Featured Eseminar Auditor Download GuardianEdge Federal GuardianEdge

“Our top priority at Lincoln Financial Group has always been to provide the highest protection for our customer data.”

—Pat Lefemine, Chief Information Security Officer, Lincoln Financial Group.

Device Control FAQs


Device Control Frequently Asked Questions

This page contains answers to the most commonly asked questions about Device Control

Supported Deployment Topologies

  1. What are the differences between the Platform and Standard Editions with respect to deployment topologies supported?
  2. What is the integration between GuardianEdge Device Control Platform Edition and the GuardianEdge Data Protection Platform?

Port and Device Control

  1. How does GuardianEdge Device Control determine whether to block or allow devices when they are connected?
  2. What policies can be set to restrict the ports and devices that are connected to endpoints?
  3. What ports and devices does GuardianEdge Device Control protect?
  4. What operating systems does GuardianEdge Device Control support?

Access Control Policies

  1. How do administrators create policies?
  2. How do administrators update policy settings to reflect a different level of permissions?
  3. Is there a mechanism for administrators to suspend policy controls in situations where a user may have a need to use a port/device and there is no network connectivity?

Data Leakage Prevention

  1. Can the transfer of specified types of data be blocked?
  2. Is there detailed auditing of all data transferred off of machines?
  3. Do end users receive notification when GuardianEdge Device Control blocks devices?
  4. What is file shadowing and how is it useful for detecting data leakage?
  5. Does GuardianEdge Device Control provide alerting?

Logging and Reporting

  1. What types of data does GuardianEdge Device Control log?
  2. Does GuardianEdge Device Control provide a mechanism to search through logs?
  3. What search options are available from the management interface?
  4. What type of monitoring data is available?
  5. How do administrators access shadowed data?
  6. What administrative notification is provided for events?

Enterprise Manageability

  1. How is the product deployed and installed?
  2. How are software updates distributed?
  3. What administrative roles can be created?
  4. How is GuardianEdge Device Control integrated into Active Directory?
  5. Are policies enforced when endpoints are not connected to the corporate network?
  6. How scalable is GuardianEdge Device Control?

End User Experience

  1. Does the user have the ability to see the policies applied to his/her endpoint?
  2. How is the user notified of policy violations?
  3. Does GuardianEdge Device Control create any application compatibility issues?


Supported Deployment Topologies

1) What are the differences between the Platform and Standard Editions with respect to deployment topologies supported?

The Platform Edition is intended for customers with clients joined to an Active Directory domain. The Standard Edition is intended for customers with Novell-managed clients and/or clients that are not joined to any directory service.

2) What is the integration between GuardianEdge Device Control Platform Edition and the GuardianEdge Data Protection Platform?

Both products can be managed from the same console providing an administrator a consistent workflow in managing all GuardianEdge products.

Port and Device Control

1) How does GuardianEdge Device Control determine whether to block or allow devices when they are connected?

GuardianEdge Device Control allows administrators to define policies that allow or disallow communications with devices, including:

  • Physical and wireless ports of a computer – If a port is allowed, then all communications are allowed to and from the port. If a port is blocked, then no traffic is allowed. USB, FireWire, PCMCIA, and wireless ports can be restricted, which means all traffic is forbidden, except that which is expressly allowed.
  • PDevices that connect to these ports – Devices covered in this class include human interface devices, such as mice and keyboards, printers, mobile phones, and PDAs. These classes of devices can be allowed, disallowed, or restricted. Restricted means that, unless a device is expressly allowed by means of a white list, then the device is disallowed. White lists can be created using either the “make and model” of device or by the device’s unique ID (i.e. serial number).
  • PStorage devices - Storage devices, such as removable storage devices, external hard drives, and CD/DVD burners are treated as a separate class of devices from the above devices. Storage devices, like the above devices, can be allowed, disallowed, and restricted. Additionally, storage devices can be set to read-only and, therefore, be read from but not written to.
  • PFile types – If a read or write communication to or from a device passes the above criteria, then file-type controls come into play. File types can be allowed, allowed and shadowed, or disallowed. If allowed and shadowed is selected, then files of that file type are mirrored to one or more repositories.

2) What policies can be set to restrict the ports and devices that are connected to endpoints?

Policies settings include allow, disallow and restrict access. In addition, for storage devices, such as USB flash drives, external hard drives, and CD/DVD burners a read-only policy can also be set.

3) What ports and devices does GuardianEdge Device Control protect?

The physical ports that GuardianEdge Device Control protects include:

  • USB
  • FireWire
  • PCMCIA
  • S-SATA
  • IDE
  • Serial
  • Parallel
  • Internal Ports (includes IDE, SCSI, ATA and S-ATA which are used to connect internal hard disk drives, as well as PCI and PCI-X which cater to devices such as modems and network cards)
GuardianEdge Device Control protects the following wireless ports:
  • WiFi
  • Bluetooth
  • IrDA

4) What operating systems does GuardianEdge Device Control support?

