 |
||||||||||||||||||||
|
|
Lumension Device Control ™ (formally Sanctuary) |
 |
|
Say Goodbye to Data Leakage! Lumension Device Control allows you to regain control of the peripheral storage devices that your user community attempts to connect to your network assets. Through granular policy-based controls, Lumension Device Control reduces risk of data theft, data leakage and malware introduction via unauthorised removable media and assures compliance with the landslide of regulations governing privacy and accountability.     |
 |
Overview
Features & Benefits
Resources
Requirements
Testimonials |
 |
 |
 |
 |
 |
 |
 |
The proliferation of data loss due to the inappropriate or sometimes criminal use of removable media devices has reached alarming levels. According to recent security reports, 75 percent of Fortune 1000 companies fell victim to data leakage in 2006, with an average cost of recovery that exceeded $5,000,000.
Lumension Device Control eliminates data loss from removable devices through the policy-based enforcement of device use to control the flow of inbound and outbound data from your endpoints.
Positive Approach to USB Security
Hardware such as USB memory sticks, FireWire external hard-drives, scanners, music players, digital cameras, PDAs, and CD/DVD burner drives are scattered throughout offices around the world. Their proliferation amplifies the threats posed by outsiders or users who plug in devices that could compromise the security of sensitive data.
By employing a whitelist approach, Sanctuary enables only authorised devices to connect to a network, laptop or PC - facilitating security and systems management, while providing the necessary flexibility to the organisation.
Simple, Fast, Flexible Administration and Management
Lumension Device Control enables administrators to quickly establish and enforce device control policies by rapidly identifying devices and then assigning permissions at a high level or all the way down to specific application per users, user groups or even a particular computer. Policies are also enforced by time constraints, encryption, volume of data, data transfer and much more criteria. Lumension Device Control links device policies to user and user group information stored in Microsoft Active Directory or Novell eDirectory and has also been ported to Windows Embedded platforms in addition to traditional Server and Desktop Windows OS, dramatically simplifying the management of endpoint application resources.
Lumension Device Control controls the use of a vast range of devices that are key sources of security breaches, and manages and audits device usage according to their type and not on how they are connected. If needed, Lumension Device Control can be set to completely block USB ports or any other port (Bluetooth, FireWire, IrDA, WiFi, etc.) or prevent access to any device category independently from the way users are attempting to connect them. Granular policies also allow for access rights (R/W) down to unique device model or identifiable unit per user or user group.
USB Security Built to Scale
With a three-tier architecture and load-balancing capability, Lumension Device Control is designed to provide USB security to organizations ranging in size from 50 to 100,000 endpoints. Through integration with Active Directory or eDirectory, Sanctuary integrates with your existing technical infrastructure and logical organization. Lumension Device Control has also been ported to Windows Embedded platforms to protect the growing number of exposed embedded devices.
Comprehensive Security and Auditing Capabilities for USB Devices
Lumension Security Patented Shadowing I/O bi-directional technology tracks information as it is read from or written to floppy, CD/DVD and removable devices, and provides a comprehensive audit log of every event whether allowed or attempted - including those by unauthorized code and all writes to removable media and specific ports. Optionally, a full copy of the data written to or from a device can be captured and retained as well.
Not only is an audit log invaluable in measuring and enforcing policy compliance, it also bundles the information you need as proof of compliance with a number of governmental regulations such as the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-Leach-Bliley Act (GLBA) or the Health Insurance Portability and Accountability Act (HIPAA).
To accommodate organisations' different endpoint policy, auditing and enforcement requirements, Lumension Device Control is available in a modular way:
Lumension Device Control - Audit Only
Focusing on audit and reporting requirements to comply with regulatory requirements or internal policies, Sanctuary Device Control - Audit Only provides extensive auditing & reporting features:
Focusing on audit and reporting requirements to comply with regulatory requirements or internal policies, Sanctuary Device Control - Audit Only provides extensive auditing & reporting features:
Logging of user actions - Keeps track of access denied (read/write), new device entered, by whom, when, on what host, etc. Patented Bi-Directional Shadowing of all copied data - Tracks all data read from and/or copied to removable devices. First level provides file name, type, size, by whom, when, etc. while second level captures and retains a full copy of all data written to / from removable devices for audit needs by administrators. Reporting to third party systems - Allows the export of CSV files to any compliant third party reporting system for further processing (e.g. statistics on device usage, denied access, etc.). A flexible and intuitive query builder generates the export files to be re-imported to MS Excel, Crystal Reports, Intellitactics and others. Use of Sanctuary Device Scanner in order to create an inventory of all devices that have ever been plugged into the hosts connected to the corporate network.
