Top 10 Device Control Software Tools (USB Lockdown Software)

This tutorial lists and compares various USB Device Control Software Tools. You will also learn about the need and benefits of USB and Peripheral Port Control Software:

Device Control software is an application that monitors and controls the data transfers from endpoints to removable storage devices and protects against data loss. It can protect you from insider threats and accidental data leakage that happen because of removable devices.

These tools will provide a facility to open or block access to various devices like USBs, smartphones, WiFi network cards, tablets, printers, etc.

Device Control Software Tools

Fact Check: According to the Endpoint Protector research, it is more essential for mid-market companies to have a DLP solution than big companies. Endpoint Protector research also says that there is a rise in cybersecurity threats because of insiders by 47% since 2018, and the cost of these incidents has increased by 31%.

The below image explains that 90% of the organizations feel vulnerable to insider threats because of removable devices:

Insider threats because of removable devices

[image source]

Pro Tip: With the rise of BYOD policies, risks of losing the data have also increased, and hence it is essential to have a device control solution. While choosing the software you can look for features like granularity, ease of defining policies, time & network-based policies, detailed reporting features, the facility of offline temporary passwords.

What are insider threats?

Insider threats are the cybersecurity risks because of the factors within the organization. Legitimate users of a company’s resources can cause these factors. Firewall or antivirus are the measures for external threats, but insider threats are difficult to detect and prevent. Incidents caused by insider threats can cost you up to $11-$12 million.

The below image lists the data that are at higher risk because of insider threats:

What are insider threats

Why Do We Need Device Control Software

Device Control tools are for preventing data loss and theft prevention. USB flash drives or removable storage devices, mobile connection technologies like WiFi provide convenience and enhance productivity but open doors for security risks. Device Control solutions will help you with protecting sensitive data such as PII (Personally Identifiable Information) and Intellectual Property.

Benefits of USB and Peripheral port control software:

USB lockdown software or USB blocking software is an application that restricts unauthorized devices from accessing endpoints and sensitive data. It ensures that data will not be copied to untrusted removable devices.

This software will give organizations control of moving valuable information to USB and Peripheral ports. You will get visibility into the data that is being taken out. These applications will help you with preventing accidental or intentional data loss.

High-quality device control solutions will provide granular control over all devices in the organization. It can contain features like offline temporary passwords or transfer limits, etc. It also contains the encryption functionality that can prevent the unauthorized use of confidential data.

Features of USB Device Control software:

  • Feature of Trust Levels: This feature will allow companies to connect company portable devices or devices with a high level of security. It is helpful for organizations that need to connect devices to endpoints regularly.
  • Time and Network-based policies: This feature will let the administrators set different access rights based on the conditions like a computer that is used outside the company network or business hours. This feature will be useful for companies that are having BYOD policies.
  • The software should be able to monitor the use of devices and should generate reports on it. These reports will help you with identifying weak links and for auditing purposes.
=> Contact us to suggest your listing here.

List Of Top USB Device Control Tools

Here is a list of the most popular Enterprise Device Control Tools:

  1. Endpoint Protector by CoSoSys
  2. Symantec DLP (now Broadcom)
  3. McAfee DLP
  4. DriveLock
  5. DeviceLock
  6. Ivanti
  7. GFI
  8. Safetica
  9. Trend Micro
  10. Sophos

Comparison Of USB Lockdown Software

Device Control SoftwareOur RatingsPlatformsDeploymentControlled Device TypesPrice
Endpoint Protector by CoSoSys

Endpoint_Logo
Star_rating_5_of_5Windows, Mac, & LinuxVirtual Appliance, Cloud Services, Cloud-Hosted.USB storage devices, WiFi Network Cards, USB Modems, Bluetooth Devices, & many more.Get a quote.
Symantec DLP

Symantec_Logo
Star_rating_4.5_of_5Windows, Mac, Citrix XenDesktop, VMware, Microsoft Hyper-V Server, etc.On-premise, hybrid cloud, & as a managed service.MSC devices & MTP devices.Get a quote.
McAfee DLP

McAfee_Logo
Star_rating_4.5_of_5Windows & Mac.Cloud-based & On-premise.USB drives, MP3 players, CDs, DVDs, and Bluetooth devices.Get a quote. As per reviews, $91.99.
DriveLock

DriveLock_Logo
Star_rating_4_of_5Various OS & end devicesOn-premise & as a managed serviceInternal & external devices, drives, & smartphones, etc.Free trial: 30 days, Price starts at $US 5.68
DeviceLock

DeviceLock_Logo
Star_rating_4_of_5Windows & MacOn-premisesUSB, WiFi & Bluetooth adapters, MTP enabled devices, etc.DeviceLock Endpoint DLP Suite: USD 81 (unit price), DeviceLock Core USD 55

Review of the USB Device Management tools:

#1) Endpoint Protector By CoSoSys

Best for small to large businesses.

