Categories
Blog Device Control USB Sescurity

3 Ways to Prevent a Virus Infection in an Industrial System

Information security on an industrial system is more important than that on a PC. If an industrial computer for manufacturing automation stops due to a virus infection, it could shut the whole factory down. Therefore, an industrial computer should generally be isolated from the internet to prevent outside attacks or virus infections. Software upgrades for the computer should be performed using USB memory drives. A user downloads the software from the internet onto the USB memory stick using their own personal computer, and then inserts the USB memory stick into the USB port of the industrial computer to be upgraded. Thus, the industrial system must have a USB port.

Ironically, virus infections on industrial computers typically occur during software upgrades using USB memory sticks. A user downloads the upgrade software onto the USB memory stick, which is already infected by the virus. After the user inserts the USB memory stick into the industrial computer and executes the upgrade file, the industrial computer will become infected by the virus from the USB memory stick. Virus protection is fruitless in the industrial system because the system is isolated from the internet; In other words, if you install virus vaccine in the industrial system, the vaccine will become useless as time passes since it cannot be updated regularly without the internet.

However, it is difficult to find reasonable and cost-effective solutions to prevent this kind of security incident, although many people think that any virus infection in an industrial system, such as a plant, factory, or hospital, could cause a catastrophic disaster. There are three simple ways to prevent virus infections in an industrial computer using Secudrive products.

First, the USB memory drive for the industrial system should be secure and virus free. Secudrive USB Basic has a hardware-based encryption function and is equipped with Trend Micro USB Security 2.1, a commercial virus protection program, so that the system can be free from virus infections and malicious attacks through the USB memory drive, as well as any data leakage.

Second, the USB port of the industrial system should be controlled to allow employees to use only a secure USB. Secudrive Device Control Basic is a standalone type of USB port control solution that allows administrators to monitor and enable or disable various ports and devices on a PC. After installing this on an industrial computer, only Secudrive USB Basic can be used on the computer. 

 

Finally, the office environment should also be securely managed. If Secudrive USB Management Server (UMS) is used in the office network to restrict employees to use only Secudrive USB, then virus infections could be prevented on the office computers. Furthermore, the data cannot be leaked or stolen even if an employee loses the USB memory stick because administrators can remotely manage the USBs. 

 

 

Categories
Blog Data Erasure Device Control File Server Security Insider threats USB Copy Protection USB Sescurity

Securing Data throughout its Life Cycle

We believe that protection should be implemented throughout the data’s entire life cycle. Otherwise, data can be easily compromised from multiple areas.

Looking for information security solutions can be difficult because of the wide variety of security solutions available. It is also hard to implement a solution if you don’t know all of the problems.

In order to effectively assess a company’s risk, each stage of the data life cycle should be taken into consideration. Each stage has its own inherent risks and security solutions must be able to protect data at each stage in order to mitigate any vulnerabilities.

We aim to protect information at each stage of the data life cycle: Creation, Access, Storage, Transmission/Mobilization, Alteration, and Deletion.

SECUDRIVE can protect important corporate data from creation to deletion by utilizing Intellectual Property (IP) protection, using encrypted IP protected USBs, blacklisting foreign devices, and remotely wiping out disks that contain corporate data.

Secure Data Life Cycle Solution

Secure File Sharing with DRM
-IP protection for Windows File Server
-Encrypted File Import/Export to SECUDRIVE USBs
-Access management
-User/Manager activity logging
-Integrated with Active Directory (AD)

Secure USB Flash Drives with DRM
-Secure Hardware Encrypted USBs
-IP protected USBs
-Integrated Management
-Encrypted import/export to SECUDRIVE File Server and USBs
-USB Activity Logging
-Integrated with Active Directory (AD)

Secure Data Eraser
-Windows-based managed disk wiping
-True remote wiping
-One-click wiping
-Detailed logging, monitoring, and reports

Device Control
-Blacklist foreign devices
-Port blocking control
-Activity logging

Categories
Blog Device Control File Server Security

How to Prevent an Edward Snowden in Your Organization

By now, Edward Snowden is a name that has been heard all around the world. The confidential government documents that Snowden leaked have had a devastating effect on the government and the Obama administration. How Snowden had access to government documents is very blurred in the media, however, one thing is certain; once Snowden did get to the documents he stored them on a normal thumb drive and carried it out of the building.

