Endpoint Data Protection

Full control over all devices, interfaces and cloud data

Monitor and control the use of devices (e.g. USB sticks, CDs, printers) or interfaces (e.g. Firewire, USB) on endpoints to ensure the security of your data. Audit-proof according to Basel II, Sarbanes-Oxley and PCI compliant.

• Effective device access control: Protects you against attacks and access right abuse. Define who can use which devices (e.g., USB sticks, CDs, TV tuners) or interfaces (e.g., WLAN, Firewire, USB) and to what extent. You not only prevent misuse and data loss, but also stop malware from entering the corporate network via the interfaces (e.g., BadUSB).

• Access control for cloud services and storage: In the cloud, data is accessible everywhere. With Cloud Access Control, you control which employees can use which cloud services and to what extent.

• Keep data transfer channels under control: Data can be transferred in many ways, in addition to the official corporate network, such as via Bluetooth, WiFi, Smart Phones and USB-Devices. Device & Access Control lets you control which employees have access to which data transfer devices, i.e., the routes via which data leaves your company.

Transparently trace data flows and detect weak points early on

Audit provides real-time visibility into data flows within your organization, identifies vulnerabilities and documents forensic information to ensure compliance.

• You meet the requirements for logging of the EU General Data Protection Regulation (EU-GDPR articles 30, 33) and at the same time protect the personal rights of your employees. The logging data is protected by the 4- or 6-eye principle (in compliance with the relevant personnel).

You retain control over all your applications - shadow IT is history

• With Application Control you determine which users are allowed to open which programs.

• You also successfully put a stop to shadow IT. You prevent malware from entering the company network via your endpoints through unauthorized and, above all, incorrectly licensed installations.

• In this way you avoid liability risks and financial penalties during audits. Many viruses can also be blocked in this way, usually faster than anti-virus solutions can detect them.

Control with data encryption

Seamless Anywhere Encryption protects storage media, directories, clouds, individual files or entire hard disks on-the-fly, without adversely affecting user productivity. You determine which authorized users are granted access. With the mobile app, your data can be decrypted on external devices and in the cloud on mobile devices or external systems. Additional authentication protects encrypted hard disks when removing hardware or bypassing Windows logon. In this way, you also guarantee the protection of personal data in accordance with EU-GDPR Article 32.

• Cloud Storage & Network Share Encryption: Encrypt folders and files in cloud storage (e.g. Microsoft OneDrive, Google Drive, Dropbox) or any shared network. The encryption keys remain in your organization and are never stored in the cloud, a distinct advantage over encryption solutions offered by cloud storage service providers.

• Full Disk Encryption: Laptops can be lost or stolen and your sensitive data remains protected. Full Disk Encryption ensures that only authorized users have access to the device and data. Smart cards and eTokens can be used for increased security. Full Disk Encryption is FIPS 140-2 Level 1 certified and supports Advanced Encryption Standard New Instructions (AES-NI).

• Permanent Encryption: Encrypt files no matter what the medium (external storage media, network, local hard drives, cloud storage, etc.) Encrypted data remains encrypted even when transferred via other transfer channels (e.g. as an email attachment or web upload). You can easily reopen the data on third-party and mobile devices using a password or PKI token through the Mobile Encryption Component. 

• Local Folder Encryption: Protects your data in case of device or storage media loss, but also where several users have access to the same device. Sensitive data is also protected against access by employees with administrator rights.

• Removable Device Encryption: Mobile storage devices, such as USB flash drives, are getting smaller and more powerful, making them increasingly easy to lose or steal. With Removable Device Encryption, files are protected with methods that can be combined in multiple ways, ensuring that data cannot be accessed by unauthorized users.

• Android & iOS Encryption: iOS and Android devices provide file-based protection of internal storage, storage cards and cloud accounts. Decryption is enabled by entering a password.

• Preboot Authentication (PBA): The door stays closed - prevent Windows logins and associated encryption from being manipulated or bypassed by starting USB/CD, or replacing the operating system. In case of theft, this also prevents any bitlocker protection from being levered out during startup.