Endpoint Protector Valuable Features
Security Architect at a tech services company with 11-50 employees
There are effectively two areas of DLP to look at from a technical perspective. One is how it performs the pickup of information traversing the system and the other is how the policy engine, which analyzes the data, works. On the first aspect, CoSoSys is probably best of breed for macOS because they're reasonably well-integrated into the operating system. They're looking at the file system operations level, not at the execution level. Whereas things like Forcepoint are looking at the applications being run and they try to apply policy to that. The pickup paradigm is a lot better than their competitors.
The search for keywords, in our security operations, is critical and we use Endpoint Protector for that. We're a HITRUST-certified organization, and one of the things we need to do is be aware of the movement of personally identifiable health information. Since we work multi-nationally, we have to be able to identify PHI from across different countries and their different medical coding standards.
Another valuable feature is the Content Aware Protection. We use the device thing to some degree, but it's the Content Aware Protection that's critical for us. That's the aspect of it which is DLP. The content protection engine is what detects the data when it's traversing, and the rest of it is other ways to lock down the system from being able to move data in and out. But the detection aspect of it, that's the really key part for us, because we have to be able to record that, even if it's completely legitimate.
It's quite easy to manage DLP in a hybrid environment because you have the centralized server that receives telemetry from all of the agents. And because that's what's forwarding the telemetry on to subsequent log ingests, you get a single data stream across all of the agents. We also have host intrusion detection, which is backing a lot of this stuff for us. We have full command execution logging in every machine. Every command that is run is recorded. We can cross-correlate very tightly between the DLP and what's being done on the machine itself. That way, we know execution and data movement.
We use the role-based access features, for the teams that administer it, to some degree, because we have an auditing agency that reviews our policy compliance. It's satisfactory. We don't have complex requirements for it. We've got a couple of internal admins with equal privileges and then we have an auditor role. It seems to work fine.View full review »
Information Security Manager at a financial services firm with 5,001-10,000 employees
The granularity of the policies that we can create is good. We block USB media. One of the reasons we left our previous provider is because of the lack of this functionality. We have built some custom rules to make exceptions for staff members that should be able to use USB media. Of course, the ability to amend and write policies is far more granular than the previous product that we used. Switches, disabling and blocking Bluetooth, weren't available with our previous supplier.
The feature that locks down USB devices means that if you plug removable media into any of our USB drives, it blocks it. As we block, we blacklist all the types of USB devices, and the cloud running trail blocks that. If someone puts the USB drive in, it will block them from opening that drive or even registering that drive. If they want to make an exception, they have to make a formal request to do so, and that can be made either by email or through an application to our IT desk.
The versatility regarding the exit point Endpoint Protector supports in making sure that important data doesn't leave our organization is vital for us. In the industry that we're in, data breaches are a significant concern. While our staff is contractually required to maintain confidentiality and they're all very aware that they shouldn't try and transfer company data of different classifications elsewhere to non-company devices, there's a risk. If we didn't have Endpoint Protector in place, they could plug in a USB drive, copy a file onto the USB drive, and then take that onto their personal computer or share it externally, whether that be with the press or the public, etc. This tool stops that from happening. It means employees are unable to share files and exfiltrate data via that channel.
We have other controls to stop other channels. One of the biggest concerns for us as a business is employees sharing data via the internet, dragging files and confidential information from our computer drives into Dropbox or into Webmail, et cetera. We have other controls and tools to stop that. But Endpoint Protector is used exclusively to stop USB media.If we didn't have Endpoint Protector in place, they could plug in a USB drive, copy a file onto the USB drive, and then take that onto their personal computer or share it externally, whether that be with the press or the public, etc. This tool stops that from happening. It means employees are unable to share files and exfiltrate data via that channel.
We have other controls to stop other channels. One of the biggest concerns for us as a business is employees sharing data via the internet, dragging files and confidential information from our computer drives into Dropbox or into Webmail, et cetera. We have other controls and tools to stop that. But Endpoint Protector is used exclusively to stop USB media.
The most valuable features are the ability to prevent access to external devices, and also site blocking. We have two of the main features that we enjoy the most, which are device control and then Content-Aware Protection (CAP).
In terms of policy creation, you can get extremely granular. The ability to have multiple departments and having the ability to assign computers on top of specific users is fantastic. We don't utilize that section, but if we had a centralized computer that multiple people would use, I really enjoy that I could specify which user gets which policy. It's the same computer, but it's based on a user-level granularity. It's not just global rights on the computer. I really do enjoy that, although I don't use it.
