The new Sanctuary Server Edition product, which is intended to secure mail servers, CRM applications, web and other database servers, limits the applications that can execute on a protected server to those held on a white-list of approved programs. It will be priced at $1,800 per managed server.

An administrator needs first identify the executables that are authorized and the system will then generate a signature for each one which is then held on Sanctuary’s database. It is only necessary to update the list of authorized executable files when new software is deployed.

A system known as Versatile File Processor allows administrators to scan directories to find and authorize new server applications and packages, software updates and patches. Sanctuary supports Windows WSUS and SUS Update Services and allows automated permission updates to reduce some of the overhead of patch deployment, the vendor said.

According to Dennis Szerszen, VP of of marketing and corporate development for SecureWave Santuary is now used to secure some 1.5 million desktop and laptop PC end points. He said the benefit of the software is that it allows for context-sensitive policy enforcement. In other words, it can be used to lock down all USB access points by default, say, but will let system administrators set different access and user privileges, depending on who is using what resource, where and through which access channel.

According to the rules held in its policy engine, Sanctuary can manage device and application policies at a granular level, so that distinct policies can be enforced based on whether a user is on a device which is inside or outside of the corporate network, for instance, or for a user accessing the network from an Ethernet port and a laptop then the WiFi entry point for that user could be automatically shut off.