The Device Control module is the first layer of security provided by Endpoint Protector. By defining granular access rights for USB and peripheral ports, device security is enforced while productivity is maintained. As a cross-platform solution, it protects the entire network, regardless if the computers are running on Windows, Mac OS X or Linux.
The Device Control module allows management of the most commonly used device types and simplifies IT Administrators' lives in several ways.
- USB Storage Devices (USB Flash Drives, Sticks, Pen drives, etc.)
- External HDDs (incl. sATA HDDs)
- CD/DVD-Players and Burners (internal and external)
- iPhones, iPads and iPods
- Smartphones and Tablets (incl. Android devices, Blackberry and PDAs)
- Digital Cameras
- MP3 Player and other Media Player Devices
- Card Readers (internal and external)
- Memory Cards (SD, MMC, CF, Smartcard, etc.)
- Floppy Drives
- WiFi Network Cards
- FireWire Devices
- Biometric Devices
- Bluetooth Devices
- ZIP Drives
- ExpressCard SSD
- Wireless USB
- Serial Port
- Teensy Board
- PCMCIA Storage Devices
- Network Share
- Thin Client Storage (RDP Storage)
- Additional Keyboards
- USB Modems
- Infrared Dongle
Content Aware Protection
The Content Aware Protection module is the second layer of security provided by Endpoint Protector. It prevents data leakage through all possible exit points, from clipboard, screen captures, USB devices, to applications including Microsoft Outlook, Skype or Dropbox. Through efficient content inspection, transfers of important company documents will be logged, reported and managed.
The Content Aware Protection module allows management of file transfers via the most common exit points, preventing data leakage.
- Web Browsers
- E-mail Clients
- Instant Messaging
- Cloud Services / File Sharing
- Social Media / Other
The eDiscovery module from Endpoint Protector provides Data Loss Prevention for data at rest. It prevents data breaches by scanning and identifying sensitive data at the endpoint level on Windows, macOS, and Linux computers. Endpoint Protector eDiscovery ensures compliance with regulations like HIPAA, PCI DSS and others. eDiscovery offers visibility into scans, identifying where confidential data resides and remediating by encrypting or deleting the identified confidential data.
eDiscovery scans sensitive data residing on employees’ computers and provides the option to encrypt or delete discovered data.
- File Type
Graphic Files (jpeg, png, gif, bmp, tiff, psd, etc.), Office Files (word, excel, pdf, powerpoint, outlook, publisher, etc.), Archive Files (zip, rar, ace, tar, xar, xz, etc.), Programming Files (c, cpp, java, py, pas, asm, dmp, xml, dtd, etc.), other files (autocad files, text files, dta, xia, journal files, drm files, etc.), Media Files (mov, mp3, mp4, wav, avi, vma, etc.).
- Predefined Content
Credit Cards (Visa, Mastercard, Discover, JCB, Diners, Amex), Personally Identifiable Information (IBAN, date, e-mail), Address, SSN, ID, Passport, Phone Number, Tax ID, Driving License, Health Insurance Number, Internet Protocol Addresses.
- Custom Content
- File Name
- Regular Expressions
- HIPAA regulated data
Endpoint Protector can protect confidential information throughout the entire network, regardless if the computers are Windows, Mac or Linux-based. This will provide a safer working environment, regardless if you are using the latest Windows 10 or macOS Sierra.
Multilingual User Interface
The user interface is available in more than 10 languages, making the administration easier by bridging the language gap. Among the provided languages: English, German, French, Spanish, Romanian, Korean, Russian, Chinese, Hungarian and more.
AD Import & Sync
Take advantage of Active Directory or similar tools, making larger deployments simpler. Import and sync all groups and entities. It will also simplify device management and content filtering policies with customizable templates for defined Active Directory GPOs.
Low Resource Usage
The Endpoint Protector client software has a minimum footprint, using very little memory and reducing end-user impact. Our DLP solution requires during regular usage less than 1% CPU and approximately 22 MB, which is less than typical desktop applications like instant messaging or e-mail.
The Hardware Appliance is a Plug&Play solution, that allows IT Administrators to set up Endpoint Protector within minutes, with a few simple steps. It is suitable for organizations with more than 15 endpoints and it presents advantages like dedicated resources and isolation from other security solutions, making the process of detecting possible incidents easier.
As a second option for an on-premise DLP solution, Endpoint Protector also comes as a Virtual Appliance. It provides increased flexibility, easy scalability, and affordability. The solution comes in different formats, compatible with the most common virtualization tools, like VMWare, VirtualBox, vSphere, HyperV, Parallels, XenServer and many others.
The possibility of transmitting all logs to a SIEM server allows for a seamless experience of the reporting and analysis capabilities by delivering high-quality data to one location. Your business will benefit from comprehensive analytics and graphics that provide real-time correlations for faster detection of incidents and threats.
DLP for Thin Clients
Protect data on Terminal Servers and prevent data loss in Thin Client environments. Control the use of portable storage devices and filter data that is being copied or uploaded to cloud storage and other online applications.