We are not currently using the functionality for the automatic encryption of confidential data transferred to USB storage devices, although it is on our to-do list. This is something that we need to test in the future.
Endpoint Protection provides a single platform to support Windows, macOS, and Linux, and so far, managing DLP in our hybrid environment has been seamless. I don't see much of a difference between the operating systems in terms of what can and cannot be done. This is extremely important to us because we are 95% Mac-based, with just a few Windows machines. Our Linux machines have just been retired since we've gone 100% remote.
With respect to the feature parity between Windows and Mac, they're identical. On the user side, I don't see a difference between Windows and Mac because what you can do on the client-side is quite limited. On the backend, or server-side, they're identical.View full review »
There are a lot of features, but the main feature is that I can use a device serial number to unlock any particular machine or for all machines. If I have a phone, like a Samsung phone, I can whitelist that specific phone for full access wherever it is plugged into any of our devices. This is the same with a USB, because most USBs come in bulk and have the same serial number. I can then whitelist that particular USB to be read-write with full access.View full review »
I have not found any valuable features.View full review »
All of the features are good if somebody has the budget. Our budget is limited and our purpose is just for media access. That's why we went only for this feature, but it has other features such as DLP or reporting.
It is fantastic in terms of the granularity of the policies. It has many built-in policies, and we can add or create more policies as well. It is perfect, and it gives us more options. We have some users who go outside and then come inside. With EPP, we can even control those users who are outside. If they need to access the media that we are using right now, we can provide OTP messages so that they can access the media even when they are outside of their organization. With our previous solution, we were facing some issues in doing this.
It provides us with the ability to lock down a wide variety of USB devices. It is better to have more options than having no options.View full review »
Information Technology Security Engineer at a comms service provider with 10,001+ employees
The most valuable features are:
- The OS platforms that it is capable of running on.
- The ability to detect source code as well as file types for the policies.
- The SIM integration.
These were identified previously as key features in a DLP program and Endpoint Protector had them. They are a business need.
The granularity of the policies that you can create is pretty good. I would give it an eight out of ten. It's very granular, but there are still more possibilities for granularity. There's still work to be done, but it's very granular.
Endpoint Protector offers the ability to lock down a wide variety of USB devices. That is a key feature. It was one of the main features we were looking for.
We plan to use the EasyLock USB-enforced encryption app to automatically encrypt confidential data transferred to USB storage devices.
I would rate the versatility regarding the exit points an eight out of ten. The exit points are pretty diverse, cover the majority, and are constantly updated, but there are still some application types and categories that we would like to see in there. They are responsive to our feature requests and are quick to add applications to the list and categories to the list of exit points.
The cross-platform management is good. I understand that there are some features that won't exist because of the technical limitations that are presented based on Linux, for instance, versus Windows. There are some things you can't do in Linux that you can do in Windows. EasyLock, for example, is a technical limitation that they have because of the nature of Linux. There's work to be done there but I understand why there are technical limitations.
We use the clipboard granularity feature to monitor copying and pasting to specific exit points in a limited capacity. It wasn't one of the main use cases, so it hasn't affected our DLP implementation too much.
The search for keywords is very important in our security operations because one of the key use cases we had was for the ability to search keyword-based on an internal database of keywords that have been submitted by other project managers within the company that's around intellectual property. The ability to search on keywords was part of that.View full review »
I don't have a single most valuable feature. Every feature is really working for me. One of the reasons I bought it was for the USB block, but that's not as much a use case anymore since I have a lot of people working remotely. It's the DLP part that is more important to me right now, to pinpoint the data that's getting moved.
The granularity enables me to not only see a file, but to read inside the file and pull out the data inside it. The granularity is really pretty good on that. It's very important. Let's say somebody just exported a file or emailed a file or uploaded a file on the internet. Seeing the inside of the file is really important to me. Whether it's encrypted or not, I still can see inside the file.
I'm the only admin on it, but the role-based access is fine. I have one user that I give access to so he can just see device control and that's it. That's all I need him to see. I was able to do that, so I'm pretty happy with the role-based access.
I use the solution's clipboard granularity feature to monitor copying and pasting to specific exit points, and it works great. People are trying to get the data any way they can, from the clipboard and things like that. I'm able to see it, report on it, and block it.View full review »
CTO at a aerospace/defense firm with 201-500 employees
The device control is a big deal for us because we can actually lock out removable drives and different types of hardware. It allows us to have better control over what end-users plug into their computers, and we can have deny lists and tighten our security posture.
In terms of the granularity of the policies, it is fine. It does exactly what we need. It is granular enough, but it is not too much where it is impossible to tune. It has a nice balance.
