USB-Defender™ the Key to USB Policy Enforcement
The popularity, capacity and virtual invisibility of USB storage devices has sparked serious concern in the IT community.
With devices the size of a quarter, and capacities measured in gigabytes it doesn't take much imagination to picture sensitive
data walking out the door.
Couple that scenario with the reality that insider abuse continues to represent the greatest percentage
of security incidents and you have the makings of a security management nightmare.
Introducing USB-Defender™
With the introduction of USB-Defender TriGeo expands its role as an endpoint security solution and addresses
this emerging threat. TriGeo has always been unique in the field of Security Information Management (SIM) because
of its focus on correlation and active response. As a SIM product, TriGeo has a unique perspective on network activity,
and its technology is ideally suited to provide complete coverage from the perimeter to the endpoint.
USB-Defender is bundled with TriGeo's Windows agent and provides the critical real-time event traceability needed
to identify and log the use of USB mass storage devices. For many, it comes as a surprise that this auditing is not
a native Windows capability, but the fact remains that it's only available with the addition of specialized, and
generally expensive, third party software.
With TriGeo's USB-Defender it's now possible to detect USB device insertion and capture dozens of forensic device
details such as manufacturer, serial number and device capacity. While its data collection and logging abilities
fill a much needed role, the real power of this solution is in concert with TriGeo's event correlation and
active response or automated remediation technology.
When combined with TriGeo's event correlation, USB-Defender represents a powerful new
weapon against the insider threat. It's now possible to track USB activity and construct rules to detect unauthorized
use, notify IT personnel or even completely disable the device.
TriGeo's flexible correlation rule builder makes it simple to build multiple event correlations and pair them with
a variety of notification and active response options. A simple rule can detect the insertion of a USB mass storage
device, correlate the device's serial number with an approved list, and map the device to the user account.
Unauthorized devices, users or inappropriate use can trigger any number of defensive actions and notifications.
Active Network Defense
TriGeo's arsenal of active responses include the ability to "eject" the device, or take broader actions
such as disabling the user account or even quarantining the workstation to prevent information leakage or worm
propagation.
USB-Defender will play a vital role in securing the enterprise. In fact, within the financial and healthcare
industries there are already reports of auditors seeking assurances that these organizations are taking steps to
secure this vulnerability. With TriGeo and USB-Defender you'll have the tools to build and enforce your endpoint
security policies.
