GFI EndPointSecurity Software

Protect Your Network from Portable Devices such USB drives, iPods, and PDAs

The proliferation of consumer devices such as iPods, USB devices, Smart Phones and more, has dramatically increased the risk of intentional and unintentional data leaks and other malicious activity. While most companies have anti-virus software, firewalls, email and web content security to protect against external threats, few realize how easy it is for an employee to simply walk in and copy large amounts of sensitive data onto an iPod or USB stick. There is also an increased risk of malicious and other illegal software introduction to your network through these devices. Of course your administrator could lock down all ports, an ill-advised, difficult and unsustainable solution.

Prevent data theft and virus infection from within with endpoint security software
Unfortunately, many businesses are unaware of or ignore the threat until something actually happens. According to research conducted by eMedia on behalf of GFI in the US, few medium-sized businesses consider portable storage devices to be a major threat while fewer than 20% had implemented software to address this risk. The key to managing portable device use is to install an endpoint security solution that gives administrators control over what devices are in use, have been used and by whom and in-depth knowledge of what data has been copied.

Regain control over your network with GFI EndPointSecurity
GFI EndPointSecurity allows administrators to actively manage user access and log the activity of:

• Media players, including iPods, Creative Zen and others
• USB drives, CompactFlash, memory cards, CDs, floppies & other portable storage devices
• PDAs, BlackBerry handhelds, mobile phone and similar communication devices
• Network cards, laptops and other network connections.

Why choose GFI EndPointSecurity?

• Prevents data leakage/theft by comprehensively controlling access to portable storage devices with minimal administrative effort
• Prevents introduction of malware and unauthorized software on the network
• Gives administrators greater control by being able to block devices by class, file extensions, physical port or device ID
• Allows administrators to grant temporary device or port access for a stipulated time-frame
• Support for 32 & 64-bit platforms: Including Windows Vista and latest RC of Windows Server 2008.

What's new in GFI EndPointSecurity 4?

A new build of GFI EndPointSecurity 4 has been uploaded.

GFI EndPointSecurity version 4 builds on version 3 whilst adding improved reliability and a number of new features which include the following:

• Vista and 64-bit support: GFI EndPointSecurity 4 now also supports the following operating systems:
  - Windows Vista (both x32 and x64 versions)
  - Windows XP x64
  - Windows 2003 x64
  - Windows Server 2008
  
• Scheduled deployment: When the user effects any policy or configuration changes through the console, it is now possible to close the GFI EndPointSecurity console and allow the agent deployment to take place automatically on a schedule.  The deployment is handled by the GFI EndPointSecurity service which will also handle failed deployments through rescheduling.
  
• Blocking by file type: File security policies can now be defined by file type. For example allow the user to read *.doc files but block access to all *.exe files.
  
• Blocking at physical port level: Devices can now be blocked by the physical port on which they are connected, for example USB, Firewire, Bluetooth, Infrared, Wi-Fi, PCMCIA, Parallel, Serial, S-ATA, SD.
  
• Blocking by device serial number: Besides being able to set permission for a whole device class, it is now also possible to set permission for a single device based on the unique device Hardware ID.
  
• Device whitelist and blacklist: The administrator can define a list of particular devices which are allowed and others which are permanently banned. For example an administrator might want to allow only company-owned USB drives to be used on the network, whilst banning all other devices.
  
• Temporary unlock: The administrator is now able to grant temporary access to a device (or group of devices) on a particular computer. This new feature allows the administrator to generate a code that the end-user can use to obtain a time-limited access to a particular device or port, even when the GFI EndPointSecurity agent is not connected to the network.
  
• Power users: It is possible to specify users or groups who would always have full access to the devices protected by GFI EndPointSecurity.
  
• Live agents status: The main application communicates with its deployed agents to keep track of the agent status. The status is used by the main application to perform maintenance tasks once an agent goes online.
  
• Status dashboard: A revamped user interface now includes a status dashboard which shows the agents live status, agent deployment status, Database status, GFI EndPointSecurity service status and statistical data with charts.
• Alerting: Standard notifications can be sent when devices are connected/used, or else when device access is blocked or allowed.
  
• Database operations: Simple automated maintenance for the database backend such as the option for deleting information older than X days.
  
• Improve support for Active Directory deployment: From the main application it is possible to generate a single MSI file that can be later deployed using the Active Directory deployment tool or other deployment options. The MSI file will contain all the security settings configured in a particular protection policy.
  
• Agent management password: Agent management functions (such as update and un-install) are now protected by a user-configurable password. This means that any another GFI EndPointSecurity instances won’t have access to the agent management options.
  
• Device discovery: The EndPointScan engine can be used to scan and detect the presence of devices on the network. The information on detected devices can then be used to build security policies and assign access rights for specific devices.
  
• Log browser: An in-built tool allows the administrator to browse user activity and device usage that is detected by GFI EndPointSecurity and logged in the backend database.
  
• Custom messages: When users are blocked from using devices, they are shown custom popup messages explaining the reasons why the device was blocked.

Features:

You're in good company....
Many leading companies have chosen GFI EndPointSecurity. Here are just a few: Best Western Sterling Inn, Fair Trades Ltd, Central Highlands Water, Aurum Funds and many more.

Specifications:

System requirements:

The following are the system requriements for GFI EndPointSecuity:

Hardware requirements:

• Processor: 2GHz processor clock speed
• RAM: 512 MB (minimum); 1 GB (recomended)
• Hard Disk: 100 Mb of available space

Software requirements:

• Operating system: Windows 2000 (SP4), XP, 2003, Vista and 2008 (x86 and x64 versions)
• Internet Explorer 5.5 or later
• .NET Framework version 2.0
• Database Backend: SQL Server 2000, 2005, 2008
• Port: TCP port 1116 (default)

Note 1: The firewall has to be configured to allow GFI EndPointSecurity to listen on the configured TCP port.
Note 2: GFI EndPointSecurity can only be installed and lanched when using administrative privileges.

