En-Safetica Endpoint Security Feature List-2010!11!16

8/6/2019 En-Safetica Endpoint Security Feature List-2010!11!16

1/15

Safetica Endpoint Security

Features Overview


2/15

1 Safetica Endpoint Auditor...............................................................................................................................31.1 Internet Usage Monitoring .......................................................................................................................3

1.1.1 Websites Access Monitoring ...........................................................................................................31.1.2 Detailed Websites Categorization ....................................................................................................31.1.3 E-Mail Monitoring ..........................................................................................................................41.1.4 Webmail Monitoring ......................................................................................................................41.1.5 General Record on IM Communication .............................................................................................41.1.6 Monitoring of Work with Files .........................................................................................................5

1.2 Activity Monitoring .................................................................................................................................51.2.1 Intelligent Screen Record ................................................................................................................51.2.2 Key Trapping - KeyLogger ...............................................................................................................51.2.3 Search Monitoring .........................................................................................................................51.2.4 Monitoring of Printing ....................................................................................................................5

1.3 Intelligent Employee Profiling ...................................................................................................................61.3.1 Monitoring of Employee Productivity ................................................................................................61.3.2 Employee Profiling .........................................................................................................................6

2 Safetica Endpoint Supervisor ..........................................................................................................................6

2.1 Application Control ................................................................................................................................62.1.1 Application Blocking ......................................................................................................................6

2.1.2 Large Database of Applications .......................................................................................................72.2 Web Control .........................................................................................................................................7

2.2.1 Blocking of Websites according to Categories and Keywords .............................................................72.3 Print Control ..........................................................................................................................................7

2.3.1 Blocking Access to Printer ...............................................................................................................72.3.2 Blocking printing of selected documents in connection with Safetica Endpoint DLP .................................8

3 Safetica Endpoint DLP ....................................................................................................................................83.1 Device Control .......................................................................................................................................8

3.1.1 Control over USB, IrDa, Bluetooth, FireWire, serial and parallel ports ..................................................83.1.2 Detailed Identification of USB and Bluetooth Devices ..........................................................................8

3.2 Data at Rest Protection ............................................................................................................................93.2.1 Data at Rest Security and Disk Encryption .........................................................................................93.2.2 Data Shredder ..............................................................................................................................9

3.3 Data in Motion Protection .......................................................................................................................93.3.1 Encryption of Portable Disks ............................................................................................................93.3.2 The Safest Encryption Algorithms ...................................................................................................10

3.4 Data in Use Protection ..........................................................................................................................103.4.1 DLP Rules ....................................................................................................................................103.4.2 Anti-KeyLogger ............................................................................................................................103.4.3 Intelligent Data Classification ........................................................................................................103.4.4 Control of Behavior and Access of Applications to Data ...................................................................11

3.5 Endpoint Security Tools .........................................................................................................................113.5.1 Secure Manager of Passwords ......................................................................................................113.5.2 Support of Current Archives Types .................................................................................................113.5.3 Password Generator ....................................................................................................................123.5.4 PC Lock ......................................................................................................................................123.5.5 Security Keys ...............................................................................................................................123.5.6 Sending of Safeguarded Data by E-Mail .........................................................................................12

4 Other ........................................................................................................................................................134.1 Regulatory Compliance ........................................................................................................................134.2 Time Efficient Security ...........................................................................................................................13

4.2.1 Easy Application of Setting Templates .............................................................................................13

4.2.2 Automatic Warnings ....................................................................................................................134.2.3 Repeated Task Planner ..................................................................................................................134.2.4 Remote Administration of Clients Stations .......................................................................................14

4.3 Detailed Control of Access to Administration and Supervision ...................................................................144.4 Optimization for Large Network Installation ............................................................................................14


3/153

Safetica Endpoint SecurityFeatures Overview

Your own employees damage your company every day. Theypretend to be working, misuse company resources, steal and

loose sensitive data. Safetica security software is the only onein the world to protect your company against all the majorfailures of your staff: sensitive data leaks, financial losses anddamage to your company goodwill. And at the same time itshows your staffs potentially dangerous behavior long befo-re their conduct threatens your company.

1 Safetica EndpointAuditor

1.1 Internet Usage Monitoring

1.1.1 Websites Access MonitoringExpose which websites your employees visit during work-ing hours. Safetica delivers clearly organized statistics ofthe most frequently visited websites and the amount of timespent browsing them to company managers. The websitesare sorted according to category, number of visits and pro-ductivity rate. It does not matter which browser employeesuse - Safetica Endpoint Auditor can process data from them

all. It can even cope with encrypted HTTPS protocol that isoften used by employees to evade monitoring applications.

Key Features Well-arranged overview of websites visited by employ-

ees. Classification of the visited websites according to cat-

egory, domain and time spent browsing. Possibility of filtering results Clear statistics of the most frequently visited website cat-

egories

Not dependent on the browser used. It exposes and monitors network activity using HTTPS

protocol.

Main Benefits Expose employees who misuse the company network

for personal matters. Find out how much time employees really spent on ev-

ery website. Find out which employees misuse the Internet for illegal

activities. Traffic on difficult to trace HTTPS protocol wont escape

you. You will be immediately warned of undesirable employ-

ee behavior, for example, also by e-mail. Avoid reading boring and comprehensive records

about employee activity.

1.1.2 Detailed Websites CategorizationWhich websites visited by employees relate to their workand which dont? Leave their categorization on Safeticasoftware and save your managers time. Safetica EndpointAuditor delivers a wide database of websites distinctly clas-sified into categories and subcategories. The authorized

manager only selects which categories are suitable forwhich employee and which categories should be blockedby Safetica Endpoint Auditor. So he/she does not have to,for example, select manually which websites contain onlinegames.

