPS.

"The combination of rising threats coupled with the growing complexity of security technologies and current economic challenges is forcing more companies to seek new ways to protect their systems and data while doing so with fewer resources,” explained Pat Clawson, Chairman and CEO of Lumension. “The nature of the threat landscape is constantly morphing, so security technologies are continuously evolving and improving. As a result, it is critical that companies be on the lookout for new approaches to tackling infrastructure security, and doing so more cost-effectively.”

For a free 30 day trial of the industry leading Lumension Security Solutions, please click here

About Lumension Security™, Inc.

Lumension Security™, formed by the combination of PatchLink® Corporation and SecureWave® S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension Security enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; security configuration management; application control and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide. PatchLink, now Lumension, was founded in 1991 by Sean Moshir. More information can be found at www.lumension.com.

Lumension Security, the Lumension logo, PatchLink® and Sanctuary® are trademarks or registered trademarks of Lumension Security. All other trademarks are the property of their respective owners.

Lumension Security Unveils New ROI Resources to Measure Value of IT Security Investments

Tue, 28 Oct 2008 00:00:00 GMT

According to recent market analysis by IDC, companies will spend approximately $2.75 billion in 2008 on security, up 22 percent from 2007. In these tough economic times, IT needs to demonstrate the value from every technology investment. To help organizations determine this value for security, Lumension Security™ Inc. today announced the availability of free, online assessment tools that quickly quantify the financial benefits of deploying leading-edge endpoint security and vulnerability management solutions.

Lumension’s online tool set is available at ROI Tools and includes:

Endpoint Security Value Calculator – gauges the potential savings an organization would experience by using the company’s integrated application and device whitelisting technology to protect against malware attacks, insider theft and data leakage from peripheral devices.
Vulnerability Management ROI Calculator – estimates the expected return on investment from Lumension’s consolidated solution for network vulnerability assessment, automated patch and remediation, security configuration management and integrated enterprise-level compliance reporting.

“During this period of economic slowdown, companies face even greater pressure to ensure that all IT activities and investments provide clear cost benefits,” said C. Edward Brice, Senior Vice President of Worldwide Marketing, Lumension Security. “As an industry leader, it is imperative that we not only provide organizations with powerful, integrated solutions but cost-efficient technologies that provide tangible value to make security more effective.”

Lumension has made available a new whitepaper titled “Minimizing Security-related Total Cost of Ownership” to help organizations calculate the (TCO) to achieve optimal security in today’s complex security environment. The whitepaper outlines how security implementations in four major areas can significantly reduce IT TCO and offset direct costs of these technologies by minimizing the overall impact to a company’s bottom line.

Additionally, Lumension issued a customizable Patch Management Value Report that provides full visibility into the added benefits customers can gain from its investment in Lumension PatchLink Update. According to a recent report by Aberdeen Group, vulnerability management makes up roughly 14 percent of the average IT security budget and organizations deemed “Best in Class” reported a marginal return of over 90 percent on those investments.

Coupled with the benefit that the vulnerability management calculator provides, Lumension’s patch management report is designed to help organizations demonstrate the cost savings, risk mitigation and operational benefits of deploying Lumension’s “Best in Class” solutions. The company’s product suite offers advanced policy enforcement, rapid patch and remediation that reduces IT overhead and resource costs, improving efficiencies across the enterprise.

For a free 30 day trial of Lumension Security’s award-winning vulnerability management, endpoint protection and data protection solutions, please click here.

In addition to the ROI Calculator, Lumension also offers other premium tools and resources to discover which applications are running on your network or to assess your endpoint risk, for more information, please click here.

About Lumension Security™, Inc.

Lumension Security™, formed by the combination of PatchLink® Corporation and SecureWave® S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension Security enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; security configuration management; application control and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide. PatchLink, now Lumension, was founded in 1991 by Sean Moshir. More information can be found at www.lumension.com.

Lumension Security, the Lumension logo, PatchLink® and Sanctuary® are trademarks or registered trademarks of Lumension Security. All other trademarks are the property of their respective owners.

E-Commerce Solutions Provider Achieves Total Endpoint Risk Protection with Lumension Security

Tue, 07 Oct 2008 00:00:00 GMT

EC Suite.com faced a dilemma of protecting their endpoints from data leakage, malware attacks, viruses, worms, spyware, and other external threats using the traditional security model. How could it identify vulnerabilities, deploy patches, lock down USB thumb drives & other removable media, prevent users from downloading unwanted software and still take a proactive approach to security? In a video available now from Lumension Security, ECSuite.com Director of Security William Bell describes how Lumension Security’s all-in-one security solution suite ensures their organization proactively protects its proprietary systems and data while meeting Payment Card Industry Data Security Standard (PCI DSS) compliance requirements in a cost effective manner.

In the video, Bell says, “Lumension Security’s solution suite as a whole helps us meet PCI DSS compliance by not only meeting our patch and remediation requirements, but also our antivirus to be deployed on the system and controlling of information requirements, along with other various different requirements that are part of the PCI DSS.”

Lumension Security’s best-of-breed, integrated Vulnerability Management Solution (VMS), Data Protection, and Endpoint Protection enable EC Suite.com to construct a multilayered security approach that provides protection from data threats - including data leakage, malware and spyware - and policy enforcement for approved applications and devices. Lumension Security also enables EC Suite.com to better meet PCI DSS compliance.

EC Suite.com is using Lumension Security’s all-in-one solution suite, including: Sanctuary Whitelisting Application Control, Device Control software that proactively enforces policies regarding the use of applications and removable storage media on corporate PCs, laptops and servers; Vulnerability Management Solution enables vulnerability assessment, rapid patching and remediation, validation and compliance reporting; and PatchLink Developers Kit, a content development application that allows users to code their own customized patches.

For a free 30 day trial of Lumension Security’s award winning Vulnerability Management, Endpoint Protection and Data Protection solutions, please visit Free Eval.

To view all of Lumension Security’s videos on security challenges and hot topics, please visit My Lumension Videos.

About Lumension Security™, Inc.

Lumension Security™, formed by the combination of PatchLink® Corporation and SecureWave® S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension Security enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; security configuration management; application control and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide. PatchLink, now Lumension, was founded in 1991 by Sean Moshir. More information can be found at www.lumension.com.