What is Lumension® Endpoint Integrity Service
The Lumension® Endpoint Integrity Service (EIS) provides application Trust Scores with explicit application identification and risk rating information, empowering organizations to quickly make informed trust decisions to improve security and productivity. Directly integrated into Lumension® Endpoint Management and Security Suite, EIS is a cloud-based service that provides verification ratings to ensure confidence that the files and applications on the endpoint are actually what they proclaim to be. This reduces whitelist management overhead in the Lumension® Application Control module (a component of the Lumension® Intelligent Whitelisting™ solution) by providing IT admins and end users alike with better visibility into and understanding of application risk – making these ratings useful as trust decisions are made.
Overview
Lumension®Endpoint Integrity Service Verifies the Integrity of Software Running on Your Endpoints
Organizations are being deluged by a virtual tsunami of malware, cleverly disguised as funny pictures, innocent spreadsheets, “required” drivers / updates and so on. And it’s getting on your network assets through the actions of your end users when they click on the link or attachment in the email or on the site they’re visiting. This malware hiding in these files is really there to install some sort of executable on your hapless users’ endpoints, which establishes a toehold in your network and then spreads to infect other users.
But among the rubbish there are some gems – perfectly legitimate files used for legitimate business purposes. So, how do you know if the file is legitimate or malicious? If it has been altered in some way? If it really is from the vendor it claims to be from? And if your peers are using it without any problems?
Introducing Lumension® Endpoint Integrity Service
Lumension® Endpoint Integrity Service (EIS) is a cloud-based repository of reputation data which can be accessed by admins and end users when making trust decisions about files trying to execute on network assets. This explicit application identification and trust score information facilitates better and faster decision making, and provides a measure of confidence that the file is actually what it proclaims to be. So, not only is your network more secure, but you are able to better accommodate the flexibility and productivity needs of your users.
The integration of Lumension® Endpoint Integrity Service (EIS) data into the Lumension® Endpoint Management and Security Suite (L.E.M.S.S.) has several benefits for the organization, the IT department and actual end users. These include:
- End Users. For the end user with Local Authorization rights, the additional information provides an impartial, 3rd-party verified assessment of new or unknown applications upon which she can decide whether or not to proceed – resulting in a more explicit and better security-vs-productivity trust decision on the endpoint, reducing the amount of unwanted or dangerous software on the endpoint and the associated time, effort and cost required to recover from it.
- IT Security. For the IT security group, the additional information makes it easy to make trust decisions based on relevant and highly reliable information, to easily incorporate those decisions appropriately (when and where needed – be it a single local machine, an entire group or even the whole organization), and to monitor for changes against the whitelist from the “demand side” (for instance, a new software package being deployed by Finance) and the “supply side” (for instance, accommodating security updates to an already vetted application).
- Organization. For the organization, the increased productivity (of both IT and end users) and decreased remediation costs associated with better trust decisions results in lower costs and more bandwidth which can be devoted to business initiatives.
Lumension leverages our core patch management and system update database of known good applications straight “from the source” as the primary pillar of EIS. Together with data from the NIST National Software Reference Library (NSRL)1 and from the Lumension user network, we further refine identification and verification to ensure accuracy and certainty that applications are what they appear to be. Benefits include:
- Business Focus. The EIS data stores are focused on business applications, rather than sweeping all sorts of unnecessary applications into the mix.
- Trust, but Verify. Our database is based on source information rather than reactive AV assessments, resulting in very high confidence.
- Multiple Sources. Our database is based on multiple sources of information, including source vendor, NSRL, the Lumension community and our own vetting process.
The end result is a trust verification capability with a high degree of integrity and accuracy to determine the relative risk of discovered applications in the endpoint environment – which saves both IT and end users countless hours, headaches and hard cash.
