Controlled Device Types

USB Devices

USB Flash Drives (Normal USB Drives, U3, etc.)

Memory Cards (SD, MMC, CF, Smartcard, etc.)

CD/DVD-Player/Burner (internal and external)

external HDDs (incl. sATA HDDs)

Printers

Floppy Drives

Card Readers (internal and external)

Webcams

WiFi Network Cards

Digital Cameras

iPhones / iPads / iPods

Smartphones / Blackberry / PDAs

FireWire Devices

MP3 Player / Media Player Devices

Biometric Devices

Bluetooth Devices

ZIP Drives

ExpressCard SSD

Wireless USB

Serial Port

Teensy Board

PCMCIA Storage Devices

Endpoint Protector 4

VIDEO

Centralized
Device Control

The Endpoint Protector 4 Web administration and reporting console offers you a complete overview of the device activity at your computers. You will be able to define access policies per user/computer/device and authorize devices for certain user or user groups. Thus, your company will stay productive while maintaining control over the device fleet use.

Controlled Device Types

USB Devices
USB Flash Drives (Normal USB Drives, U3, etc.)
iPhones / iPads / iPods
Smartphones / Blackberry / PDAs
Digital Cameras
MP3 Player / Media Player Devices
CD/DVD-Player/Burner (internal and external)
Memory Cards (SD, MMC, CF, Smartcard, etc.)
external HDDs (incl. sATA HDDs)
Printers
Floppy Drives
Card Readers (internal and external)
Webcams
WiFi Network Cards
FireWire Devices
Biometric Devices
Bluetooth Devices
ZIP Drives
ExpressCard SSD
Wireless USB
Serial Port
Teensy Board
PCMCIA Storage Devices

Device Whitelisting

Allow or block access on computers for any device based just on its serial number. The Device White-listing feature enables you to assign permissions for devices to users or user groups and workstations. By default, the not allowed devices are automatically blocked by the Endpoint Protector Security Agent. This feature will help you eliminate unknown or unwanted devices in your network, reducing the risk for data leakage and data theft as well as the risk for infecting with unwanted malware.

Device Type-Based Policies

The device type based policies reflect Endpoint Protector’s ability to apply different security policies based on the type of device being used. Whenever the user connects a device, Endpoint Protector knows automatically if it’s a USB device, iPhone, iPad or other type of device. This will allow you to apply more or less rigorous policies on PCs, users or groups depending on what devices are allowed to connect to the protected PC. Certain user groups like a specific company department can use, for example, USB devices that are required for everyday work, while other user groups are not able to connect them to their protected work computers.

Protection Against U3 and Other Autorun Devices

Endpoint Protector is able to protect against and block U3 and other autorun devices that could potentially host malware and other malicious self-executing code. This is an important feature because it can prevent automatic system infections through malware or Trojans.

File Tracing /
File Shadowing

Track all data that was copied to and from USB flash drives or other portable storage devices directly from the Web management interface. With File Shadowing activated, you can even have access to hidden copies of all transferred files. A thorough record of all the flow of information in the network is essential to support audits and controlling data leakage.

File Tracing

In order to minimize data loss, you and the top management of the company will want to know what kind of files users are copying on USB devices. With Endpoint Protector, you will have this information for later auditing. When enabled, it logs all data-related activities (accesses) and stores it. All actions such as read, write, file deletion, file renamed, etc. are recorded, along with the user who performed them and the device the data originated from or which it was copied to.

File Shadowing

File Shadowing is a very powerful and helpful feature. When enabled, it creates exact replicas of all files in transit from USB removable storage devices and stores them on either local or network storage as physical evidence for later audits. This feature captures the flow of information into and out of the protected network, reducing risk and containing data leakage.

Online Device Report / Plug & Play Devices Report

The Online Device Report allows the administrator to generate and display USB and all other removable devices that are currently connected to computers in the protected network.

Detailed and Comprehensive Logs

The Endpoint Protector client is capable to record detailed security-related information that is reported to the Endpoint Protector Server (even from disconnected/offline clients). Detailed information is essential when it comes to analyzing of security problems and troubleshooting (Activity Logs on the Management Server and the Client Activity Logs, System Logs, File Traffic Logs and File Shadow Logs).

Log File Export

All displayed log entries can be saved and exported in Excel file format for detailed analysis.

Flexible Log Queries

Administrators can search logs and sort results; multiple entries can be stacked together to condense information for a detailed and easy to interpret report. Powerful log analysis is enabling a quick drill down to a specific security issue.

Detailed and Comprehensive Management Server Logs

If you want to see what activity a certain user performed regarding devices, you can. (Check at any time what device related activities a user performed inside the network). The Endpoint Protector client is capable to record detailed security-related information that is reported in the web administrative console. Detailed information is essential when it comes to analyzing security problems and troubleshooting (Activity Logs on the Management Server and the Client Activity Logs, System Logs, File Traffic Logs and File Shadow Logs). All displayed log entries can be saved and exported in Excel file format for detailed analysis.

