Lumension® Endpoint Management and Security Suite:

Module Features

Suite Core Features


Features: Defense-In-Depth Endpoint Security | Simplified Endpoint Management | Reduced Endpoint TCO | Agile, Modular Architecture

Defense-In-Depth Endpoint Security

Key Suite Features


Defense-in-Depth Security

  • Integrates several endpoint security layers together to provide improved defense without impacting productivity.

Provides Superior Protection

  • Offers multiple layers of defense to reduce impact of single layer failure.
  • Performs as a cohesive unit to improve visibility, performance and operations.
  • Covers the gamut of endpoint security and operations management from AV and application whitelisting to configuration and patch management to data encryption and port / device control.

Integrated Antivirus

  • Identifies and removes all known malware via traditional signature-matching capabilities.
  • Delivers advanced protection via partial signature matching, embedded malware detection, heuristics and sandboxing techniques.
  • Provides granular AV policy management with CPU throttling. Software Demo:
    In Depth AV Scanning
  • Frequent incremental AV definition file updates can be staged for testing prior to full-scale deployment.
  • Detects all new endpoints added since last scan, and any endpoints which are not up-to-date.

Protects Against Known Malware

  • Ensures complete protection against all known malware, including viruses, Trojans, rootkits, spyware and adware.
  • Provides additional layers of defense against zero-day and other sophisticated malware through both signature and behavioral analysis.
  • Provides fine-grained settings to ensure endpoint performance and user productivity is not impacted by AV scans.
  • Delivers a scalable and efficient defense against well-known and fast-spreading malware with minimal impact on system resource utilization.
  • Ensures comprehensive and up-to-date AV protection for all endpoints in the network.

Integrated Application Control / Whitelisting

Prevents the Execution of Unauthorized Applications

  • Eliminates unknown or unwanted applications in your network, reducing the risk and operational cost of malware, and ultimately improving network stability.
  • Ensures unparalleled application visibility within the endpoint environment.
  • Protects against exploits of un-patched OS and 3rd party application vulnerabilities.
  • Defends against unwanted or malicious applications, including protection against zero-day malware and sophisticated memory-based attacks.
  • Provides additional layer of protection against operational latency in AV definition and patch development and deployment processes.
  • Provides IT with the flexibility to apply granular levels of policy enforcement to users/groups based on business need.
  • Eliminates applications which, while not malware, are not appropriate or authorized for use in your network.
  • Prevents end users from abusing elevated privileges which may result in undesirable configurations, introduction of malware or unwanted software, etc.

Integrated Patch Management

Reduces IT Risk Caused by Known Vulnerabilities

  • Reduces security incidents and strengthens your security posture by programmatically managing your Patch and Remediation process across your entire network, and by ensuring standardized configurations across all assets, including infrequently connected endpoints.

Operationalizes Application Control / Whitelisting

  • Streamlines application whitelist policy management by automatically updating the application whitelist policy with the latest patch hash modifications.

Integrated Port / Device Control

  • Centrally controls and enforces security policies regarding use of removable devices (e.g., USB flash drives) and media (e.g., DVDs / CDs) to prevent data loss and theft, thwart malware intrusion, and protect data via encryption.

Enables Productivity while Reducing Risk of Data Loss or Theft

  • Provides the means to control the use of removable storage devices / media to protect valuable organization and customer data.
  • Provides the FIPS 140-2 validated technology needed to protect data on removable storage devices / media.
  • Adds another layer to your defense-in-depth strategy to protect against USB-borne malware introduction / propagation.

Integrated Full Disk Encryption

  • Provides easy-to-deploy data protection which minimizes impact on end users with proven, FIPS 140-2 validated encryption algorithms.
  • Offers encrypted swap and hibernation files for complete security.

Maximizes Endpoint Security and Performance

  • Allows for easy network rollout, with no user involvement required; and ensures higher end-user productivity, with secure password recovery via phone or the local self-help option.
  • Provides the speed and convenience of a single pre-boot sign-on, using Windows User ID and password; and ensures that work is not interrupted using user-transparent background encryption.

Features: Defense-In-Depth Endpoint Security | Simplified Endpoint Management | Reduced Endpoint TCO | Agile, Modular Architecture

Simplified Endpoint Management

Key Suite Features


Immediate Policy Updates and Actions

  • Delivers near real-time policy and event updates between server and agents, enabling immediate endpoint management.

Take Any Action in Real Time

  • Securely provides the efficiency and near real-time interaction without relying on Push technology.

Role-based Access Control

  • Provides granular control of groups and domains.
  • Enables different users to have distinct views and system access dependent on their role or security level in the company.

Simplified, Secure and Flexible Console Access

  • Safeguards sensitive information and prevents user errors potentially caused by unauthorized user access.

Enhanced Wake-on-LAN (WOL)

  • Enables wake capability for devices that have been powered down as part of power conservation policies.
  • Devices can be commanded to “wake up” at any given time (e.g., to deploy a highly critical patch or urgent software update as part of the Lumension® Patch and Remediation module).
  • Promotable agent architecture allows any agent to be easily converted and act as a relay to broadcast WOL packages throughout your IT environment.

Improves Security Posture for Offline Machines While Reducing IT Power Consumption

  • Eliminates blind spots in ongoing network maintenance and ensures that offline machines receive critical updates, patches and software updates during maintenance windows.
  • Ensures the attainment of maximum energy efficiency when used with power policies via Lumension® Content Wizard.