Lumension Device Control - Base
Lumension Device Control - Base includes the audit and reporting features of Sanctuary Device Control - Audit Only and adds on top of these all enforcement features of our award-winning policy enforcement product, including access attributes; device management; enforcement by class, sub class, device level, etc.; administrative roles, etc.
Lumension Device Control - Base includes the audit and reporting features of Sanctuary Device Control - Audit Only and adds on top of these all enforcement features of our award-winning policy enforcement product, including access attributes; device management; enforcement by class, sub class, device level, etc.; administrative roles, etc.
*Note that this module does not include removable media encryption features.
Lumension Device Control - Enterprise
Lumension Device Control - Enterprise
For organisations that need the entire set of the above mentioned modules, Lumension Device Control Enterprise provides within a unique bundle the full feature set enabling auditing, reporting, enforcement and encryption features of our product.
Lumension Device Control - Encryption Add-On
This is an add-on module to Lumension Device Control - Base (which is therefore a prerequisite to this add-on). Management of unique and encrypted devices offers the possibility to encrypt memory keys (AES-256) and thereby to uniquely identify them. The media authoriser module provides the capability to authorise a specific removable device to a particular user. The module specifically allows the encryption and protection of data stored on removable media.
|
Feature |
Function |
Benefit |
|
Whitelist |
Assign permissions for authorized devices to user or user group, and by default those not authorized are not allowed |
Eliminates unknown or unwanted devices in your network, reducing the risk of data leakage |
|
Access Control List Based Permissions |
Assign permissions to a user/user group based on their Active Directory or eDirectory identity |
Provides granular user permissions that remain with user login regardless of machine |
|
Granular Device Control Permission Settings |
Permission settings include read/write, scheduled access, temporary access, online/offline, I/O bus type, HDD/non-HDD devices and much more |
Eliminates risk of unauthorized devices connecting to the network while providing the flexibility users need to conduct business |
|
Uniquely Identify and Authorize Specific Media |
Authorize DVD/CD-ROM collections, grant access to users or user groups and encrypt removable media with unique ID's |
Limits DVD/CD-ROM access to company standard discs, to avoid use of unauthorized content and/or encrypt removable media to prevent the content from being viewed by unauthorized users |
|
Silent Unattended Installations |
Install with any deployment tools which use MSI Setup (e.g. Microsoft Systems Management Server (SMS), Group Policies, WinInstall, etc). |
Enables faster and easier deployment |
|
Plug and Play Devices: Hot Plug Support |
Detect Plug and Play Devices "on the fly" |
Ensures user productivity is not disrupted by applying permissions for plug and play devices when detected |
|
Bi-Directional Shadowing Option |
Patented Shadowing technology records filename or complete file that is read from and/or written to a removable device |
Captures the flow of information into and out of your network, reducing risk and containing impact of data leakage |
|
Restrict the Amount of Data Copied |
Restrict the daily amount of data copied from an endpoint to a device on a per-user basis |
Removes risk of large pieces of confidential information leaving the network |
|
Prevention of PS/2 and USB Hardware Keyloggers |
Block PS/2 port, enforce USB keyboard usage and detect/block popular models of USB keyloggers |
Reduces risk of attackers capturing passwords and other confidential information through keyloggers |
|
Flexible Encryption Options for Removable Media
NEW! Prevents Data Loss on CD/DVD
NEW! Recognizes PGP® Whole Disk Encryption (WDE) on USB storage |
Administrators may centrally encrypt removable media or force users to encrypt media at time of use
Enforces encryption for data written to CD/DVD based on user or user group, with portability to non-Sanctuary machines for secure information sharing outside of the organization.
