USB-Defenderâ„¢
The Key to USB Policy Enforcement
The popularity, capacity and virtual invisibility of USB storage
devices has sparked serious concern in the IT community. With
devices the size of a quarter, and capacities measured in gigabytes
it doesn't take much imagination to picture sensitive data walking
out the door.
Couple that scenario with the reality that insider abuse
continues to represent the greatest percentage of security
incidents and you have the makings of a security management
nightmare.
Introducing USB-Defenderâ„¢
With the introduction of USB-Defender TriGeo expands its role as
an endpoint security solution and addresses this emerging threat.
TriGeo has always been unique in the field of Security Information
Management (SIM) because of its focus on correlation and active
response. As a SIM product, TriGeo has a unique perspective on
network activity, and its technology is ideally suited to provide
complete coverage from the perimeter to the endpoint.
USB-Defender is bundled with TriGeo's Windows agent and provides
the critical real-time event traceability needed to identify and
log the use of USB mass storage devices. For many, it comes as a
surprise that this auditing is not a native Windows capability, but
the fact remains that it's only available with the addition of
specialized, and generally expensive, third party software.
With TriGeo's USB-Defender it's now possible to detect USB
device insertion and capture dozens of forensic device details such
as manufacturer, serial number and device capacity. While its data
collection and logging abilities fill a much needed role, the real
power of this solution is in concert with TriGeo's event
correlation and active response or automated remediation
technology.
When combined with TriGeo's event correlation, USB-Defender
represents a powerful new weapon against the insider threat. It's
now possible to track USB activity and construct rules to detect
unauthorized use, notify IT personnel or even completely disable
the device.
TriGeo's flexible correlation rule builder makes it simple to
build multiple event correlations and pair them with a variety of
notification and active response options. A simple rule can detect
the insertion of a USB mass storage device, correlate the device's
serial number with an approved list, and map the device to the user
account. Unauthorized devices, users or inappropriate use can
trigger any number of defensive actions and notifications.
Active Network Defense
TriGeo's arsenal of active responses include the ability to
"eject" the device, or take broader actions such as disabling the
user account or even quarantining the workstation to prevent
information leakage or worm propagation.
USB-Defender will play a vital role in securing the enterprise.
In fact, within the financial and healthcare industries there are
already reports of auditors seeking assurances that these
organizations are taking steps to secure this vulnerability. With
TriGeo and USB-Defender you'll have the tools to build and enforce
your endpoint security policies.