Endpoint Auditor

productivity

new job


4/154

Key Features Wide categorized database of websites Nearly 5M records Regularly updated data Possibility to add own websites

Main Benefits The use of categories increases clearness of monitored

outputs. Speed of Safetica Endpoint Auditor installation is in-

creased by automatic website categorization. Safetica Endpoint Auditor installation requires minimum

manual configuration. Thanks to the categories, the company manager does

not need to check every website manually and evaluate

its content.

1.1.3 E-Mail MonitoringDo your employees communicate actively with competitorsor do they forward dozens of chain e-mails with funny pic-tures? Expose what kind of e-mails they send during work-ing hours. If suspicious,, responsible managers can obtaindetailed information about employees communication, in-cluding enclosures that might contain sensitive information.

Key Features Overviews of an employees sent and received e-mails Information on files sent in attachments Statistics on employees most frequent e-mail senders

and recipients.

Main Benefits Expose employees sending chain e-mails which waste

their time and that of other employees. Expose employees attempts to divulge sensitive infor-

mation by means of e-mail. Incriminate employees who deal with their personal

correspondence during working hours. Expose employees who communicate with competitors. Obtain incriminating evidence in the case of employ-

ees risky behavior.

1.1.4 Webmail MonitoringSome employees use the web interface for undetectable e-mail communication. However, Safetica Endpoint Auditoralso uncovers this form of communication. When visitingcompany or personal webmail, it records the content of sente-mails. The manager responsible is then informed of thecommunication that the employee is trying to hide. SafeticaEndpoint Auditor can also deal with secured connection viaHTTPS protocol.

Key Features It locks on content of e-mails sent via the web interface. It also operates reliably in the case of connection via

HTTPS protocol. It works in all enhanced browsers (MS Internet Explorer,

Mozilla Firefox, Google Chrome and Opera).

It is independent of webmail providers (it operates re-liably for company webmails as well as for personalwebmails).

Main Benefits Obtain incriminating evidence in the case of employ-

ees risky behavior. Expose employees sending chain e-mails which waste

their time and that of other employees. Expose employees attempts to divulge sensitive infor-

mation by means of webmail. Incriminate employees who deal with their personal

correspondence during working hours. Expose employees who communicate with competitors. Obtain incriminating evidence in the case of employ-

ees risky behavior.

1.1.5 General Record on IMCommunicationYour employees might amuse themselves during workinghours chatting by means of Instant Messaging Clients. Ex-pose how they amuse themselves when nobody is super-vising them. Safetica Endpoint Auditor records IM Clientscommunication including those who make use of encryptedcommunication. In contrast with competitors solutions, thesoftware operates for all used communication programs.The manager responsible may obtain a more detailed ideaof communication content by means of Intelligent ScreenScanning.

Key Features General Record on IM Communication It also records communication from IM Clients who use

encrypted connection. In connection with other functions, it offers clear statis-

tics of the length of chatting.

Main Benefits Expose employees who spend too much time chatting. Expose a danger that might be ready to strike. Expose disloyal employees trying to damage the com-

pany. Obtain evidence against dishonest employees. The manager in charge finds out how much time em-

ployees spend chatting.


5/155

1.1.6 Monitoring of Work with FilesAn employee accessing any sensitive data is a potentialdanger for the company. Even if they are authorized to ac-cess the data, they might misuse it. Expose who copies filesinto different folders, who sends them by e-mail and whouploads them on the Internet. You will have a detailed over-view for every employee of which files they used the most,what they did with them and through which applicationsthey accessed them. You will have evidence against your

employees who decide to damage your company.

Key Features Overview of the most frequently used files Statistics of applications that access the files the most

often. Record of operations with files: reading, writing, remov-

ing, deleting. Statistics and charts of the most active users (e.g. what

kind of file they used the most often).

Main Benefits Expose actions that endanger sensitive information,

e.g. deletion of many files by a disgruntled employee. Expose employees who misuse their access to sensitive

information. Find out which applications access sensitive data and

what they do with it.

1.2 Activity Monitoring

1.2.1 Intelligent Screen Record

Avoid suspicion about whether employees are really work-ing. Show them a record of their actions on their screen andso expose what they really do during their working hours.In the case of suspicion of an employees unwanted activ-ity, the results of Intelligent Screen Record serve as preciseproof of what really happened on the screen.

Key Features Intelligent Record Mode - only in the case if something

is happening. The possibility to set regular intervals of screen record-

ing. The possibility of a backup record playing.

Main Benefits You will not miss any important activity by an employee. You will avoid employees excuses if necessary, you

will obtain evidence of real activity. By means of the intelligent record, you wont have to

browse piles of identical snapshots.

1.2.2 Key Trapping - KeyLoggerKeyLogger is a foolproof tool that offers you an overviewwhat a user writes on the keyboard. The tool works in thebackground and its presence is not noticeable to the em-ployee in any way. KeyLogger is used by other SafeticaEndpoint Auditors tools.

Key Features It operates reliably in 32bit and also in 64bit architec-

ture. It records text in context with applications to which it

was written. Trouble-free cooperation with other Safetica Endpoint

Auditor monitoring tools.

Main Benefits KeyLogger records text in context with applications to

which it was written. In the case of suspicion, you can obtain evidence

against employees who criticize the company. You will verify employees real activity - what they really

wrote.

1.2.3 Search MonitoringOne of the most frequent activities of employees is brows-ing. However, it is not always a required activity. They mightbe looking for a new job, they might be searching for sensi-tive files or be interested in subjects that they do not need

for work. Safetica offers you a detailed overview of whatemployees browse within the system and on the Internet.

