This is an in-depth review of the Endpoint Protector tool focusing on the four main modules – Device Control, Content Aware Protection, Enforced Encryption, and eDiscovery:
Are you engaged in a business where data is one of the most critical assets of your organization and you need to ensure 360-degree protection against data loss and data theft?
If yes, then Endpoint Protector by CoSoSys is the perfect solution for you. In this article, we are going to review this tool in detail.
What You Will Learn:
Endpoint Protector Tool Review
Endpoint Protector by CoSoSys is a cross-platform Data Loss Prevention (DLP) software. This comprehensive DLP solution uncovers, inspects, and protects your confidential and sensitive data through advanced multi-OS data loss prevention. It safeguards Data in Motion as well as Data at Rest.
It puts a full stop to data leaks and data thefts and proffers flawless management of portable storage devices. Endpoint protector holds feature-rich modules within it.
The four main modules are:
- Device Control: To manage all devices, their permissions, policies, and settings.
- Content Aware Protection: For inspecting and controlling data in motion.
- Enforced Encryption: For automatic USB encryption.
- eDiscovery: For scanning data at rest.
These four modules together provide end-to-end data loss protection.
OS Support: MacOS, Linux and Windows
Customer Base: Endpoint Protector is trusted by many big clients around the world including Samsung, Toyota, Phillips, ING, Western Union, eBay, etc.
Pricing: The price of the tool is available on request.
You are required to mention your needs at their website’s pricing section and request a quotation. They offer tailor-made plans based upon your needs and will charge accordingly. A free trial and a free demo are also available.
How Does Endpoint Protector Work?
As a DLP solution, Endpoint Protector safeguards your data in motion as well as data at rest.
For data in motion, it restricts the content defined by the administrator or the management of the organization by monitoring all the exit points. The device control module and content-aware protection module of Endpoint Protector are used to protect data in motion. The device control module takes care of all the devices that are attached to your system and the content-aware protection module takes care of data flowing across all the web applications.
For data at rest, based upon the sensitive content policies of your organization, it scans the content stored on the user’s system and allows you to take necessary remedial actions. The eDiscovery module of Endpoint Protector protects data at rest.
A single Endpoint agent is deployed for both the modules–Content Aware Protection and eDiscovery.
Features and Demo
We will talk in detail about major features/modules of Endpoint Protector and parallelly look at the demonstration of functionalities for each module:
#1) Device Control
Device Control is an effective way of controlling the connections of physical devices that you can connect to a machine. These physical devices could be webcams, USB drives, Bluetooth, external drives, mobile phones, keyboards, or anything else that you can connect to your computer.
This module lets you do the following:
- A quick glance through the status of Endpoint Protector entities.
- Manage device rights.
- Edit device settings.
- Export/import devices/computers.
- Manually create a new device/computer.
- Uninstall or delete the device.
- View device logs.
- Assign computers to groups and departments of the organization for better management.
- Assign rights to users, computers, or groups through a quick 2-step wizard.
- Create fallback policies for outside networks and outside office hours scenarios.
- Edit settings for computers and define custom settings.
- Control file transfers.
- Manage all users in the system–create users, import users, access user rights on devices, and view user history.
- Manage all groups in the system–group rights, group settings.
- Specify global rights and settings which apply globally to all Endpoint entities.
- Setting rights on each of the device types – allow access, deny access, read-only access, or other combinations.
- File tracing and file shadowing to monitor data traffic.
- Set a transfer limit within a specific time interval, restrict or lockdown the device if the limit is reached.
- Maintain file whitelist to allow file transfer of only authorized files.
And, of course, a lot more!
Policies can be defined at the user level, group level, computer level, and device level. If no policy is defined for an entity, then the default global settings will be applied.
The priority order starting from the highest is Devices > Computers | Users > Groups > Global.
The Device Control dashboard gives the admin a very insightful and quick view of the entities in the system. It shows the date wise device connection and usage details along with the latest connected devices and file transfer status. It helps the admin to quickly identify any abnormal activity and act accordingly.
To see the detailed list of all the devices that can be connected to your system, you need to click on ‘Devices’ under the Device control section in the left panel as shown in the image below.
As you can see in the image below, it shows the complete list of all the devices. It also tells about the device type, its description, along with IDs, serial number, device code, last used by, last seen on, and last computer details. This level of detailed information is really helpful in managing security and taking appropriate actions for each device.
For each of the devices, you can take any of the four actions–‘Edit’, ‘Manage rights’, ‘View History’ or ‘Delete’.
Through ‘Manage Rights’, you can view and manage the policy for the device and control the permissions.
For example, clicking on Manage Rights for the first device in the list showed the policy set as–“Currently the system is using both computer and user rights, computer rights have priority”.
By clicking at the ‘Computers’ option under the Device Control section as shown in the image below, you will be able to view the list of all the machines of your organization on which Endpoint is installed. It gives all the details like the name of the computer, its username, IP details, Domain, Groups, etc.