|
Ensures that sensitive data is not inadvertently exposed to those without authorized access |
|
File Type Filtering |
Control the type of files that are moved to and from removable devices |
Reduces risk of unwanted files from entering and sensitive files from leaving the network |
|
Disconnected/ Remote Computer Protected |
Enables constant protection by keeping a local copy of the last list of permissions on the disconnected machine |
Secures computer regardless of network connection, ensuring that remote or disconnected users are also protected |
|
Highly Scalable Architecture |
Three tier architecture with Database, one or more Application servers, and Client |
Provides flexible and scalable deployment options in large and complex networks |
|
Powerful Log Analysis and Reporting |
Detailed log analysis with flexible filter, sort and display options and stored query templates as well as central reporting |
Demonstrates policy compliance and drills down on suspicious behavior for legal or management follow up |
|
Active Directory and eDirectory Support |
Leverages user and user group definitions in existing Active Directory and eDirectory |
Reduces setup and maintenance of users and user groups |
|
Custom Reports |
Custom query templates can be scheduled to automatically generate reports in HTML, XML or CSV formats and delivered via email or network file share |
Produces data required for compliance audit purposes and management reporting in a report format or data format for easy integration into a 3rd party system |
|
Password Lockout and Recovery |
Lockout users after a number of failed attempts; recover access to devices when passwords are forgotten |
Reduces risk of hackers breaking into devices; enables recovery of encrypted data on devices |
|
Offline Temporary Permissions |
Challenge/response system generates new permissions on disconnected machines, allowing for temporary permissions to users on demand, even when a user is not connected to the network |
Enables provision of temporary permissions to users on demand, even when not connected |
NEW! Uniquely Manage Policy for new Windows Portable Device (WPD) device class
Define policy for the next generation of storage media identified as Windows Portable Devices (WPD), including new technologies such as iPhone, some MP3 players and more, that is unique to the policy defined for the traditional Removable Storage Device class.
NEW! Simplifies access to files stored on encrypted devices using Easy Exchange
On non-Lumension machines, users can now open encrypted files directly from Lumension’s Secure Volume Browser. This not only saves the user from having to copy files onto the local hard-drive for simple read access, it also reduces the risk of unwanted copies being left behind.
Certifications 
Whitepapers 
Endpoint Security Strategies Part II
How to Effectively Protect Data in Transit and Assure Governance with NHS Directive
PC on a Stick - A Portable Endpoint Security Nightmare
Power User vs. Local Administrator
Putting Security in a Positive Light
Sanctuary & BS77799-ISO17799 Compliance
Securing Data at the Endpoint - Four Steps to Protect Your Enterprise from Data Leakage
The Total Economic Impact of Lumension Security’s Sanctuary Application and Device Control
How to Effectively Protect Data in Transit and Assure Governance with NHS Directive
PC on a Stick - A Portable Endpoint Security Nightmare
Power User vs. Local Administrator
Putting Security in a Positive Light
Sanctuary & BS77799-ISO17799 Compliance
Securing Data at the Endpoint - Four Steps to Protect Your Enterprise from Data Leakage
The Total Economic Impact of Lumension Security’s Sanctuary Application and Device Control
Articles 
10 Ways to Get Users to Follow Security Policy
Enterprises ignoring data security and privacy
THINK-Endpoint Security
Enterprises ignoring data security and privacy
THINK-Endpoint Security
|
Case Studies
 Australian Aerospace Allgemeine Bausparkasse (ABV) Antenne Radio Arkansas State Medical Board Barclays Bank Berliner Verkehrsbetriebe Bishop's Stortford College City of Lake Forest CSC & Anglian Water DIAKO Diakoniekrankenhaus Rotenburg EC Suite.com First National Bank of Bosque County Hamilton Osborne King ING DiBa John C. Lincoln Health Network Martin Fletcher Nevada Office of Veterans Services Ophir Optronics South London & Maudsley (SLaM) South Western Federal Credit Union Stephenson Harwood The Salvation Army Victory Challenge |
|
