GFI Free Online Endpoint Security

GFI Software

http://www.gfi.com

EndPointScan carries out granular checks across all types of ports – USB, Firewire, Bluetooth, Infrared, PCMIA and Wi-Fi – on all machines. This utility provides complete and thorough information about all portable devices and can scan multiple computers simultaneously. EndPointScan is fully compatible with existing network management or administrative tools such as Active Directory and it will also work on Vista systems.

“To use EndPointScan all that administrators need to do is install the ActiveX control when prompted and run the scan. There is very low resources consumption and endpoint audits have a negligible effect on network performance,” Mr Muscat said.

EndPointScan is completely free and can be run from here: http://www.endpointscan.com.

Commercial

Information updated: 01 May 07

GFI Endpoint Security

GFI Software

http://www.gfi.com

GFI EndPointSecurity allows administrators to actively manage user access and log the activity of:

* Media players, including iPod, Creative Zen and others
* USB sticks, CompactFlash, memory cards, CDs, floppies & other storage devices
* PDAs, BlackBerry handhelds, mobile phone and similar communication devices
* Network cards, laptops and other network connections.

Why choose GFI EndPointSecurity?

> Blocks insider data theft by fully controlling access to portable storage devices like memory cards, CDs and more
> Prevents the introduction of viruses and unauthorized software by controlling all endpoint connectable devices such as PDAs, laptops and more
> Supports all types of connectable devices through USB/FireWire such as wireless cards, cameras, iPods, PDAs and more
> Provides full network-wide control through unique group-based protection.
Features: * Control user access and log the activity of portable storage media like USB memory sticks, SD cards and more
* Control access to CDs and floppies
* Protect your network against the threats posed by non-removable media devices
* Easily configure group-based protection control via Active Directory
* Granular access control
* Log device-related user activity
* Includes remote deployment tool
* Centralized control facilitates temporary access
* Support for operating systems in any Unicode-compliant language

Commercial

Information updated: 11 July 06

mTrust Shield

M-Systems

http://www.msystems.com

mTrust™ Shield is centrally-managed enterprise software that controls the usage of all removable devices and media. It allows organizations to limit usage to secure, company-approved devices.

mTrust Shield ensures employees use secure company issued devices to store data, and prevents information from being transferred to unauthorized devices such as MP3 players, USB drives, CD/DVD, floppy disks and smartphones.

mTrust Shield seamlessly enforces customized group-based access control policies to ensure endpoint integrity and provide protection from unauthorized data extraction or the introduction of malicious code.

Commercial

Information updated: 11 July 06

Safend Protector

Safend

http://www.safend.com

Stop Data Leakage through Endpoints and Removable Media
Safend Protector v3.0 is the industry's most comprehensive, secure and easy-to-use endpoint security solution - controlling every endpoint and every device, over every network or interface.

Safend Protector monitors real-time traffic and applies customized, highly-granular security policies over all physical, wireless and removable storage interfaces.

Safend Protector detects and allows restriction of devices by device type, model or even specific device serial number. For storage devices, Safend Protector allows security administrators to either block all storage devices completely, permit read-only, or even block devices above a certain storage capacity. WiFi controls are based on MAC address, SSID, or network security level.

Security Policy – Flexible Strategy, Simple Implementation
Safend Protector creates forensic logs of all data moving in and out of the organization, allowing administrators to create policies that don’t necessarily restrict device usage, but allow full visibility device activity and content traffic.

Through a built-in and flexible management console, Safend Protector allows administrators to create comprehensive and granular endpoint security policies. Policies are exported directly to Active Directory as Group Policy Objects (GPOs), ready to be assigned to relevant Organizational Units (OUs) and silently installed on clients.

With built-in alerting capability, administrators can get immediate notifications of any activity that needs immediate response. Alerts are available via email, SNMP, Syslog, Windows Event Viewer, popup messages and even custom scripts.

Also see Safend Auditor, USB Port Protector, USB Auditor, and USB Data Protection.

Commercial

Information updated: 11 July 06

Reflex DiskNetPro

Reflex Magnetics

http://www.reflex-magnetics.com

Reflex Disknet Pro is a unique corporate solution that provides a policy driven mechanism of securing an organisation's information and ensures data integrity.

Reflex Disknet Pro provides unrivalled end point security over the use of USB and other Memory Devices. By managing the use of all I/O devices with Removable Media Manager (RMM) and Device Manager the system administrator can take back control. Access to devices can be controlled either by denying all access, providing read only access, allowing full authorised access or enforcing only encrypted access.

