Lumension works with Microsoft to Deliver the Next Generation of Security Integrity Services

Relationship will Allow Lumension to Offer High Integrity Validation of Endpoint Software for the Industry

Scottsdale, AZ, Apr. 21, 2009

Lumension®, a global leader in security management, announced today that, as part of a newly forged partnership with Microsoft, it is offering a new service for establishing integrity for endpoint software. The service called Lumension® Endpoint Integrity Service (EIS) leverages validation information provided by Microsoft Corp and other Independent Software Vendors (ISV) to validate the integrity of software for both operating systems and applications running on endpoints.

In today’s Web 2.0 world, businesses face a tough IT environment – emerging Web threats such as polymorphic and stealth malware coupled with risks introduced by highly distributed software, leaving more organizations unsure of the secure state of the software running on their endpoints. In this dynamic IT environment, organizations need solutions that provide an effective way to regain control of endpoints by establishing a trusted application environment that prevents execution of unwanted software and eliminates security threats from unknown malware.

The Lumension Endpoint Integrity Service (EIS) will enable solutions from multiple vendors, including Microsoft and Lumension, to validate endpoint software integrity by definitively identifying compromised or unapproved software. These solutions will be designed to more effectively address the threat of unsignatured or unknown malware that evades traditional perimeter and host-based endpoint security solutions such as antivirus, antispyware, and intrusion prevention systems.

The Lumension Endpoint Integrity Service is designed to support a wide range of advanced security solutions such as: software policy compliance, whitelist audit and enforcement, security configuration validation and drift avoidance, software license and security management, and change control process enforcement. The Lumension EIS provides the following:

  • Key information necessary to validate the integrity of software for both OS and applications running on endpoints (servers, desktops, laptops, and virtual machines)
  • Leverages relational intelligence from Lumension’s industry-leading security content database (which includes security configuration, vulnerability, and patch management information) to facilitate truly seamless updates within highly secure (“locked down” or “whitelist enforced”) software environments
  • The foundation for enterprise-class application control for large heterogeneous environments

Lumension Endpoint Integrity Service leverages a software integrity information schema (or information structure) identified by Microsoft, Lumension and other leading security solution providers as holding the necessary information to validate software integrity. With this powerful information schema Lumension, Microsoft and other ISVs will deliver a more robust and feature-rich software verification and integrity solutions that are currently available.

The schema includes:\

  • Information trust rating system which rates provenance and integrity of metadata
  • Cryptographically strong SHA-256 hashes for all executable files
  • Complete certification information
  • Highly detailed and structured vendor, version, and installation date

As part of the agreement, Microsoft will provide validation information for its commercially available software for inclusion in the Lumension EIS. Additionally, Microsoft will license data from the Lumension EIS for use in their own commercial security products to provide fully-verified software validation information to its customers. Moreover, the Lumension EIS will include software integrity information for a wide range of independent software vendors and provide verified software integrity information with very high trust ratings, sourced directly from ISVs or from original media or images.

The trust rating system evaluates the provenance and integrity of the information in a specific entry. Another benefit of the trust rating system is that it overcomes serious concerns about many collections of software information that may contain information randomly harvested by Web crawlers that indiscriminately traverse the Internet, leaving the information’s provenance in question.

Lumension’s Senior Vice President of Business Development Rich Hlavka said, “With the proliferation and continued evolution of malware and cybercrime on the Internet, organizations are increasingly challenged to respond to the dynamic and ever-changing threats. This work with Microsoft is a significant step forward in helping companies effectively protect and manage endpoints while lowering the overall TCO, as a result achieving greater business success their IT investments.”

“Through this collaboration, we’ve established a seamless process for developing trusted software integrity information readily available for security ISVs to leverage in their endpoint management and security solutions. To that end, we look forward to partnering with the general ISV community in creating the world’s largest library of verified software integrity information and making it available for inclusion in a wide range of management and security products. This effort will significantly reduce risk that security ISVs take in developing security solutions that leverage application validation,” continued Hlavka.

“Together Lumension and Microsoft are helping lead the next evolution in endpoint security management,” said Greg Kohanim, Product Unit Manager for Microsoft. “We believe this effort will accelerate collaboration and development of solutions that can ensure only authorized software will run on customers’ endpoints. The newly announced Microsoft Reputation Services will leverage data from the Lumension EIS as part of delivering a reputation platform and service for Microsoft and Forefront solutions.”

Lumension is a long-standing Gold Partner of Microsoft, providing security solutions to the Microsoft customer community since 1991. For more information on the Lumension EIS, please visit http://www.lumension.com/endpointintegrity.


About Lumension Security, Inc.

Lumension Security, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Utah, Florida, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized.® More information can be found at www.lumension.com.