New software to control the peripheral and network interfaces of client devices on corporate networks is undergoing beta test.
The software, from Israeli startup Safend, can block data being transferred to or from a range of peripherals such as zip drives, CD/DVD drives, portable printers, iPods and digital cameras. This kind of port monitoring and control software can be used to block the entrance of viruses and malware, and prevent corporate data from being copied or saved except where and when authorized.
“It’s an important issue for the enterprise to address because so much information theft leaves through these kinds of [peripheral] devices,” says Natalie Lambert, security analyst with Forrester Research.
The new software is an extension of Safend’s current product, called USB Port Protector, which was released six months ago. The new product, Safend Protect, released to beta test last month goes beyond USB ports. When released in September, the new product will control a much wider range of peripheral and network interfaces such as PCMCIA slots, wireless LAN adapters, FireWire, infrared and in the future, wireless USB. And it will protect them on such handheld devices as PDAs and, especially, smart phones.
Safend Protector, which like the original product, has three parts.
With Protector loaded on a PC, administrators work with graphical screens to set up usage policies for various classes of peripheral devices. Then they can create a variety of exceptions as needed. For example, Apple iPods may be allowed on the network, but blocked from accepting files. Laptops can be constrained to print only to a given printer, in the user’s office for example. Policies can be set up for individual users or client devices, or by groups.
Working with Protector, the administrator then packages these policies with the second component, the Safend agent, a 28Kb program, and automatically downloads the package to each client device.
The agent resides between the operating system kernel and the various peripheral buses, and it can inspect every packet exchanged between the two, according to Safend executives.
The agent identifies the packet, consults the security policy, and either allows the data exchange to take place or blocks it. A message pops up to alert the user about why his iPod can’t download a patient X-ray, for example.
Also new in this expanded version are the abilities to log each policy violation, and alert administrators when violations occur.
A third component, Safend Auditor, is a companion program that runs on a server to monitor all the interfaces on all the network clients. Auditor interrogates the registry of every PC attached to the corporate LAN.
The software analyzes the registry’s record of activity to identify what interfaces are being used, what peripherals are being attached to the PC, and which of those devices are currently active.
Administrators can see information arranged by user or computer name, by groups, what devices are currently active on those computers.
Safend Protector, with Safend Auditor, will be available in September and cost US$32 per seat, with volume discounts.