User-Defined and Plug and Play Devices:
Manage non-standard device types (such as iPAQ, OTEC, HTC or webcams) in the same manner as standard devices, by characterizing them and adding them to the system; also, detect Plug and Play devices "on the fly." |
Improves Network Security
- Provides flexibility needed to handle unique needs and environments.
- Ensures user productivity is not disrupted by applying permissions for Plug and Play devices when detected.
|
Per-Device Permissions:
Granular permissions to control access at device class (e.g., all USB flash drives), device group, device model and/or even specific ID levels; for instance, restrict access rights to a specific device of a company-approved model. |
Delivers Granular Permissions Control
- Provides greater control at lower levels for effective access management.
|
Uniquely Identify and Authorize Specific Media:
Authorize DVD/CD collections, grant access to users or user groups, and encrypt removable media with unique IDs. |
Secures Data
- Limits DVD/CD access to your company’s standard discs, to avoid use of unauthorized content and/or encrypts removable media to prevent unauthorized viewing.
|
Whitelist / “Default Deny”:
Assign permissions for authorized removable devices (such as USB sticks) and media (such as DVDs/CDs) to individual users or user groups; by default, those devices / media / people not explicitly authorized are denied access. |
Secures Data from Data Leakage/Theft
- Eliminates unknown or unwanted devices in your network, reducing the risk of data leakage / data loss.
- Limits uploading of unknown or unwanted files (i.e., malware or other unauthorized files).
|
Data Copy Restriction:
Restrict the daily amount of data copied to a removable devices (such as USB flash drives) and media (such as DVDs/CDs) on a per-user basis; can also limit usage to specific timeframes / days (e.g., only from 0900 to 1700 during weekdays). |
Secures Data from Data Leakage/Theft
- Removes risk of large amounts of data leaving your network.
|
File Type :
Control and encrypt file types that are moved to and from removable devices (such as USB sticks) and media (such as DVDs/CDs). |
Blocks Malware Attacks and Protects Data
- Reduces risk of sensitive files leaving your network, and unwanted files (i.e., malware or other unauthorized files) entering your network.
- Enables the filtering of data that is copied to removable devices and the enforcement of encryption for deeper granularity and better control.
|
Read-Only Access:
Define any file-system based device (e.g., a floppy drive, DVD/CD writer, PCMCIA hard drive, and so on) as read-only; other device permissions include: write, encrypt, and decrypt restrictions. |
Secures Data from Data Leakage
- Limits potential leakage paths of sensitive data.
|
Temporary / Scheduled Access:
Grant users temporary access to removable devices / media, which can be used to grant access “in the future” for a limited period; also, grant or deny permissions to use a device during a specific time period, which permits development of sophisticated security policies where certain devices can only be used at certain times (for example, from 9 A.M. to 5 P.M., Monday to Friday). |
Enhances Security Policy Enforcement
- Switches access on without having to remember to switch it off again later.
- Provides another method to manage access to sensitive data.
|
Context-Sensitive Permissions:
Apply different permissions when the endpoint is connected to the network, when it is not, and regardless of connection status. For example, disable WiFi cards when laptops are connected to the network, but enable them when the machine does not have a wired connection to the network. |
Increases Endpoint Security
- Provides deeper, finer-grained control over access to endpoints, reducing possible problem areas in all anticipated environments.
|
Offline Updates:
Update permissions of remote endpoints that cannot establish a network connection; new permissions are saved to a file that is imported and installed onto the client computer. |
Enhances Security Policy Enforcement
- Permits permission updates no matter the status of the endpoint to ensure uniform security policy enforcement.
|
Policy Controlled Encryption for Removable Media and CD/DVD:
Administrators may centrally encrypt removable devices (such as USB sticks) and media (such as DVDs/CDs) with 256 AES, as well as forcing users to encrypt devices / media, and limiting when these devices / media can be accessed. |
Increases Security Compliance
- Ensures that data cannot be accessed if removable devices or media are lost or stolen.
- Reduces the risk of data leakage / data loss.
