Bank Implementing Manageable Encrypted USBs for Secure General Use

SCENARIO

For Bank A, using USBs is an inevitable occurrence. The issue is that they don’t want their employees to simply use any USB since the bank would not be able to track, monitor or control the USBs. Not to mention the fact that if a non-protected USB were to be lost or stolen, the data on the USB, which typically contains private information, could be leaked.

So they are looking for a solution where they can still allow their employees to use USB flash drives while still having high levels of manageability, control, and security in and out of their network.

SECUDRIVE Products

SECUDRIVE USB Management Server 3.0
SECUDRIVE USB Basic+ V SD300

Requirements

• Ability to remotely control USBs within bank network and through internet
• Block specific USBs from being used outside of bank domain
• Easy integration and deployment
• Auditing and monitoring capabilities
• Anti-virus protection
• Ability to block specific file types from being loaded onto USBs.

Why SECUDRIVE?

SECUDRIVE’s secure USB management system has a wide variety of features that allows Bank A to meet all of their requirements so that Bank A can have completely control over all USB usage.

Inside and Out Security

Bank A wanted to have separate servers for the USBs that are within their network and out of their network. So we installed our software on two servers, one within their network and one on a DMZ to communicate with USBs that are out of the network. The USB Management Server can be registered to two separate servers so the administrator can switch between the servers as necessary. Also, they can set up policies so that:
• USBs can be restricted so that they can only be used within the network so it cannot be used outside the Bank network
• USBs can be restricted so that they can only be used on computers that are within the domain

Remote Control and Monitoring

Bank A is now able to monitor and control all USBs completely remotely. They have the ability to change and update security settings at any time while having real-time monitoring capabilities and detailed logging of USB events. So if USBs are lost or stolen, the administrator can remotely kill the USBs, ensuring that all data including stored data, encryption keys, manager information and everything in between is completely destroyed. The USB will also be rendered unusable until it is reinitialized through the management console. Remote features also include handy tools such as password resets, and file transfers as well.

Filtering and Malware

USB Basic+, along with our other manageable USB products, can be set to filter out specific file extensions. By doing so the USB is not loaded with unrecognized file types and the administrator can have more control over what file types are allowed to enter the USB to prevent possible infections or corruptions to the bank systems. In addition, all the USBs come equipped with Trend Micro’s Vaccine program to prevent any viruses or malware infections which could be transferred through USB devices.
SECUDRIVE also provides local pattern updates as well so that the Trend Micro Vaccine can be updated for all the USB’s simultaneously, since Bank A blocks internet access for their users.

Easy Integration

Since Bank A is an established bank, it would be unreasonable for them to have to have the manager register and setup USB and user information for over 200 USB flash drives. Luckily, the UMS 3.0 is integrated with Windows Active Directory (AD). This means that the administrator can instead, distribute the USBs to the users, tell the users to log into a machine with their AD account, connect the USB, and log in to set up the USB with their individual AD account. That way, the users can set up the USBs themselves instead of having one or two administrators set up hundreds of USBs.

USB Security

SECUDRIVE’s USB Basic+ is an AES 256-bit Hardware encrypted USB flash drive that has password protection and brute force protection, meaning that the USB will either lock or destroy itself after a set amount of failed password attempts. When used with the remote management features of UMS, SECUDRIVE USB Basic+ becomes a much more controlled method for transporting data.