Product Group Tests
USB security (2007)
For its flexibility and strong features we award SecureWave's Sanctuary Device Control version 4.1 our Best Buy.
We found that Centennial Software's DeviceWall version 4.5 really shines thanks to its simple deployment, easy manageability, and loads of features. For this reason, we give it our Recommended award.
Full Group Summary
Many entries in this category go way beyond the job they were originally designed for. Some even offer complete endpoint security solutions. Peter Stephenson rounds up a mixed bunch.
When we started looking at USB security products, we actually had no idea what we would find. Vendors of many types of products, from those that protect USB ports to those that look after data at USB ports presented their wares. As you might expect, we found something interesting in all of the sub-categories.
The most obvious types of USB security products, at least in the enterprise environment, are those that allow direct management of the USB ports on enterprise computers. What we found here was that most competent products don't limit themselves to USB ports.
The category of USB security, in this case, has morphed with the older category of endpoint security into a new and more useful product group that has more in common with endpoint security than with simple USB management.
That said, the level of sophistication regarding what can be managed and what data is allowed on the managed endpoints has increased markedly from the last time we looked at this type of product (June 2006). One notable product, for example, can select allowed or disallowed devices by manufacturer. This is a useful feature for identifying rogue connections.
Virtually all test subjects could turn ports on or off, but a major improvement in general this year is the increased granularity with which products can be managed. It is not uncommon for solutions to allow individual and group policies, for example. Another improvement is the ease of creating policies. Some products had extremely simple policy creation tools that, while simple to use, were also powerful.
When you are looking for a solution of this type, be sure you know what you want to do with it. For example, we saw at least one product that would not let you save data to a USB memory stick without encrypting it first. If you are going to allow memory sticks in USB ports, this would be a good tool to have.
On the other end of the feature spectrum, we came across otherwise excellent products that lacked the useful utilities for application in an enterprise. What good, for instance, is a product for the enterprise that does not have centralised management?
In addition to products that control the endpoints, we had a few that use endpoints. In this regard, we saw encrypting memory sticks. This is an important issue for virtually all organisations because today's mobile workforce needs to have a way to transport data that is allowed to move between desktop and laptop.
However, when that data moves, there is a strong likelihood that it will sit unencrypted on the laptop, inviting the types of thefts of personal identifiable information that have become the rule rather than the exception lately. A far better approach is to save the sensitive data to an encrypted thumb drive and access it from there. That way, if the thumb drive gets lost, the data still is safe. We viewed that, for the purposes of this group review, as a form of endpoint security.
With that in mind, we are continuing our trend towards taking a holistic view of product categories. We are at the beginnings of one of those rare periods of innovation in information security where new product categories are emerging and old categories are combining. What was once obvious is no longer. The old definitions of some product groups are falling away and it remains to be seen how they will recombine into new categories that address current security challenges.
How we tested
Our testing for this group review depended upon the type of product we were looking at. At minimum, we tested each product to ensure that it met its advertised specs and capabilities. Then we looked for ease of configuration, policy development, and applicability to the enterprise. We assessed the solution's features compared to what we would expect for a product of its type. Finally, we examined such things as reporting, alerting and notification to users of policy violations. For the encrypted thumb drives, we performed some simple encryption tests and forensic examination of the media to see if they could be compromised easily.
The bottom line for this group was that there are ways - with improved functionality and granularity over the past year - to manage what is and what is not allowed at the endpoints of the enterprise, especially relating to the USB ports and the data that may be accessible through them.