Key Features Statistics of individual user browsing Overviews of searched windows Lists of searched expressions Support on all widespread browsers Heuristic analysis for unknown browsers The possibility to add unknown browsers

Main Benefits Expose employees potentially dangerous behavior

right from the start. Find out what your employees are interested in and not

only from visited websites.

1.2.4 Monitoring of PrintingObtain a detailed overview on the use of company print-ers. Find out how many documents were printed by employ-ees, who prints most of them and which protected docu-ments were blocked by Safetica software. Obtain evidenceagainst employees who misuse company printers for per-

sonal purposes or who try to print sensitive documents pro-tected by Safetica Endpoint DLP.

Key Features Statistics of printed and blocked documents Overview of users who use printers the most often Detailed information on printing from the employees

aspect, for example the number of printed pages.

Main Benefits In cooperation with Safetica Endpoint DLP, avoid print-

ing selected sensitive documents. Obtain a full overview of printer usage at your com-

pany. Find out which employees waste company resources. In connection with Safetica Endpoint DLP, expose em-

ployees who try to print protected documents.


6/156

1.3 Intelligent Employee Profiling

1.3.1 Monitoring of EmployeeProductivityThis means the end of wading through hundreds and thou-sands of records from monitoring outputs. By means ofSafetica software, you will find out faster if your employeesare working or only pretending to work. Safetica Endpoint

Auditor automatically checks employees productivity andinforms the manager whether the employee oversteps setbounds. For example, you can also expose employees wholearn how to cheat on their work and do only that much inorder that nobody notices their lack of interest. The manag-er responsible doesnt need to regularly check monitoringoutputs to discover an unproductive employee.

Safetica Endpoint Auditor also supports also the principleenough is as good as a feast a manager who carriesout supervision can set what part of working time employ-ees can spend on personal matters or relaxation. The man-

ager will be informed immediately of exceeding this time.Safetica Endpoint Auditor delivers to the company manage-ment exactly those answers needed from a monitoring tool:Do our employees work?

Key Features Automatic evaluation of employee productivity accord-

ing to their activities. Evaluation of employees laborperformance according to time spent on websites ofselected categories and duration of work with selectedapplications. Activity setting according to four catego-

ries: Productive, nonproductive, critical, neutral.

Main Benefits The most effective way of supervision with regard to

time - a manager is only necessary in the case of ananomaly.

The manager responsible is not harassed by thousandsof records but only by problem behavior.

Safetica Endpoint Auditor saves the time of managerswho execute supervision fully

In the case of suspicion of undesirable activity, detailedrecords of monitoring are available.

The person responsible will be immediately warned of

anomalies, for example by e-mail.

1.3.2 Employee ProfilingYour employees behavior can change over time. A promis-ing workaholic becomes an average worker; an averageworker becomes an employee who pretends to work and isnot interested in it. By means of profiling, you will exposehabits and changes in your employees behavior. You candiscover temporary fluctuation as well as long-term tenden-cies in their activity.

The manager responsible does not need to wade throughtens of thousands of records obtained by monitoring.Safetica Endpoint Auditor processes all obtained data con-tinuously and evaluates changes in employee behavior.

Key Features Detection of anomalies within long-term users behavior Analysis of employee behavior on the basis of Internet

and application activities Periodic analysis of obtained data Quick setting thanks to data and application categori-

zation Retrospective view on employee behavior development Immediate security warning on considerable changes

in behavior The possibility of setting the period of time during which

behavior is to be compared.

Main Benefits You will expose changes in employees behavior within

a long-term timescale. In the case of critical changes, a security manager is

immediately informed, also by e-mail. Expose employees who have lost their motivation for

work.

In the case of suspicion of undesirable activity, detailedrecords of monitoring are available. The authorized manager does not need to read tens of

thousands records regularly.

2 Safetica EndpointSupervisor

2.1 Application Control

2.1.1 Application BlockingForbid your employees from starting non-required andharmful applications. They decrease employees produc-tivity and endanger sensitive company information. Gaincontrol on what applications can be started by employeeson company computers. By means of reliable blacklisting(blocking of selected applications) eliminate the starting ofapplications which your employees do not need for work.Applications can be also blocked directly in overviews of

Safetica Endpoint Auditor module.

Key Features Reliable application blocking: Neither change of appli-

cation name nor copying of the application to anotherdirectory can help employees

Possibility of automatic blocking of a selected categoryof applications

Different levels of blocking: Absolute, possibility of dif-ferent application starting, possibility of applicationmodification, possibility of application starting

Possibility of immediate merging of a newly blockedapplication into a category Matching up of unknown blocked applications from

more users for quick evaluation


7/157

Main Benefits Eliminate games and other applications that might dis-

tract employees during work. Concentrate users attention only on applications that

they need for work. You can limit employees time spent for example by

chatting via IM programs.

2.1.2 Large Database of ApplicationsManual sorting of all used applications is a time-consumingprocess that you would rather leave to Safetica EndpointSecurity. In a short time you can easily sort applications tothose which employees need for work and to those whichthey do not. Thanks to an extensive categorized databaseof applications, you can easily select comprehensive groupsof applications. In the case of an unknown application,Safetica Endpoint Supervisor executes Heuristic analysisand estimates which category the application is intendedfor.

Key Features Large and updated database from several sources Possibility to add own applications to categories.

Main Benefits Save the time of the security manager who would have

to sort hundreds of applications manually.