In terms of ease of managing DLP in a hybrid environment, it has been very easy to use. It's a very intuitive product. There were no issues trying to figure stuff out.View full review »
Manager of IT Infrastructure at a comms service provider with 10,001+ employees
We are happy and satisfied with the solution. When we face any problem, we contact the CoSoSys technical team support directly and they support us as much as possible.
CoSoSys provides a single platform to support Windows, MacOS and Linux. We are using hybrid deployment docs, but we're only using Linux and a Mac, not Windows.
It manages the DLP. It is easy to manage the DLP between MacOS and Linux. This is very important for us because we don't have any sort of in-house solution for data collection for the Linux and Mac environment. We are fully dependent on CoSoSys.
We are not using encryption, because the encryption depends on the server and on many other things, which will cause us to face problems.
Additionally, it has granularity features to copy, paste, and do other things.
Between PCs, there is no control, but we are interested when data is transferred to outside the PCs. At those times we use CoSoSys. CoSoSys can control most of this part.
It has absolutely, 100% helped to reduce important data from going out of our organization.View full review »
People Operations Manager at a tech services company with 11-50 employees
I like the main dashboard. It's very intuitive.
The offline temporary passcode solution is really easy to use for both the backend administrator and the users.
The granularity of the policies that you can create is pretty sufficient. We haven't had to make any super-granular policies. I understand what its capabilities are, and it is really nice to know that if we have to crack down and be a little more strict on our policies, Endpoint Protector provides those features.
It also provides us with the ability to lock down a wide variety of USB devices, which is pretty important because we don't want certain data accessed. It does a really good job when it comes to the versatility of the exit points it supports, making sure that important data does not leave our organization.
Endpoint Protector also provides a single platform to support Windows, macOS, and Linux, although we don't use Linux, we just use Windows and Mac. It makes it pretty easy for me to manage DLP in such a hybrid environment. I find it intuitive. It's pretty vital that it supports Windows and macOS because we use both types of computers in our company. It provides Zero day protection for macOS.View full review »
IT Specialist at TresVista Financial Services Pvt. Ltd.
The Device Control feature and tools are very nice. It can also be used for containers. We have blocked multiple financial components using these features and rely on the upload and block policies. For example, we have blocked Google Drive uploads, as well as the upload functionality for other cloud spaces.
The interface is pretty user-friendly, neatly explained, and simple to use.
We are able to lock down a wide variety of USB devices, which is important to us because none of our users can connect a USB drive or other device to the machine. By preventing this, there won't be data leakage. We have experienced this in the past and we are now able to control it through the use of device policies.
The technical support that they provide works well.
We use the RDP remote desktop option to prevent copy and paste operations to remote systems. If anyone tries to copy and paste between a remote system and a local system then they will not be able to do it. This works well and it makes our operations more secure.View full review »
IT Manager at a tech vendor with 11-50 employees
The most valuable feature is device control. If you have the wrong devices connected to the network then it may cost you, and this product allows you to control them. For example, you can prevent users from using an external hard disk, which is something that I like.
There is a clipboard feature to ensure that a user cannot print their screen or take a screenshot. This is one of the reasons that we feel secure when using this product.
The users are happy with using this solution on a daily basis.View full review »
IT Manager of Information Technology Operations Manager at Astra Rafael Comsys Pvt. Ltd.
Endpoint Protector by CoSoSys has some valuable features. The role-based access features for the teams that administer it is good.
The granularity of the policies is good. The versatility of exit points is good. It also supports both macOS and Windows.View full review »
IT Manager at a marketing services firm with 51-200 employees
The most valuable feature is blocking data transfer.
The software is easy to use and the dashboard is intuitive.View full review »
The most valuable features are Device Control, Content-Aware Protection, Enforced Encryption, and eDiscovery.
Device control is a module of CoSoSys EPP where we get granular rights and controls for protection of data getting leaked from any hardware devices like USB drives, Storage media, Wi-Fi, printers, etc.
Content-Aware Protection prevents users from uploading or sharing the data or files/documents with others through any application or software like web-browsers, email, file-sharing, or remote application software. It can even prevent users from taking and/or sharing screenshots or clipboard data.
Enforced Encryption is used when you want to have only permitted or restrictive devices connecting to user systems.
eDiscovery is another module where an IT admin can find a file/resource/path/folder present in a user's system.View full review »
We like that content-aware and device controls can easily be managed. They're not complicated. You don't need to be a rocket scientist to understand them.
As for overall experience, Endpoint Protector is very user-friendly.View full review »