Endpoint Security


The USB and endpoint security solution Security.Desk helps to permanently secure external hardware interfaces, monitors mobile storage and Internet protocols and helps you to successfully close security gaps. It goes far beyond the possibilities of add-ons of common virus protection solutions or onboard equipment of the manufacturers.


Protects data and networks against
data theft or importation
from viruses and Trojans via removable media


Automatically detects when a flash memory, smartphone or digital camera is connected to a PC via USB or FireWire or when a CD or SD memory card is inserted, and monitors all hardware interfaces and Internet protocols on the end device


Mobile memory on thin clients in Windows Terminal Server or CITRIX environments can also be monitored

Security.Desk is the leader in granular protection of clients in the network against unauthorized and uncontrolled use of mobile storage devices (USB sticks, memory cards, smartphones, cameras, etc.) and data transfers.

In addition, Security.Desk supports you by:

    • preventing uncontrolled data flow,
    • logging file movements,
    • making files unreadable to third parties,
    • preventing the execution of unwanted programs or
    • not allowing the ingress of external hazards.

Security.Desk consists of a central administration console, which is used by the responsible employees for configuration, and agents, which run on the clients to be secured or the terminal server and implement the policies defined in the management tool there.

Monitoring of all interfaces

  • Security.Desk monitors all hardware interfaces and internet protocols on the end device
  • The software monitors all hardware interfaces and Internet protocols (e.g. http, ftp, …) on the end device
  • Security Desk automatically detects when a flash memory, smartphone or digital camera is connected to a PC via USB or FireWire or when a CD or SD memory card is inserted
  • You specify what has to be done: Is the data transfer completely blocked? Is the logged-in user allowed to use the contained data, only view it or only access certain file types? In addition, you have the option, for example, to only allow encrypted writing on the data carriers

File logs and reporting

    • File logs help track which employee on a PC has exchanged and used data with a mobile storage device
    • This control can be broken down to the level of allowed files and file types if the works council agrees
    • The reporting provides an up-to-date overview of the use of e.g. external storage media per user and computer in the network
    • In addition, it informs about the actions of your users at the interfaces of the end devices by email

Interactive dashboard

  • Which of your clients are protected? Were suspicious actions performed?
    If so, where and by whom? The dashboard shows the current status of endpoint security in the network at a glance
  • It provides detailed analysis capabilities via KPIs for mobile memory usage and file movement
  • Pie and bar charts inform about the protection status of the clients
  • Includes various histories of mobile memory usage and file movement
  • Intuitive drill-down options improve the analysis of hazard potentials
  • Prefiltered standard reports can be called directly from the dashboard

Granular approval of rights

  • Assign rights: for user, group or computer level, so different rights can be assigned to each individual computer, user, group or OU for each interface type
  • Rights hierarchy: allows exceptions to policies on multiple levels
  • Individual restriction possibilities: Interfaces can be assigned the following rights in each hierarchy level: everything allowed, read only, not write, everything forbidden
  • Other individual configuration options: Allows e.g. the use of individual devices (by ID) or device types despite prohibition

Manipulation security

  • The security service on the target clients cannot be influenced or stopped by the local administrator

Temporary releases

  • With Security.Desk, mobile users can also be granted temporary user rights for the interfaces on their notebooks via remote code activation, even if the notebooks are disconnected from the network

File encryption

  • Files can be encrypted using the AES procedure
  • You can easily encrypt or decrypt one or more files with FCS CryptMe! via the context menu of the Windows Explorer

Protection from BadUSB

  • BadUSBs secretly log on to the computer as mouse, keyboard or network card and then allow remote control or external use of the infected systems
  • If it is a manipulated USB stick that pretends to be a keyboard or mouse, the user can block it directly

Block release of certain storage media or file types
and prevent software applications:

White list:

White list devices/device types: The white list allows the use of individual devices (by ID) or device types despite prohibition. You control individually whether only a specific device with serial number or a specific device type is to be released. You can define a white list per organizational unit, per group, per user and globally.

Black list:

Black list software: The Black list software prohibits the execution of certain software (e.g.: Microsoft Internet Explorer).
Black list file types: The Black list file types prohibits reading / copying certain file types (e.g.: .doc, .jpg, .exe, etc.) from and / or writing to removable storage.