2.2 Web Control

2.2.1 Blocking of Websites according toCategories and KeywordsStop employees from browsing entertaining websites andblock attempts to visit illegal and harmful websites. Thanksto Safetica Endpoint Supervisor, you can easily determinatewhich website employees are allowed to visit (whitelisting)

and respectively which will be blocked for them (blacklist-ing). You will avoid wasting employees working time orbreaking the law by employees participation in illegal ac-tivities.

Safetica Endpoint Auditor also reliably blocks websiteswhich are accessed by means of protected HTTPS port.

Key Features Whitelisting: Granting permission to access only cer-

tain websites (e.g. company IS)

Blacklisting: Prohibiting undesirable categories and in-dividual websites Possibility to block websites according to keyword oc-

currence Adjustable sensitivity to specific keywords in website

content Blocking according to some parameters: URL websites,

part of URL Possibility to block selected websites directly on outputs

of the Safetica Endpoint Auditor module Clear statistics of blocked websites

Main Benefits You will focus employees attention on their work. You can eliminate visits to illegal website by whitelisting

(child pornography, support of prohibited ideologies,sale of drugs).

You can eliminate visiting websites by means of HTTPSport that many employees use for evading security set-

tings.

2.3 Print Control

2.3.1 Blocking Access to PrinterYour employees increase your IT departments costs by un-necessary printing. Block access to printers for selectedemployees that you detected with the Safetica EndpointAuditor module. In connection with it, blocking of printingalso delivers detailed information on how many pages wereprinted by which printer.

Key Features Authorization and prohibition of printing to specific em-

ployees or to complete departments. Record on refusal of printing to selected employees Detailed statistics of the number of pages printed and

printers used in cooperation with the Safetica EndpointAuditor module.

CEO Assistant AccountantEndpoint Supervisor

Applications

Freecell

MS Word

Printing

Office

Hall

Internet

facebook.com

youtube.com

times.com


8/158

Benefits Save a considerable part of costs on company printers

operation. Gain control over who is allowed to print - cut problem-

atic employees.

2.3.2 Blocking printing of selected docu-ments in connection with Safetica

Endpoint DLPSafetica Endpoint Supervisor manages to block printingof particular documents in connection with the SafeticaEndpoint DLP module. In this way you can avoid physicaldocument leakage. Protect your company against leakageof sensitive information and financial loss and good reputa-tion connected with it.By blocking specific document printing for selected employ-ees or full groups, you will achieve higher security of sensi-tive company information.

Key Features This function is linked with Safetica Endpoint DLP mod-

ule. Possibility to set rules for selected tagged files. The authorized manager is immediately informed on

who tried to print protected documents and whetherthey were able to do so.

Main Benefits You will gain control of the creation of physical copies

of sensitive company documents. Increase security of sensitive information.

3 Safetica Endpoint DLP

3.1 Device control

3.1.1 Control over USB, IrDa, Bluetooth,FireWire, serial and parallel portsSafetica checks access and respectively prohibits the con-

nection of peripheral devices connected to the PC. Youcan protect company computers against installation of un-wanted applications and viruses from devices brought byemployees and you will prevent them from taking sensitiveinformation on unauthorized and unsecured devices home.You can, for example, prohibit all USB devices and gradu-ally authorize only devices approved by a manager for spe-

cific employees.

Features Monitoring of peripheral device connection to compa-

ny computers Blocking of unwanted peripheral devices Immediate warning in the case of a problem - blocking

of a prohibited device

Benefits You will obtain a detailed overview of the connection of

peripheral devices to company computers. Your employees will not be able to take away sensitive

data on flash disks with them. You will protect company computers against possible

viruses from flash disks. You can comfortably check the connection of peripher-

als across the whole company. The security manager will be immediately informed on

any attempt to connect an unauthorized disk.

3.1.2 Detailed Identification of USBand Bluetooth DevicesFor devices connected via USB and Bluetooth interfaces,Safetica Endpoint DLP offers the possibility of more precisesetting of access by means of several parameters. Companymanagement can, for example, set only connection of secu-rity USB tokens.

Key Features Detection of connected USB and Bluetooth devices ac-

cording to Vendor ID, Product ID and serial number.

Main Benefits Obtain a more sensitive tool for administration of autho-

rizations for devices connection. You can set which particular USB and Bluetooth device

can be connected to a computer. You can, for example, easily define a group of working

USB disks.


9/159

3.2 Data at Rest Protection

3.2.1 Data at Rest Securityand Disk EncryptionDo not underestimate your data security. The theft of datacarriers or of whole computers is nothing out of the ordi-nary. This is how individuals and whole firms lose financ-es and often also their goodwill. Protect your disks with

Safetica software. It creates virtual disks or safely encryptswhole physical disks. Everything is protected by modern

and strong methods of security.

Key Features Comfortable administration and use of virtual disks. Possibility to encrypt individual files. Encryption of physical disks.

Main Benefits Only an authorized person can get to data saved on

a disk. Neither theft nor loss endanger the security of your data

and your company reputation. Redundant data will be deleted safely and unrecover-

ably. Neither state offices nor the police can get to data if

you do not authorize them. Encryption itself applies a minimum load on the com-

puter. Safetica Endpoint Security uses only highly safe encryp-

tion methods. Security is executed continuously; your data is protect-

ed at all times.

3.2.2 Data ShredderYou cannot remove data safely by common deletion. Thereare dozens of tools that manage to restore deleted files.Software Safetica brings you the function of a data shred-der that removes deleted files and directories safely withoutthe possibility of restoration. When disposing of old com-pany PCs, you can safely delete whole disks and someonefinding them by chance will be unable to access your per-sonal data. Data is safeguarded even after it is deleted.

