Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Device Management: Pointsec Protector software review

Pointsec Protector manages unsecured ports and endpoint devices while transparently delivering encryption, filtering content, enforcing policies and maintaining an audit trail, even when mobile devices are disconnected from the network.


Pointsec Protector

Check Point Software Technologies
Price: Starts at $45 per seat

Pointsec Protector (formerly Device Protector prior to Check Point's acquisition of Pointsec) addresses the growing problem of unsecured ports and endpoint devices while transparently delivering encryption, filtering content, enforcing policies and maintaining an audit trail, even when mobile devices are disconnected from the network.

Configuration/Management A  
Getting the product running was effortless, thanks to well-designed wizards and a straightforward installation process. Protector ties in with Microsoft Active Directory and Novell eDirectory for user and group synchronization when assigning device access rights, encryption and policies.

The administration console is intuitive, and multiple tiers of administrative access can be assigned for distributed management. We were able to easily manage users, groups and devices, policies, alerts and encryption, and create and view audits, logs and reports.

Policy Control A  
We began by editing Protector's default profile through a series of tabs to choose what types of devices and removable media to permit/deny access, define encryption, create email alerts, and assign stringent policies for groups that fell under compliance regulations (e.g., finance) and less stringent for others.

Policies are layered, so the default policy is applied to every group to which it is assigned. When another policy profile is created, it can inherit from the default policy or become a new profile. For example, in the default profile we globally banned iPods and enabled encryption on all USB storage devices. The next policy, while it inherits the default profile, may define access to approved devices, such as portable hard drives, on which encryption from the default policy will be enforced.

Policies can be assigned on a user, group or device basis. Administrators can restrict the types of files that may be transferred or the launching of unauthorized applications from removable media.

Protector uses combinations of whitelists and blacklists to block access to devices and files without any legitimate business purpose, while still allowing users access to critical tools, applications and data defined by brand, model and file type.

Reporting A  
Protector excels in logging and reporting. With detailed auditing, administrators can determine what devices are being used and in what way. Alerts are easily set up to be sent via email; we assigned each AD group a different notification recipient simulating department managers being alerted to their employees doing such things as downloading music at work or copying sensitive files to portable media.

Logs can be customized, filtered by column heading and exported to CSV. Reports are equally flexible and can be exported in HTML.

Effectiveness B  
Protector enforces all policies and offers a high level of control and auditing over offline devices. Even with local admin rights, we were prevented from disabling or uninstalling the client software from our test laptop thanks to anti-tampering controls.

The encryption feature works transparently when the user is logged on to the network. For offline machines and mobile devices, users simply drag and drop files on or off of the encrypted device through a password or challenge/response.

Protector lacks centralized control for Linux and Mac, and doesn't have data shadowing, meaning administrators could record all information sent to a particular device or port.

Pointsec Protector is an affordable and scalable solution that will work well in both SMB and enterprise environments.

Testing methodology: The testing environment included Windows clients, AD and SQL Server. We tested the use of portable storage devices, including USB flash drives, FireWire external hard drives, CD-RW drives and floppy disk drives.

Article 7 of 15

Dig Deeper on BYOD and mobile device security best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All