HIPAA Content Aware Policies
HIPAA policies allow for an in-depth scanning of documents and blocking file transfers if they contain sensitive information like FDA approved drugs, ICD-9 codes and diagnosis lexicon, Personally identifiable information like Social Security Numbers (SSNs) and others.
DLP for Printers
Create policies for local and network printers to block printing of confidential documents and prevent data loss and data theft. Data Loss Prevention for Printers can be implemented with the use of both the Device Control and the Content Aware Protection modules.
The Trial License allows access to all Endpoint Protector’s features for a period of 30 days. Protect and manage up to 50 computers running on Windows, Mac OS X, and Linux as well as 5 Android or iOS mobile devices.
Endpoint Protector DLP and MDM solutions support organizations to become compliant with industry rules and regulations like PCI DSS, HIPAA, SOX, and others and avoid huge fines and other prejudices.
Users and Computers Information
IPs, MAC Addresses and Usernames are part of any DLP solution. Gaining a better visibility into the network and understanding of users can be achieved by leveraging Employee IDs, Teams' membership, Computers (physical) Location, accurate contact details, and more.
Set Rights Globally
By default, Device Control Rights apply globally throughout the network. However, the module is extremely granular.
Set Rights per Group
Device Control rights can be granularly configured based on groups, allowing different access rights for various departments.
Set Rights per Computer
Device Control rights can be configured per computer. It is helpful when computers serve a unique role in the organization.
Set Rights per User
Based on their roles and tasks, each user can receive different device access rights according to the company policies.
Set Rights per Device
The granularity of the rights can be drilled down to the device level, based on Vendor ID, Product ID and Serial Number.
Rights can be created based on classes of devices making management easier for products from the same vendor.
For encrypted devices, different access rights can be configured based on the level of encryption (software, hardware, etc.).
Offline Temporary Password
(for removable devices)
Temporarily allow device access to computers disconnected from the network. Ensure security and productivity.
Outside Hours Policies
In addition to the standard rights, additional Device Control Policies can be set to apply when outside the normal working hours. Business hours start and end time, as well as working days can be set.
Outside Network Policies
In addition to the standard rights, additional Device Control Policies can be set to apply when protected endpoints are outside the company’s networks. To ensure enforcement of rules, DNS Fully Qualifed Domain Names and DNS IP Addresses are considered.
Predefined Content Filters
Filters can be created based on predefined content such as Credit Card Numbers, Social Security Numbers and much more.
Custom Content Filters
Filters for sensitive data can also be created based on custom content such as keywords and expressions which can be added in various Dictionary Blacklists.
Regular Expressions Filters
Advanced custom filters can be created to find a certain recurrence in data transferred across the protected network.
File Type Filters
File Type Filters can be used to block specific documents based on their extension, even if these are manually modified by users.
While all other attempted file transfers are blocked, whitelists can be created to avoid redundancy and increase productivity.
Domain & URL Whitelisting
Enforce company policy but allow employees the flexibility they need to do their work. Whitelist company portals or email addresses where employees can send sensitive data.
Threshold for Filters
Define up to which number of violations a file transfer is allowed. It applies to each type of content or to the sum of all violations.
Disable Print Screen
Revoke screen capture capabilities and make sure no valuable data displayed on the screen is leaked out of the protected network.
Eliminate data leaks of sensitive content through Copy & Paste / Cut & Paste, further enhancing the data security policy.
Offline Temporary Password
(for file transfers)
Temporarily allow file transfers to computers disconnected from the network. Ensure security and productivity.
Record all file transfers or attempts to various devices, online applications and cloud services, providing a clear view on users’ actions.
Save a copy of files that were transferred to controlled devices or through emails, cloud storage or other applications.
Create E-mail Alerts
Granular e-mail alerts can be set up to provide information on the most important events related to device use and confidential file transfers.
Reports and Analysis
Monitor activity related to device use and file transfers with a powerful reporting and analysis tool. Logs and reports can also be exported.
Dashboard and Graphics
For a quick visual overview of the most important events and statistics, graphics and charts are available.
Responsive management interface
Manage DLP and MDM policies and check reports from any device, from desktop to tablet with the responsive management console.
Administrators have quick access to alerts about licenses state, new available features and other important events directly on the management interface header.
Scheduled scans can be set to start inspecting data at rest on a specifc date and time. Incremental detection of sensitive content can be confgured as a single occurrence or to re-occur at regular intervals (e.g.: every 7 days, every 30 days).
Encrypt data at rest
Once confidential data is identified with eDiscovery, the Administrator has the option to encrypt it with AES 256 strong encryption solution in order to prevent unauthorized employees’ access and further having the possibility of leaking data.
Delete data at rest
Secure data and ensure compliance with industry regulations by deleting sensitive information immediately it is identified if it violates the company policy.
Export eDiscovery scan results
Scan results are available for export in Excel, PDF or CSV files and can be used as reports for the management or as audit documents. The scan results provide the details about computers where sensitive data was found, what sensitive data, the path, time of discovery, if it was encrypted, deleted or reported, and other valuable information.
Content and file type scanning
Create custom eDiscovery policies defining what content is sensitive for your organization depending on file type, predefined content, custom content, file name, Regex or HIPAA protected content. Start scanning for sensitive data according to selected content.