Key Features Safe and unrecoverable deletion of unwanted sensitive

information Planner for repeated starting of the data shredder op-

eration

Main Benefits It will not be possible to restore deleted data in any

way at all. Old company disks from computers can be sold or

handed over for disposal without fear - they will notcontain any sensitive data.

By planning the data shredder operation, you can en-

sure that even in a hurry you will not forget to deletefiles thoroughly.

Through regular safe deletion, you will obtain more free

space on the clients computers.

3.3 Data in Motion Protection

3.3.1 Encryption of Portable DisksProtect your data on portable media against eventual

theft. The function of a traveling disk makes safeguardingUSB disks, flash disks and other portable media possible.Safeguarding portable media does not limit its use on othercomputers in any way. It is sufficient to connect a portabledisk, to input a password and the data is prepared for use.

Key Features Safe data transfer - the portable disk is protected by

encryption such as Blowfish, CAST5, CAST6, MARS,RC5, RC6, Rijndael (AES), Serpent and Twofish.

Encryption of files sent by e-mail as attachments.

Main Benefits Easy backup of portable disks - by copying one file Easy use the Safetica Endpoint Security Tool offers a

wizard for creating a portable disk.

Endpoint DLP

CreationNew data immediately

secured.

Keep informationsafe on the go.

UsagePrevent illegitimate

data usage.

StorageAll data encrypted

securely.

DeletingErase redundant

data reliably.

Transport


10/1510

3.3.2 The Safest Encryption AlgorithmsFor safeguarding your sensitive company data, SafeticaEndpoint Security software uses the best ciphers currentlyknown. The same encryption methods are used by gov-ernments and international corporations. Their decryptionwould take billions of years even for well-equipped attack-ers using brute force and current computational possibili-ties. There is no back door to data safeguarded by Safeticasoftware. So the data is accessible to the authorized per-

son only. Of course, a sufficiently strong password of goodquality is a must.

Key Features Used encryption methods: Blowfish, CAST5, CAST6,

MARS, RC5, RC6, Rijndael (AES), Serpent and Twofish. Optimization of as small a load as possible during en-

crypting and decrypting Security keys for data restoration

Main Benefits Only authorized persons have access to your data. Security of your data is not endangered by imperfect

and ruptured ciphers. You are not exposured to data because of a forgotten

password.

There is no back door for the police or state offices.

3.4 Data in Use Protection

3.4.1 DLP RulesEmployees who have legitimate access to data can misuse

it: They can handle your data in other ways than their work-ing position requires. They might create copies if they havebeen fired, send data to competitors via the Internet or printsensitive documents.

By means of DLP rules, you can comfortably set the wayhow employees can handle files. Whether they can editthem, delete them and where they may write them. The se-curity manager can set rules for individual employees orwhole groups. Operations with files that are not authorizedwill be cancelled and the security manager will be informedabout them immediately.

Key Features Gain control of how employees work with files. Set the rules for working with files according to their

tag- mark. Guard that data does not leave the safe zone and if

necessary automatically encrypt copied data. Ban access to whole disks, their parts or setting of ac-

cess for reading only. Protection of files in real time - it checks every operation

with a protected file.

Detailed records on employees activities with filesclearly displayable with Safetica Endpoint Auditor. Optimized for speed - minimal applied load for clients

station. Detailed setting of rules up to the level of individual

files.

Main Benefits Gain complete control of what employees might do

with company data. Wide possibilities of setting the access roles, rules for

access and allowed operations. Current employees cannot evade protection nor switch

it off. It can also check any operation with files within con-

nected portable devices.

Blocking of unauthorized operations with files withSafetica Endpoint DLP does not slow down the clientscomputers.

3.4.2 Anti-KeyLoggerSpy programs - keyloggers- can bug passwords and oth-er sensitive data which is inserted by the keyboard. Anti-KeyLogger is a tool that intelligently executes an automaticcheck of launched applications. If it detects an applicationthat shows the behavior of a keylogger, it finishes it andinforms the appropriate security manager. If you use a spe-

cific application that behaves as a keylogger, it can be de-tached from the Anti-Keylogger setting and authorized.

Key Features It detects and eliminates keyloggers. It operates reliably in 32bit and also in 64bit architec-

ture. It does not use any database of spy applications and

safeguards generally. Automatic run and monitoring of launched application

activity.

Possibility of immediate security warning in the case ofa threat occurrence.

Main Benefits You can secure company data against bugging if in-

serted by employees. It is not necessary to set anything, administrators and

security managers are not held up. Anti-KeyLogger protects automatically without the ne-

cessity of a managers or employees action. You will obtain a long-term overview of keylogger oc-

curance at your company. You can find out whetheranybody is trying to install spy software in mass andintentionally.

You will be informed of any spy application after itselimination.

3.4.3 Intelligent Data ClassificationTo tag manually all files that have to be protected is a longand nearly impossible process because files with sensitivedata are being continuously created, transferred and de-leted. Safetica Endpoint Security offers you a solution to this

problem in the form of Intelligent Data Classification.By means of classification rules, you can divide data intogroups. Groups of information, but also individual files, aremarked by Safetica Endpoint DLP with a unique mark - atag with which a file can be identified if somebody tries toremove it or change its name.


11/1511

After primary classification it runs further during current op-eration, so that also newly created files are classified andmarked with an appropriate tag.

Key Features Data identification according to name, ending, place-

ment, kind of application that created the file and otherparameters.

Smooth administration of classification rules by means

of the Safetica Management Console Classification runs over local and shared data. Other components of Safetica Endpoint Security

identify sensitive files according to the tag. Possibility to extract some files from the classification,

e.g. system files. Immediate reaction of the classification mechanism on

changes and transfer of files.