Intelligently Designed, Workflow-based Console

  • Single, integrated web-based Management Console.
  • Advanced usability features include: column multi-sorting and resizing, customizable dashboard with persistent widgets.
  • Optimized predefined Content Filters allow you to quickly locate content via pre-defined views right from the top navigation.

Simplifies and Optimizes IT Operations

  • Eases system administration via a workflow-based navigation and an intuitive management console.
  • Provides full visibility and control of the entire endpoint environment and reduces security gaps.

Flexible Endpoint Management

  • Granular control over agent behavior by applying agent policies consistently across multiple groups.
  • Secure agent communication via SSL.
  • Agent Hardening provides tamper-resistance and uninstall-protection of the endpoint.

Optimizes IT Operations

  • Ensures a more efficient, consistent, and secure process of applying agent policies.
  • Provides consistency across agent groups with a more efficient process of applying agent policies.
  • Enables easy management of agent policies in complex environments.
  • Protects endpoint agents and communications against tampering.

Effective Inventory Management

  • Provides an extensive inventorying capability covering hardware, network, operating systems, services, and installed software.

Improves Visibility of IT Environment

  • Increases your security posture and operational savings with effective inventory management.

Enhanced Asset Discovery and Agent Deployment

  • Scans the environment for endpoints, providing comprehensive visibility into both managed and unmanaged systems.
  • Deploys agents to unmanaged systems interactively, automatically or on a scheduled basis.

Improved Visibility and Security Posture

  • Always know what’s connected to your network with discovery and agent deployment for both physical and virtual environments.

Virtual Infrastructure Aware

  • Provides granular control of groups and domains.
  • Enables different users to have distinct views and system access dependent on their role or security level in the company.

Increases Your Visibility and Security Posture

  • Enables you to manage both physical and virtual systems within the same endpoint management solution.

Remote Systems Management/System Tools

  • Access remote control tools, such as Microsoft Remote Desktop (RDP), VNC, PuTTY, as well as diagnostic tools, such as PING and NSLOOKUP, directly from the Management Console without needing to know the DNS or IP address.

Reduces Simplifies Remote Troubleshooting and Improves Operational Efficiency

  • Provides direct and easy access to basic connectivity troubleshooting tools, without having to switch consoles.

Features: Defense-In-Depth Endpoint Security | Simplified Endpoint Management | Reduced Endpoint TCO | Agile, Modular Architecture

Reduced Endpoint TCO

Key Suite Features


Active Directory Integration and Synchronization

  • Supports domains, user groups, and individual users set up in Active Directory.
  • Schedulable AD Sync wizard harmonizes the infrastructure set-up.
  • Sync to entire AD domain or individual groups.

Reduces IT Operations Time and Effort

  • Reduces setup and maintenance of users and user groups by leveraging definitions in existing Active Directory.

Installation Manager

  • Simplifies upgrade, addition, and removal of Lumension® Endpoint Management and Security Suite modules.

Reduces Operational TCO

  • Supplies a view of all licensed modules in the entire environment.
  • Reduces the time and effort IT staff needs for software upgrades by simplifying module installations, uninstalls, and upgrades across the environment.
  • Simplifies upgrades by automatically identifying licensed modules and new upgrades available for installation.
  • Ensures compatibility between feature/server module versions through installation suites for safe installations and upgrades.

Integrated Reporting

  • Dashboard widgets provide instant, actionable and customized “heads-up” display of key endpoint status.
  • Standard reports provide raw data that can be extracted and manipulated to meet all of your reporting needs.
  • Lumension® Reporting Services (a free, integrated add-on) is a collection of powerful and actionable pre-configured (yet customizable) reports providing centralized visibility of IT assets and the security posture of the endpoint environment.

Provides Complete Visibility and Control

  • Supplies a complete and actionable snapshot of your organization’s security, operational and compliance postures for comprehensive visibility into the endpoint environment and critical feedback to all key stakeholders.
  • Demonstrates compliance and endpoint management effectiveness to various audiences from technical to executive.


Customized, automated email notifications for specific endpoint events or system errors, such as:

  • New agent version available.
  • New agent registration.
  • License management (upcoming license expiration/renewal).

Reduces Time and Resource Impact Spent on Alerts

  • Automates email notifications to reduce impact on system admins while simultaneously improving response to events.

Features: Defense-In-Depth Endpoint Security | Simplified Endpoint Management | Reduced Endpoint TCO | Agile, Modular Architecture

Agile, Modular Architecture

Key Suite Features


Modular, Extensible Architecture

  • Scalable, enterprise-class architecture grows with your business, providing secure management of all endpoints in small as well as larger, distributed and highly complex IT infrastructures.

Performance and Scalability

  • This extensible platform utilizes a single infrastructure that ultimately reduces your TCO.

Single, Resilient Agent for Stability and Control

Lumension® Endpoint Management and Security Suite utilizes a single agent architecture with:

  • Modularly delivered product capabilities.
  • Self-monitoring and recovery capabilities.
  • Tamper-resistance.

Improves Operational Security

  • Eliminates agent bloat and simplifies upgrades.
  • Ensures continuous agent availability and control in the face of any unforeseen system health issues.
  • Prevents end users or others from disabling security capabilities.