Device Control

Device control helps block data from leaking out and malware from coming into the organization on removable devices.

Removable devices and media such as USB memory sticks, MP3 players, CDs and DVDs present a double threat to enterprise security:

• They facilitate “data leakage” by allowing employees to remove large volumes of data on portable, easily concealed media.
• They provide an avenue for malware to bypass firewalls and anti-virus packages and infect corporate networks.

Device Control can monitor or block the copying of files to removable devices, can encrypt any data that is copied, and can prevent potentially malicious software from being transferred from removable devices onto PCs and laptops.

Prevents data leakage

With the Fiberlink Device Control service, administrators can:

• Block files from being copied or transferred to removable devices and media.
• Allow copying but enforce the encryption of transferred data.

These controls reduce the risk of confidential data being lost or stolen by employees through carelessness, theft or fraud.

Granular control

Organizations can set policies to restrict or allow the use of removable devices based on:

• Device types, such as USB memory sticks, MP3 players, external hard drives, CD/DVD burner drives, digital cameras and PDAs.
• I/O ports, including USB, Firewire, Wi-Fi and Bluetooth.
• Users and user groups defined in enterprise directories.

The functionality is granular enough to limit the use of authorized media with “quotas” on time and volume of data transfers.

Blocks malware

The Device Control service can block unauthorized devices from connecting to laptops and PCs. This helps prevent malware, USB keyloggers, spyware, and rootkits from infecting corporate networks behind firewalls and other perimeter defenses.

Enforces compliance

Blocking unauthorized access to devices not only halts certain unproductive worker behaviors, it also reduces exposure to regulatory non-compliance. Centralized policy management streamlines the work for a company's IT staff to keep up with Sarbanes-Oxley, HIPAA and other industry regulations.

Customizable configuration

The Device Control service offers a high degree of flexibility in customizing security policies according to user groups. It also allows for context-sensitive settings (e.g., permitting a laptop to access WiFi networks only when disconnected from the corporate LAN) and even time-based rules (e.g., blocking the use of certain devices during work hours, but not on weekends).

Kernel-level implementation of the service enables the most stringent level of policy enforcement, from boot up to shut down, without fear of user or hacker bypass.