The GuardianEdge Device Control Client supports the following operating systems:

  • Windows Vista Business, Ultimate, or Enterprise Edition
  • Windows XP, SP2
  • Windows XP Tablet PC Edition 2005
  • Windows 2000 Professional Edition, SP4
  • Windows Server 2003, SP1 and SP2
  • Windows 2000 Server, SP4
  • Windows 2000 Advanced Server, SP4

Access Control Policies

1) How do administrators create policies?

Policies are created through a simple to use graphical interface in the administrative console. Policies can be as broad as is required, for example a class of storage media devices prohibited altogether, or much more specific and narrow, for example allowing only certain users to write data to a specified list of USB memory devices. With all policies the options to restrict read and write privileges, in addition to logging, notification, alerts, and data shadowing are supported. The policy specification capabilities in the product make it easy and intuitive to create and deploy policies that are aligned with the roles of users and machines throughout the network environment. In many cases organizations will deploy the product with no policy enforcement to document the port and device usage and associated data transfer acuities. This provides insight into the expected activity on endpoints and provides the starting point for implementing policies to restrict unapproved activity.

2) How do administrators update policy settings to reflect a different level of permissions?

Policies can be updated by editing or replacing in the GuardianEdge Management Console. As with policy creation, editing and updating policies is simple and intuitive. Once changes have been specified the policy is automatically pushed out to the endpoints.

3) Is there a mechanism for administrators to suspend policy controls in situations where a user may have a need to use a port/device and there is no network connectivity?

Yes. GuardianEdge Device Control accommodates urgent situations where an employee needs to gain access to a device and does not have connectivity back to the corporate network (e.g. at a customer or vendor site). To accomplish this, administrators read users a code that the users must then enter on their computers. Suspension can be granted by administrators for 15 minutes, 2 hours, 6 hours, 1 day, and 1 week. The suspension automatically expires, without any further action by administrators.

Data Leakage Prevention

1) Can the transfer of specified types of data be blocked?

Yes. GuardianEdge Device Control can block files by file type.

All data is inspected and mapped to a taxonomy of 14 different classes of data in 140+ file types commonly associated with desktop applications. This inspection capability does not just read file extensions; it reads the file and its meta data to ensure accurate classification. When specifying policies data read and write activity can be restricted based on the type of data. This provides the capability for example to allow users to transfer multimedia files but prevents them from transferring spreadsheets of publishing documents, providing key capabilities to ensure data does not leak off of endpoints

2) Is there detailed auditing of all data transferred off of machines?

Yes. GuardianEdge Device Control provides best-in-class auditing of data transferred from computers. The following is a partial list of the data logged by GuardianEdge Device Control:

  • Date and time of event
  • Computer
  • User
  • Event (e.g. Allowed, Blocked, Read Only, and 21 other possible values)
  • Port
  • Device type
  • Device description
  • Device vendor
  • Device serial number
  • Operation (e.g. Read, Write)
  • File type
  • File extension
  • File name
  • File size
  • Date and time file was created
  • Date and time file was modified

3) Do end users receive notification when GuardianEdge Device Control blocks devices?

Administrators can control whether GuardianEdge Device Control notifies users when it blocks devices, and control the contents of the message.

4) What is file shadowing and how is it useful for detecting data leakage?

File shadowing mirrors data that was read from and/or written to storage devices to one or more repositories where administrators can inspect the files. This can provide proof that data leakage has occurred, and allows administrators to detect sophisticated users who may change the names of files they are copying to storage devices in order to evade logging (e.g. “2008 Strategic Plan” could be changed to “XYZ Customer Presentation.”

5) Does GuardianEdge Device Control provide alerting?

Yes. GuardianEdge Device Control provides alerting. In the event of violations of policies marked for administrative notification Alerts can be sent by email, SNMP or SMS.

Logging and Reporting

1) What types of data does GuardianEdge Device Control log?

GuardianEdge Device Control provides best-in-class auditing. The following is a partial list of the data logged by GuardianEdge Device Control:

  • Date and time of event
  • Computer
  • User
  • Policy name
  • Event (e.g. Allowed, Blocked, Read Only, and 21 other possible values)
  • Port
  • Device type
  • Device description
  • Device vendor
  • Device serial number
  • Operation (e.g. Read, Write)
  • File type
  • File extension
  • File name
  • File size
  • Date and time file was created
  • Date and time file was modified

2) Does GuardianEdge Device Control provide a mechanism to search through logs?

Yes. GuardianEdge Device Control provides powerful filtering capabilities to obtain precisely the log data that you are looking for, and data can be exported to an spreadsheet compatible XML document for further analysis. Filtering capabilities include filtering by domain, OU, user, or computer. Queries can also be generated against logs to zero in on information of interest. The following are some of the items that can be queried against:

  • Scope of event (e.g. port, device, storage device, or WiFi)
  • Port (e.g. USB, FireWire, etc.)
  • Device type (e.g. printers, mobile phones, network adapters, etc.) and vendor ID, model ID, and/or serial number
  • Storage device/media type (e.g. removable storage devices, external hard drives, CDs/DVDs, etc.) and vendor ID, model ID, and/or serial number
  • WiFi network and whether encryption was present or not
  • Tampering events
  • File name
  • File type
  • File extension
  • File size
  • File created data and time
  • File modified date and time

3) What search options are available from the management interface?

