August 24, 2004
GFI releases new product to enable network-wide control of portable storage devices
GFI today announced the release of GFI LANguard Portable Storage Control (P.S.C.), a new network security product that can prevent unauthorized users from taking information from the network or introducing malware via USB (Universal Serial Bus) sticks and other removable media (floppy, CD). It also allows administrators to control the connection of devices that can register storage in Windows, such as iPods, smartphones, digital cameras and handhelds.
The need to control entry and exit of data via USB sticks and other devices
Companies are investing heavily in network antivirus software, firewalls, email and web content security. Yet, in most companies, any user at the office can plug in a USB stick the size of the average keychain and take in/out 1GB of data. This poses a tremendous threat: Users can take confidential data that they have access to, or they can introduce viruses, Trojans, illegal software and more – actions that can severely affect an organization and its network. Yet, companies have no way of controlling this.
A serious new threat to businesses
In the 2003 CSI/FBI Computer Crime and Security Survey, 80% of all respondents cited insider abuse of network access as a most pressing security concern for companies. The survey also showed that theft of proprietary information caused the greatest financial loss to companies (totaling over $70m in one year) and disgruntled employees are the most likely source of attack for companies.
Technology analyst Gartner warns that portable devices containing a USB or FireWire connection are a serious new threat to businesses. In a July 2004 report, Gartner named portable storage devices as a significant security risk in the workplace and advised that these can be used both to download confidential data, and also to introduce a virus into the company network. Gartner’s report listed pocket-sized hard drives that connect using FireWire or USB hard drive or keychain drive, disk-based MP3 players such as the iPod, and digital cameras with smart media cards, memory sticks, compact flash and other memory media as potential security threats.
“Companies are underestimating the danger of the uncontrolled use of USB sticks and removable media at work. Apart from the obvious issue of unauthorized exit of data, there is the problem that users can bring in dangerous viruses and Trojans,” said Nick Galea, GFI CEO.
How GFI LANguard P.S.C. works
GFI LANguard P.S.C. offers administrators network-wide control of which users can plug in a USB or other removable storage device and access CDs and floppies. To do so, it installs a small footprint agent on the user’s machine. This agent is only 1.2MB in size – the user will never know it is there. GFI LANguard P.S.C. includes a remote deployment tool, allowing administrators to deploy the agent to hundreds of machines with just a few clicks. After installation, the agent queries Active Directory when the user logs on and sets permissions to removable storage accordingly. If the user is not a member of a group that is permitted access, then access to the device/CD/floppy is denied.
Controls access to all types of USB sticks, SD cards (digital cameras), IPODs/MP3 players and more
USB sticks are a key threat as they are small, easily hidden and can store up to 1GB of data. GFI LANguard P.S.C. recognizes all USB sticks. In addition, it can control access to any device that can be mounted as a hard disk (whether accessed via USB, FireWire, etc.). For example, plugging a digital camera into a USB port gives users access to storage on an SD card. SD cards are available in several sizes including 512MB and over.
Controls access to CDs and floppies
With GFI LANguard P.S.C., administrators can centrally disable users from reading or writing data to/from a CD or floppy. This way, normal users can be prevented from introducing data that could be harmful to the network, such as viruses, Trojans and other malware.
Easy configuration of users who can have access, via Active Directory
To grant a user access to any one or all three of the devices, the administrator must simply make that user a member of pre-defined Active Directory groups for each of the three types of devices. An entire department can also be made a member of the group, for instance. Other storage control software requires cumbersome per-machine administration, forcing administrators to make the changes on a per-machine basis and update the configuration on each machine before the settings can take effect. By contrast, configuration of GFI LANguard P.S.C. is effortless and leverages the power of Active Directory.
Pricing and availability
GFI LANguard P.S.C. is available from distributors around the world or online at the GFI website (http://www.gfi.com). It is highly cost-effective with prices starting at US$295 to monitor up to 25 computers; a version for up to 100 computers costs $495. For more information and to download the product, one can visit http://www.gfi.com/lanpsc/.
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.