Sanctuary Application Control

Home \ Products \ Sanctuary Application Control

Eliminate Malware by Controlling Application Use

The battle to protect your network from malware can seem insurmountable. One anti-virus vendor expects to identify its 400,000th threat in early 2008. Unfortunately, anti-virus applications alone cannot control the problem. Out of the 99% of enterprises with anti-virus protection, 62% still suffered a malware infection¹. Analysts estimate that by the end of 2007, 75% of enterprises were infected with financially motivated, targeted malware that evaded traditional perimeter and host defenses².

How to Make Whitelisting Operationally Efficient and Manageable
Lumension Security's SVP of Americas, Matt Mosher sits down to discuss the advancements in Endpoint Security with Operational Whitelisting.

Sanctuary Application Control provides granular, policy-based enforcement of application use to proactively secure endpoints from data leakage, malware, spyware, keyloggers, Trojans, rootkits, worms and viruses, zero-day threats and unwanted or unlicensed software.

Eliminates the reliance on anti-virus subscription updates to secure your business
Enforces software license compliance, Sarbanes Oxley, HIPAA and GLBA and many other regulatory requirements
Enables application monitoring to avoid propagation of illegal, malicious or unwanted code on your endpoints
Prevents unauthorized application use throughout your organization
Allows you to test and plan patch deployment with no rush
Benefit from Standard File Definitions to rapidly load a predefined set of authorized OS and most commonly used applications

1 – Yankee Group, 2005 Security Leaders and Laggards Survey
2 – Gartner Research, “Gartner’s Top Predictions for IT Organizations and Users, 2007 and Beyond,”, Daryl C. Plummer, December 1, 2006

Overview

Sanctuary Application Control is the only comprehensive endpoint security solution to centrally manage, monitor and control applications on the corporate network. Sanctuary Application Control provides relief from the onslaught of malware by proactively controlling the applications that can execute on a network servers, terminal services servers, thin clients, laptops or desktops.

Proactive Approach to Endpoint Security

By employing a whitelist approach, Sanctuary Application Control enables only authorized applications to run on a network, laptop or PC - facilitating security and systems management, while providing the necessary flexibility to the organization.

Granular control over the use of all applications

Simple, Fast, Flexible Administration and Management

Sanctuary Application Control enables administrators to quickly establish and enforce application control policies by rapidly identifying applications and then assigning permissions at a high level or all the way down to specific application per users, user groups or even a particular computer. Sanctuary links application policies to user and user group information stored in Microsoft Windows Active Directory or Novell eDirectory, dramatically simplifying the management of endpoint application resources.

Detailed reporting of application usage

Endpoint Security Built to Scale

With a three-tier architecture and load-balancing capability, Sanctuary is designed to provide endpoint security to organizations ranging in size from 50 to 100,000 endpoints. Through integration with Active Directory or eDirectory, Sanctuary integrates with your existing technical infrastructure and logical organization. Sanctuary has also been ported to Windows Embedded platforms to protect the growing number of exposed embedded devices.

Sanctuary Application Control - Server Edition

Sanctuary Application Control - Server Edition secure mission critical servers from unauthorized, illegal or unwanted applications through the automated enforcement of application use policies. By blocking the execution of unwanted applications, Sanctuary Application Control - Server Edition proactively reduces the potential for malware intrusion on mail servers, CRM applications, web servers, database servers, and other mission-critical servers within your environment, preventing any interruption to the flow of your business.

Sanctuary Application Control - Terminal Services Edition

Sanctuary Application Control - Terminal Services Edition enforces application use policies to secure Windows or Citrix terminal services environments from unauthorized, illegal or unwanted applications. Terminal Services Edition provides a secure thin client terminal environment and enhances the availability and stability of your remote services.

