Unauthorized use of USB hardware to gain access to information in laptops and servers is a growing concern. With that in mind, security vendors McAfee and Sygate this week are expected to unveil their own approaches to blocking USB hardware access to computers.
McAfee is adding a way to prevent USB devices-which can hold 1G byte of information or more in keyfob-sized hardware - from gaining access to laptops and servers through its host-based Entercept intrusion-prevention systems (IPS) product. The new functionality is in a free upgrade for current Entercept 5.1 customers.
Sygate this week will announce that its host-based policy-enforcement software, Sygate Enterprise Protection (SEP) for desktops and servers, now will block USB devices. SEP also is gaining IPS functions that transform the product into a closer competitor to Entercept, says Sygate's Seth Knox.
SEP 5.0 has added a way to control access to USB ports and CD/ROM drives on computers so that network managers can stipulate acceptable procedures such as prohibiting access via iPods. The SEP software has been expanded to include IPS capabilities to prevent buffer-overflow attacks on unpatched systems and other attempts to compromise security - thereby competing more directly against host-based IPS vendors.
The underlying IPS technology relies on signature-based identification of specific exploits and behavior-based monitoring to identify anomalies, Knox says. "Behavior-based is not as effective as signature-based, which is 100% precise," he says. "But behavior-based will catch some things early before there's a signature to identify it."
McAfee's Entercept costs $400 per server and about $9 per desktop, depending on volume. Sygate's SEP 5.0 costs $115 per server and $65 for 1,000 desktops.