Main Benefits You can classify a huge amount of sensitive data simply,

without the necessity of sorting through it manually. Newly created data is also classified automatically. Data stays tagged also in the case of a file name

change or in the case of its transfer. Tag-mark is an integral part of a file (extended file

attribute).

3.4.4 Control of Behaviorand Access of Applications to DataIn the case of unwanted manipulation with data throughcommon applications, the endangering of sensitive compa-

ny information can occur: Some applications might uploadthem on the Internet or send them to unauthorized persons;some might create dozens of copies.

Control of behavior and access to applications gives youcontrol over which application might access guarded sensi-tive files and what they might do with them. The securitymanager can select individual applications or whole cat-egories of applications and edit rules for working with fileson a massive scale.

Safetica Endpoint DLP also guards whether an applicationtries to replace sensitive data outside a security zone andaccording to the setting either automatically safeguards thedata or prohibits its removal.It is easy, for example, to set that the only website wherefiles can be uploaded is the web interface of your informa-tion system.

Key Features Gain control of the way by which applications operate

with files. Control of application operations with files: reading,

writing, copying, sending to network, printing. Setting the rules of security policy for working with files. Safetica Endpoint DLP safeguards data leaving a secu-

rity zone. Possibility to encrypt the output of applications.

Possibility of rule setting only from the application pointof view, for example a ban of access to the Internet.

Possibilities of blocking printing applications, if they ac-cess sensitive information.

It also safeguards applications accessing files in net-work folders.

Main Benefits Protect sensitive information against modification and

replacement by means of various applications. You can easily enforce a security policy for work with

sensitive data. Ensure that sensitive data influenced by application ac-

tivity does not leave a security zone without appropri-ate protection.

3.5 Endpoint Security Tools

3.5.1 Secure Manager of PasswordsDo your employees use many passwords daily? And do

they remember all of them or do they simplify them andwrite them on small pieces of paper and attach them tothe monitor? Such behavior endangers the internal securityof a company. An unauthorized employee or a thief canenter highly protected systems and sensitive company datathanks to information found.

Safetica Endpoint Security Tools offer your employees a safefile for the safekeeping of passwords, logon data and otherconfidential information. A single password or security keysuffices for access to them. However, the whole database isunreadable without them.

Key Features Encrypted database of passwords is accessible from

Safetica Endpoint Security Tools. Possibility of password classification into groups and

subgroups. Binding actions (opening a page, launching an appli-

cation) to individual records. Remote distribution of database passwords. Safe passwords, files, keys and other types of items

storage.

Main Benefits It is enough to remember a single password. A forgotten password does not deprive your employees

of data - they have a security key. Employees have their passwords clearly and safely ar-

ranged at last. Increase your employees effectiveness - they do not

have to rewrite or tediously look for access data, theycan copy it safely.

3.5.2 Support of Current Archives TypesApart from current archives support, Safetica Endpoint Se-curity Tools also offers the possibility of safeguarding anarchive with a password. Software Safetica also supportspractical self-extracting safeguarded archives. Data can


12/1512

be easily compressed into an executable file, transferredto another computer and extracted by merely clicking andentering a password. Such usage does not require the in-stallation of Safetica Endpoint Security software to targetcomputers.

Safeguarded DCF archives can also be created in additionto common archives. They are suitable for the transfer ofsensitive information and they make use of the same encryp-

tion as other Safetica Endpoint Security software modules.

Key Features Used encryption methods: Blowfish, CAST5, CAST6,

MARS, RC5, RC6, Rijndael (AES), Serpent and Twofish Support of all common archives types Support of self-extracting SFX archives Support of safeguarded DCF archives

Main Benefits Save costs on unnecessary software for data compres-

sion, all common archives can be extracted with Safetica Endpoint Security Tools. Safe data transfer in

DCF archive eliminates the possibility of data leakage,e.g. during sending e-mails.

3.5.3 Password GeneratorYour employees use simple passwords of the followingtypes: Password123 or a password that contains a wifesor husbands name or the personal identification number oftheir children. Such passwords are dangerous because theycan be easily broken.

Password Generator is the solution to the problem of weakpasswords. Shortly, employees gain a password of goodquality that meets required rules about the number of attri-butes and difficulty. These passwords can then be saved tothe Password Administrator so that they are not forgotten.

Key Features Easy generation of safe passwords according to rules. Setting of rules for password generation for the fulfill-

ment of company security policy conditions. Saving a password directly to the secured database of

passwords. Cooperation with other Safetica Endpoint Supervisor

modules (safeguarding of disks, file encryption, safe-guarded password database).

Main Benefits Your employees will not endanger the security of sensi-

tive data with passwords of Passwords 123 type. You will enforce good password quality centrally across

the whole company.

3.5.4 PC LockAn employee leaving a computer is an opportunity for datatheft. Common locking during a break for lunch with a pass-word is not sufficient and it can be easily broken. In ad-

dition, frequent and repeated password insertion hindersan employee and offers a good chance to an attacker tolip-read a password.

PC lock offers comfortable locking of a workstation in thecase of an employees absence. A common USB flash diskthen behaves as a key for unlocking the computer. SafeticaEndpoint Security identifies an attempt to copy a key, so it isimpossible for an attacker to duplicate the key.

This function is a part of Safetica Endpoint Security Tools.

Key Features Security key for computer locking created from a com-

mon flash disk. Integration into Windows system.

Main Benefits Employees will not waste their time in password inser-

tion. Employees will not transfer passwords mutually and en-

danger the security of workstations and data accessiblefrom them.