Reflex Disknet Pro includes the following features and benefits:
* Manages the use of all removable media & I/O devices (printers, modems, PDAs, scanners, RIM, Bluetooth etc) * Transparent removable media encryption
* Unauthorised software/file protection
* Generic active/malicious code protection
* Centralised management
* Centralised auditing and alerts
* Client side content filtering of removable media
* Automatic anti-virus scanner integration
* E-mail malicious content security
* Remote/Mobile user support
* Transparent network deployment
* Supports MS Windows NT/2000/2003/XP & Novell

Commercial

Information updated: 11 July 06

ZENworks Endpoint Security Management

Novell

http://www.novell.com

Simplifies endpoint security by putting administrators in control, and combining 'point' security solutions under a single, easy-to-use management console.

Features & Benefits
Personal Firewall - Protect users with transparent solutions. The world's strongest, yet easiest to use, firewall to protect against hackers, malware, protocol attacks, and more, keeping security invisible to the end-user and requiring no interaction on their part.
Wireless Security - Keep users from using bogus wireless. Centrally control when, how, and where users are allowed to connect. Doesn't just detect intrusions, it totally prevents them 24x7 in all locations. Wi-Fi connectivity can be limited to authorized and known access points, specified encryption strength, and can be disabled completely if necessary based on location. Easily control keys, MESH and WiMAX environments, enforces VPN usage if required by policy, and much more.
Encryption Solution - Stolen laptops don't have to spell disaster. Secures data stored on the endpoint and on removable media, encrypting files so they can only be read by authorized users. Protects sensitive information on lost or stolen mobile computers. Keys are managed transparently throughout the enterprise, requiring no end-user involvement other than getting their work done in the usual way.
USB Security - Don't let your secrets walk out the door on a thumb drive. Prevents intentional or inadvertent transmission of data to removable storage devices. Storage devices including thumb drives, iPods, cameras, printers, CD and DVD drives can be placed in read-only mode or fully disabled, while the endpoint hard drive and all network drives remain accessible and operational. White lists of specifically approved USB thumb drives can be employed, and in combination with data encryption ... you just couldn't be more secure from both internal and external data loss; both deliberate or inadvertent.
Application Control - Keep everyone compliant with the corporate application policies. Ensures only approved applications are run on corporate IT assets -- create white/black lists, or enforce applications to run (i.e., VPN) prior to network connection.
Posture and Integrity - Ensures 24x7, connected or not, that your employees are actually using their AV, Anti-spyware, or other applications running according to your policies. Insure that OS security patches, AV data files and other critical posture elements are in place and up to date. Enables you to warn, shut down and point to remediation services, or execute a custom script based on whatever triggers you choose.
Client Self Defense - Secure your security client. Protects the endpoint by ensuring that the security client cannot be altered, hacked, or uninstalled. Even with administrative rights on a machine, the user cannot disable the policy enforcement.
Device Control - Prevent rogue access. Managed at the lowest level for optimal security and performance, safely controlling connectivity via LAN, modem, Bluetooth™, Infrared, 1394 (Firewire™), and serial and parallel ports.
Alerts / Monitoring / Reporting - Keep a careful eye on everything. Provides a scalable and simple method for creating, distributing, enforcing, and monitoring security policies on endpoint devices, without forcing users to make security decisions or adjust settings. Novell offers robust and tunable reporting to assist in regulatory compliance reporting.
Common Criteria EAL 4+ Certified

Commercial

Information updated: 30 Aug 07

Sanctuary Device Control

SecureWave

http://www.securewave.com

Sanctuary Device Control extends control of I/O devices' policies. Users can access only explicitly authorized devices. Sanctuary Device Control manages this by applying an Access Control List (ACL) to each device type. To grant access, the administrator needs only to associate objects (organizational units, users or user groups) with the devices and/or device classes to which they should have access. Sanctuary Device Control supports several directory platforms, including Microsoft Active Directory and Novell eDirectory ; and has also been ported to Windows Embedded platforms in addition to traditional Server and Desktop Windows OS.

Sanctuary controls the use of a huge range of devices that are key sources of security breaches. Much more than any other available solutions (generally simply offering USB port blocking and little granularity), Sanctuary manages and audits device usage according to their type and not on how they are connected.

