Endpoint Security

Do you have a sufficient security strategy for your company data?
Security.Desk monitors the hardware interfaces of your clients, controls mobile storage
and prevents unauthorized data transfer.

The USB and endpoint security solution Security.Desk helps to permanently secure external hardware interfaces, monitors mobile storage and Internet protocols and supports you in successfully closing security gaps. It goes far beyond the possibilities of ad-ons of virus protection solutions or on-board resources of the manufacturers.


Protects data and networks against
Data theft or importation
from viruses and Trojans via removable media


Encognises automatically when e.g. a flash memory or smartphone is connected via USB or an SD memory card is inserted and monitors all hardware interfaces and Internet protocols on the end device


Mobile memory on thin clients in Windows Terminal Server or CITRIX environments can also be monitored

Security.Desk is the leader in granular protection of clients in the network against unauthorized and uncontrolled use of mobile storage devices (USB sticks, memory cards, smartphones, cameras, etc.) and data transfers.

In addition, Security.Desk supports you by providing the solution:

  • uncontrolled data flow prevented,
  • File movements logged,
  • makes files unreadable to third parties,
  • prevents the execution of unwanted programs or
  • not allowing the ingress of external hazards.

Endpoints form the link between users and the IT in the company. They must therefore be given special protection.
In order to reduce the high risk potential due to conscious misconduct, it helps to implement an effective endpoint security.

Security risks are, among others

  • Uncovered or poorly secured endpoints
  • Wrong use, lack of user awareness
  • Premeditated user error

Potential sources of danger in practice:

  • A departing employee copies sensitive customer data to a removable storage device and uses it for his new employer – your competitor…
  • A careless employee inserts his own USB stick into his company PC – unfortunately there is an undetected virus on it…
  • A careless employee loses a company-owned USB stick – the data stored on it is not encrypted…

Security.Desk consists of a central administration console, which is used by the responsible employees for configuration, and agents, which run on the clients to be secured or the terminal server and implement the policies defined in the management tool there.

Monitoring of all interfaces

  • Security.Desk monitors all hardware interfaces and Internet protocols on the end device
  • Security Desk automatically detects when a flash memory, smartphone or digital camera is connected to a PC via USB or FireWire or when a CD or SD memory card is inserted
  • You specify what has to be done: Is the data transfer completely blocked? Is the logged-in user allowed to use the contained data, only view it or only access certain file types? In addition, you have the option, for example, to only allow encrypted writing on the data carriers

File logs and reporting

    • File logs help track which employee on a PC has exchanged and used data with a mobile storage device
    • This control can be broken down to the level of allowed files and file types, if the works council agrees
    • The reporting provides an up-to-date overview of the use of e.g. external storage media per user and computer in the network
    • In addition, it informs about the actions of your users at the interfaces of the end devices by email

Interactive dashboard

  • The dashboard shows the current status of endpoint security in the network at a glance
  • It provides detailed analysis capabilities via KPIs for mobile memory usage and file movement
  • Cake and bar graphs inform about protection status of the clients
  • Intuitive drilldown options improve the analysis of hazard potentials
  • Prefiltered standard reports can be called directly from the dashboard

Granular approval of rights

  • Assign rights: at user, group or computer level, so different rights can be assigned to each individual computer, user, group or OU for each interface type
  • Rights hierarchy: allows exceptions to policies on multiple levels
  • Individual restriction possibilities: Interfaces can be assigned the following rights in each hierarchy level: everything allowed, read only, not write, everything forbidden
  • Other individual configuration options: Allows e.g. the use of individual devices (by ID) or device types despite prohibition

Manipulation security

  • The security service on the target clients cannot be influenced or stopped by the local administrator

Temporary releases

  • With Security.Desk, mobile users can also be granted temporary user rights for the interfaces on their notebooks via remote code activation, even if the notebooks are disconnected from the network

File encryption

  • Files can be encrypted using the AES procedure
  • You can easily encrypt or decrypt one or more files with FCS CryptMe! via the context menu of the Windows Explorer

Protection from BadUSB

  • BadUSBs secretly log on to the computer as mouse, keyboard or network card and then allow remote control or external use of the infected systems
  • If it is a manipulated USB stick that pretends to be a keyboard or mouse, the user can block it directly

Block release of certain storage media or file types
and prevent software applications:

White list:

  • White list Devices/device types: The white list allows the use of individual devices (by ID) or device types despite prohibition. You control individually whether only a specific device with serial number or a specific device type is to be released. You can define a white list per organizational unit, per group, per user and globally.

