Lumension combines whitelisting and blacklisting

Lumension promises more flexibility in the software that is allowed on the network

Security vendor Lumension has added a new function to its security suite which it claims combines the best features of whitelisting and blacklisting.

The Intelligent Whitelisting module works by scanning an entire network for malware, and cleaning up any infections where they are found. A snapshot is taken of the clean network, which is then locked down to allow no new applications to run.

The software can then be controlled by the IT manager to allow only trusted applications to run, cutting the likelihood of unauthorised code running on the network.

"In the past, traditional application whitelisting approaches were a challenge because it was nearly impossible to anticipate and manage the changing needs of the business," said Lumension chairman Patrick Clawson.

"This relegated traditional application whitelisting solutions to very static environments like point-of-sale or server environments where there is not a lot of change taking place.

"As a result, companies were left with two choices: a reactive endpoint security approach that was efficient but ineffective, or a proactive approach that was very effective, but not operational.

"Nobody was focused on how to bring together the best in both approaches, and manage change in a way that would better meet the needs of the business."

The new system will offer IT managers more flexibility in the software that is allowed on the network, but will automate many of the decisions to reduce management time.

"Organisations are at risk from malware that targets user data and settings, rather than system files," said Gartner analyst Neil MacDonald.

"Application control solutions address these issues and provide more flexibility and granularity for all users regarding the applications that can and cannot be run.

"Users can be left running as administrators, allowing them to update client software as needed, including web applications. Software that is detrimental can be automatically blacklisted, but resources may be needed to keep the list current."