Security.Desk recognizes automatically, if a removable device gets connected via USB, FireWire or a CD or SD memory card gets inserted. You define what happens next: block data transfer completely, allow only reading rights to the user or record all data transfers from and to the external device. Additionally, you can enable encrypted writing on the external medium.
Security.Desk monitors hardware interfaces and internet protocols at the terminal.
With the help of the “whitelist”, you can exclude certain devices from the use ban. They regulate individually whether only a special device with a serial number or a specific device type is to be released.
You can only release devices for a specific time interval (from/to) or from or to a specific point in time. In addition, the file protocol (including file type checking) for a device in the whitelist can be explicitly turned on or off.
You can define a whitelist per OU, per group, per user and globally.
Blacklists for file types govern that files of certain types (e.g., exe files) are not inserted or stolen from the network, even though they are e.g. embedded in Office files. The signature of the respective file is checked by Security.Desk when copying, so that such files are blocked, even if the user should rename the files.
You can also prevent the execution of unwanted programs (such as burning software, games, etc.) on the target devices.
The blacklist mobile storage file types are also fully supported on thin clients for RDP and Citrix.
The fully interactive dashboard always shows at a glance the current status of Endpoint Security in your network and enables detailed analysis options for your data.
Cake and bar charts inform you how your clients’ protection status is currently, and how much mobile storage is currently being used on your clients.
The top-client and top-user presentation show you immediately to which clients or from which users mobile memory are conspicuously often used. In addition, the dashboard includes various histories about the use of mobile storage and file movement from and to mobile storage.
In addition, the dashboard offers intuitive drill-down options that allow you to gain deeper insights into the respective data situation of a key figure in the form of prefiltered standard reports.
Security.Desk gives you an up-to-date overview of the use of e. external storage media per user and computer in your network. In doing so, you automatically increase the security of your vitWith Security.Desk you always get an up-to-date overview of the use of e.g. external storage media per user and computer in your network. You automatically increase the security of your vital company data and your system stability. If you log the accesses to the hardware interfaces, you can track who, when and which action was taken at any time by means of detailed reports.
All standard reports can be time-controlled, filtered and grouped according to your own templates, generated and sent by e-mail.
The system is also able to inform you about the actions of your users at the interfaces of the end devices by email. Rights are assigned a device, user, group or organizational unit (OU) level.
The device authorizations for the users can be conveniently defined according to their groups or OUs from the Active Directory or individually for the individual user account. Even in offline mode, the individual account authorizations for the logged in user remain stored.
From version 5.1 Security.Desk offers optimal protection against memory sticks with manipulated firmware (BadUSB). These log in secretly as a mouse, keyboard or network card on the computer and then allow remote control or external use of the affected systems. Security.Desk prevents this attack by controlling USB input devices (mouse and keyboard) as well as network adapters connected to the PC.
If the device is already known and confirmed as non-hazardous, it will be automatically approved. However, if it is an unknown device, a dialog box will appear indicating the newly detected device. If this is accepted by the user, Security.Desk saves the share. However, if it is a compromised USB stick, e.g. as a keyboard or mouse outputs, then this can be blocked directly by the user.
Security.Desk records all user decisions related to input device shares. This gives the administration a valuable overview of the use of connected input devices and network adapters at the end devices in the network.
With Security.Desk mobile users can also be granted temporary user rights for the interfaces via code remote activation, even if the notebooks are disconnected from the network.
The security service of the target clients cannot be affected or stopped by the local administrator.
In addition, you can use Security.Desk to encrypt files using the AES method. You can conveniently download one or more files via the context menu of Windows Explorer with FCS CryptMe! encrypt or decrypt.
The new Security.Desk Enterprise Edition: import OUs and groups, assign clients automatically, assign access rights by units and log on with Single Sign-On.
With the Enterprise Edition, Security.Desk is directly connected to the Active Directory.
Different profiles for the transfer of OUs and groups from the Active Directory can be defined easily and conveniently. A time control enables a periodic comparison of the Active Directory with Security.Desk. New clients are automatically assigned to the appropriate profile (e.g. a location or a department). From the OU structure in the Active Directory, the system optionally creates groups in the manager tree.
The coupling with the Active Directory enables the Single Sign-On for Security Desk Admins and facilitates the assignment of rights on an AD basis as well as the faster retrieval of certain groups and OUs in the Active Directory. The access rules via interfaces on PCs and / or thin clients in complex company structures can thus be managed much more effectively centrally and decentrally.