ossimUpdate

This is a solution I've been testing lately - it's an all-in-one endpoint protection solution from a company called Cososys, and is available for evaluation as a virtual appliance (available for many platforms, like Hyper-V, VMware ESXi etc.).
There's also a hardware version of it in their portfolio.

Like many of similar solutions (and many other solutions in general - particularly in the field of virtualization), this one is also based on Linux (in this case it's obviously an Ubuntu).

 

It offers four main features:

  1. Device Control (access control)
  2. Enforced Encryption (encrypted data transfer capability)
  3. Content Aware Protection (Data Loss Prevention - something quite similar can be found in MS Exchange 2013 also)
  4. Mobile Device Management (which should get you rid of at least one part of issues related to the BYOD - a challenge for any aware professional, particularly a CISO and CIO)

Another very useful feature is File Tracing / Shadowing capability, offering data flow (data leakage) control between the protected devices and the USB devices connected to them, and the Clipboard Monitoring feature could also be very useful, as well as the option of disabling the print screen function.

Besides that (regarding the ease of management and expandability), the product can also be integrated with the Active Directory and the SIEM (Security Information and Event Management) server.

 

As for the deployment, it's fairly simple: after you have downloaded the VM image for your virtualization environment, just create a new VM (for example: deploy the OVF template under ESXi) and set it up (default values should be OK).

Upon starting it, you should get to the screen pictured below:                                                                                                    Capture.JPG

Now it's time to configure the network (the IP address, gateway and DNS) - upon configuration you'll receive the message about the URL of the newly created appliance (you should access it via your browser from one of your network computers / servers - just remember to disable the IE Enhanced Protection if you use Windows Server!).

When the URL opens, you'll get a security certificate error (just ignore it - that's also recommended by the official documentation) - proceed as marked in yellow below:

 

To proceed with further configuration, you'll have to log in - the default user name is root and the password is epp2011:                              Capture2.JPG

 

To manually add a client to one of your computers to be protected, expand the "System Management" tab, select "Client Management", select the target OS version and click on "Download selected version" to run the installer: add_client.JPG

 

One interesting option worth mentioning is a capability of the client to run in a stealth mode (to enable it just take a look at a picture below). client_mode.JPG

In this mode the administrator is able to monitor all of the user, device and machine activities and actions without stopping any activity. When this mode is selected there's no system tray icon, neither there are any system tray notifications shown - everything is allowed, but file shadowing and file tracing are still enabled to see and monitor all user activity. Beside that, the administrator still receives alerts (dashboard) for all activities. However, bear in mind that the user can see that the process (called "Notifier application") is shown in the Task Manager anyway (of course, the user could be prevented to start the Task Manager in the first place, by using a Group Policy setting).

 

However, while this solution would probably used in a larger scale environment, it would be ineffective to distribute the client endpoint protector manually - therefore I'll end this short review with the aforementioned option of Endpoint Protector to be integrated with Active Directory.

For start, go to the "Directory Services" tab and select the "Active Directory Import" task as pictured below:

Next, enter your Domain Controller connection configuration data - in order to prevent an error prompting you to enter the IP address of it, just enter the FQDN name of the DC in the first field (as marked in yellow below) - optionally, you can test the connection or just click "Next".                                                                                                      ad_import1.JPG

When a connection to the Active Directory instance has been established, you'll get a window pictured below requiring to select the desired AD content (in this example I've selected all, after which I got a prompt informing me that the operation could take a long time - however, for this network it took only a couple of moments) - in the end you should get a message about import success, after which you should be able to see all the imported AD contents in the "Endpoint Management" tab.

ad_import2.JPG

In order to deploy the Endpoint Protector client to more than one device, Active Directory deployment mode can be used - it is explained in detail here, hence I won't describe it here, except for saying that it includes some WMI filtering and adding a  few GPOs.

 

In conclusion, this is a very comprehensive security product and I've found it quite easy to use - the only thing I miss is the fact that the evaluation version doesn't include all the features by default (they should be added manually).