Ivanti Endpoint Security Device Control

Access Control List (ACL) Based Permissions

• Per user and per user group based permissions
• User/group permissions on all/specific machine

Device White List

• Prevent the installation of unknown devices
• Authorise only specific device types within a class
• Uniquely identify one specific device*

Scheduled and Temporary Device Access - Read and/or Write access

• Scheduled access for a predefined time
• Temporary device access (same day or planned for future timeframe)

Uniquely Identify and Authorise Specific Removable Media

• Create DVD/CD-ROM collections and grant access to users or user groups
• Create lists of specific Removable Media with unique ID's and grant access to users*
• Authorize any removable media to any user using encryption technology* (grant access to encrypted media devices with SADEC for users that do not have Sanctuary Device Control installed on their machine)

Plug and Play Devices: Hot Plug Support

• Detect Plug and Play Devices 'on the fly'
• Apply ACL's in real time

Shadowing(tm) Option

• Ability to shadow all data copied to external devices or specific ports (file names only or full copy of files transferred)
• Supported for all CD/DVD recording types
• Shadow rules can be applied to Device/Device Group(s) and per user

Powerful Audit & Reporting Capabilities

• Full auditing of all Administrator actions
• Advanced reporting possibilities (on ACLs, device collection, etc.)

Access Rights Updates

• Updates to Access Rights are implemented at each connection
• Possibility to implement Access Rights on the fly or to a newly defined device without need to re-logon

Flexible Administration

• Granular administrative roles
• Distributed administration

Disconnected/Remote Computer Protected

• A local copy of the latest device access permission list is stored on the disconnected workstation or laptop, which provides full protection when disconnected. Updates (if any) will be implemented at the next connection

Restrict the Amount of Data Copied

• Ability to restrict the amount of data copied from the PC (or network) to an external device (Removable Media such as USB memory key and Floppy Disk)
• Apply Copy limit in a per-user basis

Scalability

• Use of three-tier architecture (Application server, Database, Client) allows for flexible deployment options and scaling for the enterprise

Microsoft Active Directory and Novell eDirectory Support

• Map permission to use I/O devices to an existing Active Directory domain or Novell Directory Services (eDirectory)
• Delegation of administrative rights for Active Directory organisational Units is automatically incorporated into Device Control administration

Silent Unattended Installations & Deployment

• Use any deployment tools that support the MSI technology (i.e. Microsoft Systems Management Server (SMS), Group Policies, WinInstall, etc.)
• Deploy tool capable of installing, uninstalling, upgrading and querying client status

Prevention from PS/2 hardware keyloggers

• Ability to block the PS/2 port, enforcing the usage of USB keyboards to avoid the threat caused by PS/2 hardware keyloggers
• Ability to detect and block USB keyloggers

Online and Offline permissions/updates

• Use different policies when the user is online or offline
• Send updates to computers not connected to the network using a file (e.g. via email)
• Customisable notifications to users when access is denied

Easy Exchange encryption mode

• authorised users can access encrypted removable devices outside the company without the need to install any kind of software whatsoever, and without administrative privileges

FireWire, Bluetooth and USB port protection / control

• USB blocking / USB port blocking: ability to completely block the USB port
• Ability to also lockdown any other ports or BUS such as Bluetooth, WiFi, FireWire, etc.