DataLocker released PortBlocker, an endpoint protection agent that limits USB mass storage devices used on a user’s workstation. It is an approach to prevent data breaches while also keeping malware out of your workstation.
PortBlocker can filter USB mass storage, MTP, and PTP devices. Common USB-connected peripherals known to use the USB mass-storage device class include:
- USB flash drives
- USB external hard drives
- MP3 players
- Digital cameras
- Media card readers
- Smart Phones.
Other devices, such as USB mice and keyboards, are always allowed.
PortBlocker is installed on workstations to ensure only whitelisted devices may be mounted as USB mass storage devices. This blocks usage of unsecured and unaudited USB mass storage devices and ensures that those infected with malware cannot infect the workstation or network.
PortBlocker also logs USB activity and reports back to the SafeConsole management server for auditing. Managing PortBlocker with SafeConsole allows administrators to control which devices are allowed or blocked, set policies for different groups, and see audit logs and activity.
PortBlocker key features
- Endpoint Port Control – Whitelist USB storage devices by VID, PID, and serial number through SafeConsole.
- Geofence – Devices can be blocked when the workstation is outside of the geolocation requirements, including IP Address, Country or ISP.
- Workstation-Based Policy Enforcement – Policies are applied based on the workstation location in Active Directory. Individual policy can be created down to the workstation level, if needed.
- Quick Disable/Enable – Administrators can remotely Allow All and Block All devices through SafeConsole.
- Activity Audits – Events including when a device is blocked, an endpoint is registered, the allow all devices policy is changed, etc., are reported to SafeConsole in the Device Audit Logs.
- Automatic Refresh – PortBlocker receives policy updates from SafeConsole.
- Easy Deployment – Deploy PortBlocker to multiple workstations with little user interaction.
- Proxy Aware – Use PortBlocker in secure network environments without special configurations.
“PortBlocker represents the next step in the evolution of DataLocker as a Data Loss Prevention (DLP) solution for removable storage. It allows organizations to ensure that the only devices used to copy files in its environment are approved, secured and audited. Its integration with SafeConsole, the leading central management solution for encrypted storage, makes locking down your USB ports simple and hassle free,” said Jay Kim, CEO, DataLocker.
- Active SafeConsole account (v5.4.0+),
- SafeConsole account (base) is required for new accounts, plus a valid PortBlocker license per workstation (licenses available in 1 or 3 years),
- Windows 7 or 10 (macOS support coming Q2 2019),
- 512MB of RAM,
- 1GB of available hard-disk space
- Connection to SafeConsole server for registration and policy updates,
- 1Mbps network connection,
- Intel Quad Core Atom processor, or equivalent x86 – x64 processor,
- Uses the WinINET (Internet Explorer) system user’s proxy settings. Can use either manual proxy settings or a pac script.