What if Snowden was an employee at your company? If you handle confidential data that, if leaked could damage the company’s reputation of trust and security, it’s important to apply security to confidential documents on the client’s side before storing them on the server. Hypothetically, if the government or any other companies that fear internal data leakage had SECUDRIVE File Server and SECUDRIVE Device control installed, the incident could have been prevented.

SECUDRIVE provides simple, easy to use data security software that could help businesses protect themselves and their reputation. SECUDRIVE File Server provides copy protection with user authentication, which would only allow authorized and registered users to have access to the server and prevent users from copying or sending documents via email. Administrators would also be able to control which applications are authorized to open documents on the shared folder. Detailed event logs are also provided, which record details such as file activity (read, write, rename, change, create, delete, copy, paste), time, date, and user name in real-time. So if Snowden had tried to take the documents out of the server, he wouldn’t be able to because of the administrator’s security settings. With real-time event logs recorded, administrators would have been able to see when and what Snowden was trying to do with the documents on the server.

With SECUDRIVE Device Control, Snowden would not have been able to connect his thumb drive onto the server in the first place. In a government building, thumb drives are not allowed but in an office, it’s an everyday utility. SECUDRIVE Device Control provides controls of various ports and devices, which can prevent devices from connecting without authorization via USB port, Wireless LAN, CD-RW, DVD-RW, IEEE1394, Bluetooth, Parallel port, Serial port, and IrDA port. The smartphone too can be restricted to the only function as a removable storage device, or only allow it to use MTP, PTP, or tethering connections instead. It also records a detailed event log of when and which devices were connected and used and file activity. Companies can prevent the use of unauthorized devices within and outside of company grounds on employee computers.

Using SECUDRIVE File Server and SECUDRIVE Device Control together can prevent internal data leakages and possibly could have prevented the government’s documents from being leaked. Protect your company today.

Categories
Blog Data Erasure Device Control File Server Security Insider threats USB Copy Protection USB Sescurity

The Other Side of Edward Snowden Case

Thanks to the whistleblower case of Edward Snowden, the public is now aware of the level of private information gathering that has been performed by the U.S. government through agencies such as the NSA. Snowden release of top-secret NSA materials was referred to as “the most significant leak in US history according to the Daniel Ellsberg a former U.S. military analyst who is most famous for leaking the Pentagon Papers in 1971. What was most shocking was the degree of how much private information had been gathered in which case had brought back the fears and insecurities of when the Patriot Act was legislated in order to indiscriminately collect information under the banner of anti-terrorism.

Many journalists and information security specialists who have criticized the indiscriminate collection of private information have suggested that individuals should use client-side encryption solutions for private information, especially since storage solutions such as the cloud were becoming ever more popular. Since the Snowden case, however, public cloud services have been negatively impacted due to the heightened awareness of the lack of privacy of personal information.

In regards to information security, the Snowden case provides us, the public, with another large implication. Snowden worked for the NSA and its affiliated organization which has arguably one of the strongest internal information control systems in the world. Yet, he was able to gain access to highly confidential information that had the potential to impede national interests as well as the organization’s interests. Snowden was then able to copy the confidential information onto a USB flash drive and take it out of the office. For an organization such as the NSA and the affiliated organizations who are supposed to have a sound security infrastructure, this was a huge breach of their internal information security system, thus, making it clear that they had failed in managing internal information access and assessing the user’s ability to handle such information.

This case brings us to think more about the current situation of internal information security management systems of many U.S. organizations. A study conducted by Forrester stated that only 25 percent of data breach cases are from external attackers, meaning 75 percent of attacks are from within an organization. Even so, many organizations cannot easily integrate an internal information leakage prevention system because it often puts a damper on work efficiency. In some organizations, the management argues that it is almost impossible to prevent internal information leakage by utilizing a technological security solution and instead, they relieve themselves by getting employees’ to agree to a non-disclosure agreement and take some rudimentary education on information security. Though this is still needed, it is a much too passive solution.

It has become acceptable for workers to bring their own private devices such as laptops, tablets, and smartphones to their office to work. They store a lot of the organization’s confidential information onto the devices and are now taking the private information with them when they bring their laptop or tablet to a Starbucks, or pretty much everywhere when they bring around their smartphone. This is a huge security risk and it is important to be responsible for the security of the device as well as the information itself.

