1. Lumension ® Device Control (formerly SanCtuary)
Datasheet
Key Benefits
Enforce Security Policies for Removable Devices, » Protects Data from Loss /
Theft
Media and Data » Enables Secure Use of
Data leakage caused by the accidental or sometimes malicious Productivity Tools, Like
USB Sticks
use of removable devices and/or removable media has reached
» Enhances Security Policy
alarming levels. In fact, over 85% of privacy and security Enforcement
» Delivers Precise Control
professionals reported at least one breach and almost 64%
with Access Limits
reported multiple breaches that required notification.1
“One of the main benefits in
Organization-wide Device Management deploying Lumension Device
To enhance productivity, organizations need to provide employees and partners Control is its whitelist feature,
access to data. With more employees working remotely, access is required from which ensures that no device,
outside the network. But the potential impact of data loss, be it accidental or mali- unless authorized, can ever
cious, is a very real concern. And today, removable media / devices are the most be used, no matter how it gets
common data leakage routes -- no file copy limits, no encryption, no audit trails plugged in. Flash memory USB
and no central management. devices represent a significant
risk with the potential to steal
The information contained in customer and corporate data, such as personally company data or introduce
identifiable information (PII) and intellectual property (IP), is worth billions to “malware”, which could render
some. And the costs for recovery of data and lost business are rapidly rising as the computer unusable and
well: the total average cost of a data breach incident is estimated to be $6.6 mil- quickly infect other PCs on the
lion or $202 per compromised record, with the cost of lost business averaging same network. Device Control
$4.6 million or $139 per record. 2 is a really strong, easy to use
product which is why Barclays
Lumension Device Control provides: chose this solution.”
» Enforcement of removable device usage and data encryption policies Paul Douglas, ADIR Desktop
» Central management of devices and data using a whitelist / “default deny” approach Build Team Manager, Barclays
» Enablement of productivity-enhancing tools while limiting the potential for
data leakage and its impact
Key Features
» Whitelist / “Default Deny” » Context-Sensitive Permissions
» Policy Enforced Encryption for » Centralized Management /
Removable Storage Data Copy Administrators’ Roles
Restriction » Role Based Access Control
» File Type Filtering » Tamper-proof Agent
» Temporary / Scheduled Access » Flexible / Scalable Architecture
1. Deloitte & touche and Ponemon Institute, enterprise@risk: 2007 Privacy & Data Protection Survey, December 2007
2. Ponemon Institute, 2008 annual Study: Cost of Data Breach Study, february 2009
2. How Lumension Device Control Works System Requirements
» Server: Windows Server
1. Discover - Identify all removable devices that are currently or
2003, Windows Server
have ever been connected to your endpoints.
2008
2. Assess - Categorize all “plug and play” devices by
» Client: Windows XP
class, model and/or specific ID and define policy
Professional, Windows
through a whitelist approach.
2000 Professional,
3. Implement - Enforce file copy limitations, file
Windows Server 2003,
type filtering and forced encryption policies for
Windows Vista
data moved onto removable devices.
Complete Requirements
4. Monitor - Track all policy changes, administrator
activities and file transfers to ensure continuous
Online Resources
policy enforcement.
» FREE TRIAL
5. Report - Provide visibility into device and data us-
» Data Protection Blog
age to demonstrate compliance with corporate and/or
» Device Scanner
regulatory policies.
» Taking Control of Your
Data: Protecting Business
Key Features
Information from Loss or
Whitelist / “Default Deny”: Assigns permis- Temporary / Scheduled Access: Grants us-
Theft
sions for authorized removable devices and ers temporary / scheduled access to removable
» Webcast: Data on the Edge
media to individual users or user groups; by devices/media; used to grant access “in the fu-
default, devices / media and users not explicitly ture” for a limited period.
authorized are denied access.
Contact Lumension
Context-Sensitive Permissions: Applies dif-
» Global Headquarters
Policy Enforced Encryption for Removable ferent permissions when the endpoint is con-
15880 N. Greenway Hayden
Storage: Centrally encrypts removable devices nected to the network, when it is not, and/or
Suite 100
(such as USB flash drives) and media (such as regardless of connection status.
Scottsdale, AZ 85260
DVDs/CDs), plus enforces encryption policies
+1.480.970.1025
when copying to devices / media. Role Based Access Control: Assigns permis-
sales@lumension.com
sions to individual users or user groups based
Data Copy Restriction: Restricts the daily on their Windows Active Directory or Novell
» United Kingdom
amount of data copied to removable devices eDirectory identity, both of which are fully sup-
+44.0.1908.357.897
and media on a per-user basis; also, limits us- ported.
sales.uk@lumension.com
age to specific time frames / days.
Tamper-proof Agent: Installs agents on every
» Europe
File Type Filtering: Controls file types that endpoint on the network; agents are protected
+352.265.364.11
may be moved to and from removable devices against unauthorized removal – even by users
sales-emea@lumension.com
(such as USB sticks) and media (such as DVDs/ with administrative permissions.. Only Device
CDs) on a per-user basis. Control Administrators may deactivate this pro-
» Asia & Pacific
tection.
+65.6725.6415
Centralized Management / Administrators’
sales-apac@lumension.com
Roles: Centrally defines and manages user, Flexible / Scalable Architecture: Provides or-
user groups, computer and computer groups ganization-wide control and enforcement using
access to authorized removable devices / me- scalable client-server architecture with a cen-
dia on the network; by default, those devices / tral database that is optimized for performance.
media and users not explicitly authorized are Supports virtualized server configurations.
denied access.
www.lumension.com
Vulnerability management | endpoint Protection | Data Protection | reporting and Compliance
LDC-DS-EN-28-07-09