Safend Protector Locks Down Network Data

Safend, a Philadelphia-based endpoint security software developer, has the answer for network security guards. The recently released Safend Protector is a software-based security product that provides the “locks” to prevent data from moving about in an unauthorized fashion and secures all endpoints in a network. (Endpoints consist of floppy drives, USB ports, FireWire ports, etc.) Disabling the endpoints not only prevents data from being removed from a system, but also prevents spyware and viruses from entering the network.

Securing an endpoint is a two-step process. First, an assessment is conducted to locate system vulnerabilites. Second, granular control policies need to be pushed down to each system.

Safend Protector meets both of those needs. The company offers a free evaluation version of its USB auditor product, which scans all systems to see what devices are connected. With that information, solution providers can build a business case for securing the endpoints, which is where Safend Protector comes in.

Safend Protector integrates with Active Directory to control local machine access via group policies. Once installed, the product presents administrators with the tools to define policies for device control. All control activity takes place via a management console, which clearly shows what policies are in place. Local PC control is handled by a small client package, which is pushed down to each PC via a policy command.

Safend Protector can completely control almost any endpoint. The product enforces policies to control the usage of USB, PCMCIA, FireWire, serial, parallel, Wi-Fi, IrDA and Bluetooth ports. If necessary, any of these ports can be shut off as if they never existed in the first place. The product also offers additional flexibility by including a method to apply policies to individual devices on a port. In other words, an administrator can block all ports and devices on a client PC, except for communications via Bluetooth to a phone or a USB port to use a security dongle.

That same granularity can be extended to storage devices. Administrators can define policies that allow read-only access to a USB storage device or limits the size and type of a file transfer.

Safend Protector also includes complete logging. All attempts to access a port—both blocked and unblocked—are stored in a log file, and administrators can build comprehensive reports from those log files. These reports can be used as part of an auditing process to meet legislative directives, such as HIPAA or Sarbanes-Oxley.

For those solution providers looking to build Safend Protector into a managed service, the report capabilities offer an added significance, the report data can be used to generate billing information for a fee based upon the number of endpoints protected or can be used to drive additional revenue by building a business case for a complete security audit.

Safend offers partners a basic channel plan with two tiers. The tiers are determined by sales and expertise. Interested VARs should have no trouble meeting the minimum requirements to participate. Authorized partners can expect margins ranging from 25 percent to 40 percent, and there are no costs to join the channel program.

Safend offers weekly training seminars and direct support to all authorized partners. Partners also have access to a dedicated Web portal for additional support and sales information.

Although Safend&s channel program is a little on the light side, all of the basic requirements are covered. The real star, however, is the product itself because Safend Protector offers the capabilities to become a significant element of an overall security solution.