|
 |
The proliferation of products
using USB, WiFi, FireWire, Bluetooth & other protocols makes it easy
to connect unauthorized external devices to enterprise PCs.
This poses two distinct security
threats: data leakage & targeted attacks. |
Safend Protector v3.1 is
the industry's most comprehensive, secure and easy-to-use endpoint
security solution - controlling every endpoint and every device,
over every network or interface.
Safend Protector monitors real-time traffic and applies customized,
highly-granular security policies over all physical, wireless and
removable storage interfaces, including: |
|
Safend Protector detects and allows restriction of
devices by device type, model or even specific device serial number.
For storage devices, Safend Protector allows security administrators
to either block all storage devices completely, permit read-only, or
even block devices above a certain storage capacity. WiFi controls
are based on MAC address, SSID, or network security level.
Security Policy – Flexible Strategy, Simple Implementation
Safend Protector creates forensic logs of all data moving in and out
of the organization, allowing administrators to create policies that
don’t necessarily restrict device usage, but allow full visibility
device activity and content traffic.
Through a built-in and flexible management console, Safend Protector
allows administrators to create comprehensive and granular endpoint
security policies. Policies are exported directly to Active
Directory as Group Policy Objects (GPOs), ready to be assigned to
relevant Organizational Units (OUs) and silently installed on
clients.
With built-in alerting capability, administrators can get immediate
notifications of any activity that needs immediate response. Alerts
are available via email, SNMP, Syslog, Windows Event Viewer, popup
messages and even custom scripts.
|
Click Image to Enlarge |
|
Uncompromised Control with Tamper-Proof
Agent
Safend Protector’s lightweight and tamper-proof client-side agents are
easily deployed, installed silently at the endpoint with no reboot required.
The Protector agent operates at the kernel level, and includes redundant,
multi-tiered anti-tampering features to guarantee permanent control over
endpoints. Even local administrators can’t circumvent security policy. In
addition, agents are invisible to end-users until a non-approved device is
connected, at which time a custom-defined notification appears.
Safend Protector Advantages
Granular control -- detects and restricts devices by device type, device
model or unique serial number
Policy flexibility -- separate policies can be defined for any domain,
group, computer, or user; policies are easily associated with Active
Directory Organizational Units (OUs) for GPO update
Advanced policy enforcement -- via independent, kernel-level, real-time
analysis of low-level port traffic
Secure agent – silent deployment, redundant multi-tiered anti-tampering
prevents security policy circumvention
Intuitive management -- seamlessly integrates into Active Directory or other
network management software
Easy auditing and visibility- Encrypted logs and alerts can be viewed in the
management console or integrated with third-party software for comprehensive
analysis or immediate notifications
Multilingual – Safend Protector speaks your language, allowing easier local
administration
What’s New in Safend Protector v3.0
The newest version of Safend Protector introduces additional strong
security features and enhanced usability:
Granular WiFi control - by MAC address, SSID, or the security level of the
network
File name logging – creates forensic logs of all data moving in and out of
the organization via removable storage
Cisco NAC integration - creates rules that mandate the presence of Safend
Protector Client before the endpoint is allowed on your network
U3 and autorun control – turns U3 USB drives into regular USB drives while
attached to organization endpoints, and protects against dangerous
auto-launch programs by blocking autorun
Usability, management and other functional enhancements - tighter Active
Directory integration, OTP for suspending agents securely, defining roles
within the management console, server architecture, enhanced logging,
alerting and reporting, and integral interfaces to third party management
tools
Media encryption - Transparently encrypts data copied to removable
media devices
Anti Hardware Keylogger - detects and blocks keyloggers connected to
USB keyboards and renders PS/2 port keyloggers useless - preventing attempts
to record your keystrokes
Hybrid network bridging prevention - blocks access to WiFi,
Bluetooth, Modems or IrDA links while the PC is connected to the wired
corporate LAN.
Check Point OPSEC certification - ensures complete integration and
interoperability with Check Point's Secure Virtual Network Architecture.
Microsoft WHQL certification - ensures comprehensive security as well
as full compatibility with current and future Windows Operating Systems.
|
