This article can also be found in the Premium Editorial Download "Information Security magazine: Improving your network security strategy in a recession."
Download it now to read this article plus other related content.
Price: Starts at $49 per user
PGP Endpoint meets the urgent need to protect data on mobile and removable storage devices, delivering centrally managed, granular device and port control, coupled
The PGP Endpoint architecture comprises an administration server, database, management console and client. PGP leverages Active Directory and Novell e-Directory for quick integration into directory services.
Preparing the host server for installation required more manual intervention than similar products, but the setup went smoothly once we got to the server components wizards.
The client can be automatically deployed through the distribution utility, using directory services or third-party tools, but we stuck with manual installation via USB drive. PGP tests for connectivity to the administration server before completing the installation. As with similar products, the client offers centralized hardening to prevent tampering.
The management console presents an easy-to-use Device Explorer panel with a hierarchical tree listing the default settings for 17 assorted devices and ports, as well as user-defined devices.
Devices and ports are either allowed, blocked, or the data passing through must be encrypted.
We were able to quickly enable policies that ranged from global enforcement of granular policy, such as only the use of company-issued USB thumb drives upon which everything is automatically encrypted, to specific settings for individual users.
PGP Endpoint let us easily specify what devices and ports were authorized, set rules for their use, and determine what data should be set to read-only, read-write and encrypted, or blocked.
Logging and Reporting B+
PGP Endpoint covers all the bases for logging every type of device or connection capable of transmitting and storing auditable information.
Within a few minutes, we set up an audit log that would allow us to prove that all endpoints within our network had encryption and policies necessary to meet regulatory requirements for data, whether it was passing over wireless, stored on a CD or sent to a hand-held device.
Logs record all events related to policy enforcement, as well as administrative actions, such as changing user access permissions. The dynamic tables in the management console let us sort and organize data based upon a multitude of criteria. Both logs and queries can be exported to CSV format. Using basic templates, we were able to quickly set up automated reports, such as "Applications denied today," or custom reports.
We found PGP Endpoint to command one of our highest ratings in this space in terms of securing and monitoring all aspects of endpoint security, as well as usability.
One of our favorite features is the ability to share encrypted data on removable media with another device without the client. With only a passphrase, we were able to access documents on an encrypted USB drive, change and save them, while enforcing security policy. PGP also allowed us to set temporary permissions and enforce extensive security measures on devices that weren't connected to the network, or portable media, regardless of the device on to which it was attached.
Policies were strictly enforced with complete transparency, without any impact on computing performance.
Verdict: PGP Endpoint is a cost-effective and comprehensive security solution that delivers automatic, seamless and transparent policy enforcement and auditing to endpoints.
Testing methodology: We deployed PGP Endpoint on Microsoft Windows Server 2003 with Active Directory and tested using a variety of devices running Windows 2000, XP, and Vista operating systems.
This was first published in February 2009