Compliance Documents
BS77799-ISO17799 Compliance
Basel II Compliance
Gramm-Leach-Bliley Act (GLBA) Compliance
OMB M-06-16 Compliance
HIPAA Compliance
Client (32-bit unless specified) - Windows 2000 (SP 4+) Professional, Windows XP Professional, Windows XPe, Windows Embedded Point of Service, Windows XP Tablet PC Edition, Windows Vista (32 and 64 bit)
Database - Windows 2000 Server (SP 4 or later) or Professional, Windows XP Professional (SP2 or later), Windows Server 2003 SP1 or SR2 (32-bit) or Vista (32-bit)
Server -Windows 2000 Server (SP 4 or later) or Windows Server 2003 SP1 or SR2 (32-bit)
Management Console - Windows 2000 Professional (SP 4 or later), Windows XP Professional (SP2 or later), Windows XPe SP2, Windows Embedded for Point of Service (WEPOS) SP2, Windows XP Tablet PC Edition SP2 and Vista (32-and 64-bit versions)
|
Supported Device Types: |
Supported Connectivity: |
|
Biometric devices COM/serial ports DVD/CD drives Floppy disk drives Imaging devices/Scanners LPT/parallel ports Modems/Secondary network access devices Palm handheld devices Plug and Play devices Printers (USB/Bluetooth ) PS/2 ports Removable storage devices RIM BlackBerry handhelds Smart Card readers Tape drives User Defined devices Windows CE handheld devices Wireless network interface cards |
USB FireWire Bluetooth WiFi PCMCIA PS/2 LPT IrDA IDE COM S-ATA SCSI |
Testimonials 
"Wests Ashfield identified the potential vulnerability that USB devices posed to our network during a regular security audit of our network. The USB devices posed not only risks in terms of theft of sensitive data, but also posed a threat to the general security of our network.
Windows natively was unable to provide a workable solution to ensure that we could lock out the users we did not want to have access to certain devices, but also to easily manage those who we wished to allow access to devices.
Sanctuary provided the solution. It allowed for us to control the use of not only USB devices within our network, but also every other device used within our network. Our network is quite complex with many unusual devices being used in a large computing, security, and Point of Sale environment. Sanctuary was able to handle all of our devices with ease, from CD/DVD drives to USB devices, even to Blackberry’s.
We now enjoy the benefits of a highly secure network environment, which is protected from malicious damage both internal and external to the organisation. Our data is also more secure and we are able to confidently state that we are aware of any data which is transferred from our main systems.
I have no hesitation in recommending Sanctuary to any organisation, and would go one step further to suggest that it is a must for any IT Manager concerned about ensuring the integrity of their network security."
Steven Torresan, IT and Business Solutions Manager, Wests Ashfield
"Wests Ashfield identified the potential vulnerability that USB devices posed to our network during a regular security audit of our network. The USB devices posed not only risks in terms of theft of sensitive data, but also posed a threat to the general security of our network.
Windows natively was unable to provide a workable solution to ensure that we could lock out the users we did not want to have access to certain devices, but also to easily manage those who we wished to allow access to devices.
Sanctuary provided the solution. It allowed for us to control the use of not only USB devices within our network, but also every other device used within our network. Our network is quite complex with many unusual devices being used in a large computing, security, and Point of Sale environment. Sanctuary was able to handle all of our devices with ease, from CD/DVD drives to USB devices, even to Blackberry’s.
We now enjoy the benefits of a highly secure network environment, which is protected from malicious damage both internal and external to the organisation. Our data is also more secure and we are able to confidently state that we are aware of any data which is transferred from our main systems.
I have no hesitation in recommending Sanctuary to any organisation, and would go one step further to suggest that it is a must for any IT Manager concerned about ensuring the integrity of their network security."
Steven Torresan, IT and Business Solutions Manager, Wests Ashfield
|
Privacy Policy
-
Sitemap
-
Feedback
Copyright PIXEL IT 2009 |
Free Call 1800 674 935 or sales@pixel.com.au |