Now with cloud storage systems becoming more widely used, when companies decide to send designs for a new product, that their company spent a lot of time and money developing, through the cloud to an employee that is offsite, the company no longer has any ability to control the usage of the design. In this situation, all the organization can do is hope that nothing happens by fully trusting the non-disclosure agreement, information security education program, and their employees. Though it is good to have trust in your employees, blindly trusting them is plain idiocy. Without some sort of security system set in place, if a top-secret document is lost by employee carelessness, robbery, or even leaked by an employee with malicious intent, the organization may never find out who did it, where it happened, or even how it happened. Even if they do know the “who”, “what”, and “how”, the damage that follows often cannot simply be compensated by the dismissal of an employee or civil and criminal actions.

Ultimately, it comes down to the need for change: A need to restructure the way internal information leakage prevention systems are viewed and utilize preemptive security solutions. In order for organizations to prevent cases such as Snowden, there needs to be a push towards preemptive security solutions that can be used with existing technologies such as encryption, which only focuses on preventing leakage when the device is lost or stolen. It’s because many chose to be oblivious the fact that those that are authorized to use the data are possibly the biggest threat in terms of information leakage.

A possible solution to the prevention of internal information leakage, are storage devices that utilize features such as copy protection. Secudrive (www.secudrives.com) provides solutions that even small and medium companies can easily integrate into their security policy. They provide products that can prevent unauthorized copy of A/V files, office files and even CAD files, supporting various storage devices such as USB flash drives, file servers, and public cloud storage systems. Alongside their copy protection products, Secudrive also provides device control products that allow only registered devices, such as USB flash drives, tablets, and smartphones, to be able to access a port of a registered PC.

Categories
Blog Device Control NEWS News Letter Press Release

SECUDRIVE Device Control Released

Brainzsquare announced its release of SECUDRIVE Device Control, a new device access control solution for data leakage prevention for SMBs, into the market. SECUDRIVE Device Control makes it possible to allow or block devices such as USB flash drives, external HDDs, Smartphones and tablets from being connected to the USB ports of a corporate PC. The logs related to file activity in the allowed media are gathered and arranged for auditing.

San Jose, CA-August 1st, 2013-Brainzsquare announced its release of SECUDRIVE Device Control, a new device access control solution for data leakage prevention targeted for SMBs, into the market.

SECUDRIVE Device Control makes it possible to allow or block devices such as USB flash drives, external HDDs, Smartphones and tablets from being connected to the USB ports of a corporate PC. Even the allowed devices can be restricted to “read-only.” The logs relating to file activity in the allowed media are gathered and arranged for auditing purposes. For situations where the PC is carried out of the office, a separate security policy can be set and a log of all the activity that occurred will be gathered once the PC is returned to the office and reconnected with the manager program through the network. Once it has been installed on the PC, the security policy can be set to block prohibited devices which could help keep stop the infection of common USB viruses such as the Stuxnet virus.

Also, since smartphones are so versatile with its capabilities, SECUDRIVE Device Control provides multiple blocking options. The phone can be restricted to the only function as a removable storage device, or only allow it to use MTP, PTP, or tethering connections instead, thus allowing complete control over smartphone connections.

SECUDRIVE Device Control has the ability to deny or allow access to devices using the following ports in addition to the USB port: Serial/parallel, Bluetooth, network, WiFi, Printing, IrDA, CD/DVD, IEEE 1394, and even floppy.

SECUDRIVE Device Control comes in two versions, Basic and Enterprise. SECUDRIVE Device Control Basic is installed on a PC or server and is managed independently, therefore it is intended for smaller companies that have fewer than 20 PCs and industrial PCs which are not connected to the network. SECUDRIVE Device Control Enterprise allows the administrator to control device access and manage security policy by PC or by groups remotely, through the network. The administrator has a full view of all device access activity and can gather logs on files that have been transferred using the USB port.

“It doesn’t require any dedicated DB. It is easy to use, even for those of us who are not the most computer literate, meaning an IT specialist is not necessary. After installing it on a PC, a user cannot remove it unless the administrator allows it on the program. SECUDRIVE Device Control is targeted for SMBs. It is a must-have tool for SMBs to prevent internal data leakage and could be used along with our H/W encrypted and copy-protected USB products such as SECUDRIVE USB Basic, Office, CAD.” – Simon Kang, CEO of Brainzsquare.

If you have any questions or inquiries about this article or its contents, please contact us.

Categories
Blog Device Control

How to Block Off Smartphones Connected to Your PC.

