C помощью GFI EndPointSecurity администраторы систем защиты смогут предоставлять отдельным пользователям или группам права чтения и записи данных на различные носители (включая дисководы CD/DVD-ROM, а также устройства, подключаемые через интерфейсы USB, Bluetooth, Firewire и Wi-Fi). Кроме того, ИТ-специалисты получат все необходимое для мониторинга сети и выявления случаев несанкционированного использования съемных носителей, представляющих собой потенциальную угрозу конфиденциальности деловых данных.
Решение GFI EndPointSecurity может быть развернуто в корпоративной сети без каких-либо усилий. Поддержка групповых разрешений сделает возможным внедрение единых политик безопасности в масштабах всей организации, а также упростит предоставление доступа новым сотрудникам и специалистам, переходящим в другие подразделения.
О дополнительные возможностях GFI EndPointSecurity 4 в ENG: GFI EndPointSecurity version 4 builds on version 3 whilst adding improved reliability and a number of new features which include the following:
Vista and 64-bit support: GFI EndPointSecurity 4 now also supports the following operating systems:
- Windows Vista (both x32 and x64 versions)
- Windows XP x64
- Windows 2003 x64
- Windows Server 2008
Scheduled deployment: When the user effects any policy or configuration changes through the console, it is now possible to close the GFI EndPointSecurity console and allow the agent deployment to take place automatically on a schedule. The deployment is handled by the GFI EndPointSecurity service which will also handle failed deployments through rescheduling.
Blocking by file type: File security policies can now be defined by file type. For example allow the user to read *.doc files but block access to all *.exe files.
Blocking at physical port level: Devices can now be blocked by the physical port on which they are connected, for example USB, Firewire, Bluetooth, Infrared, Wi-Fi, PCMCIA, Parallel, Serial, S-ATA, SD.
Blocking by device serial number: Besides being able to set permission for a whole device class, it is now also possible to set permission for a single device based on the unique device Hardware ID.
Device whitelist and blacklist: The administrator can define a list of particular devices which are allowed and others which are permanently banned. For example an administrator might want to allow only company-owned USB drives to be used on the network, whilst banning all other devices.
Temporary unlock: The administrator is now able to grant temporary access to a device (or group of devices) on a particular computer. This new feature allows the administrator to generate a code that the end-user can use to obtain a time-limited access to a particular device or port, even when the GFI EndPointSecurity agent is not connected to the network.
Power users: It is possible to specify users or groups who would always have full access to the devices protected by GFI EndPointSecurity.
Live agents status: The main application communicates with its deployed agents to keep track of the agent status. The status is used by the main application to perform maintenance tasks once an agent goes online.
Status dashboard: A revamped user interface now includes a status dashboard which shows the agents live status, agent deployment status, Database status, GFI EndPointSecurity service status and statistical data with charts.
Alerting: Standard notifications can be sent when devices are connected/used, or else when device access is blocked or allowed.
Database operations: Simple automated maintenance for the database backend such as the option for deleting information older than X days.
Improve support for Active Directory deployment: From the main application it is possible to generate a single MSI file that can be later deployed using the Active Directory deployment tool or other deployment options. The MSI file will contain all the security settings configured in a particular protection policy.
Agent management password: Agent management functions (such as update and un-install) are now protected by a user-configurable password. This means that any another GFI EndPointSecurity instances wont have access to the agent management options.
Device discovery: The EndPointScan engine can be used to scan and detect the presence of devices on the network. The information on detected devices can then be used to build security policies and assign access rights for specific devices.
Log browser: An in-built tool allows the administrator to browse user activity and device usage that is detected by GFI EndPointSecurity and logged in the backend database.
Custom messages: When users are blocked from using devices, they are shown custom popup messages explaining the reasons why the device was blocked.
Офф. сайт: http://www.gfi.com/endpointsecurity