Unified Log Management and Reporting

All logs are stored and displayed in a common format. This delivers a powerful forensic analysis by identifying the relationship between device, user, PC and traced and shadowed files.

Decentralized Files Storage

Shadow files, file trace logs and general log files are stored with each application server, maintaining central access from the management console.

Bi-Directional Shadowing Option

Bi-Directional Shadowing records complete files that is read from and/or written to a removable device. Captures the flow of information into and out of the protected network, reducing risk and containing data leakage.

Defining Rights

Simple device management policies will help you define User group permissions, allowing an efficient enforcement and maintenance of the predefined security policies across the network.
Being able to block USB flash drives or other portable devices and track data going on them will help you comply with government regulations, industry standards and IT governance in regard to data leakage prevention.

User-based Policies

You can give Endpoint Protector the capability to apply policies based on the user being logged on the protected computer. This allows a consistent policy for a particular user wherever that user might log in within the protected network.

Computer (Machine)-based Policies

You can give Endpoint Protector the capability to apply policies based on the computer being used. This allows a consistent policy on a particular PC regardless of who is using it.

Synchronization with Active Directory

Leverages user and user group definitions in existing Active Directory. This feature gives you one more ways to differentiate users from each other and control them without having to re-create the user list manually.

Group Inheritance of Policies

Group Inheritance of Policies describes the capability to have sub-groups take on the properties of the parent group(s).

Group-Based Administrative Rights & Privileges with Detailed Logs

Allow an administrator to grant specific administrative rights and privileges for specific groups of administrators to perform certain operations. All administrative actions are logged as are all client-server communications. Group-based rights facilitate the appropriate distribution of administrative rights throughout the organization while detailed logging provides accountability.

Real-time Client Status Monitoring

Real-time Client Status Monitoring allows to monitor the status of clients (user, OS, security policy/profile, etc.) in real-time.

Access/User Notifications

If a user connects a USB device when not allowed, Endpoint Protector will block the device and issue a notification for the user.

Disconnected/Offline Remote Computer Protection

If a computer doesn’t have access to the network, Endpoint Protector will maintain constant security by keeping a local copy of the last list of policies and permissions on the PC. Endpoint Protector secures computer regardless of network connection and ensures that remote or disconnected users are also protected.

Push Changes to Permissions

Permission changes for devices can be pushed to one user or groups at once. Implements new policies regarding device use immediately - no reliance on reboot or restart of network connection.

Device-based Policies

This feature enables you to allow or block USB flash drives or other devices based on their unique characteristics(Ids). For instance you can create a rule where you can allow a USB stick from a certain manufacturer to connect on certain computers and block it for all the others. This feature gives you significant control over what devices are used on protected clients.

Support for Mac OS X, Windows (XP, Vista, 7) and Linux

Endpoint Protector will protect your networks whether they are MAC, Windows or Linux based. This will offer you an even more secure working environment.

File Whitelisting

Only authorized files (e.g. product brochures PDFs) can be transferred to authorized devices. All other files are blocked and attempted file transfers are recoded and reported.

Working with Active Directory

If you already have Active Directory, then you can easily use it to deploy Endpoint Protector, making your life a lot easier.

Also you will have simplified device management policies with customizable templates for defined USR Groups (Active Directory GPOs).

Reporting and Analysis Tools

Endpoint Protector offers a powerful reporting and analysis tool which will come in handy as you will be able to monitor all users activity: who is trying to connect USB devices, what kind of data are they copying on them, how are the users using devices. You will have the ability to drill down from high level to more detailed reports and analyses, making this way data audit processes easy and straightforward.

Endpoint Security for Workstations, Laptops and Servers

Endpoint Protector is designed to protect PCs from threats posed by removable portable storage and endpoint devices such as USB Flash Drives, MP3 Players, iPods and digital cameras. These and other devices could be accidentally or intentionally used to leak, steal, or lose data.

Enforced Encryption with EasyLock

If a USB stick full with company information gets accidentally lost or stolen, this might have severe consequences, especially when reaching into the wrong hands. We thought of that and this is why we give you the possibility to automatically encrypt data copied on USB devices so that no unauthorized person can access and use the stored information.

Offline Temporary Password

While on the road and without a connection to the office network, USB flash drives or other devices can be allowed by the Administrator for a specific period from 30 minutes up to 30 days.

Department Management

Departments can be organized and separate dedicated policies can be applied to manage the diverse device use needs in large organizations.

Endpoint Protector as Virtual Appliance

You can use the Virtual Appliance of Endpoint Protector for all business sizes. It is available in VMX, OVF and VHD formats to be compatible with the most popular virtualization tools.

All you need to do is to install the appliance in a Virtual Environment and deploy the Endpoint Protector clients to your machines and device use is instantly controlled.

