The plug & play technology allows connecting various portable storage devices, from USB sticks to external hard drives, digital cameras or MP3 players or iPods, to your computer or laptop in a few seconds.
Almost all PCs with Windows or Apple MacOS have both USB ports and other connection ports for peripherals, and this facilitates the accidental loss or theft of data.
In addition to data loss, computer connections (both those made through physical ports and software / virtual ones made through wifi, Bluetooth or the Internet) easily allow computers inside a company to be infected if they are left unprotected. Network administrators had limited means of stopping data loss or computer infection when dealing with irresponsible or malicious users. This was a sad truth.
Today Endpoint Protector is here to help stop these threats.
- Protecting data on the go
One of the main benefits of endpoint DLP is that it’s not dependent on a corporate network to function. Data loss prevention policies are applied at the computer level, and they will continue to protect sensitive information in real-time whether an employee is working on-premises or remotely.
With today’s workforce becoming increasingly mobile and the risks inherent in any environment outside the security of a company network, it is essential that data be protected regardless of endpoint devices’ physical location.
Using endpoint DLP, companies do not need to restrict employees’ mobility, limiting their ability to travel and work from anywhere. They can rest assured that sensitive data will remain just as secure, whether they are at a conference, at a client’s office, or at home.
- Controlling portable devices
Another easy way sensitive data is lost is through removable media. Employees can copy files onto personal USBs without violating any network DLP policy. Endpoint DLP, however, enables administrators to choose different levels of trust for devices based on specific criteria. In this way, they can, for example, allow only company devices to connect to endpoints or block them all. Not being dependent on the company network to function, these policies can be enforced even offline.
Additional features can offer encryption capabilities for USBs. Organizations can ensure that file transfers from an organization’s endpoints onto portable devices, be they company-owned or not, are automatically encrypted. In this way, sensitive information is always protected even when it is physically on the move. In case of lost encryption passwords or malicious insiders, admins even can reset passwords or remotely wipe USBs.
- Data visibility on the endpoint
While network DLP products are good at keeping data from traveling outside company networks, they usually do not offer content discovery capabilities on the endpoint. This means that companies do not know if employees have sensitive information stored on their computers.
This is a major issue when it comes to compliance: many data protection regulations require companies to restrict access to sensitive information and store it only for as long as it is needed for the original purpose it was collected for. On top of that, many data subjects now have the right to request that their data be deleted or have the option to withdraw consent for data processing.
If organizations do not know where their data is stored on company endpoints, they risk running foul of data protection regulations and incurring steep fines for noncompliance. Using endpoint DLP, admins can scan data at rest on computers company-wide and take remediation actions when it is found. Information can be deleted or encrypted based on needs, thus ensuring that companies can enforce the right to be forgotten and restrictions that need to be applied for compliance with data protection regulations.
Endpoint Protector will help you secure your PCs endpoints within your network.
You will be able to restrict the use of both internal and external devices which can be used for data storage and transfer and to manage PC and MAC ports.
Endpoint Protector gives network administrators the control needed to keep network endpoints safe.
- Control use of all USB and other storage devices
- Tracking of what data is saved to storage devices
- Tracking of what data is copied from and to storage devices
- Authorize the use of USB storage devices
- Securing data on USB storage devices
- Powerful reporting tool and audit
The modular and intuitive Web-based administration interface has been designed to offer fast access to controlling computer, devices, and user behavior in a large network. It also offers several ways to track any kind of portable device related activity registered on the system. A detailed report including timestamps, file names, action(s) taken, logged user, etc. allows for pin-pointing malicious behavior and users.
The system’s design also allows the vendor’s support team to perform easy customizations and extensions requested by clients. Better automation and express reports can be developed according to customer demands. At the same time this structure is easy to update and maintain, making the usability even greater.
Endpoint Protector is the only solution that gives companies of any size the ability to let users take advantage of the increasingly important functionality of USB and other ports without losing control over data and compliance.
This endpoint security device control solution is designed to control usage of all portable storage and to keep track of what data users are taking from and to their work computers on any kind of portable storage devices.
Furthermore, Endpoint Protector enables network administrators to monitor and report what data is introduced into the corporate network from a portable storage device such as prohibited materials (MP3s, movies or games) or harmful data like a virus that could jeopardize the networks integrity.
As not all portable storage devices are used with the intent to harm the company, many legitimate reasons commonly justify the need of such devices to increase network users’ productivity. Thus, Endpoint Protector allows authorized use of certain device types or specific devices such as the companies’ own USB Flash Drives to handle and transfer confidential data.
