top of page

SafeConsole

feature_overview-img_edited.png

A Central/Remote Management Solution to set policies, Manage, Audit and even Remotely Lock or Kill your DataLocker Encrypted Devices. Instantly gain complete and granular control over all of your encrypted virtual drives and portable hard drives with the SafeConsole central management server software:

  • Achieve compliance for USB storage usage, with full control and audit.

  • Keep the productivity benefits of USB storage devices – without the risks of malware, data leaks and breaches.

SafeConsole Feature Overview

Control

Enforce policies such as password rules, file-type restrictions or geographic boundaries. Reset passwords, switch endpoints into read only mode, and even remotely wipe them in case of loss or theft.

Inventory

Monitor all your encrypted endpoints, including their location anywhere in the world. Integrate with Active Directory to track users, assigned devices and connected computers with ease.

Audit

See which files are saved to or deleted from your encrypted endpoints at any given moment. Use a complete audit trail by user, including connections, login failures, resets and loss reports.

Report

Centrally handle the state of the devices over the Internet, setting them as disabled or lost- even perform factory resets remotely. Disable a user in AD and their devices are automatically disabled.

PortBlocker

DataLocker PortBlocker is a “Simply Secure” approach to Data Loss Prevention (DLP) for removable storage that blocks USB ports and allows only whitelisted USB mass storage devices to be mounted on user workstations with PortBlocker installed. DataLocker PortBlocker is a DLP solution handled by SafeConsole, to control which devices are allowed, set policies for different groups, set ports in read-only mode, see audit logs and activity, plus much more.

  • Limit USB mass storage port access to only whitelisted devices

  • Stop the usage of untrusted USB devices which potentially have malware

  • eports activity back to SafeConsole to monitor USB port usage

  • Set USB ports in Read-Only mode to disable write capabilities on USB storage devices

  • Real-time reporting

SafeCrypt

By establishing an encrypted virtual drive using SafeCrypt, files are encrypted locally and stored on your preferred cloud storage, local storage, or network drive allowing users to take control of their encryption. Encrypted virtual drives function the same way as encrypted USB drives.

FIPS 140-2 validated, SafeCrypt’s military grade encryption, complies with HIPAA, SOX, DHS Initiatives, NRC, GLB, and any other directive that requires data encryption. SafeCrypt can be used in a VDI environment as a secure backup of business cloud solutions on encrypted flash drives or linked to a local folder to encrypt files anywhere on your machine.

Password Management

REMOTE PASSWORD RESET

Reset passwords remotely over any channel. Administrators can get remote offline users back to work within minutes, without any loss of stored data. Recovery codes maintain the robust security of a 128-character code using a pre-buffer method. This DLP solution ensures that the process is protected against social engineering directed against the helpdesk. The user password is never exposed and there is NO master password. Read the Password Management Best Practice whitepaper.

PASSWORD POLICY

Ensure that all data is protected by strong, compliant passwords by enforcing password policies on the devices.

Compliance

DEVICE AUDITING – SEE WHO DID WHAT, WHEN AND WHERE

Device auditing makes taking stock of the entire portfolio of SafeConsoleReady™ devices easy as it creates an automatic inventory list. The logs then include unsuccessful unlocking attempts, device states and log-ins. This gives the administrator a full overview of all encrypted virtual drives in use in the organization.

DETAILED FILE AUDITING – ACHIEVE COMPLIANCE REQUIREMENTS

Detailed File Auditing is an extension of the Device Audit. It allows an administrator to see what files have been copied to or deleted from the devices, as well as a trail of the files that have had their names changed.

DEVICE STATE MANAGEMENT – FULL CONTROL OVER DEVICES

As an extra security precaution when drives are lost, or to protect your organization’s sensitive information from access by former employees, you can remotely ‘kill’ rogue drives and erase all data off those drives. In the Device Overview in SafeConsole, an authorized administrator can set the device state to ‘killed’, ‘disabled’ and ‘lost’. Devices can later be recovered using the Remote Password Reset. SafeConsole can also be set to handle the devices’ states entirely on autopilot. This will require the drives to return to base by connecting to the SafeConsole server within a configurable time period.

Device Protection

INACTIVITY LOCK – FORGOTTEN DRIVES LOCK DOWN

Lock down a secure USB drive after a configurable period of inactivity. Forgotten drives that are left behind in a computer will automatically lock down according to the set policy.

WRITE PROTECTION – SET DEVICES IN READ-ONLY MODE

With Write Protection, users can set their drive in a read-only mode when unlocking it on non-trusted machines and thereby gain protection from malware trying to infect the drive or its content. It is also possible for an administrator to enforce this protection when a user leaves the company network ensuring that no malware can be copied to the drives and brought back to the company.

FILE RESTRICTOR – RESTRICT FILE TYPES TO BE STORED EXE, MP3

An allow-list approach prevents the storage of unauthorized file-types. Rogue files cannot reside on a SafeConsoleReady™ Device as it only allows storage of file-types specified by the administrator in the SafeConsole settings.

AUTHORIZED AUTORUN – STOP AUTORUN VIRUSES

The onboard autorun-protection that chokes self-copying viruses such as StuxNet and Conficker – by denying unauthorized autorun files from residing on the drive altogether.

GEOLOCATION AND GEOFENCING

Using IP-based location tracking, pinpoint the exact location of your encrypted virtual drives anywhere in the world. With SafeConsole, you can also geofence your devices making them accessible only within specific geographic boundaries.

Administrator Tools

DEVICE USER SETTINGS

Configure device settings to tailor the SafeConsoleReady™ device to your needs (e.g. disallow users from factory-resetting their devices). It is also possible to enforce a user interface language and pre-approve the device warranty for quicker device deployment.

DEVICE USER INFORMATION

Save time and pain – customize devices with user information for easy identification and secure lost and found. By defining “token” questions, SafeConsole administrators can ask device users to enter unique information about themselves. The “token” information allows the administrator to create a custom message about the user under the About window to easily identify lost devices without requiring permission to unlock the drive. The information is collected to the server and can be used to sort and search users and their devices.

ZoneBuilder

ZoneBuilder is a tool to create a “trusted zone” of computers that makes using your SafeConsole managed devices even more Simply Secure™.

WITHIN YOUR TRUSTED ZONE YOU CAN

RESTRICT device access to computers inside your Trusted Zone. AUTO-UNLOCK your storage device eliminating the need to enter your password. It makes sharing files within your Trusted Zone quick and easy. This feature uses RSA client certificates for authentication. *Specific features depend on the specific model and version of the DataLocker device

 

HOW TO CREATE A TRUSTED ZONE

1. Whitelist the computer IP address in SafeConsole. 2. Plug-in your SafeConsoleReady™ storage device and enter the device password. Your computer has been registered into your Trusted Zone!

bottom of page