USB Device Control and Lockdown Software for Enterprise
Control USB Devices Access and Lock USB Ports in Real-time.
USB Blocking, Whitelisting, Monitoring, and Encryption
USB Lock RP is a robust USB device control security software solution that centrally manages access of removable drives, mobile devices, and wireless adapters to servers, workstations, and laptops within a network. It features advanced USB Lockdown capabilities designed to block unauthorized USB removable devices and protect computer data in industrial processes and corporate offices.
Figure 1: USB-Lock-RP Device Control Software (screenshot).
Classified as enterprise USB port control, USB-Lock-RP is an administrative and security enforcement tool specifically designed to block USB devices and protect data assets on Windows operating systems. It operates independently with a minimal memory and storage footprint.
The Management Console operates on-premises within the enterprise network and provides real-time granular control and visibility over USB activity and endpoint computers. It controls device access policy and enforces rules to specific computers, as well as groups of computers with ease. Receives devices connection alerts and logs events automatically, including USB Monitoring for details on approved file transfers.
USB Lock RP detects devices' hardware IDs to allow specific USB devices and block the rest without interfering with harmless peripherals. USB flash drives can be authorized to work on specific machines, groups or across the network
USB Lockdown is required to effectively prevent data loss and malware infection by means of USB media. USB Lock rejects unauthorized devices at system level and blocks USB incoming and outgoing data.
USB blocking and Lock down characteristics are unique and offer superior data security than consumer-based USB control solutions or antivirus software attempting to analyze unauthorized devices, because accessing unknown devices creates unnecessary risk and results in a waste of system resources.
Additionally, USB Lock RP provides robust encryption for data transferred from the organization’s computers to authorized USB drives, functioning as a Data Loss Prevention (DLP) measure. This encryption safeguards sensitive information on authorized devices, ensuring that data remains secure not only on the organization’s computers but also while USB devices are in transit. Auto-Encryption can be toggled ON/OFF in real-time, enabling administrators to maintain data security seamlessly as files move between devices and the network.
It is also capable of setting a read-only policy for specific USB drives in real-time. This advanced read-only function write-protects specific USB drives data while other authorized USB drives can be full access on the same machine. (While unauthorized USB drives continue to be blocked)
Seamless USB Device Control Integration and Deployment
USB Lock offers effortless integration of USB device control into your existing IT infrastructure. Designed with simplicity and efficiency in mind, the software ensures quick deployment across all endpoint devices with minimal system impact. Its lightweight footprint means you can implement this robust usb port security software without compromising performance or requiring any hardware upgrades.
The deployment process is straightforward and can be executed remotely, allowing administrators to install the client software on multiple machines simultaneously using tools like Group Policy or Windows Installer MSI packages. This means your organization can rapidly establish comprehensive USB port control and device management without disrupting daily operations.
By operating entirely on-premises, USB-Lock-RP eliminates dependencies on cloud services or continuous internet connectivity, enhancing security and giving you full control over your data and device policies. The intuitive Management Console provides centralized administration, enabling you to configure and enforce security settings across specific computers or groups with ease.
Whether protecting a small business or a large enterprise network, USB-Lock-RP scales seamlessly to meet your organization's needs, providing consistent USB device control and endpoint protection throughout your environment.
Features of USB-Lock-RP Device Control Software
Feature | Description |
---|---|
Centralized USB Management | Manage and control USB Devices access to USB ports in your network from a single intuitive administrative console. |
Scalable Network Capability | Proven ability to control USB devices in networks ranging from small businesses to large enterprises. |
Group and Specific Computer Security | Secure groups of computers or specific computers from USB threats effectlively protecting IT infrastructure, systems, and data assets. |
USB Device Whitelisting | Pre-authorize USB devices by hardware ID and block all others. (Four easy ways to pre-authorize USB devices in real-time with ease) |
Real-Time Policy Enforcement | Enforce security policy settings and receive devices connection alerts without delay. |
Automatic Authorization Mode | Advanced function to Automatically whitelist USB devices on specific machines, and groups of machines in the network. |
Alerts and Logs | Automatically receive alerts and log USB device connections across the network. |
Advanced selective USB Read-Only Setting | Set specific USB drives to read-only while others remain full access, or blocked on the same machine. |
Enhanced Visibility for Disconnected Machines: | View settings, recent alerts, and authorized devices for machines not currently connected to the network, allowing administrators to efficiently monitor and manage all endpoints. |