Key Benefits

VMware ready
Almost like Plug and Play
Network security within 30 minutes
Eco friendly - use the hardware you already have
License for exactly the number of PCs you have to protect
Includes all features of Endpoint Protector (Device Control, File Tracing, File Shadowing, Enforced Encryption)

Download

Download the Endpoint Protector Virtual Appliance from

Virtual Appliance Formats Available

Supported Virtual Environments	Version	.OVF	.VMX	.VHD
VMware Workstation	7.1.4
VMware Player	3.1.4
VMware vSphere	5.0.0
Oracle VirtualBox	4.0.1
Parallels Desktop for Mac	7.0.1
Microsoft Hyper-V	6.1

Other virtualization environments are supported as well.

Endpoint Protector as Hardware Appliance

The Endpoint Protector Hardware Appliance protects networks with more than 15 PCs. You will get from us the hardware with everything preinstalled so that the only thing you need to do is to connect the appliance into your network, give it an IP and then deploy the clients. A choice of different models is available for the needs of your organization’s side.

After you’ll receive the Hardware Appliance from us, it will be very easy to install it in your network.

For this you will have to take only 3 fast steps:

Push the power button
Give it an IP in your local network
Deploy Endpoint Protector on the endpoints (laptops, desktops, servers) you want to protect

Key Benefits

Time saving due to
- Dedicated hardware appliance with Endpoint Protector already installed, which will give you a very fast implementation time
- Minimal workload to deploy and manage it
- Easy learning curve because of the friendly web management interface
Security at your network endpoints: the Endpoint Protector Hardware Appliance controls all devices fleet connected to your network and will help you minimize the risks of data theft, data leakage or data loss.
Low cost: it has the highest Return on Investment and Lowest Total Cost of Ownership of any data loss prevention product.

Request Demo

All available hardware appliance models

Endpoint Protector is a powerful data leakage prevention solution which delivers advanced protection against theft of confidential data along with providing proactive solutions to automatically enforce encryption for data in transit based on our TrustedDevices technology. It protects Windows XP/Vista/7, Mac OS X PCs and Linux Ubuntu/openSUSE and can be integrated in your Windows or Linux based server environment allowing a fast setup and deployment. CoSoSys USB Security Solutions , Device Control Appliance offer an amazingly low TCO. Endpoint Protector includes features like device control, USB lock, Mac OS USB / FireWire / CD Lockdown, data encryption, USB protection, detection and blocking of the notorious conficker worm, file tracing and file shadowing, configurable action modes based on activity patterns to detect activities considered as high risk for your organization, Active Directory support in Windows environments and many more. A free trial version is available for download along with free support services or for immediate testing via our demo site.

Endpoint Protector 4

Device Control

File Tracing/Shadowing

For Windows, Mac and Linux

Virtual/Hardware Appliance

Centralized Device Control

Controlled Device Types

Device Whitelisting

Device Type-Based Policies

Protection Against U3 and Other Autorun Devices

File Tracing / File Shadowing

File Tracing

File Shadowing

Online Device Report / Plug & Play Devices Report

Detailed and Comprehensive Logs

Log File Export

Flexible Log Queries

Detailed and Comprehensive Management Server Logs

Unified Log Management and Reporting

Decentralized Files Storage

Bi-Directional Shadowing Option

Defining Rights

User-based Policies

Computer (Machine)-based Policies

Synchronization with Active Directory

Group Inheritance of Policies

Group-Based Administrative Rights & Privileges with Detailed Logs

Real-time Client Status Monitoring

Access/User Notifications

Disconnected/Offline Remote Computer Protection

Push Changes to Permissions

Device-based Policies

Web-based Interface

Device-Centric Blocking Engine

Self Defense Feature

Security Agent Predefined Modes

Encrypted Client-Server Communication

Integrated Policy Management, Distribution, Enforcement, and Reporting Server

Support for Mac OS X, Windows (XP, Vista, 7) and Linux

File Whitelisting

Working with Active Directory

Reporting and Analysis Tools

Endpoint Security for Workstations, Laptops and Servers

Enforced Encryption with EasyLock

Offline Temporary Password

Department Management

Downloads

Data Sheets

Manuals

Case Studies

Reviews

Testimonials

White Papers

Awards

Endpoint Protector for Device Control explained in plain English

Endpoint Protector for Device Control explained in plain English

Endpoint Protector Hardware Appliance for Device Control and Endpoint Security

Endpoint Protector Virtual Appliance for Device Control and DLP

Device Control, USB Lockdown and Control for Mac OS X

Endpoint Protector Basic - Data Protection for Small Offices or Home Use

EasyLock - Cross platform encryption for Windows, Mac OS X and Linux

My Endpoint Protector explained in plain English

Endpoint Protector as Virtual Appliance

Endpoint Protector as Hardware Appliance

System Overview

System Settings

System Policies

System Security

System Departments

Client Software Installation

Client Software Upgrade

Computer Rights

Device Rights

Offline Temporary Password

Logs Report

Graphics

Centralized
Device Control

File Tracing /
File Shadowing