Application whitelisting mixed with AV is the best protection, company claims
Lumension has extended its Endpoint Management and Security Suite (LEMSS) by adding its Endpoint Integrity Service (LEIS) into the platform, along with Intelligent Whitelisting features.
LEMSS 7.2 allows companies to discover and verify the authenticity of all applications on their endpoint devices. It references the NIST National Software Reference Library (NSRL) to validate executables from original software vendors, Lumension said. It also uses an application trust rating to advise users whether certain applications should be allowed to run.
The company says that vulnerabilities in third-party applications have tripled over recent years.
The company adds that integrating LEIS with LEMSS will help users to identify potentially harmful "grey" applications, and improve app visibility across the endpoint environment.
This method of application control or whitelisting is more effective than the traditional blacklisting approach to security, Lumension SVP Alan Bentley told CBR. He said the company uses a three-prong approach to it.
"For us it is a combination of application control, patching and antivirus. It puts the endpoint into a more proactive security state. In one place you can mitigate against advanced persistent threats (APTs), zero-day threats, unique malware and malware that is trying to identify known vulnerability vectors."
"For any software to do anything it has to execute in memory, so that’s where application control comes in," Bentley continued. "Whitelisting will not allow anything to execute that has not been approved."
Lumension’s LEMSS platform relies on the whitelisting technology to block any application that could be harmless. The antivirus element will then remove it from the endpoint device, if it is indeed malicious, Bentley said.
LEMSS 7.2 will be available in June 2012 and a mobile device management (MDM) capability, designed to help organisations cope with the BYOD craze, will be added by the end of the year, Bentley confirmed to CBR at this year’s InfoSec conference in London.
At last year’s event CBR caught up with CEO Pat Lawson. You can read the full Q&A here.