Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter


Ivanti (formerly HEAT/Lumension) provide unified protection & control for all enterprise endpoints, applications and devices.

We would be happy to discuss your requirements over the phone or meet with you at your office.

Get in touch

Endpoint Security Device Control is part of the Endpoint Management and Security Suite to enforce security policies for removable devices, media and data.

Ivanti Endpoint Security Device Control is an endpoint policy enforcement solution that stops security breaches before they can even start. All users are denied access by default. You simply authorise access to only the devices that the user needs. No one can plug into your network without approval. No one. Control is absolute. Endpoint Security Device Control also audits I/O device use as well as attempts to use unauthorised devices.

Hardware such as USB memory sticks, FireWire external hard-drives, scanners, music players (for example, mp3 players and iPods), digital cameras, PDAs, and CD and DVD burner drives are scattered throughout offices around the world. Their proliferation amplifies the threats posed by outsiders or users who plug in devices that could compromise the security of sensitive corporate data. Here, too, Endpoint Security Device Control does what you want it to do - it precludes the use of all devices that haven't been authorised and also allows if needed complete FireWire and USB port lockdown for maximum security, avoiding any data leakage or malware intrusion.

Features & Benefits

Access Control List (ACL) Based Permissions

  • Per user and per user group based permissions
  • User/group permissions on all/specific machine

Device White List

  • Prevent the installation of unknown devices
  • Authorise only specific device types within a class
  • Uniquely identify one specific device*

Scheduled and Temporary Device Access - Read and/or Write access

  • Scheduled access for a predefined time
  • Temporary device access (same day or planned for future timeframe)

Uniquely Identify and Authorise Specific Removable Media

  • Create DVD/CD-ROM collections and grant access to users or user groups
  • Create lists of specific Removable Media with unique ID's and grant access to users*
  • Authorize any removable media to any user using encryption technology* (grant access to encrypted media devices with SADEC for users that do not have Sanctuary Device Control installed on their machine)

Plug and Play Devices: Hot Plug Support

  • Detect Plug and Play Devices 'on the fly'
  • Apply ACL's in real time

Shadowing(tm) Option

  • Ability to shadow all data copied to external devices or specific ports (file names only or full copy of files transferred)
  • Supported for all CD/DVD recording types
  • Shadow rules can be applied to Device/Device Group(s) and per user

Powerful Audit & Reporting Capabilities

  • Full auditing of all Administrator actions
  • Advanced reporting possibilities (on ACLs, device collection, etc.)

Access Rights Updates

  • Updates to Access Rights are implemented at each connection
  • Possibility to implement Access Rights on the fly or to a newly defined device without need to re-logon

Flexible Administration

  • Granular administrative roles
  • Distributed administration

Disconnected/Remote Computer Protected

  • A local copy of the latest device access permission list is stored on the disconnected workstation or laptop, which provides full protection when disconnected. Updates (if any) will be implemented at the next connection

Restrict the Amount of Data Copied

  • Ability to restrict the amount of data copied from the PC (or network) to an external device (Removable Media such as USB memory key and Floppy Disk)
  • Apply Copy limit in a per-user basis


  • Use of three-tier architecture (Application server, Database, Client) allows for flexible deployment options and scaling for the enterprise

Microsoft Active Directory and Novell eDirectory Support

  • Map permission to use I/O devices to an existing Active Directory domain or Novell Directory Services (eDirectory)
  • Delegation of administrative rights for Active Directory organisational Units is automatically incorporated into Device Control administration

Silent Unattended Installations & Deployment

  • Use any deployment tools that support the MSI technology (i.e. Microsoft Systems Management Server (SMS), Group Policies, WinInstall, etc.)
  • Deploy tool capable of installing, uninstalling, upgrading and querying client status

Prevention from PS/2 hardware keyloggers

  • Ability to block the PS/2 port, enforcing the usage of USB keyboards to avoid the threat caused by PS/2 hardware keyloggers
  • Ability to detect and block USB keyloggers

Online and Offline permissions/updates

  • Use different policies when the user is online or offline
  • Send updates to computers not connected to the network using a file (e.g. via email)
  • Customisable notifications to users when access is denied

Easy Exchange encryption mode

  • authorised users can access encrypted removable devices outside the company without the need to install any kind of software whatsoever, and without administrative privileges

FireWire, Bluetooth and USB port protection / control

  • USB blocking / USB port blocking: ability to completely block the USB port
  • Ability to also lockdown any other ports or BUS such as Bluetooth, WiFi, FireWire, etc.

Opinion & Resources

CST works in partnership with Ivanti to provide a comprehensive Endpoint Management and Security Suite which assists with the main criteria for becoming Cyber Essentials accredited.


The Cyber Essentials scheme has been developed by the Government to provide organisations with basic protection from the most prevalent forms of threats coming from the Internet.


By implementing the measures from this scheme, organisations can significantly reduce their risk of vulnerabilities whilst demonstrating this to customers, investors, insurers and others that they have taken these essential precautions.


Contact us learn more about Cyber Essentials accrediation.

Nigel Lewis