Features & Benefits

Feature	Function	Benefit
Whitelist	Assign permissions for authorized applications to users or user groups, and by default those not authorized are not allowed	Eliminates unknown or unwanted applications in your network, reducing the risk of malware and spyware and ultimately improving network stability
Standard File Definitions	Classified, pre-loaded whitelist of all supported OS files.	Speeds and simplifies whitelist definition
Automated Application Discovery	Process of identifying, categorizing and authorizing applications which produces a record of all executables on client computers, file servers and/or local directories	Provides flexible and fast options to create or update whitelists
Automatic Authorization of Software Updates	Automatic authorization of Microsoft software updates through integration with Windows Updates: SUS and WSUS	Eliminates risk of accidentally restricting user access to frequently updated Microsoft applications
Script / Macro Protection	Controls the execution of specific VBScript, Microsoft Office VBA and JavaScript with central authorization or a prompt to local users	Extends application policy enforcement to include specific scripts/macros, enabling business without compromising protection
Path Protection	Optional file authorization based on location or path rules; Create a trusted owner, such as administrator, to reinforce security	Provides flexibility to support executable files for which hash definitions are not useful or applicable (i.e. auto-changing .exe files)
Non-Blocking Mode	Execute and log activity for administrator review	Enables Sanctuary to identify current state before defining and enforcing policy
Flexible File Authorization	Versatile File Processor (FileTool.exe) enables directory and subdirectory scans to discover new applications and packages while online or offline	Provides flexible and fast option to identify new and updated applications for review and ultimately to generate whitelists
Nested Executable File Groups	Hierarchical structure of organizing file groups	Provides fast administration of file groups and assignment of user permissions
Relaxed Logon	Executes logon scripts without authorization and automatically switches system into blocking mode after either a set of time or at the end of the script	Eliminates need to administer logon scripts in Sanctuary without compromising the security of the system
Local Authorization	Trusted users can authorize applications locally, while maintaining a log for administrator review	Delivers flexibility to the user, without giving up administrative control
Spread Check	Disables suspicious executables that are locally authorized on too many computers	Contains risk of malicious code spreading through network due to local authorization
Highly Scalable Architecture	Three tier architecture with Database, one or more Application servers, and Client	Provides flexible and scalable deployment options in large and complex networks
Powerful Log Analysis and Reporting	Detailed log analysis with flexible filter, sort and display options and stored query templates as well as central reporting	Demonstrates policy compliance and drills down on suspicious behavior for legal or management follow up
Offline Computer Protection	Local copy of updated hashes and permissions is kept on each machine	Ensures that remote/ disconnected users are constantly protected
Active Directory and eDirectory Support	Leverages user and user group definitions in existing Active Directory and eDirectory	Reduces setup and maintenance of users and user groups
Multi-Language Support	Supports 12 languages on Sanctuary client machines	Improves user experience in international organizations
Custom Reports	Custom query templates can be scheduled to automatically generate reports in HTML, XML or CSV formats and delivered via email or network file share	Extends application policy enforcement to include specific scripts/macros, enabling business without compromising protection

Requirements

Client (32-bit unless specified)	Database	Server	Management Console
Windows 2000 (SP 3+) Professional, Windows XP Professional, Windows XPe, Windows Embedded Point of Service, Windows XP Tablet PC Edition, Windows Server 2003, Windows Vista (32 and 64 bit)	Windows 2000 (SP 3+) Server or Professional, Windows XP Professional, Windows Server 2003	Windows 2000 (SP 4+) Server or Windows Server 2003	Windows 2000 (SP 3+) Server or Professional, Windows XP Professional, Windows Server 2003
For Sanctuary Server/Terminal Services Edition: Windows 2000 Server or Windows Server 2003	Microsoft SQL Server (2000/2005), SQL Server 2005 Express Edition or MSDE 2000	Windows 2000 (SP 4+) Server or Windows Server 2003

Products

Brochures

Lumension Brochure (PDF: 396 KB)
Lumension Endpoint Security Solution Datasheet (PDF: 258 KB)
Lumension Sanctuary Application Control Product Datasheet (PDF: 194 KB)

Resources

Success Stories

EC Suite.com
EC Suite.com Adopts Lumension Security’s Positive Security Model to Proactively Remediate Vulnerabilities, Prevent Malware, and Protect against Data Threats

Tyndallwoods Solicitors
Customer Statement - Mr Tim Carr, IP Support and Development, Tyndallwoods Solicitors

Stephenson Harwood
Stephenson Harwood lays law down to secure firm’s endpoints