- Strongest levels of encryption (256 AES) to protect data from unauthorized access.
|
Decentralized Encryption:
Administrators can enforce policies which require users to encrypt their devices locally, freeing the users to encrypt “on the fly” and not have to wait for admin availability. |
Balances Productivity and Protection
- Reduces your workload while still ensuring that sensitive data is not inadvertently exposed.
|
Portable Encryption:
Data on removable media is encrypted, and can be accessed with a password using the Secure Volume Browser which is added to the media during encryption. Allows encryption onto devices as large as 128GB in storage. |
Secures Data
- Self-contained portable encryption of large removable devices which allows authorized users access to the data while obscuring it from others.
|
Enforce “Strong” Password Requirements:
Use existing password length and complexity rules in compliance with MS standards. |
Ensures Password Consistency
- Reduces administrative burden and end user confusion by maintaining consistency with organization-wide policies.
- Increases security of password protected data saved onto removable devices / media.
|
Password Lockout:
Lock users out after five (5) failed attempts; administrators can recover access when passwords are forgotten or user leaves company. |
Increases Data Protection
- Reduces risk of hackers breaking into lost or stolen removable devices (such as USB memory drives) and media (such as DVDs/CDs) using brute force methods (e.g., “dictionary attacks”).
|
Syslog Support:
All event, audit and diagnostic logs are compliant with Syslog protocols. |
Enables Integrated Event Management
- Allows for event correlation to other system logs for centralized forensics.
- Adds more options for administrator alerts and reporting to reduce the cost of compliance.
|
PGP Aware:
For managed PGP environments, PGP instrumented devices are recognized by Device Control. Policies controlling PGP encrypted devices can be enforced by Device Control. |
PGP Encryption
- Perfect complementary solution to an existing or planned PGP Universal managed environment.
|
Filename Tracking / Full File Shadowing:
Patented bi-directional shadowing technology keeps a copy of all files (i.e., entire file contents) that are read from and/or written to removable devices (e.g., USB memory drives) and media (e.g., DVDs/CDs) on a per user (or user group) basis; can also track just file types & names; all events captured in logs and accessible by admin at any time for compliance auditing / forensics. |
Delivers Audit Readiness
- Captures the flow of information into and out of your network.
- Enables you to quantify the risk and report for compliance purposes.
- Enables audits of filename and/or full file content for forensic purposes.
|
Centralized Management / Administrators’ Roles:
Centrally define and manage user, user groups, computers and computer groups access to removable devices / media on the network; control precisely who can access the different components of the Management Console (for example, restrict the access to the shadowing information to only the organization’s auditors). |
Delivers Precise Control with Access Limits
- One administrator can manage a large installation (over continents); optionally, have multiple administrators managing appropriate portions of installation.
- Limits access to appropriate, authorized personnel (e.g., allow auditors to audit but not change policies), and distributes workload among administrators as needed.
|
Role Based Access Control:
Assign permissions to individual users or user groups based on their Windows Active Directory or Novell eDirectory identity, both of which are fully supported. |
Reduces IT Workload and Improves Productivity
- Provides granular user permissions that remain with user login regardless of machine.
- Leverages existing directory information when enforcing policies.
- Reduces workload and improves productivity while enforcing security policy.
- Reduces setup / startup / ramp up time.
|
Tamper-proof Agent:
Agents are installed on every endpoint on the network, and are protected against unauthorized removal – even by authorized (local) administrators. Only (enterprise) Administrators may deactivate this protection. |
Secures Data from Data Leakage/Theft
- Protects endpoints from unintentional and/or malicious tampering; maintains security posture even in dire events.
|
Flexible / Scalable Architecture:
Organization-wide control and enforcement using scalable client-server architecture with a central database that is optimized to reduce the database footprint. The system can be installed on a single machine for smaller organizations, and expanded to include multiple servers to support complex networks. Compatible with virtual servers, including VMware ESX and Windows 2008 Hyper-V. Endpoints can connect to one or more servers to facilitate load-balancing. A separate Management Console provides Administrative control from anywhere in the organization. |
Adapts to Your Growing Business
- Supports entire range of organizations, from small, local startups to large, global corporations, from hundreds of endpoints to hundreds of thousand endpoints; fast growing organizations can scale installation as needs dictate.
- Decreases administrative costs by reducing the database footprint and increasing database query and maintenance speed.
- Supports server-side cost reduction in capital expenses and enables full utilization of existing infrastructure.
|