Lumension Sanctuary Device Control - Overview

Overview

Sanctuary Device Control allows you to regain control of the peripheral storage devices that your user community attempts to connect to your network assets. Through granular policy-based controls, Sanctuary Device Control reduces risk of data theft, data leakage and malware introduction via unauthorized removable media and assures compliance with the landslide of regulations governing privacy and accountability.

 

Positive Approach to USB Security

Hardware such as USB memory sticks, FireWire external hard-drives, scanners, music players, digital cameras, PDAs, and CD/DVD burner drives are scattered throughout offices around the world. Their proliferation amplifies the threats posed by outsiders or users who plug in devices that could compromise the security of sensitive data.

 

By employing a whitelist approach, Sanctuary enables only authorized devices to connect to a network, laptop or PC - facilitating security and systems management, while providing the necessary flexibility to the organization.

 

Simple, Fast, Flexible Administration and Management

Sanctuary enables administrators to quickly establish and enforce device control policies by rapidly identifying devices and then assigning permissions at a high level or all the way down to specific application per users, user groups or even a particular computer. Policies are also enforced by time constraints, encryption, volume of data, data transfer and much more criteria. Sanctuary links device policies to user and user group information stored in Microsoft Active Directory or Novell eDirectory and has also been ported to Windows Embedded platforms in addition to traditional Server and Desktop Windows OS, dramatically simplifying the management of endpoint application resources.

Sanctuary controls the use of a vast range of devices that are key sources of security breaches, and manages and audits device usage according to their type and not on how they are connected. If needed, Sanctuary Device Control can be set to completely block USB ports or any other port (Bluetooth, FireWire, IrDA, WiFi, etc.) or prevent access to any device category independently from the way users are attempting to connect them. Granular policies also allow for access rights (R/W) down to unique device model or identifiable unit per user or user group.

 

 

USB Security Built to Scale
 

With a three-tier architecture and load-balancing capability, Sanctuary is designed to provide USB security to organizations ranging in size from 50 to 100,000 endpoints. Through integration with Active Directory or eDirectory, Sanctuary integrates with your existing technical infrastructure and logical organization. Sanctuary has also been ported to Windows Embedded platforms to protect the growing number of exposed embedded devices.

 

 

Comprehensive Security and Auditing Capabilities for USB Devices

Lumension Security Patented Shadowing I/O bi-directional technology tracks information as it is read from or written to floppy, CD/DVD and removable devices, and provides a comprehensive audit log of every event whether allowed or attempted - including those by unauthorized code and all writes to removable media and specific ports. Optionally, a full copy of the data written to or from a device can be captured and retained as well.

 

Not only is an audit log invaluable in measuring and enforcing policy compliance, it also bundles the information you need as proof of compliance with a number of governmental regulations such as the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-Leach-Bliley Act (GLBA) or the Health Insurance Portability and Accountability Act (HIPAA).