Black list:

  • Black list software: The Black list software prohibits the execution of certain software (e.g.: Microsoft Internet Explorer).
  • Black list file types: The Black list file types prohibits reading / copying certain file types (e.g.: .doc, .jpg, .exe, etc.) from and / or writing to removable storage.

  Additional modules

Active Directory Loader

Makes the transfer of clients from the AD to Security.Desk much more comfortable and easier.

Terminal Server

Monitors file movements of local drives on thin clients in remote sessions of Windows Terminal Server, Windows Server 2016 RDS, Citrix MetaFrame or Citrix XenApp.

Network protocol

File protocol for all common Internet protocols.

Security.Desk as an Intrusion Prevention System (IPS)

Security Desk detects attacks on networks and computer systems, can take automatic defensive measures and offers additional protection to traditional firewalls.

In daily use, the administrators set the behavior of the agents running on the clients via their central administration console (Security.Desk). The status of the security services is extensively processed in the dashboard.

Besides e-mails and infected programs, USB sticks are probably one of the most important ways to distribute malware. But they can not only bring malware to computers, but they can also get lost. If official data is then on the external data carriers, it can easily fall into the wrong hands.

  • Security.Desk controls the USB port. If an unencrypted stick is inserted into the port, you now have the option to encrypt the data contained on it with CryptMe. The data can also only be decrypted with CryptMe.
  • Each single computer, user, group or OU can be assigned different rights per interface type . The level “Everyone” corresponds to the company guidelines and applies, should no exceptions apply at higher hierarchical levels.
  • The rights assignment of Security.Deks is very individual, there is a rights hierarchy, which allows exceptions on several levels. The rights of the higher level beat those of the lower levels.

Other individual configuration options

  • The “White list” allows the use of individual devices (by ID) or device types despite prohibition.
  • The “Black list” for software prohibits the execution of certain software (e.g.: Microsoft Internet Explorer).
  • The “Black list” for file types prohibits reading / copying certain file types (e.g.: .doc, .jpg, .exe, etc.) from and / or writing to removable storage. It can be inverted at the push of a button so that e.g. only reading/executing certain file types is allowed.
Individual restriction options
  • The interfaces can be assigned the following rights at any hierarchy level:
  • anything allowed
  • read only, not write
  • all forbidden
  • A file log can also be activated which shows when which file was copied from / to removable storage.

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Interface monitoring, BadUSB monitoring, alerts for monitored interfaces, comprehensive reporting, terminal server file protocol*, network logging* as well as URL filters and data encryption are all part of Security. Desk’s scope of services.

* Additional module

  • Proactive monitoring technology through white and blacklists
  • Definition of forbidden applications by means of black list
  • Continual analysis of the executed applications
  • The use of USB sticks, modems, Bluetooth and IrDA components as well as floppy disks and the like on the client is monitored
  • The rights assignment also controls which access rights users of such devices have, whether the data on them should be encrypted and which file types may be transferred at all
  • Responsible employees are always aware of what is going on in their network
  • The monitoring is done just like the configuration via the dashboard and via lists of clients and their status
  • Real-time monitoring, logging and logging functions are possible
  • Reports are automatically sent by e-mail to the responsible employees and provide information about the action triggered by each defined rule
  • Filter functions allow fast and efficient searching of protocol entries

Large company? Complex network?

Security.Desk Enterprise Edition

Import OUs and groups, assign clients automatically, assign access rights by units and log on with Single Sign On.

With the Enterprise Edition, Security.Desk is directly connected to the Active Directory.

Different profiles for the transfer of OUs and groups from the Active Directory can be defined easily and conveniently. A time control enables a periodic comparison of the Active Directory with Security.Desk. New clients are automatically assigned to the appropriate profile (e.g. a location or a department). From the OU structure in the Active Directory, the system optionally creates groups in the manager tree.

The coupling with the Active Directory enables the Single Sign On for Security Desk Admins and facilitates the assignment of rights on an AD basis as well as the faster retrieval of certain groups and OUs in the Active Directory. The access rules via interfaces on PCs and / or thin clients in complex company structures can thus be managed much more effectively centrally and decentrally.

If your company expands, your security needs also expand – Security.Desk 7 is your most reliable employee when it comes to endpoint security!

Test Security.Desk for free or buy it directly

The price of Security.Desk depends on the number of clients to be monitored and which additional modules are to be used.

Test Security.Desk for free or buy it directly

The price of Security.Desk depends on the number of clients to be monitored and which additional modules are to be used.

Start typing and press Enter to search

Hello world.

This is a sample box, with some sample content in it.