Enhanced Approved Devices Visibility | Displays and exports (CSV) all authorized devices' names and IDs divided by groups, per machine, and group-wide approvals from one place. The new centralized view simplifies the management of USB device authorizations across the network. |
Remote Desktop Compatibility | Compatible with Remote Desktop; adapts to screen resolution changes and smart desktop area use. |
Export Reports | Export status and alert reports to CSV format. |
Full-Screen Locking Alerts | Display full-screen locking alerts upon blocking USB devices (includes your company logo). |
File Transfer Monitoring and Encryption | Monitor and encrypt file transfers from endpoints to authorized USB drives (ON/OFF). |
Easy Client Deployment | Deploy clients easily through Group Policy using Windows Installer MSI. |
SIEM Integration | Event logs in Common Event Format (CEF) for integration with SIEM. |
User-Independent Control | Controls USB devices even if no user is logged into the client system (settings and enforcement). |
Benefits of Using USB-Lock-RP Device Control Software
Benefit | Description |
---|---|
Data Loss Prevention (USB DLP) | Prevents data loss from computers and from authorized USB devices while in data is in transit. |
Malware Prevention | Blocks USB devices to prevent malware infections entering computers via USB media. |
Event Notifications | Informs of USB blocking, approvals, and other device connection events and activities. |
Regulatory Compliance | Ensures compliance with removable media policies. |
Perpetual Licensing | Offers a permanent enterprise licensing model with a one-time payment, including two years of updates. Post two years, updates are optional at a reduced cost. |
Autonomous Control | Designed for autonomous organizational control; doesn't require internet connectivity. |
Strong Device Control | Blocks or authorizes devices at the endpoint system level in real-time. |
All-Inclusive Solution | Includes all features; no need to order additional modules for encryption or monitoring. |
Software Type:
- Control: USB Management application On-Premises (not cloud-based)
- Client: Local System Service
Development Status: Active.
- Latest Version: v.13.844
- Published date: October 2, 2024.
- Dedicated Technical Team on Stand by
USB Authorization Panel: Provides 4 easy ways to remotely authorize USB devices on any machine in real-time:
USB Authorization Panel Methods
Authorization Method | Description |
---|---|
Drag and Drop | Drag from the USB blocked or allowed most recent alerts list and drop into any of the 20 available spots per machine for quick authorization. |
Automatic Authorization | Automatically authorize USB devices as they connect to the selected client machine. Can be toggled ON/OFF. |
Authorize Connected Device | Authorize a USB device that is already connected at the client while the sector is unprotected, allowing immediate access. |
Manual USB Authorization | Manually enter the device ID to authorize specific devices, providing precise control over device access. |
- UMS (USB Mass Storage Device).
- USB flash drives.
- Memory Card readers.
- Memory Cards.
- UASP (USB Attached SCSI Protocol).
- Portable Hard drives.
- SSD Enclosures.
- USB-MTP (Media Transfer Protocol).
- Smartphones.
- Tablets.
- Portable devices.
- Smart card readers.
- Smart cards.
- External magnetic hard drives.
- e-SATA.
- Firewire (IEEE 1394).
- Wireless Transceivers.
- WiFi.
- Bluetooth.
- IrDA.
- External and Internal.
- CD.
- DVD.
- Blu-Ray.
- USB-HID (Human Interface Device).
- BadUSBs (Keystroke Injection).
- Arduino.
- USB Rubber Ducky.
USB-Lock-RP Device Control Software is Licensed by top-notch Organizations
Control USB Devices in Real-time
Strong USB Control:
Prevents zero-day USB-based exploit from entering your systems. Block USB incoming and outgoing of data. Device identifier storage is AES 256 encrypted and HEX masked (variable key and initiation vector in CBC mode). Prevents Hardware ID spoofing. Secures systems even if the user is running with administrative credentials.
Straightforward Operation:
Start protecting your network in minutes. Very easy to operate and set security policy. Protection scope is divided in 4 sectors; just select a client machine or computer group and press the desired lock to keep removable storage and portable devices threats away. Once set operation is automatic. Intuitive administrative GUI, virtually no learning curve involved.
Granular Policy:
Authorize specific USB removable drives and smartphones to access specific computers or all computers in the network while blocking all others. Prevents unauthorized access to USB ports, removable storage, portable devices and other Removable Media from accessing operating systems in the network.
Centralized USB Devices Management:
Centrally set or change security measures and automatically receive and log details on blocked, and authorized USB devices as they are plugged into endpoint computers in real-time. As well as logging and receiving records of files transferred from endpoints to authorized USB Devices as events occur.
Personalized USB Lockdown:
Presents informative Lockdown alerts screens at client computers upon blocking USB devices, USB Lockdown screens presented at endpoint computers are personalized with the end-user organization/enterprise logo. Personalization is automatically done by our team prior to secure electronic delivery (within 3 hours order made)
Smart USB Port Control:
Designed to block usb devices & control USB port access without interfering with non-storage USB peripherals (mouse, keyboards, webcams, printers), But capable of detecting and unobtrusively protect against keystroke injection and malicious payload attacks by devices such as BadUSBs (USB Rubber Ducky) that impersonate HID keyboards or mouse.