Endpoint Protector

Endpoint Protector is a cross-platform data loss prevention software to discover, monitor, and protect sensitive data. It provides the features of Device Control, Content-Aware Protection, Enforced Encryption, and eDiscovery. Its device control features will help you to lockdown, control, and monitor USB and Peripheral ports. It provides a simple web-based interface to remotely monitor USBs and peripheral ports.

Endpoint Protector’s device control will help you with monitoring all USB ports & devices on all endpoints. It can uniquely identify all USB connected devices. It provides reports and alerts for USB activity on all endpoints.

Features:

  • You will be able to remotely monitor USBs and peripheral ports.
  • It will let you set the policies easily for Windows, Mac, and Linux platforms.
  • Remotely you can grant temporary access to USB even though the computer is offline.
  • There will not be any performance impact on protected computers.
  • It provides precise and granular control and will let you create device whitelists & blacklists and define policies per user, computer, or a group for uninterrupted workflow across the company.

Verdict: Endpoint Protector has a centrally managed Device Control module. It will give you full control of USB ports and connected devices. It will prevent accidental or intentional data loss or data leaks. It will protect the endpoints from USB malware and BadUSB attacks.

Price: You can get a quote for Endpoint Protector. A demo is also available on request.

Website: Endpoint Protector


#2) Symantec DLP (Now Broadcom)

Best for small to large businesses.

Symantec DLP

Symantec DLP solution is available for data on endpoints, networks, cloud, and storage. It provides the device control functionality through its solution Symantec DLP for Endpoint. It will protect your sensitive data, will keep it safe & protected on endpoints.

It can discover, monitor, and protect the data in use across external storage, email, cloud apps, network protocols, virtual desktops, and servers. Symantec DLP uses a single lightweight endpoint agent that enables DLP Endpoint Discover and DLP Endpoint Prevent.

Features:

  • Symantec DLP Endpoint Discover will provide deep visibility into sensitive files that are stored on user’s laptops and endpoints by scanning the local hard-drivers.
  • Symantec DLP Endpoint Prevent will give you control over a wide range of devices, platforms, and applications.
  • A wide range of responses is available, including identity-based encryption and digital rights for the files that are transferred to USB.

Verdict: Symantec can work in a highly distributed environment. It is scalable up to hundreds of thousands of users and devices. It provides a unified management platform. It has content-aware detection servers and light-weight endpoint agents.

Price: You can get a quote for pricing details.

Website: Symantec DLP


#3) McAfee DLP

Best for small to large businesses.

McAfee DLP

McAfee DLP contains the device control functionalities to control the copying of sensitive data to removable devices. McAfee DLP Endpoint inspects the user actions on sensitive data while cloud applications or emails will be used and when the data is posted to websites. You can block confidential data on any removable storage device.

It will let you filter based on hardware and content. McAfee ePolicy Orchestrator will centralize and simplify security management.

Features:

  • McAfee’s DLP policy manager and classification console will let you create policies like groups of device control, data protection, discovery rules, etc.
  • It will protect sensitive enterprise information with four layers of protection for Windows and with three layers for Mac.
  • Using McAfee ePolicy Orchestrator, you will be able to implement and enforce security policies.
  • It provides the feature of ‘Lock Down Devices’ that will let you block removable storage devices or make them read-only.

Verdict: McAfee Device Control will prevent unauthorized use of removable media. It provides removable device protection and USB data security.

Price: You can get a quote for the McAfee DLP solution. As per the reviews, McAfee DLP Endpoint license will cost you $91.99 per node and it includes 1-year gold support.

Website: McAfee DLP


#4) DriveLock

Best for small to large businesses.

