Endpoint Security

Do you have a sufficient security strategy for your company data?
Security.Desk monitors the hardware interfaces of your clients, controls mobile storage
and prevents unauthorized data transfer.

The USB and endpoint security solution Security.Desk helps to permanently secure external hardware interfaces, monitors mobile storage and internet protocols and supports you in successfully closing security gaps. It goes far beyond the possibilities of add-ons of virus protection solutions or onboard resources of the manufacturers.


Protects data and networks against
data theft or importation
from viruses and Trojans via removable media


Automatically detects when a flash memory, smartphone or digital camera is connected to a PC via USB or FireWire or when a CD or SD memory card is inserted, and monitors all hardware interfaces and Internet protocols on the end device


Mobile memory on thin clients in Windows Terminal Server or CITRIX environments can also be monitored

Security.Desk is the leader in granular protection of clients in the network against unauthorized and uncontrolled use of mobile storage devices (USB sticks, memory cards, smartphones, cameras, etc.) and data transfers.

In addition, Security.Desk supports you by:

    • preventing uncontrolled data flow,
    • logging file movements,
    • making files unreadable to third parties,
    • preventing the execution of unwanted programs or
    • not allowing the ingress of external hazards.

Security.Desk consists of a central administration console, which is used by the responsible employees for configuration, and agents, which run on the clients to be secured or the terminal server and implement the policies defined in the management tool there.

Monitoring of all interfaces

  • Security.Desk monitors all hardware interfaces and internet protocols on the end device
  • The software monitors all hardware interfaces and Internet protocols (e.g. http, ftp, …) on the end device
  • Security Desk automatically detects when a flash memory, smartphone or digital camera is connected to a PC via USB or FireWire or when a CD or SD memory card is inserted
  • You specify what has to be done: Is the data transfer completely blocked? Is the logged-in user allowed to use the contained data, only view it or only access certain file types? In addition, you have the option, for example, to only allow encrypted writing on the data carriers

File logs and reporting

    • File logs help track which employee on a PC has exchanged and used data with a mobile storage device
    • This control can be broken down to the level of allowed files and file types if the works council agrees
    • The reporting provides an up-to-date overview of the use of e.g. external storage media per user and computer in the network
    • In addition, it informs about the actions of your users at the interfaces of the end devices by email

Interactive dashboard

  • Which of your clients are protected? Were suspicious actions performed?
    If so, where and by whom? The dashboard shows the current status of endpoint security in the network at a glance
  • It provides detailed analysis capabilities via KPIs for mobile memory usage and file movement
  • Pie and bar charts inform about the protection status of the clients
  • Includes various histories of mobile memory usage and file movement
  • Intuitive drill-down options improve the analysis of hazard potentials
  • Prefiltered standard reports can be called directly from the dashboard

Granular approval of rights

  • Assign rights: for user, group or computer level, so different rights can be assigned to each individual computer, user, group or OU for each interface type
  • Rights hierarchy: allows exceptions to policies on multiple levels
  • Individual restriction possibilities: Interfaces can be assigned the following rights in each hierarchy level: everything allowed, read only, not write, everything forbidden
  • Other individual configuration options: Allows e.g. the use of individual devices (by ID) or device types despite prohibition

Manipulation security

  • The security service on the target clients cannot be influenced or stopped by the local administrator

Temporary releases

  • With Security.Desk, mobile users can also be granted temporary user rights for the interfaces on their notebooks via remote code activation, even if the notebooks are disconnected from the network

File encryption

  • Files can be encrypted using the AES procedure
  • You can easily encrypt or decrypt one or more files with FCS CryptMe! via the context menu of the Windows Explorer

Protection from BadUSB

  • BadUSBs secretly log on to the computer as mouse, keyboard or network card and then allow remote control or external use of the infected systems
  • If it is a manipulated USB stick that pretends to be a keyboard or mouse, the user can block it directly

Block release of certain storage media or file types
and prevent software applications:

White list:

White list devices/device types: The white list allows the use of individual devices (by ID) or device types despite prohibition. You control individually whether only a specific device with serial number or a specific device type is to be released. You can define a white list per organizational unit, per group, per user and globally.

Black list:

Black list software: The Black list software prohibits the execution of certain software (e.g.: Microsoft Internet Explorer).
Black list file types: The Black list file types prohibits reading / copying certain file types (e.g.: .doc, .jpg, .exe, etc.) from and / or writing to removable storage.

Security.Desk customers


  Additional modules

Active Directory Loader

Makes the transfer of clients from the AD to Security.Desk much more comfortable and easier.

Network protocol

File protocol for all common Internet protocols.

Terminal Server

Monitors file movements of local drives on thin clients in remote sessions of Windows Terminal Server, Windows Server 2016 RDS, Citrix MetaFrame or Citrix XenApp.

Security.Desk as an Intrusion Prevention System (IPS)

Security Desk detects attacks on networks and computer systems, it can take automatic defensive measures and offers additional protection to traditional firewalls.

In daily use, the administrators set the behavior of the agents running on the clients via their central administration console (Security.Desk). The status of the security services is extensively processed in the dashboard.

Besides e-mails and infected programs, USB sticks are probably one of the most important ways to distribute malware. But they can not only bring malware to computers, but they can also get lost. If official data is on the external data carriers, it can easily fall into the wrong hands.

  • Security.Desk controls the USB port. If an unencrypted stick is inserted into the port, you now have the option to encrypt the data contained on it with CryptMe. The data can also only be decrypted with CryptMe.
  • Every single computer, user, group or OU can be assigned different rights per interface type. The level “Everyone” corresponds to the company guidelines and applies, if no exceptions apply at higher hierarchical levels.
  • The rights assignment of Security.Desk is very individual, there is a rights hierarchy, which allows exceptions on several levels. The rights of the higher level beat those of the lower levels.

Individual restriction options

  • The interfaces can be assigned the following rights at any hierarchy level:
  • anything allowed
  • read only, not write
  • all forbidden
  • A file log can also be activated which shows when which file was copied from / to removable storage.

Other individual configuration options

  • The “White list” allows the use of individual devices (by ID) or device types despite prohibition.
  • The “Black list” for software prohibits the execution of certain software (e.g.: Microsoft Internet Explorer).
  • The “Black list” for file types prohibits reading / copying certain file types (e.g.: .doc, .jpg, .exe, etc.) from and / or writing to removable storage. It can be inverted at the push of a button so that e.g. only reading/executing certain file types is allowed.

Interface monitoring, BadUSB monitoring, alerts for monitored interfaces, extensive reporting, terminal server file protocol, network logging* as well as URL filter and data encryption are part of the scope of services of Security.Desk.

* Additional module

  • Proactive monitoring technology through white and black lists
  • Definition of forbidden applications by means of black list
  • Continual analysis of the executed applications
  • The use of USB sticks, modems, Bluetooth and IrDA components as well as floppy disks and similar on the client is monitored
  • The rights assignment also controls which access rights users of such devices have, whether the data on them should be encrypted and which file types may be transferred at all
  • Responsible employees are always aware of what is going on in their network
  • The monitoring is done just like the configuration via the dashboard and via lists of clients and their status
  • Real-time monitoring, logging and logging functions are possible
  • Reports are automatically sent by e-mail to the responsible employees and provide information about the action triggered by each defined rule
  • Filter functions allow fast and efficient searching of protocol entries

Test Security.Desk for free or purchase it directly

As your business expands, so does your security need – Security.Desk 7 is your most reliable partner when it comes to endpoint security!

The price of Security.Desk depends on the number of clients to be monitored
and then which additional modules are to be used.

Already from 8,00 Euro per client

Start typing and press Enter to search