A soft approach to hardware usage

Applying corporate security policies to devices used by employees, especially mobile ones, is every bit as important as monitoring applications installed on the network or controlling Internet access. The larger the company is, the more difficult it is to create security policies which ensure the necessary protection without affecting employees as they work. Accordingly, companies increasing need ways to flexibly configure restrictions. That’s where Device Control, part of Kaspersky Endpoint Security 8 for Windows, comes in.

Take a situation where you need to protect your corporate computers and laptops against infected external devices and at the same time ensure the company’s sensitive data cannot be stolen, e.g. by means of a USB flash drive. The easiest solution to the problem would be to disable USB ports on all devices. But this is quite a time-consuming task and is likely to be very unpopular with laptop users who frequently travel on business and use a USB port, e.g. to connect to a 3G- or 4G-modem.

Device Control technology replaces this blunt implement with a more flexible solution: the Default Deny scenario allows you to ban connections for any devices which do not have prior permission. It means you can set up a general ban on USB connections, but create a list of exceptions by adding the serial numbers of approved devices.

Device Control can block or restrict the use of a device by connection type and serial number, including the use of allowlists. In addition, you can use categorization (printers, modems, removable disks etc.) to block the use of certain types of device. Combining these two approaches makes it possible to implement even complex corporate security policies as quickly and easily as possible.

Device Control technology can also help out with temporary bans or restrictions. For example, if the company has a strict ban on the connection of any devices to servers and workstations, but still needs a daily reserve backup of data to external storage, it is possible to permit the use of these devices after the end of the normal working day. If necessary, it is possible to set an automatic reserve backup, then all that remains is to synchronize the timing of Device Control and the reserve backup process.

To generate even more flexibility, Kaspersky Endpoint Security 8 for Windows makes it possible to divide all users into groups and assign separate rules to each group. If necessary, a group can be set up for a single individual, such as the CEO. If group policies are already implemented in your company, it is possible to combine current security measures and settings with Kaspersky Lab’s technologies using Microsoft Active Directory. As a result, protection of the company’s IT infrastructure will be more reliable, without the headache of having to configure it from scratch.

Click on the infographic to find out more on device control.