Lumension Endpoint Management and Security Suite (LEMSS) v8.0
The subscription price starts at $21/per node for one year; discounts apply for higher node counts and multi-year contracts; perpetual model is also available for 250 nodes of LEMSS Enterprise (which includes all modules).
Strengths: Full-featured endpoint solution with BYOD/MDM support.
Weaknesses: None noted.
Verdict: Enterprise-class endpoint offering with a lot of layered protection for the price.
Lumension Endpoint Management and Security Suite (LEMSS) unifies IT operations and security through a single console, server and agent architecture to address IT risk and systems management requirements across the enterprise. LEMSS includes capabilities for patch and remediation, security configuration management, mobile device management, application control, anti-virus, device control, disk encryption and reporting services. LEMSS provides a defense-in-depth approach to endpoint security, ensuring that systems are managed effectively from both an operational and security perspective. The offering is now available in two suite solutions: Standard LEMSS includes the patch management, anti-virus, device control and reporting capabilities; and LEMSS Enterprise adds application control, configuration management and mobile device management capabilities.
The patch management solution helps by proactively eliminating vulnerabilities by keeping system patches up to date. There is support for multiple platforms, including Windows, *nix, OSX, OS versions, and third-party applications, such as Adobe, Apple and Java. Security configuration management ensures that endpoints are securely configured and in compliance with industry best practices and regulatory mandates. Mobile device management, new in this release, allows users to securely support business use of both employee- and corporate-owned smartphones and tablets. Application control allows users to define and enforce trusted application usage through whitelist policies to ensure only applications explicitly authorized or trusted are allowed to execute.
A nice feature in this module is the advanced memory protection, technology to defend against today's sophisticated memory injection attacks. It uses patent-pending technology that can detect and stop memory injections (including RMI and Skape/JT) by monitoring an endpoint's memory address space and associated processes for distinct evidence of exploitation. The device control module allows one to create centralized policies to manage the use of all ports and media devices, including the ability to force encryption for certain media types. Anti-virus and disk encryption were also part of the protection tested. Reporting services covers all the above modules and provides integrated, preconfigured and centralized business intelligence, which can be customized to meet organizational needs.
The LEMSS management server installs on a Microsoft Server platform, 2003 SP2 and up, and requires Microsoft SQL Server. Admins can point the install package to an existing SQL server or it will load its own SQL Express version on the same server. There are several .Net, IIS and other various requirements that you will want to ensure are set up before running the install package. The installation package will automate the LEMSS server deployment once the server is prepared.
Once we were up and running, we were able to use the LEMSS server to manage and configure all the layers of protection for our endpoints. Although we didn't test it, we liked the mobile device management (MDM) capability. Currently, there is agent support for iOS 5 and above and Android 2.3 and above. We also liked the asset inventory that gathers from the patch and remediation module. It provided a full accounting of all the components running on the endpoint. The reporting and dashboarding/visualization tools were also very well done. LEMSS delivers a lot of protection for the price.
No-cost, standard support is included in the quoted price. Live support is available eight-hours-a-day/five-days-a-week with 24/7 access to a knowledge base and forums. Premium support options are available for an additional fee.