Provide your details and one of our specialists will be in touch shortly.
Ivanti Endpoint Security Device Control
Endpoint Security Device Control is part of the Endpoint Management and Security Suite to enforce security policies for removable devices, media and data.
Ivanti Endpoint Security Device Control is an endpoint policy enforcement solution that stops security breaches before they can even start. All users are denied access by default. You simply authorise access to only the devices that the user needs. No one can plug into your network without approval. No one. Control is absolute. Endpoint Security Device Control also audits I/O device use as well as attempts to use unauthorised devices.
Hardware such as USB memory sticks, FireWire external hard-drives, scanners, music players (for example, mp3 players and iPods), digital cameras, PDAs, and CD and DVD burner drives are scattered throughout offices around the world. Their proliferation amplifies the threats posed by outsiders or users who plug in devices that could compromise the security of sensitive corporate data. Here, too, Endpoint Security Device Control does what you want it to do - it precludes the use of all devices that haven't been authorised and also allows if needed complete FireWire and USB port lockdown for maximum security, avoiding any data leakage or malware intrusion.
Features & Benefits
Access Control List (ACL) Based Permissions
Per user and per user group based permissions
User/group permissions on all/specific machine
Device White List
Prevent the installation of unknown devices
Authorise only specific device types within a class
Uniquely identify one specific device*
Scheduled and Temporary Device Access - Read and/or Write access
Scheduled access for a predefined time
Temporary device access (same day or planned for future timeframe)
Uniquely Identify and Authorise Specific Removable Media
Create DVD/CD-ROM collections and grant access to users or user groups
Create lists of specific Removable Media with unique ID's and grant access to users*
Authorize any removable media to any user using encryption technology* (grant access to encrypted media devices with SADEC for users that do not have Sanctuary Device Control installed on their machine)
Plug and Play Devices: Hot Plug Support
Detect Plug and Play Devices 'on the fly'
Apply ACL's in real time
Ability to shadow all data copied to external devices or specific ports (file names only or full copy of files transferred)
Supported for all CD/DVD recording types
Shadow rules can be applied to Device/Device Group(s) and per user
Powerful Audit & Reporting Capabilities
Full auditing of all Administrator actions
Advanced reporting possibilities (on ACLs, device collection, etc.)
Access Rights Updates
Updates to Access Rights are implemented at each connection
Possibility to implement Access Rights on the fly or to a newly defined device without need to re-logon
Granular administrative roles
Disconnected/Remote Computer Protected
A local copy of the latest device access permission list is stored on the disconnected workstation or laptop, which provides full protection when disconnected. Updates (if any) will be implemented at the next connection
Restrict the Amount of Data Copied
Ability to restrict the amount of data copied from the PC (or network) to an external device (Removable Media such as USB memory key and Floppy Disk)
Apply Copy limit in a per-user basis
Use of three-tier architecture (Application server, Database, Client) allows for flexible deployment options and scaling for the enterprise
Microsoft Active Directory and Novell eDirectory Support
Map permission to use I/O devices to an existing Active Directory domain or Novell Directory Services (eDirectory)
Delegation of administrative rights for Active Directory organisational Units is automatically incorporated into Device Control administration
Silent Unattended Installations & Deployment
Use any deployment tools that support the MSI technology (i.e. Microsoft Systems Management Server (SMS), Group Policies, WinInstall, etc.)
Deploy tool capable of installing, uninstalling, upgrading and querying client status
Prevention from PS/2 hardware keyloggers
Ability to block the PS/2 port, enforcing the usage of USB keyboards to avoid the threat caused by PS/2 hardware keyloggers
Ability to detect and block USB keyloggers
Online and Offline permissions/updates
Use different policies when the user is online or offline
Send updates to computers not connected to the network using a file (e.g. via email)
Customisable notifications to users when access is denied
Easy Exchange encryption mode
authorised users can access encrypted removable devices outside the company without the need to install any kind of software whatsoever, and without administrative privileges
FireWire, Bluetooth and USB port protection / control
USB blocking / USB port blocking: ability to completely block the USB port
Ability to also lockdown any other ports or BUS such as Bluetooth, WiFi, FireWire, etc.
Opinion & Resources
CST works in partnership with Ivanti to provide a comprehensive Endpoint Management and Security Suite which assists with the main criteria for becoming Cyber Essentials accredited.
The Cyber Essentials scheme has been developed by the Government to provide organisations with basic protection from the most prevalent forms of threats coming from the Internet.
By implementing the measures from this scheme, organisations can significantly reduce their risk of vulnerabilities whilst demonstrating this to customers, investors, insurers and others that they have taken these essential precautions.
Contact us learn more about Cyber Essentials accrediation.