Nowadays, everyone has a smartphone and if you don’t, then you should probably get our from under the rock and get with the times. I mean, if we took the DeLorean back twenty years ago and showed our parents an iPhone, I think their head would explode.

We use it for everything, ranging from Email and web browsing to updating your Facebook status and video searching your favorite cat videos. But what most people tend to ignore is that your phone can be infected which could be disastrous if you work through your phone as many of us do. Luckily, infection through your SECUDRIVE Device Control installed PC will no longer be an issue by blocking the connection from your phone to the PC.

Depending on the type of connection between a smartphone and the PC, a single smartphone can be ‘connected’ to your PC in a variety of ways.
There are four ways to connect to the PC for smartphones that use the Android OS.

1. Connected as a removable disk-Connected as a ‘Removable Disk Drive’ on ‘My Computer’.

2. Connected as MTP-Connected as a portable device on ‘My Computer’.

3. Connected as PTP-Connected as a camera on ‘My Computer’.

4. Tethered- Connected as a virtual network and you can access the Internet with a smartphone.

Because almost all of the device control programs only control disk drives, if a single device such as a smartphone is converted into various types and connected, it is vulnerable to security threats because it is difficult to block all of its connections.

Even if a smartphone sets up the connection in some way with the SECUDRIVE Device Control installed PC, the Device Control program will block the device, causing the device not to show up on ‘My Computer’ and cannot be used. Even with the management program (Kies or iTunes) provided by the smartphone manufacturing company, you will not be able to connect with your smartphone.

But what if I still want to select connections to still be allowed?

If you want to allow a certain type of connection in specified smartphones, register the smartphone with the desired connection mode in the settings of the Device Control to connect. On the Policy Management menu, if you register your smartphone, only the smartphone model registered by the administrator will be given a license to be connected and used in the registered mode of connection.

If you’re wondering how SECUDRIVE Device Control works in blocking off smartphones, try the trial program and see for yourself.

*SECUDRIVE Device Control will be installed as a trial program and can be deleted at any time. After 30 days, the program will be automatically deleted from the PC.
** Control of all smartphones that use the Android OS is the same except the LG Optimus
*** Apple products such as the iPhone, iPad, iPod, and Computers that use iOS will block the connection and preventing iTunes from connecting.

Categories
Blog Device Control

USB Port Control Program Purchase Guide

This is the purchase guide of SECUDRIVE Device Control for USB port controlling.

Case 1: For some of the PCs in the office, USB drives or external HDs should be blocked.

Case 2: We have about 50 PCs across the branches and the HQ needs to proceed with USB port control and log collection for connected devices and file events.

Case 3: We do not need USB port control inside the office. Because the staffs bring their own laptop, USB port and network should be blocked.

Case 4: We have a customer service center and would like to block the USB ports of about 100 PCs. We do not need logs of the connected devices.

=====================================================================================

Case 1. For some PCs in the office, USB drives or external HDDs should be blocked.
A. PC is connected to the Internet.
– SECUDRIVE Device Control BASIC, ESD Editionis available. This program does not require a separate management program. Just install software on the PC, proceed with a standard license and proceed with USB port control.

B. PC is not connected to the Internet.
– SECUDRIVE Device Control, USB Edition is available. For license authentication, plug in the D Device Control USB drive to the PC and install the program. Without an internet connection, your license can still be authenticated.

Case 2. We have about 50 PCs across the branches and the HQ needs to proceed with USB port control and log collection for connected devices and file events. 
– SECUDRIVE Device Control Enterprise is available. Enterprise version is composed of the central manager program and the client agent program. The manager program automatically collects events of the connected devices and file tasks on them.

Case 3. We do not need USB port control inside the office. Because the staffs bring their own laptop, USB port and network should be blocked. 
– SECUDRIVE Device Control Enterprise is available. Enterprise version provides both [Online policy] for the communication status of the central manager program and the client agent and [Offline policy] for disconnection status. Making use of them, you can set policies for the office and outside environment separately.

Case 4. We have a customer service center and would like to block the USB ports of about 100 PCs. We do not need logs of the connected devices.
– SECUDRIVE Device Control, USB Edition is available. If you need to block USB ports but do not need event logs, you can use BASIC edition. For installation on lots of client PCs, divide licenses into multiple SECUDRIVE Device Control USB drives and install the agent simultaneously on the PCs.