Why opt for Device Control module in Endpoint Central to Secure USB?

Secure USB configuration primarily focuses on preventing unauthorized access via devices using block technology. While this model ensures security, adhering to compliances (such as PII, PCI, GDPR, and HIPAA), storing device data logs for auditing, and the flexibility of tilting the configurations to favor productivity for specific business reasons, are outside the scope of Secure USB.

Device Control module in Endpoint Central Security Edition has vast configurations and customizations, that can secure and extensively monitor 15+ peripheral devices.

How Endpoint Central Device Control module manage device accessibility in your enterprise?

With Endpoint Central Device Control module, you can,

  • Control, block, and monitor the actions of all USB and peripheral devices for Windows and Mac systems
  • Create a Trusted Devices list and authorize only those devices to access your computers
  • Grant file access to authorized devices on varying levels such as read-only, allow copying, etc
  • Grant temporary access to third-party devices to prevent excessive access privileges
  • Set file transfer restrictions based on file size and extension to prevent unprecedented data movement to/from your computer
  • Shadow devices and safeguard sensitive files by maintaining mirrored copies of any data in a secured location
  • Report and notify the sysadmins/technicians when unauthorized device access is attempted, and manage device logs for auditing

Comparing the capabilities of Endpoint Central Device Control module with Secure USB

Capabilities Secure USB Device Control
Device types supported 10 18
OS Platform supported Windows Windows and Mac
Read-only access for devices Not supported Policies can be deployed to allow read-only permission access to CD-ROM, windows portable devices, and removable storage devices.
Allow devices based on BitLocker encryption Not Supported Policy can be deployed to allow removable storage devices, only if they are BitLocker encrypted.
Allow file transfer based on file type Not supported Policy can be deployed to allow file transfers via removable storage devices, based on file extension.
Allow file transfer based on file size Not supported Policy can be deployed to allow file transfers via removable storage devices, based on file size.
Device-specific file access privilege Not Supported Device-specific file access settings can be deployed.
Example: Devices in the trusted devices list can have full access. Whereas non-trusted devices can be provided with Read-only access.
File tracing Not supported File transfers done via removable storage devices will be audited.
File shadowing Not supported Policies can be deployed to shadow sensitive files transferred via removable storage devices.
Device audit report Not supported Currently connected devices and blocked device access attempts can be seen in the report.
Temporary access Not supported Limited access to peripheral devices can be given.
Temporary access portal Not supported Users can request temporary access to the peripheral devices from their endpoints.
Admin can approve/deny those requests, based on the justification provided in the request.
Offline temporary access Not Supported Temporary access has an additional feature using which a temporary access code (.tac) can be created and applied from endpoints.
Agent-server communication is not needed for applying this code (.tac)
Trusted devices list Not supported (Separated list cannot be created and associated ) A list that contains the trusted devices that need to be allowed in the network can be created and associated with device control policies.
Wild card support for trusted devices (Serial Number) Not supported Supported
Computer-specific audit data Overall device audit is available. File tracing, file shadowing, and device audit can be viewed for individual machines.
Immediate blocked device alert Not supported When a device is blocked by the deployed policy, an immediate alert can be sent via e-mail.
Alert notification Only global alert settings.
  • Policy-based alerts can be configured.
  • Device-specific alerts can be configured.
Disable auto-run Not Supported Supported
Restrict Bluetooth file transfer alone Not supported Policies can be deployed to allow Bluetooth headphones, keyboards, and mice alone, whereas file transfers via Bluetooth will be blocked.
Option to audit only selected device types Not Supported Supported