Lumension Endpoint Management and Security Suite v7.1
Strengths: Can start small and add modules as needed very easily.
Weaknesses: Lot of setup; interface takes time to work through.
Verdict: Admins can identify endpoints easily and deploy a few to several layered security solutions through a single, integrated platform.
Lumension Endpoint Management and Security Suite (LEMSS) is an application that serves as a platform for other applications that protect a network from security risks. These applications or modules, use varying approaches to safeguard the endpoint. One may purchase any combination of these modules to best suit the enterprise's needs. LEMSS unifies the functions of IT operations and security through a single console, server and agent architecture to seamlessly address IT risk and systems management requirements across the enterprise. LEMSS delivers modularly licensed capabilities across anti-virus; patch, configuration and power management; application and device control; and asset management. The solution provides a 'defense-in-depth' approach to endpoint security, ensuring that systems are managed effectively from both an operational and security perspective.
The LEMSS server contains the following components: the Lumension Endpoint Management and Security Suite Application Server and the Lumension Endpoint Management and Security Suite Database Server. System requirements include Windows 2003, Web Edition/SP2, Windows 2008 R2, SQL Server 2005, Express/SP3/SQL Server 2008 R2, IIS 6.0, .NET Framework 3.5, MS internet Explorer 7 and Silverlight. Microsoft Silverlight is required during the installation and when accessing the Installation Manager. If one doesn't have an instance of SQL Server available, the software will load SQL Server 2008 R2, Express Edition. We cannot comment on the installation process as we evaluated this solution in the provider's cloud-based environment. From the documentation, it appears to be fairly straightforward.
Once installed, the LEMSS Agent scans the endpoint for inventory and uploads the scan results to the Lumension LEMSS server. The agent also supports snap-ins for the various Lumension LEMSS modules. By installing these agent modules, functionality can be expanded. The tool uses Windows Firewall and requires users to have file sharing and network discovery enabled so that the endpoints can be discovered by LEMMS. SSL is used for transmitting data between the LEMSS Server and LEMSS Agents.
The asset discovery capability was good and integrated with Active Directory to scan by IP range and import inventory lists from the asset management system. Also, there were multiple ways to get an endpoint in easily. We found the user interface a bit cumbersome to maneuver. It took some time and effort to get through the basic setup of users and policies.
Admins can create as many agent policy sets as desired, and then assign those policies to agents or groups to have all the modules available to configure in the policy based on what has been licensed.
Lumension offers eight-hours-a-day/five-days-a-week standard support included with a subscription or with an active maintenance agreement of all Lumension-licensed products. Premium Support offers all the benefits of standard, plus 24/7 access to experienced, senior-level support engineers, as well as free training at $4.50/node/year. Documentation is plentiful.