To ensure the protection of data carried by users on authorized devices, the Endpoint Protector administrator can allow users to copy work data only to a password protected / encrypted area of a authorized device, a so called “TrustedDevice”. In this way confidential corporate data is protected in case of hardware loss.
Endpoint Protector creates an audit trail that shows the use and activity of portable storage devices in corporate networks. Thus, administrators have the possibility to trace and track file transfers through endpoints and then use the audit trail as legal evidence for data theft.
Technology continues to grow faster than anyone can keep up. IT professionals all around the world struggle to answer seemingly simple questions about their IT estate:
- Who owns which device?
- How many software installs do we have from this vendor?
- We’re seeing strange behavior from this IP address, what is it?
- Am I fully compliant with IT governance industry frameworks?
- Which devices need to be replaced next year?
Lansweeper is the answer all these questions… Supporting any IT scenario with accurate, reliable data and an always-up-to-date Inventory.
Lansweeper automatically discovers and identifies any asset in your environment. Depending on the asset types found, it retrieves all kinds of device-specific hardware information, as well as an extensive list of installed software and user information. It doesn’t matter if the assets are on-prem, in the cloud, physical or virtual, Lansweeper scans it all.
Global organizations can connect multiple, geographically distributed sites into 1 single overview. Lansweeper Cloud extension allows you to securely access your data from anywhere, at any time – enabling centralized management of remote sites.
Lansweeper enables your IT department to:
- discover,
- analyze,
- control
- coordinate your entire IT network.
Lansweeper can scan for devices on network, discover network devices and find all devices on network with the network scanner.
A general overview of all of devices on the network, can be found under the ‘assets’ tab in the Lansweeper web console. This list can easily be filtered on basic parameters like type, model, and manufacturer using the search fields.
By clicking on a specific device, you can access the asset page, where you will find a detailed summary of the data Lansweeper picked up like user logon, memory, anti-virus information network devices attached and so on. Further down you can find asset groups and related assets and users and also details like hardware specifications, registry values or file properties. For several manufacturers, Lansweeper can also retrieve warranty information.
The software tab gives you an extensive software list, ranging from installed applications all the way to SQL server database information.
For virtual machines Lansweeper will also show where it is hosted. Virtual machines and their hosts are scanned as individual devices. For the hosts Lansweeper gathers general specs and additional hardware details like disks and network interfaces. If the device is a VMware or HyperV host it will also list the installed guest machines.
Lansweeper also scans Mac and Linux devices for hardware and software specifications. Lansweeper also provides specific details on all kinds of network devices.
Lansweeper can scan various targets to gather information from your network. All targets are agentless and don’t require anything to be installed on your target machines.
Several Active directory scanning targets are available to retrieve both computer and user information from an entire domain or a select number of sites or OUs.
IP range scanning, scans all devices in any IP range specified by you, using a wide array of network protocols. These scans can be scheduled or triggered manually.
The workgroup scanning target will retrieve information from all newly logged on Windows devices in a submitted workgroup.
Once all assets have been scanned, you can use additional scanning targets to rescan specific asset groups, types, and reports.
Lansweeper can scan your network completely agentless, but it can also use an agent to gather data locally and send it back to Lansweeper installation.
For Lansweeper to remotely access assets it needs to a map of credentials – these username and password combinations are always encrypted and stored locally, and Lansweeper will never send them across the network or internet.
Once your scanning targets and credentials are in place, Lansweeper is ready to discover your network.
After Lansweeper scanned the assets in the IT network, can start reporting on the data found, dynamically group assets, run network reports and use automated emails alerts based on the results.
The dashboard is a customized view of relevant information about an organization’s IT environment. Your IT techs can organize key metrics by dragging and dropping the desired widgets you want to monitor and share these across all IT divisions.
Lansweeper automatically sorts all computers and devices into categories such as the domain they belong to or their specific device type like firewalls or printers. Your IT techs can also add custom types if needed.
Another way to easily bring structure to the massive amount of retrieved data is by asset groups. An IP range group simply combines the assets within a specified IP range while a static group contains a certain set of assets that have been assigned to it. For a dynamic group, Lansweeper will automatically gather the assets, based on a set of criteria of your choosing like device type or operating System. There are several built-in groups, but of course, if you have your own system to organize your assets you can create custom groups, making the asset combinations that are of value to you.
Another, more adaptable way of organizing information is via reports. Reports can gather more specific data in a convenient overview. Lansweeper contains hundreds of built-in reports to get you started. Let’s have a look at a couple of them.
- “The Asset: Out of warranty report” will present us with a list of devices in your network of which the warranty has expired.