3.5.5 Security KeysSecurity keys are further security elements. They manageto access safeguarded disks or archives for which youremployees have forgotten the password. If necessary, theyserve as an alternative authentication element for access tofiles. As with every other important key, it is also necessaryto save it in a safe place. Security keys can be used by amanager to access the data that employees are workingwith.

Key Features Security keys for encryption and decryption of files An alternative to password submitting Security provision against forgotten employee pass-

words

Main Benefits Forgetting an access password is no longer a problem.

By means of the security key, you can make encrypteddata accessible and select a new password.

Security of data remains preserved - nobody can ac-cess the data without a password or a key. Thanks to the security key, you obtain another option of

data safeguarding. Data is accessible only to the keyowner.

3.5.6 Sending of Safeguarded Data by E-MailEnsure that your employees send sensitive data in a real-ly safe way. Data sent by e-mail is easily readable evenwithout special knowledge of computer science. Safetica

Endpoint DLP makes automatic encryption of all files con-nected to e-mail messages. Moreover, your employees canprotect sent data with a few clicks. Only a recipient who

knows the correct password can access the data.


13/1513

Key Features Sending of safeguarded files via several clicks Integrated into the context menu of Windows for easier

use

Main Benefits Employees do not need to learn complicated proce-

dures of safeguarding and work with new complex

software. Sending of an encrypted file is quicker than a commonfiles attachment to a message.

It solves security problems in the case of a shared e-mailbox.

Encrypted attachments are not readable even for mailserver administrators or for anybody who is not autho-rized.

Impossibility of unauthorized reading of attachments in

the case of breaking the password to e-mail box.

4 Other4.1 Regulatory Compliance

Safetica Endpoint Security offers mass administration of set-ting so you can easily reach compliance with the industrialstandards, regulations or laws of your country.It is possible that your countrys laws approach the pro-tection of company interests strictly and do not allow themonitoring of employees activities even for a short term.

Thanks to Safetica software, you can nevertheless reach themaximum possible protection of your company interests. Bymeans of templates with settings, you can very easily deac-tivate individual components on the top level. You can avoidtheir unintentional use during routine operation.

Achieving compliance with industrial standards and regu-lations is also very easy with Safetica Endpoint Securitysoftware. You can download templates from the productwebsite for setting compliance with the best known stan-dards. Their number keeps increasing.

You can also download documents from the SafeticaEndpoint Security website for individual legal and industrialstandards, thanks to which you can understand the mean-ing of individual standards and regulations correctly. Theyalso help you to orientate yourself in the problems of youremployees privacy protection.

Key Features Software consists of components that can be individu-

ally activated and deactivated. Easy setting thanks to easy application of setting tem-

plates. Continuously expanding list of templates for specific

legal and industrial standards on the product website.

Main Benefits Avoid problems with laws that, for example, do not al-

low some kind of monitoring of employees work. Combine your employees privacy and the protection of

your companys interests. You can easily apply a newly issued standard or a le-

gitimate provision.

4.2 Time Efficient Security4.2.1 Easy Application of SettingTemplatesAvoid complicated setting of Safetica security software. Thesoftware is equipped with templates that you can easily useto apply any required settings for a particular user or awhole group of users. Create your own templates or down-load them from Safetica website. And you can easily reachcompliance with local acts or industrial standards.

Key Features Generic templates with setting Possibility of own template import/export Possibility of new template download from the Safetica

software website

Main Benefits Speed up your software installation in the company. Reach compliance with industrial standards easily. Protect your companys interests fully with regard to em-

ployees privacy.

Combine your employees privacy and the protection ofyour companys interests. You can easily put a newly issued standard or a legiti-

mate provision into practice.

4.2.2 Automatic WarningsLooking for security problems in thousands of records is likelooking for a needle in a haystack. Safetica Endpoint Secu-rity comes with a system of immediate security warnings.Thanks to this, the manager responsible will be immediatelywarned on a selected important event caused by an em-

ployee. Most of Safetica software components use automat-ic warnings. The security manager or another authorizedmanager can set warnings on selected extraordinary situ-ations. In the case of their occurrence, they are informedduring logging in to the Safetica Management Console orby e-mail.

Key Features Automatic warning on the monitored event Selection from many pre-selected events Possibility of warning via e-mail message

Many events on which warning can be set Immediate warning on change of behavior, suspiciousactivities, forbidden operations, technical tasks that re-

quire an action and other events.


14/1514

Main Benefits The authorized manager is not overloaded by useless

information. The time needed for checking the correct behavior of

employees is minimized. For warning delivery, the manager does not even need

to be logged in to the Safetica Management Console.

4.2.3 Repeated Task PlannerFocus the time of responsible employees on more importantwork than routine activities. Safetica offers a security plan-ner by which responsible employees can automate regularoperations, e.g. destruction of unneeded data, connectionof encrypted disks and other activities.

Key Features Regular destruction of redundant data Connecting and disconnecting of encrypted disks Remote planner setting on clients stations

Main Benefits Responsible employees wont waste time with routine

tasks. Eliminate the human factor that might endanger data

security by forgetting operation.

4.2.4 Remote Administrationof Clients StationsControl the security of the whole company from your arm-

chair. Ever since its beginning, Safetica software has beendesigned as a server-client model. Everything, from instal-lation to the detailed setting of security policy on clientsstations, can be executed by remote control.

Thanks to a sophisticated system of authorization granting,Safetica software is ready for installation on widespreadnetworks including separate branches. This way, the centraladministrator can have access to all branches that are ad-ministrated further by local administrators with more strictauthorization. Similarly, for example, a security managerof any branch can have under their control only the sector

which they supervise.

