This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."
Download it now to read this article plus other related content.
The administration console is intuitive, and multiple tiers of administrative access can be assigned for distributed management. We were able to easily manage users, groups and devices, policies, alerts and encryption, and create and view audits, logs and reports.
Policies are layered, so the default policy is applied to every group to which it is assigned. When another policy profile is created, it can inherit from the default policy or become a new profile. For example, in the default profile we globally banned iPods and enabled encryption on all USB storage devices. The next policy, while it inherits the default profile, may define access to approved devices, such as portable hard drives, on which encryption from the default policy will be enforced.
Policies can be assigned on a user, group or device basis. Administrators can restrict the types of files that may be transferred or the launching of unauthorized applications from
Protector uses combinations of whitelists and blacklists to block access to devices and files without any legitimate business purpose, while still allowing users access to critical tools, applications and data defined by brand, model and file type.
Logs can be customized, filtered by column heading and exported to CSV. Reports are equally flexible and can be exported in HTML.
This was first published in October 2007