Review: Plugging All The Holes

Today's desktop and notebook computers offer excellent options for sharing data with colleagues, especially with the abundance of ports available on the systems. It's not uncommon to find multiple USB or FireWire ports on a typical PC.

But while great for connectivity, the ports also make it all too easy to connect unauthorized devices and steal data. Most anyone can walk up to a network PC and plug in a USB key drive.What's worse, the PC user many never know the system was compromised.

As with most security problems, the solution comes in the form of control. Safend, a Philadelphia-based company that specializes in controlling end points, offers a full-featured solution with its Safend Protector 3.1, an application that is designed to control all end points on a network. It monitors realtime traffic and applies customized, highly granular security policies to all physical, wireless and storage interfaces.

CRN Test Center engineers installed the product on a Windows Server 2003 system that was configured with Active Directory and connected to a network of five Windows XP-based PCs. We found installation easy with a setup wizard guiding most of the tasks.

Solution providers will find the product offers control over physical interfaces such as USB, FireWire, PCMCIA, secure digital, parallel, serial and modem connections. Pretty much any physical connection can be controlled using the product.

Safend also offers complete control over storage devices, including CD/DVD drives, removable media and tape drives. The final piece of the puzzle comes from the product's ability to control wireless communications, such as Bluetooth, Wi-Fi and infrared.

Combining control of physical ports, storage and wireless interfaces brings full end-point security to any system on the network. The software also encrypts data to keep everything safe from prying eyes and packet sniffers.

The product is built around three primary components: the Protector Management Server, Protector Client and Protector Management Console.

The Protector Management Server is a self-managed application that stores policies and is accessed via IIS. The server also collects logs from clients, enables client management and communicates with Active Directory for policy distribution. The Protector Client protects and monitors the end points in the organization and reports on port activity. The Protector Management Console gives administrators the ability to manage clients, define policies, view logs and administer the system.

Test Center engineers were able to access the Protector Management Console from systems both inside and outside the network. The console interface and policy wizards proved to be very easy to work with, although a good understanding of policy impact is needed to effectively control user access.

Test Center engineers found that Safend further eases use by incorporating calls to Active Directory into the console, avoiding the need for two separate consoles. That proves to be a real time-saver.

The ability to control access to data is achieved by pairing Safend's policies with the product's control of the IP stack. Solution providers create granular policies to control who can do what with the data on the network. Those policies are used to control a client application running on the end-point system. That client application works at the kernel level and acts as a protocol inspection engine that analyzes in realtime all inbound and outbound communication interfaces for a given device. The engine examines all seven protocol layers—from the physical to the application layer.

NEXT: The Bottom LineThe benefit of using a kernel-layer approach is that the greatest level of security is provided. The client operates just above the hardware stack, making it virtually impossible to bypass policies and connect unauthorized devices.

Test Center engineers were unable to compromise the product's ability to protect end points. What's more, we discovered that the product effectively detects and stops hardware-based keystroke loggers along with software-based key capture utilities, eliminating another potential point of data leakage from the end point.

Another major plus is the product's ability to encrypt data on a USB drive. If an organization wants to allow sensitive data to be transported via a USB key drive, then a policy can be created that encrypts the copied data, allowing only users with applicable rights to read it. That feature extends end-point security to portable storage media.

The product offers formidable wireless control and allows administrators to define policies based upon MAC addresses, SSID and network security levels.

Test Center engineers found that installing Safend Protector on the server was easy. Because the software integrates with Active Directory, pushing the client application down to PCs is a snap. Administrators use the product's browser-based console to manage the network-attached PCs, and several wizards are available to ease installation and setup.

The product's major strength comes from the policy definition capabilities. Safend offers policy control that uses role-based access while simultaneously prohibiting multiple networking protocols.

While both installation and policy definition is easily accomplished, there is still ample room for solution providers to build services around the product. Solution providers can not only guide users in understanding how policies affect computing environments, but Safend creates auditing and other security service opportunities. If an audit uncovers a weakness, VARs can use Safend Protector to create a policy that mitigates it.

The product offers comprehensive logs, which makes auditing that much easier. Those logs can be used to determine ROI and track access attempts across end points, which helps to validate that the product is working properly.

Safend Protector 3.1 starts at $32 per client device with a minimum of 25 devices. At larger volumes, the price can drop to $13 per device.