ManageEngine Device Control License
Table of Contents
ManageEngine Device Control
Device Control Software (DLP)
ManageEngine Device Control License is an enterprise security solution that particularly focuses on third-party devices connecting to your endpoints. These third-party devices include USB flash drives, CD-ROMs, Bluetooth devices, and other removable storage drives that are used to import and export files from computers across an enterprise’s IT network.
Many enterprises regularly permit their staff to use external devices for storing and carrying work-related files home. While the use of such devices can improve the mobility of data, judging the intent with which this is done comes with its challenges. Data that falls into the wrong hands can easily be used for professional or personal gains.
This data leakage prevention (DLP) solution blocks all unauthorized attempts to access files, enabling you to have complete control over who and what device has privileges to copy and transfer files. You can also get notified every time a user plugs in a new device to their computer.
Device Control Plus enables you to add and monitor third-party peripherals in real time using Trusted Device Lists. Furthermore, this software allows you to assign only the access permissions users need based on the actual role they perform within the enterprise.
ManageEngine Device Control Features
1.USB port blocking
ManageEngine Device Control License keeps all USB ports across your endpoints on lockdown by default, preventing your valuable files from being exported onto unauthorized removable storage devices.
Often, users are completely unaware that their USB device also serves as a host for malicious programs and scripts. This feature adds a layer of security to your enterprise by preventing the intrusion of malware from such unsafe devices, and eliminates insider threats like USB attacks.
2.File access control
Device Control Plus offers a unique approach to designating file access rights to your users using role-based access control (RBAC). With RBAC, you can build intricate policies that grant permissions for importing and exporting files through USB devices to users in accordance with their job titles and internal roles.
For example, a high level staff member can have elevated file access rights, while the vast majority of your workforce can be given read only access. Rest assured that your sensitive files are well secured.
3.File transfer control
With this DLP solution, not only can you control access to files present on your network, you can also limit the transfer of files across your endpoints. Device Control Plus enables you to impose a file transfer restriction based on file size, file type, or file extension. With this software, you can actively monitor the actions performed on your files. The product dashboard constantly updates you on which file extensions are frequently transferred, and logs all attempts made to transfer files larger than the set limit.
Device Control Plus uses a Zero Trust security model that assesses trust every time a new device is connected, blocking access to all unauthorized devices by default. This is the opposite of legacy security models that automatically render every device within an enterprise as trusted.
This feature enables you to carefully monitor all trusted devices from one location. You can also choose which devices to add to your trusted device list so your users don’t have to request access every time they need to plug in to an external device.
Providing temporary access to third-party devices helps you effectively keep tabs on the total number of users who have access to sensitive files. Device Control Plus lets you provide temporary access based on user requests, right from the product console. The product lets you set a specific time frame to allow the transfer of files, after which access rights will be taken away again.
6. File shadowing
File shadowing is the process of creating exact copies of files that were copied onto or modified with USB drives. Device Control Plus stores a mirror copy of the files in a well-secured, password-protected network share, which can be used by authorized personnel to retrieve stolen, lost, or tampered files. This useful feature ensures that you never have to worry about losing data to a data breach, if it were to occur.
Although device control constitutes a minor fraction of the overall security goals of an enterprise, failing to practice this increases the likelihood of vital data, such as employees’ personal information, banking details, and internal files, to be compromised during a data breach. Download Device Control Plus free for 30 days to get firsthand experience with this solution and all its features.