Secure USB configuration primarily focuses on preventing unauthorized access via devices using block technology. While this model ensures security, adhering to compliances (such as PII, PCI, GDPR, and HIPAA), storing device data logs for auditing, and the flexibility of tilting the configurations to favor productivity for specific business reasons, are outside the scope of Secure USB.
Device Control module in Endpoint Central Security Edition has vast configurations and customizations, that can secure and extensively monitor 15+ peripheral devices.
With Endpoint Central Device Control module, you can,
Capabilities | Secure USB | Device Control |
---|---|---|
Device types supported | 10 | 18 |
OS Platform supported | Windows | Windows and Mac |
Read-only access for devices | Not supported | Policies can be deployed to allow read-only permission access to CD-ROM, windows portable devices, and removable storage devices. |
Allow devices based on BitLocker encryption | Not Supported | Policy can be deployed to allow removable storage devices, only if they are BitLocker encrypted. |
Allow file transfer based on file type | Not supported | Policy can be deployed to allow file transfers via removable storage devices, based on file extension. |
Allow file transfer based on file size | Not supported | Policy can be deployed to allow file transfers via removable storage devices, based on file size. |
Device-specific file access privilege | Not Supported | Device-specific file access settings can be deployed. Example: Devices in the trusted devices list can have full access. Whereas non-trusted devices can be provided with Read-only access. |
File tracing | Not supported | File transfers done via removable storage devices will be audited. |
File shadowing | Not supported | Policies can be deployed to shadow sensitive files transferred via removable storage devices. |
Device audit report | Not supported | Currently connected devices and blocked device access attempts can be seen in the report. |
Temporary access | Not supported | Limited access to peripheral devices can be given. |
Temporary access portal | Not supported | Users can request temporary access to the peripheral devices from their endpoints. Admin can approve/deny those requests, based on the justification provided in the request. |
Offline temporary access | Not Supported | Temporary access has an additional feature using which a temporary access code (.tac) can be created and applied from endpoints. Agent-server communication is not needed for applying this code (.tac) |
Trusted devices list | Not supported (Separated list cannot be created and associated ) | A list that contains the trusted devices that need to be allowed in the network can be created and associated with device control policies. |
Wild card support for trusted devices (Serial Number) | Not supported | Supported |
Computer-specific audit data | Overall device audit is available. | File tracing, file shadowing, and device audit can be viewed for individual machines. |
Immediate blocked device alert | Not supported | When a device is blocked by the deployed policy, an immediate alert can be sent via e-mail. |
Alert notification | Only global alert settings. |
|
Disable auto-run | Not Supported | Supported |
Restrict Bluetooth file transfer alone | Not supported | Policies can be deployed to allow Bluetooth headphones, keyboards, and mice alone, whereas file transfers via Bluetooth will be blocked. |
Option to audit only selected device types | Not Supported | Supported |