iStock-527495289-web

by Mohamad Ashokaibi

  • CFO: “I've lost my USB thumb drive. Lots of important spreadsheets were there! Do something please!”

  • Project Manager: “I’ve just used my USB external drive on a contractor’s laptop who said he never had an AV. Can I use it safely on the company’s laptop again?”

  • Sales Lady: “Remember the USB drive the company has given me? Seems I dropped it in that taxi yesterday while on my way home. Could I ever know what I backed up on it before leaving the office?”

  • Engineering Team Lead: “Since my colleague checked her SD card on my PC this morning I don’t seem to be able to open my project documents anymore. They all are unreadable. What could it be?”

  • Risk Management Head: “We have a new requirement; all USB storage devices must be blocked inside our corporate network, except company-provided sticks which must be encrypted before use. Can we do that?”


    Any of the above nightmares sound familiar?

    They never stop – until you act up. In this blog post we explore how DriveLock solutions can put an end to this chaos!

     

    Some Background

    Mobility is one of today’s key characteristics at both business and personal levels. A large chunk of our data is on the move with us, carried inside various forms of storage devices.

    Since their advent around the year 2000, USB storage devices (including pen drives, external hard disks, and the like) have been an essential piece of our daily operations and have provided so much convenience that is impossible to give up. They have been the ultimate choice for many day-to-day functions; copying files around, sharing documents with external parties, short-term backups, etc.

    So we live in a world heavily dependent on the use of USB drives, thus setting a policy in work environment that ultimately blocks access to those devices is not a wise choice and can negatively impact the business in one way or another. But still an open-access strategy for those devices imposes an extremely huge threat. Should organizations sacrifice security or usability? Let's have a look into this.

     

    Never-Ending Challenges

    Downsides of USB storage devices are not hard to realize. Actually we face them every day and with every use of those devices. Their top benefit can also be the worst – mobility. As time advances, they are becoming relatively smaller, and grow larger in capacities. From the humble 8MB drive in the 2000's, today drives reach multiple magnitudes in GBs. In fact, some have reached up to 2TB! Now with such huge capacities, one can move around boatloads of data, which could be confidential, business critical or otherwise very sensitive. Imagine losing a non-protected drive used to backup customer-related information!

    Continuing on the same subject, is the capability to intentionally leak business-critical data. For organizations having little to no control over files transferred to USB drives, leaking (and subsequently exposing) important data is inevitable. Check out the following news article on Mirror about a terrifying data leakage incident:

    Met Police detectives were liaising with airport chiefs to work out how the USB drive, with a massive 2.5GB of data, ended up in the street.

    There were at least 174 documents. Some were marked as “confidential” or “restricted” – but could still be read.

    In addition to mobility and potential to lose data, USB storage devices have been a preferred choice to get malware inside an organization’s network. Based on this post on ELiE website 48% of people would plug-in USB drives found in areas such as parking lots. Malicious software of any type can easily enter the corporate network thru non-sanitized USB drives. According to Wikipedia, the Stuxnet worm was introduced to targeted victim environment via an infected USB flash drive. Also this Dark Reading article mentions a study found that 70% of businesses had linked data breach incidents they suffered to USB memory sticks, where those incidents were almost equally split between drive loss and drive-borne malware situations.

     

    Solution, The DriveLock Way!

    Native controls for devices found in operating systems are not adequate, not flexible, or both. Additionally, such controls bundled with some AV solutions cannot meet demanding business requirements today.

    DriveLock offers next-generation endpoint protection solution (called Smart DeviceGuard) dedicated for controlling access to drives and devices connected to endpoints. The feature-rich solution helps businesses find a balance between data/endpoint protection and employee productivity. Let's see how.

    Extensive coverage - Controlling all types of drives (flash drives, DVD/CD, FireWire, SD, etc.), devices (printer, scanner, modem, biometric, etc.), smartphones (iOS, Android, Windows, etc.) as well as buses and controllers (serial, parallel, PCMCIA, SATA, etc.).

    Deeper control - Great, flexible and granular control options including applying permissions based on users, group of users, computers, group of computers, time of the day, type of network connectivity (location), and much more. Drive whitelisting is extremely important, which is possible based on drive's vendor ID, product ID and serial number, as well as on other characteristics such as its size and its encryption status. File-type filtering is beneficial for both controlling data going outside corporate network, and for controlling what can come in (example, block MS Office documents from leaving and prevent executables from entering).

    Data & endpoint protection - Providing clear visibility on data transferred to and from storage devices via two-way file auditing and shadowing. File filtering can be used to block unknown and unwanted applications from entering which could be harmful and/or time wasting. Enforced encryption ensures no data leaves in clear format, thus maintaining confidentiality of our most important asset. Device and drive whitelisting adds an important security layer, keeping out unknown and potentially dangerous devices such as key loggers.

    Endpoint protection solutions are an extremely essential piece of any information security strategy. DriveLock adds great value with Smart DeviceGuard, but this is just one part of the wholistic solution which also includes application control and whitelisting (Smart AppGuard), full-disk encryption (Disk Protection), file & folder encryption (Smart FileProtect), security awareness & education, and more.

    Interested in evaluating Smart DeviceGuard or any of DriveLock solutions?

    Choose from our risk-free evaluation options - on-premise or cloud environment. Either way, one of DriveLock experts will happily help you through the process!