USB Monitoring:
Effective monitoring of data transferred from endpoint computers to authorized USB portable storage (thumb/flash/pen drives). Records automatically arrive and are stored secured at the Control server. The Administrative Console can be set to send these records to a SMTP (TLS/SSL) email within your domain in real-time.
USB DLP:
Effective data loss protection USB Lock protects information contained inside authorized thumb drives by optionally forcing automatic AES 256 encryption of all transferred data files from computers to authorized USB drives, effectively locking out USB access to protect confidential information in case the authorized device is lost or stolen. USB DLP policy can be enabled or disabled with just a click.
Perpetual use Licenses:
Licenses are perpetual and include two years of updates, after 2 years updates are optional at 20% of licensing cost. USB-Lock-RP is not support demanding, once it's set, it works as intended, this has to do with product maturity and that at client-side the software deals with hardware, not users. Support is in English at no charge by email or phone.
Autonomous Control:
Doesn’t require internet or Active Directory.
Protects endpoints data even if the client is disconnected from the network. (At the Control, disconnected Laptops will show in the out-list). Protects at System level. (Effective even if running under administrative account.) Starts protecting even if no user is logged into the system. Works on air-gapped networks and remote locations.
Available for Download:
Download the functional DEMO or request a small set licensed as Proof-of-Concept to your organization. Test how USB Lock Software, manages USB ports and devices access to endpoints for free, no cost or commitment. POC Licenses are personalized with your organization logo. Dedicated team on standby to assist on any questions you may have (24x7).
Easy Deployment:
USB Lock client can be easily mass deployed with GPO or any software deployment tool, the USB Lock client is presented as a standalone Windows Installer MSI that is configurable by command line, ensuring effective initial client deployment and updates. Our team can also preconfigure the MSI for you if required at no cost.
USB Lockdown
Refers to automatically blocking access to the computer desktop. Lockdown occurs when unauthorized USB storage devices (e.g., USB 2.0, USB 3.x) are connected to the usb ports (e.g., standard USB type-A, USB type-C), or remote USB. USB-Lock-RP considers the unauthorized connection of usb storage devices a serious intrusion attempt that should be stopped by all means.
USB Lockdown (a.k.a., USB blocking) is part of the software redundant measures applied to protect the system. This measures take place upon USB detection and included preventing drivers to load, stopping, dismounting, disabling, ejecting devices while blocking USB and access to the desktop. Protection measures escalated depending on the device type and the device status but lockdown is normally included when blocking usb and other removable storage under the software protection scope.
USB blocking is a software capability used by IT security administrators to protect computer systems and data assets from threats posed by the connection of unauthorized USB peripherals.
Blocking USB & desktop Lockdown are simultaneous and present full-screen window alerts that extend to multiple monitors.
Lockdown Remains Until Any of the Following Conditions Are Met:
Condition | Performed At |
---|---|
The blocked USB device is removed | Client-side |
The master password is used | Client-side |
The sector is unprotected | Control-side |
The USB device is authorized | Control-side |
USB Lock RP Straightforward Operation
Blocking USB Devices on Specific Computers
- Select a client PC from the USB-Lock-RP Control Dashboard network list.
- Click on the left-side lock icon.
- Done! You have just protected the removable drives sector on the selected computer in real-time.
Now the following devices will be blocked unless specifically authorized: USB, eSATA and Firewire drives, Mobile phones (MTP Protocol), and memory cards while also smart blocking USB keystroke injection attacks. Setting are enforced in real-time (To unprotect just click the lock again).
Locking Peripheral Ports on Groups of Computers
By default 5 groups are created, and all new installed clients will belong to group 1 as seen on the groups column, so you are ready to lock removable storage on all computers at this point.
- Rename groups using the group rename function.(optional.)
- Add computers to groups by right clicking on the selected machine and choosing a group name.(optional.)
- Click the Group security button and choose the group name, sector (e.g., Removable drives), desired action (e.g., Protect) and press OK.
Great!, you just Locked removable drives sector on all computers that belong to the chosen group. You will see all computers in that group changing its security status to protected in real-time.
Whitelist USB Thumb drives and Smartphones
Authorizing specific USB pen drives and Mobile phones is as easy, just insert the device you need to authorize (at the control or at the client) and press authorize. Done!
Besides USB Control (Removable Storage Sector), three other sectors to manage are available and are as easy to protect: CD/DVD Sector, iRDA/Bluetooth Sector, and WiFi Sector.
Blocked or authorized device connection to any client computer automatically generate an alert event stored encrypted at Control server. This records are readable from within the Central USB-Lock-RP Device Control interface and show date-time, Hardware ID, logged user & machine name.
At client-side a full screen alert instructs the user to remove the device, this alerts bear the licensed organization logo at top-left corner.
