Application Whitelisting for Today's Dynamic Endpoint Environment
To address the traditional operational challenges of implementing and maintaining application whitelisting policies, Lumension has reengineered its application whitelisting technology by making it easier to use and more flexible for effective and efficient security in even the most dynamic endpoint environment. Key innovation enhancements include:
- Easy Lockdown: One of the traditional challenges to deploying application whitelisting in a dynamic endpoint environment has been the difficulty and time-consuming nature of building a comprehensive and accurate whitelist. With Easy Lockdown, Lumension® Application Control solves this problem by talking a snapshot of every unique endpoint running in the network. This information is then centralized so IT can automatically view an inventory of all applications currently installed and running within the system environment and quickly define a baseline application whitelist policy that is accurate and complete.
- Easy Auditor: Historically, defining application whitelist policies left much to be desired. Either some critical applications were missed in the inventorying stage or the whitelist policy was too restrictive for some individuals and departments. With Lumension® Application Control's Easy Auditor feature, IT can deploy the proposed application whitelist policy in an "audit-only logging mode" and monitor every instance where an application would have run or been blocked by the policy. This provides IT with unparalleled visibility into the effect an application whitelist policy will have on the organization. Now with Easy Auditor, adjustments can be made to the application whitelist policy before actual deployment. This helps to establish proper expectations within the organization and ensure that operational productivity is not impacted.
- Trust Engine: One of the biggest challenges associated with traditional application whitelisting is that the technology was inherently designed to stop change. While this capability was very effective in static environments such as Point-of-Sale (POS) terminals, ATM machines and servers, it was not as welcome in highly dynamic endpoint environments such as such as desktops and laptops. Lumension's Trust Engine technology has revolutionized application whitelisting by delivering the most effective endpoint security, but now with newfound flexibility that allows IT to automatically accept change from the following trusted sources: publishers via digitally signed code; appointed updating applications such as patch management tools; specified local and network paths; as well as specific applications based on their hash digests.
- Global Exception Management: While snapshots of individual endpoints are taken at a local level to ensure that all variation among systems is captured, it is still necessary to define global deny and allow policies to easily manage exceptions. For instance, an organization may want to block certain chat programs, P2P or non-business enabling applications.