Cyberoam Endpoint Data Protection 3.2 review

Cyberoam made an impressive entry into the UK security market last year, with its CR15i UTM appliance grabbing a place on the PC Pro A List. It's now turned its attention to endpoint security.

Its Endpoint Data Protection (EDP) software is split into four modules, with the device control option handling workstation ports and devices. Application control determines what software users can run, while asset management provides full inventory and vulnerability assessments.

The data protection module applies encryption to removable storage devices, runs shadow copies of data being transferred to removable devices and controls file transfers for IM and email. The Management Suite covers all modules, but you can choose any as they all run from the same console.

EDP comprises a central server, console and client agents. Take care if you're installing the server on Vista, 7 or Server 2008, as the wizard tries to load MSDE, which isn't supported. You have to install SQL Server Express 2005 manually before loading the server.

A separate utility is used for agent deployment. Although it displays all discovered systems, it can't tell what OS is on each one. The EDP console displays all systems in the left pane, and you can create and populate custom groups using drag and drop. The audit tab offers basic details about each system such as the installed OS, computer name, uptime and logged-in user, as well as graphs of active applications.

To create a policy, you select the system or group and pick either the basic or advanced policy tab. The console can show AD users and allows a restricted set of policies to be assigned to them, but not system policies.

Basic policies control access rights to system operations and settings. These can prevent users loading features such as the Control Panel and Task Manager, and block access to Registry editing and System Restore.

Device policies restrict access to ports. As with DeviceLock, EDP can block unwanted USB storage, optical and network devices but allow the use of human interface devices.

We used the application control module to stop users loading P2P apps such as BitTorrent, and with EDP's advanced policies we could control file transfers over IM. You can also control email attachments, limit access to specific document types and determine printing privileges.

The asset management module provides critical patch lists and endpoint vulnerability assessments, while the event log provides real-time views of IM chats and allows you to look at all received email and attachments.

Cyberoam's EDP offers plenty of controls and is easy to manage. If you want better integration with Active Directory we suggest DeviceLock, but if you want controls for applications, IM and email plus inventory and change management, Cyberoam EDP should be your first port of call.

Author: Dave Mitchell