GFI EndPointSecurity agent - hardware requriements:

• Processor: 2GHz processor clock speed
• RAM: 512 MB (minimum); 1 GB (recomended)
• Hard Disk: 100 Mb of available space

GFI EndPointSecurity agent - software requirements:

• Operating system: Windows 2000 (SP4), XP, 2003, Vista and 2008 (x86 and x64 versions)

Screenshots:

Click on a thumbnail to see that picture in full size!

GFI EndPointSecurity
GFI EndPointSecurity Management Console	GFI EndPointSecurity configuration options	Default protection policies
Adding computers to a protection policy	Deploying agents on client computers	Agent deployment status
Status of all agents deployed	Device access statistics	Adding power users for a protection policy
Set device/port permissions and priorities	Whitelist/blacklist specific devices based on serial number	The logs browser
Scan network computers	Temporary Access: 1. Request from client	Temporary Access: 2. Granting temporary access through the management console
GFI EndPointSecurity ReportPack
User interface	Configuration options	Device usage report
Device access report	Executive trend report	Device activity per machine
Device activity per user	Device activity per type of device	Quick start guide
List of scheduled reports	Scheduled report wizard	Custom report wizard

Awards and Reviews:

	Best Channel Product 2009 Award Five Best Channel Product Awards organized by Business Solutions Magazine have been given to GFI's products. GFI rated exceptionally well in the Network Security category and very high in terms of ease of upgrade and VAR's ability to service the product. The winning products are: GFI MailArchiver, GFI MailEssentials, GFI EndPointSecurity, GFI WebMointor and GFI MAX, the latest offering from GFI specifically for VARs, MSPs and IT support companies.
	4 stars for GFI EndPointSecurity In a review in SC Magazine, GFI EndPointSecurity™ is rated four stars out of five and with full marks given to its ability to use the minimum of resources. The reviewer adds that the interface is clean and logically laid out while “the level of resources used is incredibly small, making the offering handy for many organizations” - SC Magazine, September 2008
	Control Usage of Portable Devices with GFI EndPointSecurity Daniel Petri from the popular IT knowledge base, Petri.co.il, talks about the threats posed by portable storage devices such as iPods, USB sticks, PDAs etc. In a review of GFI EndPointSecurity™, Daniel says it “is one of the best portable device control software that I've tested, allowing you to easily control the usage of portable devices into your corporate network and thus strengthening your physical security”. - Petri.co.il, February 2008
	Excellent and easy to use In a review on Liquidmatrix Security, Dave Lewis looks into the threat posed by portable storage devices and how GFI EndPointSecurity™ allows administrators to allow, yet control their use on the company network. He describes the product as “an excellent and easy to use offering from GFI” and “I recommend giving it a test drive”. - Liquidmatrix, June 2007
	Fast, stable and efficient The threat posed by portable storage devices such as USB sticks and iPods and how GFI EndPointSecurity™ can address these threats is highlighted in a review in IT-Observer. The reviewer says the product “offers many features to take control of data flow from storage devices in complex network environments”, the “whole management process is accomplished through the easy-to-use administrator console” and that “it proved to be fast, stable and easy to deploy – not to mention very efficient”. - IT-Observer, May 2007
	Good value for money In a review in SC Magazine, GFI EndPointSecurity™ is rated four stars out of five and described as a complete endpoint security kit that is “good value for money and a useful tool set that should scale well to large enterprises”. The magazine also highlights GFI EndPointSecurity’s client deployment tool and its integration with Active Directory. - SC Magazine, May 2007
	Fast, stable and efficient In a review of GFI EndPointSecurity™ in net-security.org, reviewer Tim Wilson writes that if a company needs to manage user access to the external devices from the computers in a network, they should “definitely check GFI EndPointSecurity”. He says the “the software concept is pretty straightforward and every decent administrator shouldn’t have any problems in deploying the solution.” Wilson highlights a number of features including its versatile logging possibilities, buffering of protection procedures when a laptop is disconnected and reconnected to the network, and the fully-fledged reporting add-on. Concluding, he says “the software proved to be fast, stable and quite efficient”. - Net-security.org, March 2007
	Powerful piece of software In an extensive review of GFI EndPointSecurity™ in Windowsecurity.com, Jakob H. Heidelberg gives the product 4.5 out of 5 and a Gold Award. In his review, he says GFI EndPointSecurity offers great features “to take control of vulnerable data and network environments”. He highlights the product’s security advantages over Microsoft Windows Vista Group Policy, such as GFI EndPointSecurity’s ability “to exert almost the exact same level of granular control over all 32-bit versions of Windows 2000, XP, 2003 based computers and all devices without a file system. These include printers, scanners, modems, Bluetooth dongles, etc”; something that administrators cannot do in Windows Vista. He also talks highly of GFI EndPointSecurity’s tracking of device usage and log management. Concluding he recommends readers to download and try out “this powerful piece of software”. - Windowsecurity.com, March 2007
	GFI EndPointSecurity wins the TMC Labs Innovation Awards 2006 TMC Labs conclude that GFI EndPointSecurity™ deserves the TMC Labs’ Innovation Awards for 2006. The product was admired for its unique features and its ease-of-use. - TMC Labs, September 2006
	Network-wide control GFI LANguard P.S.C. (now GFI EndPointSecurity™) received the top rating of 5 stars from the popular shareware site, top-shareware.net. The site praised the product's ability to offer administrators network-wide control. - top-shareware.net, October 2005

Documentation:

Download the GFI EndPointSecurity Software Data Sheet (PDF).