Lumension® Data Protection

Solution Features

Suite Core Features

Key Features


Data Encryption

  • Automate enforcement of your encryption policy to protect sensitive data at rest (e.g., on endpoint hard drives) and in motion (e.g, being transferred onto removable devices / media).

Increases Data Security

  • Define forced encryption policy for data flows onto removable devices / media.
  • Ensure data is encrypted and secure when on removable devices / media, using FIPS 140-2 Level 2 validated cryptography module
  • Flexible encryption options to define when and where users can access data on authorized removable devices
  • Enforce secure, pre-boot single sign-on authentication of designated endpoint hard drives

Control Device Usage / Data Transfers

  • Regain control over device usage and data transfers, including what device, on what machine, by which user, and when; explore by: unique device, device type, device vendor, users and user groups, machines, hours of operation, and more.

Secures Data from Data Leakage/Theft

  • Automate enforcement of data protection policies for both endpoint hard drives and removable devices.
  • Create a whitelist of allowable devices at any level of granularity: at device class (e.g., all UFDs), device group, device model and/or even specific ID levels.
  • Create attribute-based file filtering policies to prevent malicious and/or unintentional data transfer, including: file type, size, time of day, and more.
  • Flexibly enforce access by user (or user group), machine (or group), and port / device / media.


  • Identify all endpoints on the network and all devices connected to these endpoints (servers, desktops, laptops, etc.).
  • Continuously discover new endpoints and new device connections via managed endpoints

Ensures Security and Regulation Compliance

  • Identify all endpoints (managed and unmanaged) as well as all devices that are currently or have ever been connected to these endpoints.
  • Understand the breadth of endpoints and devices being used across the organization.
  • Gain insight into the use of removable devices / media and data usage.
  • Lay the foundation for the development of a comprehensive Data Protection posture in compliance with internal security policy and external regulations / standards.

Prevent Malware Intrusion

  • Assert control over file downloads from removable devices such as USB flash drives to prevent malware intrusion and propagation.

Increases Network Security

  • Limit downloads of certain file types to prevent accidental or intentional malware propagation.
  • Adds another layer of defense in your fight against malware intrusion.

Audit and Compliance

  • Automatically log all network events related to your data protection policy, including endpoint encryption status, device connection, user activity (such as data transfers), and file tracking (including full content shadowing), providing visibility into policy compliance and violations. All client log information is compliant with Syslog protocols.

Ensures Audit Readiness

  • Organizations can monitor and report on all relevant network events, and be prepared for compliance audits and/or forensics using standard and customizable reports.
  • Monitor all user activity such as device usage and data transfers.
  • Report on all device / media and data security policy compliance and violations.
  • Use patented bi-directional file shadowing to track all transferred files (or even file content).
  • Easy access to all information needed for compliance audits and forensics.
  • Show potential impact presented by unauthorized devices.
  • Enables integrated event management to lower administrative costs and provide more alerting and reporting options.

Integration with Lumension® Endpoint Management and Security Suite

  • Common platform suite architecture for all Lumension modules.
  • Discover both managed and unmanaged devices and deploys agents to any unmanaged assets.
  • Optimized agent-server communications.
  • Unified workflow provides a seamless process to scan the IT environment, remove known threats, lock down endpoints, and flexibly manage change coming into the environment.
  • Customized role-based user interface enables separate functions to work within same workflow process.
  • Streamline compliance and operational reporting.
  • Integrates with other Lumension product modules in the Lumension® Endpoint Management and Security Suite: patch and remediation, antivirus, application control and more.

Reduces Endpoint Complexity by Consolidating Point Products

  • Reduces endpoint agent bloat through single extensible architecture.
  • Delivers both pull and push endpoint policy distribution to enable immediate actions on endpoints.
  • Simplifies and optimizes IT operations and security processes with unified console and workflow-based navigation.
  • Improves endpoint performance and reduces endpoint TCO.
  • Improves endpoint visibility across antivirus protection, vulnerabilities, configurations, and device and application policies – for both on-line and off-line machines.
  • Extends security beyond perimeter to include removable devices like USB sticks, CDs / DVDs, and printers.


How Secure is Your Network?

Lumension® Device Scanner Tool

This free security tool allows you assess your endpoint security risk. If left unmanaged, removable devices can jeopardize the security of your data through data leakage and/or malware introduction.

On-Demand Webcast

Endpoint Device Control in Windows 7 and Beyond

This webcast moderated by Randy Franklin Smith, editor of Ultimate Windows Security, goes in-depth on key endpoint device control capabilities to look for in Windows environments.