Safend Protector Locks Endpoints To Stop Data Leaks
Safend Protector Locks Endpoints To Stop Data Leaks

Safend Protector works by locking down a company"s endpoints, monitoring every kind of vector where data can leave the enterprise, including thumb drives as well as e-mail. Safend applies rules to different endpoints, verifying an employee"s permission to download certain information to a USB device, and encrypting it before it"s taken.

When laptops, USB drives and iPods leave the workplace, are they filled with corporate data ? If so, were those users authorized to siphon data from the network? And if those devices are lost or stolen, will sensitive data be open to view?

Safend has issued Safend Protector v3.3 to help businesses eliminate these concerns. This version provides a number of additions and enhancements over previous versions, according to Safend, a provider of endpoint security solutions.

New features include file shadowing, which allows administrators to be alerted to breaches by tracking and collecting copies that come in from or go out to storage devices; and enhancements to external encryption, so administrators can mandate encryption to external devices.

Terrence Brewton, a research analyst with Frost & Sullivan, is conducting a market study on data-leakage protection (DLP) products. He told us that there are more than 20 data-leakage prevention solutions on the market that compete with Safend, but said Safend has an advantage over many of these.

Endpoint Security

"The biggest thing is that they"re locking down endpoints. A lot of DLP products monitor data leaving the gateway, such as via e-mail. Safend is addressing every kind of vector where data can leave the enterprise, including thumb drives as well as e-mail," he said.

Safend works by applying rules to different endpoints, Brewton said. "If somebody plugs in their USB device to download information, Safend is going to take a look at that information and that person, and verify whether they can or can"t download it to a USB drive," he explained. If they do have permission, the data will be encrypted and the user given a password to decrypt the data.

"That"s going to avoid the kind of problem we had with the guy from the Department of Veterans affairs who had his laptop stolen," Brewton said. "He had permission to take info home on a laptop, but it was not encrypted." When the laptop went missing, many veterans -- including Brewton -- were notified about the breach and offered free credit-protection services.

Brewton said it wasn"t much of a hassle for him, but it is a big deal for organizations, since he estimates that it costs them $50 per record stolen.

Granular Protection

Protector can restrict devices by type (including any type of connector, as well as wireless interfaces), and can even be as granular as restricting or allowing a specific device serial number from downloading data. It can block programs from running automatically (such as U3-enabled USB drives) and prevent keystroke-loggers from running.

Once deployed on a network, Safend Protector looks for the types of data that are typically sensitive and could cause problems if lost or stolen, such as credit card and Social Security numbers. Brewton said the solution has built-in rules that notify an administrator if those items are being taken outside the network, and ask if that"s allowed. The administrator can then build custom rules for users as well as data types.

Pricing for Safend Protector scales from $13-$32 per seat, depending on the size of the enterprise, with $14 being the average, according to the company.