GFI EndPointSecurity

In freeware mode, functionality is limited to monitoring only but there is no limit on the number of agents that can be deployed, so administrators can immediately see what is happening on monitored machines.

In order to be able to block the user in real-time, a license needs to be purchased

Blocking access to USB storage devices ensures that no data is stolen from your organization; however, there are times when you need to permit your users to utilize portable storage devices.

GFI EndPointSecurity helps solve this problem by including the capability to encrypt data on USB storage devices.

When users connect to your network with a USB device containing unencrypted data, they are prompted to enter a password and GFI EndPointSecurity then encrypts all the contents on the device. From then on, access to the data will work normally with the added benefit of being encrypted using a strong AES 128-bit algorithm.

GFI EndPointSecurity includes Traveler Application, a program that enables users to access encrypted content when they are away from the office, in locations where the GFI EndPointSecurity agent might not be installed. The program can also generate a report of failed attempts to access encrypted devices.

You can apply encryption enforcement and access to the Traveler Application to certain users, user groups or to all users with exceptions. For peace of mind, a master administrator password enables the recovery of encrypted data when an individual password that was used for the encryption process is lost. No encryption key management is required.

To control access, GFI EndPointSecurity installs a small footprint agent on your user's machine. This agent is only 1.2 MB in size, meaning your user will never know it is there.

GFI EndPointSecurity includes a remote deployment tool based on GFI LANguard™ technology, allowing you to deploy the agent to hundreds of machines with just a few clicks. After installation, the agent queries Active Directory when the user logs on and sets permissions to the different nodes accordingly. If the user is not a member of a group that allows access to a particular device or set of devices, then access is blocked.

Using GFI EndPointSecurity you can centrally disable access to any portable device, preventing both data theft and the introduction of data or software that could be harmful to your network.

Although you could block portable storage devices such as CDs and floppy drives from the BIOS of the individual machine, the solution is inconvenient and impractical when applying software or network upgrades. For example, a new software or device installation would require the administrator to physically visit each machine, switch off the computer, temporarily disable protection, perform the install and then re-enable protection. Furthermore any sophisticated user can hack the BIOS, circumventing the security measure altogether. GFI EndPointSecurity allows you to take control over your environment and the access of a wide variety of devices including:

• Floppy disks
• CDs and DVD ROMs
• iPods/iPhones
• Storage devices
• Printers
• PDAs
• Network adapters
• Modems
• Imaging devices
• And more

GFI EndPointSecurity incorporates a dedicated node making it possible for administrators to view all computers on a network from a single location.

Here, administrators can assign a secondary name to computers, to make it easier to identify them.

GFI EndPointSecurity can monitor the network, detect new computers that are connected onto the network, notify the administrator, and perform various tasks as configured by the administrator.

For example, the administrator can set automatic detection to occur at pre-set intervals - hourly, daily, weekly, etc. One can also set the scope of the auto discovery, for example, only computers detected on the domain or on the entire network. Once computers are detected, the administrator can choose whether to automatically protect them by deploying a pre-defined policy, or simply to be notified that new computers were detected. If auto-protect is selected, as soon as a computer is detected, the product would automatically install the agent and apply the default policy selected by the administrator.

Windows 7’s “BitLocker To Go” is designed to encrypt data on removable devices.

GFI EndPointSecurity 4.2 can detect devices that are encrypted with BitLocker To Go, and apply different permissions to these devices.

The GFI EndPointSecurity ReportPack is a powerful reporting package that adds on for free to GFI EndPointSecurity.

This reporting package can be scheduled to automatically generate graphical IT-level or higher level management reports, based on data collected by GFI EndPointSecurity. This gives you the ability to report on devices connected to the network, user activity, endpoint files copied to and from devices (including actual names of files copied), and much more. The latest ReportPack includes enhanced reports that highlight users trying to bypass security policies by renaming file extensions etc.                                                 

The agent used to control machines has a number of security elements applied to render it tamper-proof.

Users are unable to uninstall the agent as it is not published as an installed application. As additional security, uninstall can only be accomplished if a special 128-character ID to unlock the uninstaller is registered. A sample of the other security features includes encryption of the configuration file used by the agent; the automatic regeneration of registry keys and critical files if these are tampered with; and an emergency block mode if the configuration file is corrupt, leaving access to the driver only possible by a system reinstall or using the recovery console.

GFI EndPointSecurity auto-updates via GFI's servers – this functionality allows GFI to roll out fixes immediately without troubling the administrator to download and install upgrades.

GFI EndPointSecurity removes another administrative headache – database size limits. Based on the database size limit (4 GB) imposed by SQL Server Express, the product can automatically roll over and start report-logging in a new database once the original one is full.

USB sticks present a significant threat to your business environment. They are small, easily hidden and can store up to 16 GB of data.

Even plugging a digital camera into a USB port gives users access to storage on an SD card. SD cards are available in 32 GB capacity and more; that's a lot of potential for carrying off your data or for exporting infected software onto your network. In addition to blocking access to portable storage media, GFI EndPointSecurity logs device related user activity to both the event log and to a central SQL Server. A list of files that have been accessed on a given device is recorded every time an allowed user plugs in.

You can categorize computers into protection groups. For each group you may specify the level of protection and portable device access to allow.

The ability to group your networked computers is a powerful feature; making, for example, an entire department into one group and then managing the department's setting by managing the group as a single entity. Configuration of GFI EndPointSecurity is effortless and leverages the power of Active Directory. It does not require the administrator to remember and track which policies were deployed to which computers. Many other storage control software requires cumbersome machine by machine administration, forcing you to make the changes on a per-machine basis and then to update the configuration on each machine before the settings take effect. GFI EndPointSecurity does away with all of that.

GFI EndPointSecurity enables you to allow or deny access to a range of device classes, as well as to block files transferred by file extension, by physical port and by device ID (the factory ID that identifies each device).

It is also possible to specify users or groups and then manage their access to devices giving them permissions ranging from no access ever, some access to some devices some of the time, and all of the way to full access at all times. GFI EndPointSecurity allows administrators to define a device whitelist and a blacklist allowing only company-approved devices, effectively and easily blocking all others.

GFI EndPointSecurity provides real-time status monitoring through its user interface.

It displays statistical data through graphical charts, the live status of the agent and more. GFI EndPointSecurity also allows you to send alerts when specific devices are connected to the network. Alerts can be sent to one or more recipients by email, network messages, and SMS notifications sent through an email-to-SMS gateway or service.

GFI EndPointSecurity provides administrators with the ability to automatically schedule agent deployment after a policy or configuration change.

If a deployment fails, it is rescheduled until deployed successfully. The GFI EndPointSecurity remote deployment tool can deploy its security agent network-wide in a few minutes and we facilitate Active Directory deployment through MSI.

Temporary access can be granted to users for a device (or group of devices) on a particular computer for a particular timeframe.

This can be done even if the GFI EndPointSecurity agent is not connected to the network!

To facilitate the creation of security policies, GFI EndPointSecurity includes a wizard to create security policies. Administrators can also create new policies based on existing ones.

An email notification containing activity statistics can be sent on a daily or weekly basis, enabling the recipient to have an overview of, for example, how many files were copied to and from devices, how many may potentially carry malware, etc.