GFI EndPointSecurity

When users connect to your network with a USB device containing unencrypted data, they are prompted to enter a password; GFI EndPointSecurity then encrypts all the contents on the device. After that, data can be accessed normally, with the added benefit of being encrypted using a strong AES 256-bit or 128-bit algorithm.

GFI EndPointSecurity includes the Traveler Application, a program that enables users to access encrypted content when they are away from the office and in locations where the GFI EndPointSecurity agent might not be installed. The program can also generate a report of failed attempts to access encrypted portable devices.

GFI EndPointSecurity monitors the network, detects new computers that are connected to the network, notifies the administrator, and performs various tasks as configured by the administrator.

The administrator can, for example, set automatic detection to occur at pre-set intervals such as hourly, daily, weekly, etc. The administrator can also set the scope of the auto-discovery (e.g., only computers detected on the domain or on the entire network). Once computers are detected, the administrator can choose whether to automatically protect them by deploying a pre-defined policy, or simply to be notified that new computers were detected.

If auto-protect is selected, as soon as a computer is detected, the product automatically installs the agent and applies the default policy selected by the administrator.

The GFI EndPointSecurity ReportPack is a free powerful reporting package that adds on to GFI EndPointSecurity. It can be scheduled to automatically generate graphical IT level or higher level management reports based on data collected by GFI EndPointSecurity, enabling you to report on portable storage devices connected to the network, user activity, endpoint files copied to and from devices, and much more.

The GFI EndPointSecurity ReportPack enables you to create different types of reports, including: executive reports that provide an overview of blocked devices and portable storage device usage trends; statistical reports that provide portable device access and usage statistics; technical reports that provide a list of file names copied to and from your network by user device; and reports that list the top 20 users, machines, devices and applications that peaked connection activity.

Categorize computers into protection groups. For each group, you can specify the level of protection and permitted portable device access.

The ability to group your networked computers is a powerful feature. You can group an entire department together and manage those users as a single entity. Configuration of GFI EndPointSecurity is simple and leverages the power of Active Directory. It does not require the administrator to remember and track policies deployed to specific computers. GFI EndPointSecurity is unlike many other portable device control products that require cumbersome machine-by-machine administration, forcing you to make the changes on a per-machine basis and then update the configuration on each machine before the settings take effect.

GFI EndPointSecurity provides real-time status monitoring through its user interface. It displays statistical data through graphical charts, the live status of the agent, and more.

GFI EndPointSecurity also enables you to send alerts when specific devices are connected to the network. Alerts can be sent to one or more recipients by email, network messages and SMS (text) notifications delivered via an email-to-SMS gateway or service.

USB sticks pose a significant threat to your business environment. They are small, easily hidden and can store up to 128 GB of data.

Even plugging a digital camera into a USB port gives users access to storage on a secure digital (SD) card. SD cards are available in 128 GB capacity and more, giving them the power to externally carry your data or import infected software onto your network. Beyond blocking access to portable storage media, GFI EndPointSecurity logs device-related user activity to both the event log and to a central SQL Server. A list of files accessed on any device is recorded every time an authorized user plugs in.

GFI EndPointSecurity provides administrators with the ability to automatically schedule agent deployment after a policy or configuration change.

If a deployment fails, it is rescheduled until deployed successfully. The GFI EndPointSecurity remote deployment tool can deploy its security agent network-wide in a few minutes and facilitates Active Directory deployment through MSI.

GFI EndPointSecurity enables you to grant or deny access to a range of portable device classes, as well as block files transferred by file extension, physical port and the factory ID that identifies each device.

It is also possible to specify users or groups, and manage their access to portable storage devices. Grant permissions that include never allowing a device access, periodic access for certain devices, and full device access at all times. GFI EndPointSecurity enables administrators to define a device whitelist and a blacklist that allows only company-approved devices while effectively and easily blocking all others.                                 

The agent used to control machines features a number of security elements to render it tamper-proof.

Users are unable to uninstall the agent since it is not published as an installed application. As additional security, uninstall can only be accomplished if a special 128-character ID to unlock the uninstaller is registered. A sample of the other security features includes encryption of the configuration file used by the agent; the automatic regeneration of registry keys and critical files if altered; and an emergency block mode if the configuration file is corrupt, leaving access to the driver possible only by a system reinstall or using the recovery console.

Unfortunately, many businesses ignore or are unaware of the threat until something actually happens. According to research conducted by eMedia on behalf of GFI in the US, few medium-sized businesses consider portable storage devices to be a major threat while less than 20% had implemented software to address this risk. The key to managing portable device use is to install an endpoint security solution that gives administrators control over what devices are in use, have been used and by whom, as well as an in-depth knowledge of what data has been copied. It is also important to control sensitive data when it needs to be taken outside the company's premises on a portable device.

GFI EndPointSecurity™ enables administrators to actively manage user access and log the activity of:

• Media players, including iPods, Creative Zen and others
• USB sticks, CompactFlash, memory cards, CDs, floppies and other portable storage devices
• iPhone and BlackBerry handhelds, mobile phones, smartphones and similar communication devices
• Network cards, laptops and other network connections.

To control access, GFI EndPointSecurity installs a hidden, small footprint agent on the machine. This agent can be deployed to machines network-wide with just a few clicks.

Using GFI EndPointSecurity you can centrally disable users from accessing portable storage media, preventing users from stealing data or bringing in data that could be harmful to your network, such as viruses, trojans and other malware. Although you can switch off portable storage devices such as CD and/or floppy access from the BIOS, in reality this solution is impractical: You would have to physically visit the machine to temporarily switch off protection and install software. In addition, advanced users can hack the BIOS. GFI EndPointSecurity allows you to take control over a wide variety of devices.

In addition to blocking access to portable storage media, GFI EndPointSecurity logs device-related user activity to both the event log and to a central SQL Server. A list of files that have been accessed on a given device is recorded every time an authorised user plugs in.

Users can be given permission to store data on USB devices as long as it is encrypted. Access to this data outside the company network can be strictly controlled by a purpose-built traveler application, which is included with GFI EndPointSecurity.

Along with real file type detection, GFI EndPointSecurity also delivers content verification based on regular expressions or dictionary files. This enables the detection of security- sensitive information present in popular document formats. The product ships with a number of predefined templates that detect potential leaks of credit card numbers, personal identification numbers and so on.