DriveLock

DriveLock has cybersecurity solutions. It provides the services of device control. It can monitor the transactions that are made through USB data carriers. It will let you allow only the desired devices and external drives. It will prevent data transfer through unencrypted media.

DriveLock has various capabilities like Device Control, Application Control, Analytics & Forensics, Machine Learning, Bitlocker management, encryption, identity & access management, etc.

Features:

  • This service will control internal & external devices, drives, & smartphones that can be connected to the endpoint.
  • It has extensive forensic analysis and reporting options.
  • Various OS and end devices are supported by DriveLock.
  • It has functionalities to encrypt hard disks, files in local or central directories, and on external media.
  • You will be able to control which mobile devices can be connected to the corporate network.

Verdict: DriveLock is a modular & multi-layered endpoint security platform. It will also help you strengthen the security awareness of your employees. It has solutions for protecting your business from malware, ransomware, etc.

Price: DriveLock is available in three editions, Base Security ($US 5.68 per device per month), Advanced Security ($US 6.82 per device per month), and Security Awareness ($US 3.03 per device per month). These prices are for an annual subscription and managed security services. A free trial is available for 30 days.

Website: DriveLock


#5) DeviceLock

Best for small to large businesses, agencies, and startups.

DeviceLock

DeviceLock is a data loss prevention software. Along with devices access control functionality, it contains the functionalities of network communications control, content filtering, content discovery, etc.

It contains the feature of Mobile Device Local Sync Control. This feature will help the administrators to set the granular access control, auditing, and shadowing rules for data that is exchanged through local synchronizations with Windows endpoints by devices like Windows Mobile, iPhone/iPad/iPod touch, or Palm mobile devices.

Features:

  • Using DeviceLock, administrators can control the group of users that can access USB, FireWire, WiFi & Bluetooth adapters, MTP enabled devices, etc.
  • It will allow you to set devices in read-only mode.
  • You can control access to the devices depending on the time of day & day of the week.

Verdict: DeviceLock DLP will give you maximum leakage prevention. Its agents will detect and prevent unauthorized data access and transfer operations. These agents perform the multi-layer inspection. Its interception engine will give you fine-grained control over a full range of data leakage pathways at a contextual level.

Price: DeviceLock Endpoint DLP Suite will cost you $81 per endpoint license (minimum 5 endpoint licenses), DeviceLock core will cost you $5 per endpoint license (minimum 5 endpoint licenses). It offers various plans according to functionality like DeviceLock Discovery, NetworkLock, ContentLock, etc.

Website: DeviceLock


#6) Ivanti

Best for small to large businesses.

Ivanti 1

Ivanti provides the device control solution that will let you easily enforce security policies on removable devices and data encryption. It can protect endpoints from malware. Regardless of how the devices are plugged in, Ivanti Device Control will make sure that they cannot copy data.

This solution is a platform with a flexible architecture and provides the features of temporary access, centralized management, and actionable insights.

Features:

  • It provides visibility and control over your devices with access to endpoints like USB sticks, printers, etc.
  • It has a Whitelist or default-deny approach that will let you centrally manage devices.
  • It will let you grant temporary or scheduled access for removable devices to users.
  • You can set the role-based access control.

Verdict: Ivanti Device Control solution will be an effective and scalable solution. You will be able to quickly lock down endpoints and prevent unauthorized use of removable devices and ports with it.

Price: You can get a quote for pricing details.

Website: Ivanti


#7) GFI EndPointSecurity

Best for small to large businesses.

GFI EndPointSecurity

GFI is a USB endpoint security software that will prevent data leakage. It will control, audit, and secure access to removable storage devices. GFI EndPointSecurity has risk assessment capabilities. It will log the activity of portable device access to your network. After a policy or configuration change, you can automatically schedule agent deployment.

It will give you advanced granular access control through whitelists and blacklists.

Features:

  • GFI EndPointSecurity will encrypt the data on USB storage devices.
  • It has the features of computer auto-discovery that will inform you about new computers connected to the network, and you can apply automatic protection to these new computers.
  • It provides portable device usage reporting that can include actual file names transferred to and from devices with the help of GFI ReportPack add-on.
  • It has features for group-based protection configuration.

Verdict: GFI EndPointSecurity will provide the benefits of file control, detailed reporting, automatic protection, and centralized monitoring.

