Unauthorized use of USB hardware to gain access to information in laptops and servers is a growing concern. With that in mind, security vendors McAfee and Sygate next week are expected to unveil their own approaches to blocking USB hardware access to computers.
McAfee is adding a way to prevent USB devices--which can hold a gigabyte of information or more in keyfob-sized hardware--from gaining access to laptops and servers through its host-based Entercept intrusion-prevention systems (IPS) product. The new functionality is in a free upgrade for current Entercept 5.1 customers.
McAfee's Entercept costs $400 per server and about $9 per desktop, depending on volume.
Protects at Host
Sygate this week will announce that its host-based policy-enforcement software, Sygate Enterprise Protection (SEP) for desktops and servers, now will block USB devices. SEP also is gaining IPS functions that transform the product into a closer competitor to Entercept, says Sygate's Seth Knox.
SEP 5.0 has added a way to control access to USB ports and CD/ROM drives on computers so that network managers can stipulate acceptable procedures such as prohibiting access via iPods. The SEP software has been expanded to include IPS capabilities to prevent buffer-overflow attacks on unpatched systems and other attempts to compromise security, thereby competing more directly against host-based IPS vendors.
Sygate's SEP 5.0 costs $115 per server and $65 for 1000 desktops.
The underlying IPS technology relies on signature-based identification of specific exploits and behavior-based monitoring to identify anomalies, Knox says.
"Behavior-based is not as effective as signature-based, which is 100 percent precise," he says. "But behavior-based will catch some things early before there's a signature to identify it."
"Security Firms Block USB Access" Comments