If needed, Sanctuary Device Control can be set to completely block USB port or any other port (bluetooth, FireWire, IrDA, WiFi, etc.) or prevent the access to any device category independently from the way users are attempting to connect them. Granular policies also allow to set permissions (R/W) down to unique device model or identifiable unit per user or user group.

Commercial

Information updated: 11 July 06

DeviceWall

Centennial Software Ltd.

http://www.devicewall.com

With a vast array of portable storage devices now common inside the workplace, perimeter security solutions can't manage the threat of internal security breaches at the network endpoints. To prevent internal data leakage, you need DeviceWall.

Device Security
With the invasion of personally-owned portable storage devices into the workplace, DeviceWall minimizes the threat of data leakage by enabling the organization to create a white list of ‘approved’ devices assigned to specified groups and individual users. By default, DeviceWall can be configured to automatically block any device not explicitly permitted in the security policy. DeviceWall stops the unauthorized use of all common portable storage and wireless devices, including:
* USB memory & multi-device drives
* iPods and other media players
* PDAs, Blackberry devices and Symbian smartphones
* Digital cameras
* USB & Firewire mass storage devices
* CDs, DVDs and floppy disks

Data Security - Security Beyond the Endpoint
For those staff where there is a legitimate need to carry sensitive information on portable media such as USB sticks, the risk remains that the device may be lost, stolen or compromised in some other way. To prevent sensitive data ending up in the wrong hands, DeviceWall can automatically encrypt all data legitimately copied to USB flash drives using a choice of AES or Blowfish 256-bit encryption algorithms. Data on a DeviceWall-encrypted device can only be read on a PC using the company's DeviceWall key (and, if selected, the user's personal key).

Desktop Security
With fast local and wireless communications ports now standard on all PCs, it's not just USB-connected devices that pose a security risk to the organization. Uncontrolled Wi-Fi ports, plug and play modems and even locally-connected printers can all increase the chances of data leakage from the corporate network. To prevent users accidentally or maliciously putting the organization's data at risk, DeviceWall's Policy Customizer allows administrators to centrally manage the presence of a wide range of internal and external devices.

Commercial

Information updated: 11 July 06

Takeware Gatekeeper

The Takeware Company

http://www.takewaregatekeeper.co.uk

Takeware® Gatekeeper has been designed ‘from the ground up’ to efficiently monitor, record and actually police both devices and the flow of data onto (and off of) the whole range of portable ‘mass storage devices’. Integrated control and intelligent monitoring removes the need for interventions by scarce and expensive technicians.

Our active system intelligently enforces policies – standalone or across your network - allowing only authorised devices and authorised use. Otherwise remaining virtually invisible while protecting you against the increasingly prevalent attacks from inside as well as outside - allowing safe use of your PCs and their ports and proper use of removable devices, providing convenience and greater efficiency with the security needed you need.

Perfected in some of today’s harshest environments Takeware® Gatekeeper:
* Integrates monitoring and active policing of the whole range of portable devices
* Allows only ‘authorised’ removable devices to be attached to the PC
* Prevents use of Banned Content
* Maintains a full audit trail
* Passport based ‘Hard Login’: ‘door-pass’ and ‘escorted’ modes are supported. This powerful new feature limits access to a PC and strongly authenticates users.

Also see PodSnaffler, a software program to show what could be stolen from the computer.

Commercial

Information updated: 11 July 06

SafeGuard Easy

Utimaco Safeware AG

http://www.utimaco.us

Protect USB Flash Drives and External Media
SafeGuard Easy is the leading choice to protect your laptop and desktop computer's hard drive. But did you know that SafeGuard Easy is just as effective at securing removable media such as USB flash drives (flash memory) and external hard disks?

SafeGuard Easy uses advanced algorithms to encipher, or encrypt every sector of data on attached USB devices. Only authorized users entering the correct password can decipher the data so that files on the disk can be opened.

Commercial

Information updated: 11 July 06

Pointsec Media Encryption

Pointsec Mobile Technologies

http://www.pointsec.com

Pointsec Media Encryption provides automatic, real-time encryption that can be configured to your specific needs. It's designed for Windows notebooks and laptops, desktops with USB drives, writeable CD/DVD drives, and external hard drives.

You can use Pointsec Media Encryption for portable storage media, or files and folders such as e-mail attachments. You can use it along with Pointsec for PC, or as a stand-alone. It can also read memory cards encrypted with your smartphone or wireless handheld.