Price: GFI offers three pricing plans, Small ($39.90), Medium ($37.90), and Large ($35.90). All these prices are per unit and per year based. A free trial is available for the tool.

Website: GFI EndPointSecurity


#8) Safetica

Best for small to medium businesses.

Safetica

Safetica provides the DLP solution to prevent data leaks. Its device control functionality will give you complete control of all connected devices. It will restrict unauthorized devices. You will be able to manage all devices from a single place.

Safetica Auditor can identify security risks in your company. Safetica DLP + Safetica Mobile will protect computers, laptops, and phones.

Features:

  • Safetica Device Control will let you define the devices that can be used and helps you with eliminating the risks of BYOD.
  • You can restrict unauthorized media connections by specifying the type of portable devices to use.
  • It has features to encrypt USB drives and other portable devices.
  • It can restrict copy & paste, print, and screen capture.

Verdict: Safetica DLP will protect your sensitive data against data leaks. With Safetica, you will get the audit and management for Windows and Mac OS in one place. Its device control solution will let you decide which devices to be connected, who can connect, and what data we can store on USBs.

Price: Safetica is available in three editions, Safetica Auditor, Safetica DLP, and Safetica DLP + Safetica Mobile. You can get a quote for pricing details.

Website: Safetica


#9) Trend Micro

Best for small to large businesses.

TrendMicro 1

Trend Micro DLP solution will identify, monitor, and prevent data loss on or off the network. It has filters for Skype, P2P, Windows file share, etc. It can detect spyware, Trojans, etc. Trend Micro provides the various DLP Standalone Solutions like Trend Micro DLP Endpoint, Network Monitor, and Management Server.

It provides flexibility in choosing any combination of these solutions or having all the three together. It supports the Windows platform.

Features:

  • Trend Micro DLP Endpoint has functionalities of data discovery, real-time monitoring, and blocking on a wide range of endpoints including removable media.
  • You will be able to perform secure file transfers to USB and CD/DVDs.
  • It can protect unstructured data and intellectual property.

Verdict: Trend Micro provides a lightweight plugin that will give you control and visibility over your sensitive data. It helps you to prevent data loss through USB, email, SaaS applications, etc. You will not require any extra hardware or software for this plugin.

Price: You can get a quote for pricing details. As per the reviews, Trend Micro DLP will cost you $23.66 per user.

Website: Trend Micro DLP


#10) Sophos

Best for small to large businesses.

Sophos

Sophos is a fully synchronized, cloud-native data security platform. It provides advanced endpoint protection and network security that is fully synchronized in real-time. It provides data protection to the data at rest, in motion, or use.

Sophos Synchronized Encryption will protect your data everywhere automatically. To provide proactive protection to your data it continuously validates the user, application, and security integrity of a device and then allows access to encrypted data.

Features:

  • Sophos Mobile Solution is for securing data beyond network boundaries.
  • It has features to secure data across cloud, email, web, and mobile.
  • Sophos Synchronized Encryption will let you encrypt the file individually and these files will remain encrypted even when transferred to a shared folder, removable USB stick, or the cloud.

Verdict: Sophos can protect all your endpoints on all your platforms. It supports various platforms like Windows, Mac, Linux, iOS, Android, etc. Various business products are available with Sophos like endpoint protection, Firewall, managed services, etc.

Price: You can get a quote for pricing details. A free trial is also available.

Website: Sophos


Conclusion

Endpoint Protector by CoSoSys, Symantec DLP, McAfee DLP, DriveLock, and DeviceLock are our top five recommended solutions as Device Control tools. If we compare the top two solutions then Endpoint Protector will be a high-quality alternative to Symantec DLP.

As we all know Symantec is partially acquired by Broadcom and this has affected its support provided to smaller businesses. Acquisitions may cause fewer products and decreased support.

Endpoint Protector is an enterprise-grade DLP solution that can protect data in motion and data at rest. It provides the control of portable storage devices and encryption options. It offers plug & play data security, protection of data across various OS, flexible deployment options, and efficient customer support.

We hope this article will help you choose the right Device Control Software through our detailed reviews and comparisons.

Research Process:

  • Time taken to research this article: 28 Hours
  • Total tools researched: 15
  • Top tools shortlisted: 10
=> Contact us to suggest your listing here.