Key Features Remote installation and update of clients part by means

of MSI packets. Remote Administration of Clients Stations Possibility of branch assignment Hierarchic granting of administration authorization Delegation of supervision on inferior security managers Integration with company MS Active Directory Precise specification of individuals authorizations Comfortable administration of more servers by means

of the Safetica Management Console Practically unlimited number of users and PCs

Main Benefits Comfortable installation and software administration

without the necessity of a physical visit to the clientscomputers

Branch servers operate separately. One server break-down does not endanger operation of the others.

You can distribute the load among more servers. Everybody is authorized to access permitted functions

or data only. Including administrators and security man-

agers. Possibility of interbranch help by a more experienced

administrator or by a security manager.

One security manager can monitor more branches.

4.3 Detailed Control of Accessto Administration and SupervisionBy means of the Safetica Management Console, you can setin details or the person who is authorized to access whichsettings, who can execute supervision over employees andwhich records are available to them. It is thus possible tosplit an administrator and security managers into variouslevels. It is not true that if a manager can access the SafeticaManagement Console, they can view everything automati-cally.

Key Features Detailed options of access authorizations for individual

users including management and individual levels ofadministrators.

Possibility to separate authorization for employee moni-toring and software setting.

Main Benefits You can easily divide the administration of branches of

your company. You can avoid unwanted espionage of employees by

unauthorized managers and administrators. Easy creation of new checking roles, for example, tem-

porary administrator, deputy security manager, etc.

4.4 Optimization for Large

Network InstallationVersion 4 of Safetica Endpoint Security Software has beendeveloped from the outset for large network installation. Itworks on server-client architecture and distinguishes itself bya nearly unlimited number of attachable clients.Software Safetica Endpoint Security is delivered for smallercompanies without the presence of the Active Directory andMS SQL server in an alternative version that does not re-quire these technologies.

Key Features

Possibility of hierarchic classification of the server com-ponent. Creation of separately administrated branches. Detailed administration of managers and administra-

tors access rights.


15/15

License PolicySafetica Endpoint Security software con-sists of three individually saleable modu-les. It is licensed by the subscriptionmodel (per year). The license influencesthe number of stations which can use theSafetica software at the same time.Each client operating system using the Sa-fetica software needs license (licensed perasset). For extension of a previouslypurchased license in its validity periodthere is an extending license.

Regulatory ComplianceSafetica Endpoint Security will help you tomeet legislation requirements and indus-trial standards required from your compa-ny. The software can be easily adaptedto specific regulations, ordinances andlaws. It enables you to protect your com-pany interests in accordance with locallegislation and the privacy of your staff.

Easy achievement of conformity withlaws and industrial standards.

Activation of product selected com-ponents in accordance with relevantstandards.

Preset templates for particular stan-dards and laws.

Documentation for easy achievementof conformity with standards.

Import and export of templates for

quick setting.

Technical requirementsSafetica Endpoint Client

Recommended requirements: 2,4/1,6 GHz one-core/dual-core

processor 32-bit (x86) or 64-bit (x64) 1 GB of RAM memory 2 GB of free disk space Installation on client Hidden agent (also with GUI) MS Windows XP SP3, Vista, 7, 32-bit

and 64-bit MSI installation package

Safetica Management Service

Recommended requirements: 2,4 GHz dual-core processor 32-bit

(x86) or 64-bit (x64) 2 GB of RAM memory 10 GB of free disk space Shared or dedicated server, more

servers better load balancing availa-bility

MS Windows Server 2003 SP2,2008, 2008 R2, 32-bit and 64-bit

MS SQL or SQLite for smaller networks

Support for Active Directory or wit-hout AD also

Copyright 2011 Safetica Technologies s.r.o. All rights reserved. Safetica is a registered trademark of Safetica Technologies s.r.o. All

EndpointAuditor

EndpointSupervisor

EndpointDLP

Device Control

Data in UseProtection

Endpoint

Security Tools

Web ControlPrinter

Monitoring

Internet UsageMonitoring

ActivityMonitoring

Intelligent EmployeeProfiling

RegulatoryCompliance

Data at RestProtection

Data in MotionProtection

Print Control

ApplicationControl

SEC Safetica Endpoint Client

SMC Safetica Management Console

SMS Safetica Management Service

Startup actions

Normal operation

Log monitoring andmanagement

Local adminwith SMC

Branch office A Branch office B Branch office C

Branch office D

Enterprise

admin with SMCLocal adminwith SMC

SMS SMS

SMS

SMSSEC

SEC

SEC SQL

Safetica Endpoint Security architecture

Safetica Endpoint Security is a software based on a client-server architecture. Thisarchitecture consists of a client (Safetica Endpoint Client), a server part (SafeticaEndpoint Service), a database (MS SQL with a large installation, SQLite with a smallinstallation) and an administrator console (Safetica Management Console).Within one domain more services can run due to load distribution by means of anActive Directory tree division. An alternative for a smaller network is also the opti-on of installation to a network without a domain where this service can run on anordinary PC.The database is used for storing of monitoring settings. It also includes categoriza-tion database with application categories and web pages. Safetica uses MicrosoftSQL Server platform and SQLite for smaller networks.

Support of terminal users login(more employees on one PC).

Support of users roaming accounts(a worker on more PCs).

Administrators authorization is notrequired for a separate run of theclients component.

Main Benefits You can distribute the load among

more independent servers. Thanks to data saving into databas-

es, you will obtain all required dataquickly.

Thanks to the well-arranged Safeti-ca Management Console, adminis-trators and security managers savetheir work by not walking throughindividual working places.

The manager and the administra-tor have the possibility to adminis-

ter more server components at thesame time.

Documents

En-Safetica Endpoint Security Feature List-2010!11!16