Overview
Sanctuary Device Control from Lumension Security enforces enterprise-wide usage policies for removable devices and data (such as read/write, encryption). Using a whitelist / “default deny” approach, administrators can centrally:
- Manage and control access of any “plug and play” device by class, model and/or specific ID;
- Uniquely identify and authorize specific media;
- Implement file copy limitations (amount per day, time of day) and file type filtering;
- Enforce encryption policies for data moved onto removable devices / media;
- Apply permissions to specific and/or groups of endpoints, ports, devices and users (both on- and off-line), including scheduled / temporary access;
- Create role-based Admin accounts (e.g., for regional sites);
- Save a copy of entire file being moved using the patented bi-directional shadowing technology, or just log the file name; and
- Create both standard and customized reports on all system activity which can be saved into a repository, shared via email, and/or imported into 3rd party applications.
Sanctuary Device Control from Lumension Security enables organizations to embrace productivity-enhancing tools while limiting the potential for data leakage (and the impacts thereof).
Device Control and USB Security for the Enterprise
USB memory drives, FireWire external hard-drives, CD/DVD burner drives, PDAs / smartphones, scanners, MP3 players / iPods, and digital cameras are scattered throughout offices around the world. While these devices enable increased collaboration and productivity, they also create risk of data being lost, misused or stolen. Sanctuary Device Control from Lumension Security provides organizations centralized “on-the-fly” management of removable devices / media without impeding productivity. Furthermore, automated agent installation on endpoints minimizes administrative and end-user training costs.
Proactive Approach to Data Protection
Sanctuary Device Control from Lumension Security provides proactive data protection using a whitelisting or “default deny” approach: endpoints (e.g., desktops, laptops) can only accessed by explicitly authorized devices, while all other devices are prohibited by default. Not only does this provide the flexibility required to promote new productivity tools while enforcing policies which reduce risk, it eliminates the need to keep up with the ever-changing landscape (new devices, new people, new threats) that organizations face daily. This reduces the security workload, allowing organizations to focus on more strategic activities such as developing more robust security policies.
Complete Control over Data Transfer and Port Access
Sanctuary Device Control from Lumension Security enables administrators to quickly establish and enforce data protection policies by rapidly identifying all devices that are now or have ever been connected to the network, and via which endpoints and ports. Permissions can be assigned to specific users and/or groups of users (both on- and off-line), devices (including class, manufacturer or even specific ID), ports and endpoints. These permissions can be linked to the user and user group information stored in Microsoft Active Directory or Novell eDirectory. Data usage restrictions can include file copy limitations (amount per day, time of day), file type filtering and forced encryption.
Comprehensive USB Security and Auditing Capabilities
A comprehensive log of every event (e.g., attempts to connect what device to which endpoint via what port), whether allowed or not, is generated. Optionally, Lumension Security’s bi-directional shadowing technology can capture and retain a full copy of all data written to and/or read from removable devices (e.g., USB flash drives, CDs/DVDs). This detailed information is valuable in quantifying risk to the organization. In additions it helps demonstrate compliance with data protection regulations and standards such as SOX, HIPAA or PCI DSS. Finally, it is invaluable for forensic, or after-the-fact event re-creation.
|