You are here: Home > Products > Safend Protector > Overview

 

Navigation

Product Home
   
 
 
   
 

Safend Protector

 

 

What's New in Safend Protector?

Safend Protector's new extended security features and enhanced management and usibility capabilities:

Security Features
Management Features
Compatibility and Localization Features

 

New in Safend Protector


Security Features

  1. Removable Media Encryption
    Unique to the Safend Protector solution is the ability to restrict the usage of encrypted storage devices to company computers by use of encryption. This extends the security borders of organizations and prevents rogue employees from deliberately leaking data through these high-capacity devices.
    •   Stronger Encryption – Safend Protector has been enhanced to encrypt devices using AES of 256 bit key length.
    •   Portable, Agent-less Offline Access Utility - encrypted devices now carry the Offline Access Utility on board, ensuring availability of the encrypted data to the authorized user at all times.
    •   Enhanced Encryption End User Experience - A streamlined wizard guides the user while initializing new devices, setting offline access passwords and removing encryption from device. Support for automatic backup/restore to maintain the existing data while initializing encrypted devices.
  2. File Type Control
    This feature provides an additional layer of granularity and security by inspecting files for their type as they are transferred to/from external storage devices. This technology allows for highly reliable classification of files by inspecting the file header contents rather than using file extensions, thus preventing users from easily bypassing the protection by renaming file extensions. With over 180 built-in file extensions covering all popular applications categorized into 14 file categories, policy definition has never been easier.
  3. File Name Logging
    Enables administrators to monitor not only what storage devices were in use, but also what files were copied to and from these devices.
    This feature provides an audit trail of the data transferred in and out of the organization, and is key to analyzing security incidents and tracking potential abuse of portable storage devices. File name logging enhances the visibility of organizational data flow, as well as helping organizations achieve compliance with security regulations.
    Administrators can now create security policies that do not restrict device usage, yet allow full visibility of the activity and content transferred to removable media.
  4. Track Offline Usage of Encrypted Devices
    Safend Protector provides administrators with improved visibility on the usage of encrypted devices outside the organization. With this unique feature, every offline access to an encrypted device is tracked, providing a comprehensive log of each file transfer to/from this device. With this powerful log, administrators can audit users' actions even on non-company computers, in order to validate legitimate use of corporate data.
  5. Granular WiFi Network Control
    With WiFi ports now a standard in most enterprise PCs, it is critical to avoid malicious or accidental exposure of company assets through uncontrolled connections. Safend Protector enables administrators to enforce secure use of WiFi networks by controlling whether end users may use WiFi altogether, which networks they are allowed to connect to, and how. This new feature ensures that users are only connecting to secure WiFi networks, as defined by security administrators.
    Safend Protector's granular WiFi controls are based on the MAC address of the access points, network SSID, authentication method, encryption methods, and control the use of Ad-Hoc networks.
  6. CD/DVD Media White Lists
    Safend Protector includes the ability to white-list specific CD/DVD media, providing better control of the usage of CD/DVD drives. This mechanism computes a unique fingerprint identifying the data on each medium. Any change made to the data on the medium will revoke its fingerprint, and in turn remove the medium from the white list.
  7. Hybrid Network Bridging Prevention
    With so many networking options available via endpoints, each endpoint in the organization can become an uncontrolled gateway into the corporate network, granting potential hackers access to confidential data. With Safend Protector administrators can block access to WiFi, Bluetooth, Modems or IrDA links while the PC is connected to the wired corporate LAN, preventing inadvertent or intentional network bridging (such as WiFi bridging and 3G-card bridging).
  8. Internal Ports
    This feature extends the reach of Safend Protector beyond external peripherals to include devices connected to the internal computer ports. Internal ports include storage busses such as IDE, SCSI, ATA and S-ATA, which are used to connect internal hard disk drives as well as PCI and PCI-X which cater to devices such as modems and network cards.
  9. Protection against Hardware Keyloggers
    Hardware keyloggers are devices capable of recording keystrokes - leaving organizations vulnerable to the threat of password and identity theft.
    Safend Protector is the only solution that blocks both USB and PS/2 keylogger devices, preventing attempts to record your keystrokes.
  10. U3 and Autorun Control
    Safend Protector allows end-users to continue using sophisticated storage devices, while ensuring that endpoints are not exposed to the potential exploits and risky applications that can be part of the devices' U3 and smart storage capabilities.
    Administrators can easily set the security policy to block both U3 and autorun as well as turn smart U3 USB drives into regular USB drives while attached to organization endpoints.
  11. Underlying Protection against Protocol and OS Exploits
    Safend Protector has built-in mechanisms that allow it to overcome and block potential exploits of buffer overflows and other OS and protocol deficiencies.
    The underlying protection engine is designed to ensure only valid protocol usage will be able to pass through the Safend Protector inspection mechanisms, making sure they can only be used as designed.

