Sanctuary Device Control

Sanctuary Device Control is an End-Point Policy Enforcement solution that stops security breaches before they can even start. With Sanctuary, all users are denied access by default. You simply authorize access to only the devices that the user needs. No one can plug into your network without approval. No one. Control is absolute. Sanctuary also audits I/O device use as well as attempts to use unauthorized devices.

Hardware such as USB memory sticks, FireWire external hard-drives, scanners, music players (for example, mp3 players and iPods), digital cameras, PDAs, and CD and DVD burner drives are scattered throughout offices around the world. Their proliferation amplifies the threats posed by outsiders or users who plug in devices that could compromise the security of sensitive corporate data. Here, too, Sanctuary does what you want it to do - it precludes the use of all devices that haven't been authorized and also allows if needed complete FireWire and USB port lockdown for maximum security, avoiding any data leakage or malware intrusion.

Keep an Eye on Things
Know the adage "knowledge is power?" Sanctuary proves how true this is by providing a comprehensive audit log of every event whether allowed or attempted - including those by unauthorized code and all writes to removable media and specific ports. As an option, a full copy of the data written to a device can be captured and retained through our proprietary "shadowing"™ technology. Not only is an audit log invaluable in measuring and enforcing policy compliance, it also bundles the information you need as proof of compliance with a number of governmental regulations such as the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-Leach-Bliley Act (GLBA) or the Health Insurance Portability and Accountability Act (HIPAA).

Sanctuary controls access to devices by applying a device Access Control List (ACL) to users, user groups and even specific computers. Device access for all users including administrators is not allowed by default. To grant access, you only need to associate those users or user groups to the devices to which they should have access.

Manage Devices per Type
Sanctuary controls the use of a huge range of devices that are key sources of security breaches. They are managed according to their type, not on how they are connected.

For maximum policy enforcement, Sanctuary Device Control can be set to completely block USB port or any other port (Bluetooth, FireWire, IrDA, WiFi, etc.) or prevent the access to any device category independently from the way users are attempting to connect them.

Build it to Scale
For any security tool to be truly effective it needs to do what you want it to do, without hassles. That's what you get with Sanctuary. It lets you set and enforce a policy of what is allowed either en masse or user by user, and it also lets you change user rights in a flash without needing to reboot the computer.

Equally key, Sanctuary works for everyone everywhere, from remote laptop users and home workers to geographically dispersed networks. In fact, Sanctuary has been designed specifically for large, highly complex networks.

Its three-tier architecture and loadbalancing capability already supports companies ranging in size from 50 to more than 100,000 seats. It integrates with the existing technical infrastructure and logical organization by mapping permissions to an existing Microsoft Active Directory domain or Novell Directory Services (eDirectory).