And since Pointsec Media Encryption includes on-demand decryption software, you can share information with trusted parties without having to buy additional software licenses.

Equipment will be lost or stolen. Data doesn't have to be.
Equipment loss is inevitable, especially with small, removable media. But if you're protected by Pointsec encryption, you don't have to worry about whether sensitive information has fallen into the hands of criminals - or your competitors. You're also protected against lawsuits for breach of privacy, and against action by authorities enforcing privacy regulations because you set and control your security policy. End users can't change it. So don't wait to find out how serious data theft can be. Protect yourself - down to your smallest media - with Pointsec Media Encryption.

Commercial

Information updated: 11 July 06

ClipDrive Bio

MXI Security

http://www.mxisecurity.com

State-of-the-Art Secure Flash Storage
The ClipDrive Bio™ is the solution for the user that requires an easy to use, lightweight, highly effective device for transporting sensitive data from one location to another. Utilizing state-of-the-art biometric fingerprint technology coupled with 256 bit AES encryption, the ClipDrive Bio employs a multi-level security solution to ensure the integrity of your sensitive information. All fingerprint and passwords are retained within the ClipDrive Bio not on the host PC.

If the ClipDrive Bio is ever lost or stolen, the data stored within the secure partition will be completely protected preventing unauthorized access.

The ClipDrive Bio is managed by MXI ACCESS™, our robust Administrator Console. ACCESS allows for maximum flexibility. Create and delete users, set user security policies, set retry access limits, create and size secure partitions, set biometrics and passwords, view enrolled users and much more.

The ClipDrive Bio can be shared with others without compromising your personal sensitive information. As each enrolled user has his/her own, secure, encrypted folder, sharing selected information with piers or family can be achieved without the need to share the entire file structure.

Commercial

Information updated: 11 July 06

Websense Client Policy Manager

Websense, Inc.

http://www.websense.com

Websense® Client Policy Manager™ (CPM) provides a comprehensive endpoint security solution for desktops, laptops, and servers that proactively protects organizations against known and unknown security threats.

CPM provides another layer of control over data at the endpoint by blocking the potential theft of private information or intellectual property via removable media or network communications.
• Websense Removable Media LockdownTM
Allows system administrators to prevent devices such as flash drives, CD/DVD burners, floppy drives, and external hard drives from being used on client workstations, minimizing the risk of introducing malicious software to the organization. Organizations can also block writable media, depending upon their policies.

Commercial

Information updated: 20 July 06

AppSense Environment Manager

AppSense

http://www.appsense.com

AppSense Environment Manager provides consistent and contextual user environments across multiple application delivery mechanisms. With AppSense Environment Manager, IT can manage user profiles with minimal maintenance as well as provide users with some level of personalization of their working environment. Combining company policy with user preference across a range of application delivery mechanisms reduces maintenance costs, secures the environment and increases user productivity.

The ability to control access to removable storage devices, such as USB pens or MP3 players, allowing full access, no access or read-only access on a per-device or device group basis. Any Environment Manager rule can be applied to the removable storage control action, enabling targeted control of devices under different environment scenarios.

Commercial

Information updated: 25 Oct 2007

BeCrypt Protect products

BeCrypt Limited

http://www.becrypt.com

Connect Protect is a port control solution, designed to secure a desktop or laptop computer from the introduction of unauthorised material (including software, music and graphical images), and from accidental or malicious data leakage, via Plug and Play devices such as removable disk drives, MP3 players, and printers. Connect Protect is remotely installed using standard tools and configured via Active Directory.

Devices are configured by type and may be set to:
* Disabled or No access: open, read and write access are not allowed.
* Controlled Access: Audited File Copy is allowed. (This state applies to certain types of device only).
* Read-only: open and read access are allowed; write access is not allowed. (This state applies to certain types of device only).
* Enabled or Full access: open, read and write access are all allowed.

For some devices, Connect Protect allows fine-grained control: removable hard drives, for example, may be configured to restrict access to signed drives, to drives of a specified vendor/model, or to drives with an authorised unique ID.

Once Connect Protect is installed, the user is prevented from connecting any unauthorised device to his or her computer (whether the computer is connected to the office network or being used in a mobile environment) and Connect Protect can optionally be configured to log attempted connections for audit purposes.

Also see the Disk Protect, PDA Protect, and Protect Manager products.

Commercial

Information updated: 15 Aug 06

Last page update: 25 Oct 2007