It also tells what Rights and Settings are applied to the computer, what was the last seen time, which OS version is installed on the client machine, license details, status (whether the machine is online or offline).
Administrators can take various actions for each of the computers like managing computer rights, editing the computer settings, viewing computer history in the form of log reports, controlling terminal servers, and thin clients. Admin can also manually create a new computer, import a computer from an active directory, or uninstall an existing computer.
Manage Computer Rights
You can right-click on the action button against the computer and select ‘Manage Rights’. Below is a screenshot depicting how computer rights can be managed:
Click on the ‘Users’ section under device control to see the detailed list of users along with their username, employee ID, team, groups to which they belong, last computer used, and last seen information. Admin can take appropriate actions to manage each user from this section.
Managing Global Rights
From the Global Rights section, admin can set the standard rights for each of the device types that apply in general.
For example, you can block the pen drive access globally from here. Besides allowing or denying access, there are other options also available, like read-only access that can be given from here, or access that can be controlled based upon the TD (Trusted Device) level.
Endpoint protector comes in with integrated technology for protecting data in transit, called as ‘TrustedDevices’. It offers four security levels varying according to the extent of protection offered by a device.
Managing Global Settings
Through the Global settings section, the administrator can set the settings that will apply by default to all entities of the Endpoint protector, if no specific setting is being done for a particular entity. Client mode can be selected from here.
Endpoint protector allows you to choose from six different modes–Normal, Transparent, Stealth, Panic, Hidden icon, and Silent. Generally, Normal, hidden, and silent modes are the best and any of them would fit best to your needs.
Admin can also set the policy refresh interval from here, set the device recovery folder retention period, set the log size and shadow size limits, etc. from here.
We can toggle on or off other settings in Endpoint Protector client as seen below:
Another useful subsection under global settings is File Tracing and Shadowing. This feature helps in monitoring data flow between protected endpoints and removable devices. For example, you can easily trace out if any user tries to copy a file to external storage.
The next subsection inside global settings is Outside Hours and Outside Network, which helps the admin to design outside business hours and outside office network policies:
The last subsection inside global settings is Transfer Limit, through which admin can set the transfer limit within a given time interval. This allows the admin to choose from the appropriate actions in case the transfer limit is reached. Transfer limit reach alerts can also be enabled from here.
Through this section, admin can whitelist particular files or folders on which right now no policy is being applied. Using the activate or deactivate option, it can be defined whether the file allowed to be copied to the removable device or not.
Define custom classes
If you want to allow or block access to any specific device with certain conditions, then custom classes help you to define such a setting. You can create a policy from here for a specific existing device or a new device, or even for a particular device class (device type) and bulk list of devices.
For example, you can allow access to a device and exclude it from CAP (Content-Aware Protection) scanning, you can allow access depending upon the Trusted Device level, and there are other options as well which you can see in the below screenshot.
This makes device management even easier.
#2) Content Aware Protection
This is the most prominent module of Endpoint Protector. Through this component, an inspection of the actual content of files is done. It covers everything ranging from word documents to spreadsheets to emails. You can basically control the flow of information using this module.
Through this module, strong content policies can be enforced by Admin so as to prevent unintentional or intentional file transfers of enterprise’s sensitive data like Personal Identifiable Information (PII), financial and credit card information, or any confidential files of business. This is done to control the leakage of the data in motion.
Endpoint Protector monitors activity at various exit points like the Internet, cloud, portable storage, print screens, clipboard, network share, etc.
The Content-aware protection module allows you to create, review, and edit policies for controlling the files transferred over the Internet or over the network through various exit points and online applications.
For the first time, the admin will have to enable the Content Aware Protection features as shown below:
Quick Overview through the Content Aware Protection Dashboard:
With the help of the Dashboard Section, the admin can quickly do a health check regarding recent data transfers and thus can take appropriate actions.
As you can see in the below two screenshots, the Dashboard is showing up the file transfers, blocked file types, most active policy, most blocked applications, and some general details for the last five days. It also shows up on a list of the latest blocked files, the latest reported files, computers, and users without policy and latest alerts.
You need to go to the content awareness policies section to define and manage various content policies based on the OS Version.
Let’s see how to create a new policy:
Click on ‘Create Custom Policy’
Choose from the operating system to which policy will be applied. This is important because the policy exit points will vary based upon the operating system.
Give all the details in the policy information.
At exit points, select the channels that we want to control the transfer of confidential information through. In the case of macOS, we have applications, storage devices, network share, and clipboard exit points.
Next, you can select various file types and other content from Policy Blacklist. This content will automatically be reported and blocked. There are many content types that you can choose from: various file types, source code, predefined content (credit cards, PII, SSN, etc.), regular expressions, etc.
Once the policy is defined, it needs to be applied to corresponding users, departments, computers, and groups.
Example: Create a policy to block the upload of PDF files and files that contain credit card numbers to the Chrome browser.
So, to create such a policy, we need to follow the below steps:
1) Give policy details as below.
