ControlGuard Data Loss Prevention Blog

Welcome to our new website!

noreply@blogger.com (Kobi Snir) — Mon, 17 Aug 2009 03:22:12 PDT

Now we're not quite done with it yet, but we just couldn't wait to share it with you! In the coming months, as we develop the site, we'll be adding more security articles, videos, social media tools and more: all that good, information protection and security oriented stuff that will inspire you to engage with endpoint security in entirely new ways.

So come on in, have a look around: http://www.controlguard.com

Send us Feedback!
Let's get the dialogue started! This new site has been a long time in the making and all of us (from the core New Web team right through to the programmers, marketers, and the professional services staff) would love to hear your feedback. Let us know what you think about the site and what you'd like to see in the future. Your input means more to us than you may know, and this is the time when we need it the most.

Send us your feedback at info@controlguard.com.

Email Security and Email Protection

noreply@blogger.com (Kobi Snir) — Mon, 17 Aug 2009 03:14:28 PDT

We place our information at risk almost daily without realizing it. There are all kind of scenarios, examples and situations that a sensitive file has been shared to the wrong people, either accidently or by a malicious. In this post I am going to focus on email information protection and how ControlGuard can help you in safeguarding your digital information from unauthorized access and use, both inside and outside your network.

In everyday business processes, people share information and electronic documents by email attachments or by copying sections into email. We store a great deal of private data and visual documents. On our network we can use access control list or NTFS and Active Directory to control the access but unfortunately visual data is very easy to duplicate and pass on. You want to be able to share it with those who need it, but you also want to be able to control an access.

Electronic mail is one of the largest security risks to business today. We assume that since we do not know how to read anyone else’s email and we would never read, it simply is not done. This is a bad assumption for absolutely everyone. Not only it is easy for someone to wander through your email and messages, it is also simple go to the Internet, find, install and use a free snooping tool, and if you are analyzing bits and bytes of clear fragmented text message you will be quite surprised to see how easy is to steal your messages.

Imaging that one of your sensitive emails has been sent, by you, to a person who was not supposed to receive it. How would you feel, knowing that this person was reading your private email? I know that I will feel that my privacy has been violated.

Whether you are sending a personal message or planning an all new corporate strategy, you still have the right to privacy. But, if you are sending out email without using encryption and protection policy, you are unknowing giving up that right.

If your email, and your company’s email system, are not using encryption and are not enforcing email information protection, add it now. Contact us today and we will show you how easy it to apply our encryption technologies to your business correspondence.

Device Control in Windows 7 is not enough

noreply@blogger.com (Kobi Snir) — Sun, 31 May 2009 03:07:50 PDT

Recently I signed up to test the Microsoft Windows 7 Beta. As the Product Manager for ControlGuard, I was interested in researching Windows 7's approach to control the usage of unauthorized portable devices and removable storages with Group Policy.

Microsoft Window 7 is intended to be a big advance in the Windows operating systems family. Many of Windows 7’s capabilities and features will help organizations with improving performance, administering and securing their network environment. Device Control is not one of them. Its features for enforcing control over the usage of portable devices and removable storages will not be sufficient for most organizations, and like its predecessor will be too difficult and time-consuming to configure.

Windows 7 allows administrators to configure policy to prevent installation of any device. However, any device that was installed before the policy was applied is not affected. ControlGuard CSS allows administrators to control the use of devices, not only the installation. Administrators can have separate policies for different device classes, for example, allowing the use of USB keyboards while preventing the use of unauthorized WiFi adapters or USB storage devices.

Windows 7 can enforce very effectively a policy allowing administrators to override device installation restrictions. But the Administrators group is the only group for which an exemption can be defined. After an administrator uses a device, even a USB stick, this device can be used by anyone unless the administrator uninstalls the device. ControlGuard allows usage exemptions for any group or user. Furthermore, ControlGuard CSS enables user and group-specific permissions for the use of specific devices. For example, ControlGuard CSS may allow sales personnel to use a USB flash drive but not allow regular users to access these devices.

Another shortcoming is that Windows 7 requires administrators to manually create a list of allowed devices by installing them on a computer, recording hardware settings for each device, and then copying these settings into a GPO. This is not practical in an environment where multiple computer configurations are in use. Devices can only be controlled by model, but not based on device type or a specific serial number. ControlGuard CSS scans computers for installed devices and then allows administrators to use this data to create white list or black list policies. Administrators normally don’t have to track down hardware identifiers of each allowed device. More important, ControlGuard CSS can allow or deny access to entire device classes or allow access to a unique device based on its serial number or unique ID.

I believe that Windows 7 does not address the device control and security requirements. Furthermore, Windows 7 device control requires an extreme amount of administrative resources. Organizations that migrate to Windows 7 will find that additional software is required to provide effective and significant control of mobile devices and removable storage.