USB Encryption
The protection of data inside removable storage is done by forcing automatic encryption, this function can also be turned ON or OFF with just one click. (Monitoring needs to be activated for USB encryption to work).
When USB encryption is active all files transferred from the endpoint computer to authorized USB flash drives are automatically AES 256 encrypted. (all data not just the headers)
Stored files on encrypted USB Thumb drives can be opened within the endpoint originating client or within any other endpoint USB-Lock-RP client that has USB Encryption activated. (files are automatically decrypted in those systems when opened)
This function ensures that information contained inside authorized devices is only accessible within determined computers in the network and none outside the network.
Protection against badUSB devices
Protecting against badUSB device e.g. USB Rubber Ducky is very important. This device type is extremely dangerous, its firmware has been modified to impersonate Human interface devices (HID) such as keyboards.
This class of BadUSB can inflict keystroke injection attacks and introduce malicious payloads to harm the operating system and network infrastructure. Blocking BadUSB is a standard function in USB Lock, the program makes a quick analysis when it detects any change on keyboard or mouse enumeration to prevent such attacks, other than that keyboards and mouse can work normally without restriction.
USB Monitoring
Monitoring the transfer of files to removable drives is activated or deactivated with just one click independently of the removable storage sector protection state. Monitoring can be set to groups or to specific machines, While USB removable drives sector is in protected state authorized devices will be monitored and while in unprotected state any connected usb drive is monitored
USB File Transfer Monitoring Records Include
Monitored Data | Description |
---|---|
File Name | Includes the full name and extension of the transferred file. |
File Size | Size of the file in bytes. |
Transfer Date | Date and time when the file transfer occurred. |
Last Modified Date | Date and time when the file was last modified before transfer. |
Source Machine Name | Name of the machine from which the file transfer originated. |
Logged-in User(s) | Name(s) of the user(s) logged into the machine during the file transfer. |
USB Drive Letter | Drive letter assigned to the destination USB device. |
Device ID | Complete device ID, including vendor, product, and unique identifiers. |
Records are received by the control in near real-time and are presented for an at a glance view on two side panels and stored organized by machine name/date/time for review when needed.
At the Central control server the collected data remains encrypted and same as all device connection alert records are protected only readable within the control interface.
USB File transfer monitoring can be set to be simultaneously sent as part of the secure email alert function if configured.
Reviews:
Reviews For USB Lock Featured at Security Today Buyers Guide (2024):
QUOTE: " USB-LOCK-RP is rocking fast!" Pros: - Easy Interface - Easy Installation via GPO or stand alone - Does not need any extra resources or components to run on any workstations - Runs even on a legacy workstations smoothly - Easy Management Via Admin Control Panel..QUOTE: " Amazing service" Pros: The software does exactly what we need, but it's the responsiveness and quality of support that stands out..QUOTE: " Best for USB/CDRom Blocking" What do you like about USB-Lock-RP? After struggling with fixes, hacks, due to users loading USB and CDRom devices on their workstation adding security risks, I found USB Lock RP 11 years ago. I fell in love with it and been a customer since, continuing to recommend it to anyone trying to secure their network..
Articles:
Auditable USB control
QUOTE: USB control – USB Lockdown blocking screens, which appear at endpoint workstations make it easy for security auditors to test the solution’s effectiveness. With most other solutions on the market, this sort of auditing is not possible.
Auditable USB control, December 18, 2023: USB-Lock-RP,
Article by Francesca Seden in SecurityonScreen.com.
Product showcase: USB-Lock-RP
QUOTE: USB-Lock-RP allows security system administrators to manage USB access from a central administrative console...Preventing unauthorized use of removable media, The solution blocks unauthorized devices as they are connected to computers in the network in real-time.
Product Showcase: February 9, 2021
in: HelpNetSecurity.com
Central Control of Device Access to Computers.
QUOTE: USB-Lock-RP Device Control Software is a unified system to centrally control access to computers by external and remote devices. This protection includes USB ports, removable storage, mobile devices and wireless adapters to servers, workstations and laptops in a network. Specifically, USB-Lock-RP responds to the vulnerability of individual and enterprise-wide computers to cyber exploits...
Article: by Yan Ross
in: CyberDefenseMagazine.com
Direct means of organizations information protection.
QUOTE: ...USB Lock RP is also one of the only pieces of USB control software that personalizes block screens and relevant boxes with a customer’s logo. This builds USB Lock RP into a company’s policy and gives each and every client a feeling of personalized control...
Article: by David Bisson
in: InformationSecurityBuzz.com
Endpoint security that is not a pain in your end!.
QUOTE: ...USB Lock RP not only allows you to maintain control and have flexibility. It gives you peace of mind when it comes to endpoint security and removable devices and more importantly is gets rid of PEST!...
Article: by Ron Barrett
in: NetworkWorld.com