  Additional modules

Active Directory Loader

Makes the transfer of clients from the AD to Security.Desk much more comfortable and easier.

Network protocol

File protocol for all common Internet protocols.

Terminal Server

Monitors file movements of local drives on thin clients in remote sessions of Windows Terminal Server, Windows Server 2016 RDS, Citrix MetaFrame or Citrix XenApp.

Large company? Complex network?

Security.Desk Enterprise Edition: Active Directory Loader

Import OUs and groups, assign clients automatically, allocate access rights by units and log on with Single Sign On.

With the Enterprise Edition, Security.Desk is directly connected to the Active Directory. Different profiles for the transfer of OUs and groups from the Active Directory can be defined easily and conveniently. A time control enables a periodic comparison of the Active Directory with Security.Desk. New clients are automatically assigned to the appropriate profile (e.g. a location or a department). From the OU structure in the Active Directory, the system optionally creates groups in the manager tree.
The coupling with the Active Directory enables the Single Sign On for Security Desk Admins and facilitates the assignment of rights on an AD basis as well as the faster retrieval of certain groups and OUs in the Active Directory. The access rules via interfaces on PCs and/or thin clients in complex company structures can thus be managed much more effectively centrally and decentrally. If your company expands, your security also needs to expand – Security.Desk 7 is your most reliable employee when it comes to endpoint security!

With this module, clients, OUs and groups can be imported from the Active Directory and clients automatically assigned to them.

Security.Desk as an Intrusion Prevention System (IPS)

Security Desk detects attacks on networks and computer systems, it can take automatic defensive measures and offers additional protection to traditional firewalls.

In daily use, the administrators set the behavior of the agents running on the clients via their central administration console (Security.Desk). The status of the security services is extensively processed in the dashboard.

Besides e-mails and infected programs, USB sticks are probably one of the most important ways to distribute malware. But they can not only bring malware to computers, but they can also get lost. If official data is on the external data carriers, it can easily fall into the wrong hands.

  • Security.Desk controls the USB port. If an unencrypted stick is inserted into the port, you now have the option to encrypt the data contained on it with CryptMe. The data can also only be decrypted with CryptMe.
  • Every single computer, user, group or OU can be assigned different rights per interface type. The level “Everyone” corresponds to the company guidelines and applies, if no exceptions apply at higher hierarchical levels.
  • The rights assignment of Security.Desk is very individual, there is a rights hierarchy, which allows exceptions on several levels. The rights of the higher level beat those of the lower levels.

Individual restriction options

  • The interfaces can be assigned the following rights at any hierarchy level:
  • anything allowed
  • read only, not write
  • all forbidden
  • A file log can also be activated which shows when which file was copied from / to removable storage.

Other individual configuration options

  • The “White list” allows the use of individual devices (by ID) or device types despite prohibition.
  • The “Black list” for software prohibits the execution of certain software (e.g.: Microsoft Internet Explorer).
  • The “Black list” for file types prohibits reading / copying certain file types (e.g.: .doc, .jpg, .exe, etc.) from and / or writing to removable storage. It can be inverted at the push of a button so that e.g. only reading/executing certain file types is allowed.

Interface monitoring, BadUSB monitoring, alerts for monitored interfaces, extensive reporting, terminal server file protocol, network logging* as well as URL filter and data encryption are part of the scope of services of Security.Desk.

* Additional module

  • Proactive monitoring technology through white and black lists
  • Definition of forbidden applications by means of black list
  • Continual analysis of the executed applications
  • The use of USB sticks, modems, Bluetooth and IrDA components as well as floppy disks and similar on the client is monitored
  • The rights assignment also controls which access rights users of such devices have, whether the data on them should be encrypted and which file types may be transferred at all
  • Responsible employees are always aware of what is going on in their network
  • The monitoring is done just like the configuration via the dashboard and via lists of clients and their status
  • Real-time monitoring, logging and logging functions are possible
  • Reports are automatically sent by e-mail to the responsible employees and provide information about the action triggered by each defined rule
  • Filter functions allow fast and efficient searching of protocol entries

Test Security.Desk for free or purchase it directly

As your business expands, so does your security need – Security.Desk 7 is your most reliable partner when it comes to endpoint security! The price of Security.Desk depends on the number of clients to be monitored and then which additional modules are to be used.

Already from 8,00 Euro per client


Start typing and press Enter to search