|
|
|
 |
|
Security Features
|
- Safend Media Encryption
Safend Media Encryption ensures that corporate assets are protected from both accidental data loss and deliberate leakage. Administrators can mandate the automatic encryption of all data being transferred off the organization's endpoints to approved removable media devices such as USB flash drives, Disk on Keys, memory sticks and SD cards. Within the organization, the automatic media encryption is completely transparent. Outside of the organizational network, authorized users (only) can access the data by employing Safend's unique "Home Decryption Utility".
- Protection against Hardware Keyloggers
Hardware keyloggers are devices capable of recording keystrokes - leaving organizations vulnerable to the threat of password and identity theft.
Safend Protector is the only solution that blocks both USB and PS/2 keylogger devices, preventing attempts to record your keystrokes.
- Hybrid Network Bridging Prevention
With so many networking options available via endpoints, each endpoint in the organization can become an uncontrolled gateway into the corporate network, granting potential hackers access to confidential data. With Safend Protector administrators can block access to WiFi, Bluetooth, Modems or IrDA links while the PC is connected to the wired corporate LAN, preventing inadvertent or intentional network bridging (such as WiFi bridging and 3G-card bridging).
- Granular WiFi Network Control
With WiFi ports now a standard in most enterprise PCs, it is critical to avoid malicious or accidental exposure of company assets through uncontrolled connections. Safend Protector enables administrators to enforce secure use of WiFi networks by controlling whether end users may use WiFi altogether, which networks they are allowed to connect to, and how. This new feature ensures that users are only connecting to secure WiFi networks, as defined by security administrators.
Safend Protector's granular WiFi controls are based on the MAC address of the access points, network SSID, authentication method, encryption methods, and control the use of Ad-Hoc networks.
- U3 and Autorun Control
Safend Protector allows end-users to continue using sophisticated storage devices, while ensuring that endpoints are not exposed to the potential exploits and risky applications that can be part of the devices' U3 and smart storage capabilities.
Administrators can easily set the security policy to block both U3 and autorun as well as turn smart U3 USB drives into regular USB drives while attached to organization endpoints.
- File Name Logging
Enables administrators to monitor not only what storage devices were in use, but also what files were copied to and from these devices.
This feature provides an audit trail of the data transferred in and out of the organization, and is key to analyzing security incidents and tracking potential abuse of portable storage devices. File name logging enhances the visibility of organizational data flow, as well as helping organizations achieve compliance with security regulations.
Administrators can now create security policies that do not restrict device usage, yet allow full visibility of the activity and content transferred to removable media.
- Underlying Protection against Protocol and OS Exploits
Safend Protector has built-in mechanisms that allow it to overcome and block potential exploits of buffer overflows and other OS and protocol deficiencies.
The underlying protection engine is designed to ensure only valid protocol usage will be able to pass through the Safend Protector inspection mechanisms, making sure they can only be used as designed.
|
|
|
Management Features
|
- Safend Protector Management Server
Enhances the Safend Protector system by keeping all of its data in one secure central location and ensuring its proper management. A single server can be used to manage tens of thousand endpoints, and can be accessed through the Safend Protector Management Console.
- Safend Protector Management Console
All management tools are now combined into a single console, which can be installed and run from any computer on the network. The console provides unified management of policies, logs and clients.
- Extensive logging and reporting capabilities
Enables administrators to view and analyze logs collected from endpoints in the organization, both immediately and over time. Additional capabilities include defining and generating custom reports, as well as filtering logs according to specific needs.
- Client Management
Allows administrators to browse client status and check whether they are protected by the latest version of the client, what policy they are using, when they were last updated and more. Tighter client management can be easily achieved by pushing policies and collecting logs at any time, with one click.
- Role-Based Access
Role-based access can be created to the various parts of the system.
- Immediate Updates
A new policy can be pushed to clients without having to wait for the GPO update interval to complete. The new policy becomes effective immediately on all connected clients. In addition, logs that were accumulated by the clients on endpoints can be collected immediately, without having to wait for the log sending interval to complete.
- Active-Directory Synchronization
Logs and clients can be viewed from the native organizational units view, through the organizational tree. The tree is continuously synchronized with Active Directory, to ensure it remains current at all times.
- Built-In Real-Time Alerts
Customizable alerts (e. g. e-mail, SNMP and more) to desired destinations.
- Suspend Client
Client operation can be temporarily suspended, without having to uninstall it, even when the endpoint does not have any Internet connection. This allows access to any device for the duration of the suspension, after which the original policy enforcement is resumed.
- Manually Add a Device
Enables adding an approved device whose parameters (model, distinct ID) are known to your policy manually, without having to detect it with the Auditor first.
|
|
|
Compatibility and Localization Features
|
- Cisco NAC Integration
Safend Protector’s interoperability with Cisco’s leading Network Access Control (NAC) technology, allows administrators to create rules that mandate the presence of Safend Protector Client before the endpoint is allowed on the network.
- Check Point OPSEC Certification
Ensures complete integration and interoperability with Check Point's Secure Virtual Network Architecture.
- Microsoft WHQL Certification
Ensures comprehensive security as well as full compatibility with current and future Windows Operating Systems.
- Multilingual
Safend Protector speaks your language, allowing easier local administration.
|
|
|
Continue to next page »
|
|
|
|
