Endpoint Device Control | Protection & Security
Device Control is the branch of endpoint security that refers to the control of devices access to computers. Device control software is critical to protecting organizations data assets from the risks associated with the use of removable devices. Removable devices may transfer malware to computers and can also be used to extract sensible information from computers to unauthorized hands, therefore the importance of device control.
Endpoint vs Removable Devices
An Endpoint is computing hardware that communicates by wire or wireless to a computer network. Endpoints are network-hosts identified by IP address.
Most vulnerable endpoints:
Most dangerous removable devices:
- USB flash drives.
- Card readers.
- USB adapters.
- Wireless Transceivers.
- BadUSB (aka. USB Rubber Ducky).
- External drives (USB, e-Sata, Firewire).
- Compact discs.
Why is Device Control Crucial for Endpoint Security?
Because endpoint computers can act as both Device-Host and Network-Host, malware could spread and affect the compromised system and network infrastructure.
Today, it’s well understood that:
- Industrial networks in manufacturing, processing and energy production sector MUST implement device control to safeguard:
- Endpoint integrity and availability.
- Industrial and Enterprise IT Networks should implement device control to prevent:
- Endpoint malware infection.
- Confidential or sensible data loss.
- Arbitrary commands/code execution (ACE).
Facts and Features of Endpoint Device Control
Removable Media and Devices may contain malware and infect computers.
External Storage such as USB drives can be used to transfer data assets from computers, This could result in sensible data being stolen, lost or exposed. Preventing confidential data loss is a major concern for organizations.
The Universal Serial Bus (USB) is today the most used but not the only peripheral port interface allowing communication between devices and computers.
Most vulnerable USB-host protocols:
- USB Mass Storage Device Class (UMS).
- Media Transfer Protocol (USB-MTP).
- USB Attached SCSI Protocol (UASP).
- USB Human Interface Device Class (USB-HID).
- Centralized USB Management.
- Block USB Devices (System-wide).
- Specific Authorization (Whitelist).
- USB Monitoring.
- USB Encryption.
- Event Logging.
Common active Countermeasures:
- Driver restriction.
- USB Lockdown.
- Screen Locks.
- Drive Dismount.
- Disc Ejection
- Device Disable.
Most vulnerable organizations sector:
- Energy production.
- Defense/law enforcement.
Risk to enterprise:
- Operating Systems malware infection.
- Confidential/Sensitive data loss.
- Keystroke/payload injection Attacks.
- Malicious command/code execution.
- Endpoint availability loss leading to personnel/environment endangerment.
- Sensible data disclosure/exploitation.
- Assets loss.
- Network Security.
- Endpoint Security (Parent).
- Data Loss Prevention (DLP).
- USB Device Control.
- Intrusion Detection.
- Computer Forensics.
Effective Device Control solutions should act to deny the presence of unauthorized devices in the system. Blocking is the most effective way to prevent malware incoming from devices such as USB flash drives.
Management of Devices Access to Endpoints
The Management of peripheral devices and media access to endpoint computers requires that security settings be applied from a centralized tool located in a Server within the enterprise/organizations network/domain and that Authorized personnel ability to access the Central Control should not depend on internet access, external services or entities.
Security policies are to be deployed, applied and enforced to client machines in real-time without delay or need to reboot.
The Central Control interface should show clients updated security status and receive events/alerts from managed endpoints and should work with encrypted data, only readable within the administrative control interface.
Device connection events should be sent via secure email to an inbox within the organization domain and/or be standardized to Syslog or CEF (Common Events Format) to be relayed to SIEM solutions.
Historical device connection logs encrypted data should remain and be stored as a source of valuable information for intrusion detection or computer forensic purpose if needed.
Note: When readable reports outside the Control interface are required, access to reports should be managed/secured to prevent device identifiers disclosure.
Monitoring function should be available to allow visibility over data transfers from endpoints to authorized USB drives.
Encryption function should be available to secure authorized USB drives data transit.
Device tracking alert function should include capability to alert in realtime upon the connection of any specific USB to any endpoint in the networks. This function allows to test behavior of employees regarding the connection of unknown devices to company computer peripheral ports.
All device identifiers should be stored encrypted to prevent spoofing.
Enforcement of Device Control Policies
Enforcing removable devices and media restrictive policies requires that detection and blocking measures be active and locally enforced at endpoint (client-side). Such policies should be able to adjust/escalate depending on device status and media type.
Removable Media and devices connection events should be monitored and sent to the Central Control (Administrative Console) in real-time, event logs and alerts should include:
- Device VID (Vendor ID), PID (Product ID) and Serial Number.
- Source IP, Machine name, and Logged-User.
Protection scope should be system-wide (not user-wide). Devices such as USB drives are hosted at Operating System level and not at user level. User restrictions have diminished security value in preventing virus/malware infection or code injection compared to system-wide restrictions.
Unauthorized devices should be blocked, Lockdown measures can include Driver restriction, Drive Dismount, Disc Ejection, Device Disable and Screen Locks. Screen locks are part of device control to prevent user intervention on the secured endpoint. Lockdown measures should remain until the device is physically or remotely removed from the system.
Specific USB Devices Whitelisting/Authorization should have auto-detection capability.
Cyber-attacks grow in frequency, stealth and complexity. It's important that IT security personnel select the adequate solucion to fulfill the requirement. Decisive Control requires a tool that can be fully tested within its thought operating environment.
If you have been experiencing trouble with malware and other related issues, or you know that illicit or sensitive files are being shared on your network, it might be time to consider upgrading your Endpoint Security by implementing device control.
USB-Lock-RP Offers a One-stop Solution
USB Lock Remote Protector is specialized device control software used by IT security administrators to protect endpoint systems and data assets from threats posed by the connection of unauthorized USB devices to computer peripheral ports.
Learn more about this straightforward tool unique features and start protecting your network endpoints now. USB Lock RP comes with permanent license and our team support is second to none.
Information contained in your organizations network is a most valuable asset. To protect this value and network integrity operating systems default friendliness to portable storage needs to be controlled.
Use USB Lock RP by Advanced Systems International, USB Lock RP endpoint security software Helps IT managers protect every computer in their network. Comprehensive block or allow capability uses device serial numbers to keep threats away while keeping authorized data transfer as easy as ever.
Get real-time alerts, monitor authorized devices and more. Enjoy control without burdening peripheral equipment. USB Lock RP offers complete up to date removable storage protection, including super speed storage USB, FireWire, and E-Sata interfaces as well as MTP, compact discs, and wireless transmissions.
Personalized with your organization logo USB Lock RP will fit the professional environment you are looking for. Scalability set us apart, The central control provides full functionality from one location.
No matter how many computers your network has USB Lock RP will stand up and protect your data in real-time. Stay secure, ward off threats, and maintain your normal business data flow safe.
USB Lock RP comes with permanent licensing, so put it to the test today!, DOWNLOAD THE DEMO to see USB Lock RP stand up for you.