2) Select Chrome browser at the exit point.
3) Select PDF from file type filters and credit cards from the predefined content filters.
4) Apply the policy to the desired user and save it.
5) The image below shows what the result will look like:
6) Now, if the user tries to upload a file containing credit card numbers, the Endpoint protector will block it. It will show the “File Transfer Blocked….” message.
This is how the Content Aware Protection module works.
#3) Enforced Encryption
Enforced Encryption ensures encrypted data transfer through EasyLock. This specifically applies to USB devices. This feature allows you to ensure that any authorized device from your organization is encrypted and the data sitting on that device remains safe even if the device gets stolen.
Let us see how it works.
The enforced encryption functionality is enabled from the device control module by assigning ‘Allow access if device is Trusted Device Level 1+’ to your USB storage devices.
As soon as the user connects the USB device to their computer where the Endpoint protector client is installed, the encryption application called EasyLock will be automatically pushed onto the device, prompting the user to define the password for the application.
After the Easylock application has been successfully installed on the USB, the user can copy files from the computer inside the encrypted computer of the device. This way, making sure that those files are safe and not accessed by any other person that might get hold of the USB drive without knowing the password.
This module is mainly there to protect data at rest from internal and external threats. eDiscovery intuitively scans the sensitive and confidential data stored on your workstations and allows you to remotely take corrective actions such as encrypting or deleting data.
Let us explore the outstanding eDiscovery features and their importance:
- Super beneficial for companies that deal with sensitive data: eDiscovery is highly beneficial for companies that deal with sensitive data like Credit Card Numbers (CCNs), Protected Health Information (PHI), Personally Identifiable Information (PII), Intellectual Property (IP), or any other type of confidential data including employee records and business records.
- Ensures regulatory compliance: Aids an organization in ensuring regulatory compliance with HIPPA, PCSI-DSS, GLBA, GDPR, etc, thus keeping you away from any penalties that may be imposed by regulatory authorities against non-compliance.
- Flexible policies rest on whitelisting and blacklisting: Build flexible policies that rest on whitelisting and blacklisting, hence channelizing the scanning time and resources to the data where the scan is required at most.
- Quick access and high visibility into scan results: Administrators can see the exact spot of discovered data (unauthorized or vulnerable locations) and take immediate remedial actions in the event of non-compliance.
- Smart Scanning Setup: Offers a smart scanning setup allowing you to access a list of past scans and plan scheduled scans and recurring scans. You can also decide what files and other entities to be included in the scan.
- Cross platform scanning: Endpoint Protector does cross-platform scanning of data across Windows, Linux, and macOS end points.
- Two scan modes – Clean scan or Incremental scan: Administrators can select from two scan modes – clean scan or incremental scan. A clean scan is there to screen all the repositories and an incremental scan is there to start screening from where it was stopped last time.
Example: Create a policy to check if an employee has any files that contain credit card numbers on their computers.
To create such a policy, we need to follow the steps below:
1) Select the credit cards that are sensitive data for your organization.
2) Apply the policy to the specific user and save it.
3) You can go to eDiscovery scans section and take various actions in the policy. For instance, click on ‘Start clean scan’ to begin scanning at the user’s computer.
Once the scanning is done, click on ‘Inspect found items’ as shown in the image below.
It will take you to the scan results section and you will see all the suspected records.
Admin can take required action for each suspected record like ‘Encrypt on target’, ‘Decrypt on target’ or ‘Delete on target’.
EndPoint Protector: Pros and Cons
- The Endpoint Protector management console can be hosted on any of the hypervisors.
- Intuitive User Interface: Various subsections under each module are very well categorized, and all the information and action buttons are displayed in a very organized and catchy manner. For example, under device control, the status of the device is shown in three different colors – Red, Green, and Yellow, which makes it easy to identify which device is allowed, which is completely blocked, and which is allowed with some restrictions.
- Any new device connected to the protected system gets automatically added to the device control database, thus making it easy to manage.
- Device control policy can be implemented at the user level as well, in addition to the system level.
- You can easily correlate the device rights and the groups.
- The self-registration mechanism to automatically assign a license to the computers.
- A lot of predefined content is already given inside the content awareness protection module which helps admins to create policies quickly and easily.
- It supports a wide range of device types
- Unlike other such apps, the EasyLock application offered by Endpoint Protector for enforced encryption is cross-platform i.e. a user can encrypt files on a Mac and clip them on a Windows machine.
- Excellent customer service
Cons: No cons as such. Cost is the only factor to consider.
Support: The user manual is available inside the console itself. It contains all the details that you may need to use the tool. Additionally, you can create a support ticket on their website to get your issue resolved. They really respond quickly.
If data is key to your business, then Endpoint Protector is great software and worth investing in as it provides outstanding 360-degree security and protection to your sensitive and confidential data, be it data at rest or data in motion.
Many pre-configured policies also help admins get started with implementing data security. Custom policies can be designed depending upon business needs. It can be employed for all types of business domains and company sizes.