- Another example is the ‘unauthorized software’ report. If you run this one, it will alert you of installations of any software packages that you have labeled as unauthorized in your network.
- The ‘unauthorized administrators’ report gives you an overview of all local and domain users that are a member of the local admin group on your computers but are not authorized administrators. That way you can make sure that no one in your network has access rights they shouldn’t have.
There are hundreds of built-in reports available that can also be customized, to better suit your needs. You can also build your own reports from scratch. The Lansweeper report builder is powered by Microsoft SQL and is supported by extensive documentation to guide you through all available database items.
Can’t find what you need? The Lansweeper forum offers even more reports shared by both Lansweeper techs as well as fellow users along with tips and tricks on how to build your own. The Lansweeper team frequently publishes new reports as a quick response to unexpected cyber security vulnerabilities.
While on the road, you may not be able to keep an eye on the latest dashboard updates. Thanks to Lansweeper’s ability to send out email alerts with report results, you can keep all information close at hand and stay on top of changes.
Lansweeper can help you to take control of your IT environment, whether it is just one single device, a group of assets or your entire network.
When opening an individual asset page, a wide range of built-in and customized actions can be found.
These actions enable you to remotely perform tasks on this 1 specific device, ranging from a simple ping, over Remote Desktop to rebooting the computer. There are also several custom actions specifically for users, like the option to reset a password.
Besides built-in actions, Lansweeper also offers the option to add your own, meaning that the possibilities are endless. If you need inspiration, you can check out Lansweeper forum, for custom actions submitted by fellow users and Lansweeper techs.
Lansweeper also allows you to track dependencies, by linking assets to each other or to users. Monitor and computer relations are automatically defined by Lansweeper, while other relations can be specified when editing the asset. There are several relation types you can choose from and more can be added. This way you can keep track of which devices belong together and which user is currently using them.
In order to keep track of your assets’ physical location, you can upload blueprints of your company building or department floor and place assets on them, creating a convenient map. You can edit your map by selecting the necessary assets from the list and dropping them where they belong.
If you want to take control of your network on a larger scale, Lansweeper’s deployment feature allows you to remotely apply changes to the Windows computers in your network.
A deployment package can make command-line changes on your machines, kill processes, silently install, and uninstall software and run custom scripts.
Lansweeper has several built-in packages to get you started, but you can of course also add your own.
On the Lansweeper forum you have access to a whole library of user- and Lansweeper-built packages, all checked and monitored by our dedicated team of admins.
These packages can easily be imported into your Lansweeper console. A deployment package consists of one or more steps that, if necessary, can be altered to better suit your needs.
Once your package is ready, you can deploy it on a group, a report, or a manual selection of assets. You can choose to trigger the deployment manually or based on a schedule.
Lansweeper you can help coordinate IT work by centralizing all communications in Lansweeper’s built-in Helpdesk, Knowledgebase and Calendar. These tools will help – to work out projects, plan meetings, and document and share important information.
Lansweeper’s Helpdesk is a ticket-based system, used to centralize communication. Tickets can be created via email or on the web console. You can also integrate your own workflow and other tools, using Lansweeper’s API.
In the context of the Helpdesk, it is important to note the difference between a regular user and an Agent. By default, anyone in your network is a user. They can only open tickets to ask questions. An Agent on the other hand can both ask questions and reply to other users’ tickets.
In the web console’s user interface, users can create tickets and consult them at any time to keep track of their progress. This interface can be customized to reflect your own company branding.
When creating a new ticket, it is crucial to fill in a subject and ticket type. Selecting the correct ticket type will guarantee that the ticket will end up in the right hands. The type also determines which custom fields will be offered to the user, to add relevant information.
If the ticket is related to a certain device, that asset can be linked to it, so that the Agent can easily find it when he starts working on this request.
Once the ticket has been submitted, it will appear in the Agent’s inbox, where they can pick it up and start working. Certain parameters such as priority and status of the ticket can help your Agents to prioritize and organize their work.
While working on a ticket, the Agent can communicate with other Agents, include reminders, and track his own progress using internal notes. These notes are not visible to the user. If the task can’t be finished all at once, he can place a follow-up on the ticket, to finish the job later.
When everything is done, he can use a public note to reply to the user and inform them of the result.
If any further action needs to be taken, Agents can plan their work in the integrated calendar. Calendar events can also be linked to an existing ticket.
In the Knowledgebase you can document frequently asked questions, known issues and internal procedures to avoid a heap of tickets asking the same questions over and over. These articles can be made accessible to users, creating a single source of information where all employees can easily find solutions for their day-to-day issues.