| Whitelist |
Assign permissions for authorized devices to user or user group, and by default those not authorized are not allowed |
Eliminates unknown or unwanted devices in your network, reducing the risk of data leakage |
| Access Control List Based Permissions |
Assign permissions to a user/user group based on their Active Directory or eDirectory identity |
Provides granular user permissions that remain with user login regardless of machine |
| Granular Device Control Permission Settings |
Permission settings include read/write, scheduled access, temporary access, online/offline, I/O bus type, HDD/non-HDD devices and much more |
Eliminates risk of unauthorized devices connecting to the network while providing the flexibility users need to conduct business |
| Uniquely Identify and Authorize Specific Media |
Authorize DVD/CD-ROM collections, grant access to users or user groups and encrypt removable media with unique ID's |
Limits DVD/CD-ROM access to company standard discs, to avoid use of unauthorized content and/or encrypt removable media to prevent the content from being viewed by unauthorized users |
| Silent Unattended Installations |
Install with any deployment tools which use MSI Setup (e.g. Microsoft Systems Management Server (SMS), Group Policies, WinInstall, etc). |
Enables faster and easier deployment |
| Plug and Play Devices: Hot Plug Support |
Detect Plug and Play Devices "on the fly" |
Ensures user productivity is not disrupted by applying permissions for plug and play devices when detected |
| Bi-Directional Shadowing Option |
Patented Shadowing technology records filename or complete file that is read from and/or written to a removable device |
Captures the flow of information into and out of your network, reducing risk and containing impact of data leakage |
| Restrict the Amount of Data Copied |
Restrict the daily amount of data copied from an endpoint to a device on a per-user basis |
Removes risk of large pieces of confidential information leaving the network |
| Prevention of PS/2 and USB Hardware Keyloggers |
Block PS/2 port, enforce USB keyboard usage and detect/block popular models of USB keyloggers |
Reduces risk of attackers capturing passwords and other confidential information through keyloggers |
| Flexible Encryption Options for Removable Media |
Administrators may centrally encrypt removable media or force users to encrypt media at time of use |
Ensures that sensitive data is not inadvertently exposed to those without authorized access |
| File Type Filtering |
Control the type of files that are moved to and from removable devices |
Reduces risk of unwanted files from entering and sensitive files from leaving the network |
| Disconnected/ Remote Computer Protected |
Enables constant protection by keeping a local copy of the last list of permissions on the disconnected machine |
Secures computer regardless of network connection, ensuring that remote or disconnected users are also protected |
| Highly Scalable Architecture |
Three tier architecture with Database, one or more Application servers, and Client |
Provides flexible and scalable deployment options in large and complex networks |
| Powerful Log Analysis and Reporting |
Detailed log analysis with flexible filter, sort and display options and stored query templates as well as central reporting |
Demonstrates policy compliance and drills down on suspicious behavior for legal or management follow up |
| Active Directory and eDirectory Support |
Leverages user and user group definitions in existing Active Directory and eDirectory |
Reduces setup and maintenance of users and user groups |
| Multi-Language Support |
Supports 12 languages on Sanctuary client machines |
Improves user experience in international organizations |
| Custom Reports |
Custom query templates can be scheduled to automatically generate reports in HTML, XML or CSV formats and delivered via email or network file share |
Produces data required for compliance audit purposes and management reporting in a report format or data format for easy integration into a 3rd party system |
| Password Lockout and Recovery |
Lockout users after a number of failed attempts; recover access to devices when passwords are forgotten |
Reduces risk of hackers breaking into devices; enables recovery of encrypted data on devices |
| Offline Temporary Permissions |
Challenge/response system generates new permissions on disconnected machines, allowing for temporary permissions to users on demand, even when a user is not connected to the network |
Enables provision of temporary permissions to users on demand, even when not connected |