A partial list of search options includes the following:

  • Domain
  • OU
  • User
  • Computer
  • Scope of event (e.g. port, device, storage device, or WiFi)
  • Port (e.g. USB, FireWire, etc.)
  • Device type (e.g. printers, mobile phones, network adapters, etc.) and vendor ID, model ID, and/or serial number
  • Storage device/media type (e.g. removable storage devices, external hard drives, CDs/DVDs, etc.) and vendor ID, model ID, and/or serial number
  • WiFi network and whether encryption was present or not
  • Tampering events
  • File name
  • File type
  • File extension
  • File size
  • File created data and time
  • File modified date and time

4) What type of monitoring data is available?

GuardianEdge Device Control provides the following monitoring data:

  • Computer name
  • Whether the computer is protected with GuardianEdge Device Control or not
  • GuardianEdge Device Control software version
  • Logged on user
  • Domain
  • Effective policy
  • Last communication with client
  • Last time logs were received
  • Last time tampering logs were last received
  • Whether protection is in force or temporarily suspended
  • Suspension start time
  • Suspension duration

5) How do administrators access shadowed data?

Administrators access shadowed data by clicking on a link in the File Logs next to the name of the file. This allows the administrator to first see the file name, file type, date created, and other high-level information about the shadowed data before deciding whether to look at the file contents.

6) What administrative notification is provided for events?

GuardianEdge Device Control provides alerting in the form of email, SNMP and SMS for events.

Enterprise Manageability

1) How is the product deployed and installed?

Administrators deploy GuardianEdge Device Control to endpoints using their existing deployment tools and methodologies. GuardianEdge Removable Storage supports deployment using any standard software deployment tool that can distribute .msi packages. These include third party software deployment tools, such as SMS and Tivoli, and Microsoft GPOs.

2) How are software updates distributed?

Software updates are distributed by deploying the GuardianEdge Device Control software using existing deployment mechanisms. The update should be installed over the existing software.

3) What administrative roles can be created?

GuardianEdge Device Control ships with the following pre-configured administrative roles:

  • Super Administrator
  • Policy Administrator
  • Log Reviewer
  • Clients Administrator
Additionally, Administrators can define new roles or alter the permissions of the above roles. Permissions that may be granted consist of the following:
  • Read policies
  • Write policies
  • Read logs
  • Write log queries
  • Read client monitoring status updates
  • Grant client suspension passwords
  • Read global policy settings
  • Write global policy settings
  • Read administrative settings
  • Write administrative settings

4) How is GuardianEdge Device Control integrated into Active Directory?

GuardianEdge Device Control is integrated into Active Directory as follows:

  • MMC based policies interface. The management console uses a native MMC interface for policy control, providing the capability to manage GuardianEdge Device Control from the same console as is used to manage other Active Directory policies. Administrators familiar with using Active Directory for managing email and systems can be immediately effective with minimal training.
  • AD hierarchy integration. GuardianEdge Device Control policies can be deployed to all levels of the Active Directory hierarchy, including domains, sites, OUs, and groups. This Active Directory hierarchy is natively available in the management console, and no LDAP synch is required to periodically update it.
  • AD role based administration. GuardianEdge Device Control policies can be deployed and managed using Active Directory’s powerful role-based administrative capabilities. Administrators can only be allowed to deploy GuardianEdge policies to a specific domain, site, OU, or group.
  • Uses existing AD infrastructure for policy deployment. GuardianEdge Device Control policies are pushed out to endpoints using companies’ existing domain controller infrastructures.
  • Filter and monitor using Ad hierarchy. GuardianEdge Device Control logs and monitoring data can be filtered using the current Active Directory hierarchy.

5) Are policies enforced when endpoints are not connected to the corporate network?

Policies are enforced irrespective of whether clients are connected to the network. When GuardianEdge Device Control Clients can not communicate with the GuardianEdge Device Control Server, their logs and shadowed data are cached until the next time that the clients can communicate with the server.

6) How scalable is GuardianEdge Device Control?

GuardianEdge Device Control is highly scalable. One instance can handle upwards of 100,000 clients.

End User Experience

1) Does the user have the ability to see the policies applied to his/her endpoint?

If the administrator has a policy in effect on the GuardianEdge Device Control Client to make it visible to end users, then the user will be able to see the policy name. In addition, when GuardianEdge Device Control blocks communications, administrators can configure the GuardianEdge Device Control Client to generate messages defined by the administrator based on the type of blocking that occurs.

2) How is the user notified of policy violations?

If enabled by administrators, users are notified through pop-up messages when GuardianEdge Device Control blocks a user activity.

3) Does GuardianEdge Device Control create any application compatibility issues?

We are not aware of any application compatibility issues created by GuardianEdge Device Control.