ControlGuard Endpoint Access Manager
ControlGuard Endpoint Access Manager allows companies to monitor the use and prevent the loss of sensitive corporate information from user's desktops. ControlGuard allows companies to implement corporate policies on the use of removable devices and unsecure communication over wireless, WiFi or Bluetooth.
Why should I buy endpoint security?
Traditional IT and physical security does not protect endpoints. If there isn't endpoint security on your network, your company's computers are vulnerable and exposed to the possible risks of malware and data loss.
Portable devices are proliferating into every aspect our lives. Removable media devices can hold massive amounts of data and reduced prices have made then so affordable companies are now giving them away as promotional items.
Technology is providing us a wide array of new tech-toy and business accessories to digitize and organize our busy world. With this comes the interfacing of these devices to computer ports, infrared, Bluetooth, wireless networks and more.
Unfortunately this new area of technology is rife with exposures and vulnerabilities and provides a place for hackers as well as employees to work under the radar of traditional security. The lucrative and insecure nature of portable devices and the unsecured peripherals and ports has set the stage for the portable generation's next security battle.
What are some reasons why I need endpoint security?
The reason you need endpoint security is because:
- Laptop and desktop computers come from the manufacturer with numerous built-in and unsecured endpoints.
- The data on your system might be accessible from remote via built in wireless devices that come standard on many modern computers.
- An employee chatting and browsing on a smart phone may unknowingly provide Internet hackers wireless access to the trusted security zone of your network via live Bluetooth workstation connections.
- Company trade secrets and customer lists that take years to develop are exposed to numerous workstations with built-in security holes and unmonitored devices.
- Massive storage and removable storage devices can copy massive amounts of internal data in seconds without being monitored.
- Thumb-drives and massive storage devices can disconnect from the trusted security zone and then connect to a non trusted security zone exposing data that resides on the device.
- Flash disks, portable devices, DVDs, or CDs are easily lost or stolen without any record of what data was on them nor monitoring of how often these events occur.
- Users and visitors sharing information on memory sticks and devices risks infecting computers with viruses.
- Users may install downloaded software, copy images or videos from home thus putting unlicensed, explicit materials, bootleg or viral software on the company network.
- A laptop workstation with internal data can travel outside the physical security zone and connect with untrusted networks.
- Users are not limited by IT security on how much they are allowed to copy or what file types they are allowed to copy.
- Disabling all use of devices can hinder production, the ability to take work home, and undermine employee moral.
- Keyboards and mouse connections are often interfaced via the USB ports and cannot be disabled without rending the workstation useless.
- Conformance to IT security standards and laws is necessary to avoid liability, violations, and litigation, e.g. HIPAA, GLBA, BASEL II, DSS standards, Sarbanes-Oxley, as well as state and international data privacy or breach notification laws.
- Loss of large volumes of protected information can lead to great expenses in customer notifications, corrective measures for those jeopardized as well as a PR publicity nightmare.
ControlGuard EAM helps monitor manage and control devices, content and media. It allows you to limit devices, users, content files, and so much more by applying using easy to use policies where and when you need the most.
Don't existing security permissions protect and monitor these devices?
Traditional security has neglected to protect endpoints and cannot monitor or protect the data once it has left the network and physical security of the company. Because of these facts, the answer is no, traditional security is not securing or controlling the use of endpoints.
Devices with malware that are connected to endpoints can execute regardless of whether the workstation or server is logged in. Furthermore, firewalls do not protect against users doing things they have already been given permissions to do. Malware brought into the trusted zone behind the firewall on a logged in user's computer can hijack the permissions of the user as well as the permissions of applications on the network.
Users who are authorized by security can connect company issued or privately owned devices such as thumb drives, to copy data onto workstation hard drives and possibly network directories. Traditional security has no way to monitor or limit unsafe or abusive behavior beyond either granting or deny rights to read and write data.
Users can also mistakenly connect to WiFi networks that happen to appear available on their computer without knowing if it is a company network or another unsecured WiFi transmitting in the area.
One way of protecting data is encryption. However, the use of voluntary encryption policies rests on the user's adherence to the rules. It doesn't ensure that employees won't share files or copy data that is not encrypted, nor does it prevent or monitor employees from taking data for their own personal use. It also doesn't prevent hardware key loggers or malware from recording keystrokes.
Even if you are using a VPN, the data is not secured; this is why ControlGuard is designed to secure VPN as well.
Where are my risks and how do I find out what I have?
Endpoints in the context of data loss protection are any port, peripheral or device that sits at the edge of the network and allows the transfer in or out (I/O) of data and communication.
Because systems vary on what features and endpoints are connected the answer on how many endpoints you have really depends on what you have purchased and connected to your network. However, we make it simple for you by providing a free IT tool scanner application that you can download right now and run to see what endpoints are visible on your network. After you view the exposures, you can then assess the risk and priorities for securing you endpoints and devices.
What endpoints does ControlGuard EAM protect?
The ControlGuard EM software provides monitoring and protection for a large array of devices. The following is a list of some but not all the types of devices and connections that are protected:
USB Flash Drives MP3 players iPods cameras imaging equipment removable media FireWire infrared COM ports serial ports LPT ports WiFi Bluetooth adapters printers (local, network and virtual printers) Windows Mobile and Palm OS-based PDAs smartphones DVD/CD-ROMs floppy drives detect and block hardware keyloggers (USB and PS/2) PCMCIA(faxes/modems) other removable plug-and-play devices.
The ControlGuard product line addresses the security issues that are not handled by traditional security system. Maintaining a trusted security zone needs to ensure that ALL entry by any device or endpoint is secured and monitored.
Additionally security needs to control and monitor what types of devices and data can be used as well as whether that data is allowed to leave the security of the trusted zone and ultimately the physical security of the company. If any data, device or laptop must leave, security needs to assure that they are secure wherever they travel. Additionally, security can be flagged when an employee begins using a new device and make certain that the old device and data no longer represent a security risk.
Traditional security systems rely on the user sitting at the keyboard within the office. In the portable generation, security must be extended so that the precious data that flows in and out of the trusted security zone is protected.
