USB Auditing & Device Control Suggestions

[knowlesy]

Im looking for some software to control and audit usb devices primarily and can monitor any file that leaves a domain either onto a cd, usb device (iphone, thumb stick etc.) .... granular configuration via OU configuration is a requirement and the ability to configure a variety of users for different jobs in managing the software is ideal.

I've looked at an older version of lumension and I had a plethora of issues with x64
Safend I didn't like the UI and the other users looked at it with blank faces
Checkpoint was rather expensive
how does GFI fair up ?

 

[sidethink]

The current versions of Lumension have no issues with x64 that I am aware of. We have it deployed on over 10,000 devices without any significant overhead.

Lumension doesn't really do Information Rights Management on its own per se. Where we have configured this, it has been done using Windows AD Rights Management. You need to already have fairly strict control over the server and desktop estate to easily implement it using the MS built in technology.

 

[knowlesy]

The current versions of Lumension have no issues with x64 that I am aware of. We have it deployed on over 10,000 devices without any significant overhead.

Lumension doesn't really do Information Rights Management on its own per se. Where we have configured this, it has been done using Windows AD Rights Management. You need to already have fairly strict control over the server and desktop estate to easily implement it using the MS built in technology.

Cheers, would it be ok to tell me the version number your using ? Im not looking at Rights Management as that would an emense amount of work to put in, It has been suggested but thrown out as far as I'm aware. I'm sure I tested a software before that copy's the file (if required ) or its file name to a log from its original location to its destination by the user time pc etc.... was hoping this is on the new software, I am to purchase.....hopefully

 

[anything I don't mind]

I always found usb restrictions to be more hassle than they are worth. The amount of support calls it generates, well what ends up happening is that the support desk just disable the software eventually because they spend so much time giving allow permissions to permissible use of usb. Ive seen that happen at a few sites.

One site we just use a group policy to ban usb via a group and a group that enables it. Then we just change groups and ask the user to log off and back on. But even that is annoying if requests become too frequent.

Plus users can just email or upload documents via the internet, so makes it pointless. Unless you are worried about someone coping all the firms data on to a usb hard drive and leaving etc. But realy data like that should be restricted with DMS software that monitors large exports and then you should have HR policy for confidential data restrictions etc and theft of data is a serious crime etc.

 

[knowlesy]

I always found usb restrictions to be more hassle than they are worth. The amount of support calls it generates, well what ends up happening is that the support desk just disable the software eventually because they spend so much time giving allow permissions to permissible use of usb. Ive seen that happen at a few sites.

One site we just use a group policy to ban usb via a group and a group that enables it. Then we just change groups and ask the user to log off and back on. But even that is annoying if requests become too frequent.

Plus users can just email or upload documents via the internet, so makes it pointless. Unless you are worried about someone coping all the firms data on to a usb hard drive and leaving etc. But realy data like that should be restricted with DMS software that monitors large exports and then you should have HR policy for confidential data restrictions etc and theft of data is a serious crime etc.

Agreed this is true, however the reason for this is due to an audit at the end of the day its more of a red flag waving for larger files cad/video & media etc. if they start to be transferred to a un sanctioned external as well as reporting for the big wigs

 

[sidethink]

Cheers, would it be ok to tell me the version number your using ?

From memory its 4.4 SR7 or SR9. As I said, it basically works like a charm once installed and configured with appropriate policies.

The one significant issue we had was with a certain combination of DVD writer and encoding software that wrote 'raw' scratch files of DVDs during the copy process. Lumension could not properly record the metadata for this 'raw' and blocked the write (Lumension calls this shadowing I believe).

Its a documented problem as far as I know and the Lumension software failed safe when it encountered a file that it couldn't shadow.

The system can be configured to fail open in this circumstance and allow the copy of files that have no metadata, but I don't personally see the point of this with security software other than as a temporary workaround.

 

[Little_Crow]

We use GFI, it just sits there and works really - probably the least bothersome pieces of security software we have in place.
I don't know that it allows you to monitor what files are being copied on to devices, but I have heard very, very good things about SecureWave Sanctuary for this level of snooping.

We are probably a bit more draconic than most though, we ban all USB storage devices, exceptions like cameras, etc are vetted and allowed as required by the business.
If they want a USB stick, then they will get one of our Integral sticks with built in encryption.

It's really the accidental loss of data that makes it into newspapers that we're trying to avoid.
A determined person will find a way round anything all but the most paranoid companies can realistically afford to put in place. But as has been mentioned that's where HR policy and hopefully the fact this sort of behaviour is illegal will help.

 

[DustyMiller]

What AV do you use, as most of them now have it built in. We have used Sophos for a good few years, as it has device control, a fairly good file control, as well as a really good AV suite.

 

[knowlesy]

We use GFI, it just sits there and works really - probably the least bothersome pieces of security software we have in place.
I don't know that it allows you to monitor what files are being copied on to devices, but I have heard very, very good things about SecureWave Sanctuary for this level of snooping.

We are probably a bit more draconic than most though, we ban all USB storage devices, exceptions like cameras, etc are vetted and allowed as required by the business.
If they want a USB stick, then they will get one of our Integral sticks with built in encryption.

It's really the accidental loss of data that makes it into newspapers that we're trying to avoid.
A determined person will find a way round anything all but the most paranoid companies can realistically afford to put in place. But as has been mentioned that's where HR policy and hopefully the fact this sort of behaviour is illegal will help.

Cheers, thats pushing me towards GFI a little

From memory its 4.4 SR7 or SR9. As I said, it basically works like a charm once installed and configured with appropriate policies.

The one significant issue we had was with a certain combination of DVD writer and encoding software that wrote 'raw' scratch files of DVDs during the copy process. Lumension could not properly record the metadata for this 'raw' and blocked the write (Lumension calls this shadowing I believe).

Its a documented problem as far as I know and the Lumension software failed safe when it encountered a file that it couldn't shadow.

The system can be configured to fail open in this circumstance and allow the copy of files that have no metadata, but I don't personally see the point of this with security software other than as a temporary workaround.

Thanks

What AV do you use, as most of them now have it built in. We have used Sophos for a good few years, as it has device control, a fairly good file control, as well as a really good AV suite.

Eset is currently being used, Sophos has been tried in the past however it wasn't to a few peoples liking, however I cant deny it being a decent AV


Im currently torn between GFI and Endpoint Protector which seem to have quite a few customers and some good case studies Im gonna give their virtual appliance a test