As part of the re-affirmed commitment to customers as announced on January 30, Ivanti launched an Independent Business Unit (IBU) consisting of proven solutions with a large customer following (dare I say, fans?) that deserve some TLC. One of these solutions is Ivanti Endpoint Security (IES), previously referred to as Endpoint Management & Security Suite (EMSS) and also as Patch for Linux, Unix and Mac.

So, what’s new with Ivanti Endpoint Security?

Windows 10 Branch Upgrade Support

We’ve added a much-requested customer feature: the ability to upgrade from one Windows 10 version to the next, starting with Windows 10 version 1903. Ivanti Endpoint Security customers no longer need to rely on other Endpoint Management solutions to keep their Windows 10 systems up to date. Additional patch content starting with “Feature Update to Win 10 Version 1909” is now available as Recommended Content and can be applied to Windows 10 1903 systems just like any other patch.

Once the upgrade has completed, the patch status will be updated to reflect that the endpoints have been successfully patched.

New Add-on Patch Functionality

Released to support Windows 7 and Server 2008/2008 R2 extended security updates (ESU’s)

Windows 7 and Server 2008/2008 R2 officially reached end of support on January 14, 2020. This was the last Patch Tuesday with security updates available to everyone for these operating systems.  They will of course continue to function but will be at increased security risk as time passes and additional vulnerabilities are identified without updates. 

Ivanti now offers custom content support, which allows the Microsoft ESUs to continue working seamlessly with Ivanti Endpoint Security. Please note that this is not part of the general maintenance or annual content subscription.  The custom content for the Microsoft ESUs is available for a fixed annual subscription fee which includes Technical Support and does not have an associated endpoint count. Please review the Custom Patch Support article in the Ivanti Community for more details or reach out to us directly.

Additional OS Patch Support

On March 27th, we released an updated version of the Patch Agent for Linux, Unix & Mac, also known as the LUM agent. This version adds support for Red Hat Enterprise Linux (RHEL) version 8 and also addresses a number of customer bugs. Please review the Release Notes for more information.

On June 3rd, we released a further update to the LUM agent which provides support for patching CentOS 8 and SUSE Linux version 15 SP1. Refer to the Release Notes for more information.

5 Key Highlights of What’s Coming Next!

We’re just a few short weeks away from the release of Ivanti Endpoint Security 8.5 Update 4 which focuses primarily on enhancements to the Device Control module. The following are some of the key highlights of that release, which we expect to deliver to market later in June.

1. BitLocker Encryption Support is now available!
Do you currently use BitLocker encrypted devices?  And require more control around whitelisting these, alongside a full device control solution?  Ivanti Endpoint Security now allows continued use of BitLocker encrypted devices while also providing additional granular controls around whitelisting, policy, permissions and reporting.  You can now define policies for Removable Storage Devices, such as USB sticks, based on whether or not they have been encrypted using BitLocker.  For example, you could allow users to read files from BitLocker encrypted devices but not write to them, thereby protecting your corporate data.

2. File-type filtering enhancements
The Device Control file-type filtering feature has been enhanced to add support for the portable device class and for MP4 files.  This means that you can now apply granular Device Control policies for mobile phones in the same way as you currently do for removable storage devices, such as USB sticks.  For example, you can allow users to transfer pictures to and from their phones while still blocking other file types.  You can do the same for MP4 video files across all device classes and decide whether your users can copy these video files to or from their workstations.

3. Device Detached events
Ivanti Endpoint Security has always generated log events when a user connects a device, such as a USB stick, to a computer. We now also provide log events when devices have been disconnected or removed.  These device-detached events could be used, for example, to determine when a device was physically removed in the event that a device was lost or stolen.

4. Encrypted media unlocked event
Some customers have software that they want to execute after a user finishes unlocking a USB device. By providing a log event that can be used as a trigger to initiate this software, Ivanti Endpoint Security 8.5 Update 4 offers a capability to automate this otherwise manual task.

5. Keeping up to date
As with any new release, we are adding support for the latest Microsoft platform updates.  We’ve also added Device Control support for Thunderbolt 3 devices so that they are  correctly recognized as USB devices. We’ve also updated the Device Control engine to avail of the latest bugfixes and stability improvements.

More details will be available in the release notes in June, so watch out for them. The next release of Ivanti Endpoint Security is also in the works. This release will be focused on the Patch module. I’d like to get your input for that release.  What new capabilities do you need us to add to Ivanti Endpoint Security? Submit your product ideas via the Ivanti Community. Select “Security Ideas” followed by “Endpoint Security” and add your idea for us to review.