Management Features

  1. Safend Protector Management Server
    Enhances the Safend Protector system by keeping all of its data in one secure central location and ensuring its proper management. A single server can be used to manage tens of thousand endpoints, and can be accessed through the Safend Protector Management Console.
  2. Safend Protector Management Console
    All management tools are now combined into a single console, which can be installed and run from any computer on the network. The console provides unified management of policies, logs and clients.
  3. Extensive logging and reporting capabilities
    Enables administrators to view and analyze logs collected from endpoints in the organization, both immediately and over time. Additional capabilities include defining and generating custom reports, as well as filtering logs according to specific needs.
  4. Direct Server-to-Endpoint Policy Distribution
    This feature enables automatic distribution of policies from the Management Server to endpoints using the existing SSL infrastructure. To facilitate this, policies are associated to the AD or Novell objects from within the Management Console, as part of the process of defining a policy. With this feature, Safend maintains and strengthens its highly granular policy management with the ability to set policies which are more general (to OUs or Groups) as well as policies which pinpoint the specific user or computer.
  5. Client Management
    Allows administrators to browse client status and check whether they are protected by the latest version of the client, what policy they are using, when they were last updated and more. Tighter client management can be easily achieved by pushing policies and collecting logs at any time, with one click.
  6. Role-Based Access
    Role-based access can be created to the various parts of the system.
  7. Immediate Updates
    A new policy can be pushed to clients without having to wait for the GPO update interval to complete. The new policy becomes effective immediately on all connected clients. In addition, logs that were accumulated by the clients on endpoints can be collected immediately, without having to wait for the log sending interval to complete.
  8. Active-Directory Synchronization
    Logs and clients can be viewed from the native organizational units view, through the organizational tree. The tree is continuously synchronized with Active Directory, to ensure it remains current at all times.
  9. Novell eDirectory Synchronization
    Safend Protector supports full integration with Novell's eDirectory.
  10. Built-In Real-Time Alerts
    Customizable alerts (e. g. e-mail, SNMP and more) to desired destinations.
  11. Suspend Client
    Client operation can be temporarily suspended, without having to uninstall it, even when the endpoint does not have any Internet connection.  This allows access to any device for the duration of the suspension, after which the original policy enforcement is resumed.
  12. Manually Add a Device
    Enables adding an approved device whose parameters (model, distinct ID) are known to your policy manually, without having to detect it with the Auditor first.

Compatibility and Localization Features

  1. Support for Windows Vista
    Safend Protector Client can be installed on Windows Vista endpoints.
  2. Cisco NAC Integration
    Safend Protector's interoperability with Cisco’s leading Network Access Control (NAC) technology, allows administrators to create rules that mandate the presence of Safend Protector Client before the endpoint is allowed on the network.
  3. Check Point OPSEC Certification
    Ensures complete integration and interoperability with Check Point's Secure Virtual Network Architecture.
  4. Microsoft WHQL Certification
    Ensures comprehensive security as well as full compatibility with current and future Windows Operating Systems.
  5. Multilingual
    Safend Protector speaks your language, allowing easier local administration.