Features and Benefits
 |
|
|
|
|
|
|
Actionable Trust Ratings
Verification rating provides IT admins and end users alike with background information on new / unknown applications when making trust decisions.
|
Informed Trust Decision Making
Leverages broader / deeper knowledgebase derived from vetted source information to augment local knowledge.
|
Comprehensive Business-Oriented Database
Focused database of applications commonly used by businesses, ensuring accurate and comprehensive verification of applications most likely to be found in organizations’ endpoint ecosystems.
|
Enhanced Productivity
IT admins and end users get accurate application information to easily and quickly make informed decisions, rather than spending time needlessly sorting and attempting to make sense of irrelevant files.
|
Multiple Vetted Source Data
Files are gathered from known and trusted sources, and then scrutinized and vetted by Lumension, leveraging existing vendor relationships.
|
High Confidence Decision Making
Starting from known and trusted sources creates a high-quality database which allows IT admins and end users to improve decision making.
|
Fully Integrated into L.E.M.S.S.
Directly integrated into the L.E.M.S.S. Management Console, EIS provides cloud-based application intelligence to administrators as they define and review policy.
In addition, end users with Local Authorization permissions are presented Trust Score to aid them with out-of-policy application decisions.
|
"Heads Up" Application Intelligence
- Allows IT admins to quickly sort through new and unknown files to determine action based on Trust Score and other file metadata, all within single view.
- Allows end users to make informed on-the-fly decisions when presented with requests to launch new and unknown applications.
|
In-Depth File Data
Trust Scores are supplemented with file metadata, MD5 / SHA-1 / SHA-256 hash data, location data, and much more.
|
Insight and Understanding
Provides IT admins with a complete view of new / unknown files for deeper insight and better understanding of trustworthiness, and where to concentrate their efforts when protecting the network.
|
Integrated Tools
Leverage other free resources to provide 360° coverage of new or unknown applications, including:
|
On-Demand Access
Provides IT admins and end users with other access points to submitting files for assessment – either individually or en masse – and obtaining Trust Score information.
|
|
|
|
|
|
Note: The Lumension® Endpoint Integrity Service (EIS) is integrated into the Lumension® Application Control module, itself part of the Lumension® Intelligent Whitelisting™ solution, and is delivered as part of Lumension® Endpoint Management and Security Suite. It connects to the Lumension® Endpoint Intelligence Center to provide IT admins and end users with another access point to Trust Scores.
Compare
Endpoint Integrity Service vs. Competitive Solutions Comparative Matrix
|
|
|
|
|
|
|
|
|
|
| |
| |
Reputation Scoring
|
| Primary Application Reputation Score |
9-Level Reputation Score |
5-Tier Cloud Trust Score |
12-Level Trust Score6 |
6-Tier Reputation Score |
| Reputation Score utilizes Prevalence |
 |
|
|
|
| Reputation Score utilizes Provenance (origin) |
|
|
|
|
| Basic Hash Calculated |
 |
SHA-1 only |
SHA-1 and MD5 |
SHA-1 and MD5 |
| Strong Hash Calculated |
SHA-256 |
|
SHA-256 |
SHA-256 |
| |
Security Solution Integration
|
| Reputation Utilized by an Application Control Solution |
 |
|
|
|
| Reputation Score(s) Readily Available in Application Console |
|
|
|
|
| Execution Blocking Policy based on Reputation Score |
 |
|
|
|
| Agent System Can Contribute to the Repository |
|
|
|
|
| |
Repository
|
| > 10 Million Unique Files Hashes |
|
|
|
|
| False Positive Resolution Process |
|
|
|
|
| Customizable user notifications |
|
|
|
|
|
|
|
|
|
Source:
- As background, the NSRL is supported by the U.S. Department of Justice's National Institute of Justice (NIJ), federal, state, and local law enforcement, and the National Institute of Standards and Technology (NIST) and is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS is a collection of digital signatures of known, traceable software applications, which can be used by industry organizations to review files on a computer by matching file profiles in the RDS. As such, it alleviates much of the effort involved in determining which files on your systems match this known, traceable software.
- Evaluation based on Insight Best Practices v1 documentation and research using Symantec Endpoint Protection v12.1.
- Evaluated via McAfee ePO 4.6.0 and Application Control 6.0.0 and related documentation.
- Evaluation via Bit9 Parity Version 7.0.0.1189 and related documentation.
- Evaluation based on Lumension Endpoint Management and Security System v 7.2.
- Trust ranges from 0 to 10 as well as unknown. Bit9 also supplies a 4–Tier Threat metric.