Network security scanner, port scanner and patch management

Automatically detect security vulnerabilities on your network

GFI LANguard Network Security Scanner (N.S.S.) checks your network for all potential methods that a hacker might use to attack it. By analyzing the operating system and the applications running on your network, GFI LANguard N.S.S. identifies possible security holes. In other words, it plays the devil's advocate and alerts you to weaknesses before a hacker can find them, enabling you to deal with these issues before a hacker can exploit them.

Provides in-depth information about all machines/devices

GFI LANguard N.S.S. scans your entire network, IP by IP, and provides information such as service pack level of the machine, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results can easily be analyzed using filters and reports, enabling you to proactively secure your network – for example, by shutting down unnecessary ports, closing shares, installing service packs and hotfixes, etc.

Identifies security vulnerabilities and recommends action (or solutions)

Once GFI LANguard N.S.S. has completed scanning a computer, it categorises security vulnerabilities and recommends a course of action (or solutions). Wherever possible, further information or a web link is included regarding the security issue, for example a BugTraq ID or a Microsoft Knowledge Base article ID.

Fast TCP/UDP port scanning and service fingerprint identification

GFI LANguard N.S.S. includes a fast TCP/IP and UDP port scanning engine, allowing you to scan your network for unnecessary open ports. While identifying key open ports (such as www, FTP, Telnet, SMTP) through banner processing, GFI LANguard N.S.S. will also query the service running behind the detected open ports to ensure that no port hijacking took place.

Network-wide patch and service pack management

You can deploy missing service packs and patches network-wide, without user intervention. GFI LANguard N.S.S. is the ideal tool to monitor that Microsoft SUS is doing its job properly and it performs tasks SUS cannot do such as; deploying Microsoft Office patches and custom software patches, patch reporting and immediate deployment of high alert patches.

Patching support for multilingual operating systems

GFI LANguard N.S.S. supports detection of missing Microsoft security updates and their deployment on both English and also on non-English Windows operating systems.

Automatically downloads security patches and vulnerability information

Through its auto-update system, GFI LANguard N.S.S. is always kept updated with information about newly released Microsoft security updates as well as new vulnerability checks issued by GFI.

Automatically alerts you of new security holes

GFI LANguard N.S.S. can perform scheduled scans (for instance daily or weekly) and can automatically compare the results to previous scans. Any new security holes or changes appearing on your network are emailed to you for analysis. This enables you to quickly identify newly created shares, installed services, installed applications, added users, newly opened ports and more.

Ensures that third party security applications such as anti-virus and anti-spyware offer optimum protection

It is possible to check that supported security applications such as anti-virus and anti-spyware software are updated with the latest definition files and are functioning correctly. For example, you may ensure that supported security applications have all key features (such as real-time scanning) enabled.

Network-wide event log management - no need to be an event guru!

Event logs are a valuable tool to monitor network security and performance that are often underutilized due to their complexity and volume. As organizations grow in size, they require a more structured approach towards event log management and retention. A recent survey carried out by SANS Institute found that 44% of system administrators do not keep logs more than a month.

Proper log management helps you to meet several objectives including:

• Information system and network security
• System health monitoring
• Legal and regulatory compliance
• Forensic investigations

Network-wide security event analysis

GFI EventsManager collects data from all devices that use Windows event logs, W3C, and Syslog and applies the best rules and filtering in the industry to identify key data. This allows you to track when staff swipe their fob, pick up the phone to call home, turn on their PC, what they do on their PC and which files they access during their work day. GFI EventsManager also provides you with real-time alerting when critical events arise and suggests

Network-wide analysis of event logs made easy

As a network administrator, you have experienced the cryptic and voluminous logs that make log analysis a daunting process. GFI EventsManager is a log processing solution that provides network-wide control and management of Windows event logs, W3C logs, and Syslog events generated by your network sources. GFI EventsManager includes an intelligent event processor which processes logs and presents information in a centralized, easy and user-friendly fashion.

"Translates" cryptic windows events

Cryptic logs make log analysis a lengthy process. GFI EventsManager “translates” the often cryptic event descriptions to clear, concise explanations and suggestions for action.

Centralized event logging

Event logs are constantly and automatically generated by a user or by an automatic/background process and logs are often stored in disparate locations. GFI EventsManager stores all captured event logs into one SQL database that may also reside remotely. You may also configure scheduled backups of your event logs.

High performance scanning engine

GFI EventsManager incorporates a totally re-designed event scanning engine that is fine-tuned for maximum scanning performance. Tests demonstrate that it is able to scan and collect up to 6 million events/hr. Furthermore, its plug-in based methodology allows additional features and modules to be integrated without interfering with existing code.

Real-time alerts

GFI EventsManager can send you alerts when key events or intrusions are detected. You can trigger actions such as scripts or send an alert to one or more people by email, network messages, and SMS notifications sent through an email-to-SMS gateway or service.

Extended event log support

GFI EventsManager processes various event log types including Windows event logs, Syslog events, and W3C event logs. This allows you to collect more data from the different hardware and software systems that are most commonly available on a typical corporate network.

Rule-based event log management

GFI EventsManager ships with a pre-configured set of log processing rules that allow you to filter and classify events that satisfy particular conditions. You can run these default rules without performing any configuration or you can choose to customize these rules or create tailored ones that suite your network infrastructure.

Advanced event filtering features

GFI EventsManager’s powerful filtering sieves through the recorded event logs and allows you to browse the required events without deleting any records from your database backend. You may also selectively highlight specific events using a color or the integrated event finder tool.

Event log scanning profiles

Scanning profiles allow you to configure the set of event log monitoring rules that will be applied to a specific computer or to a group of computers and provide a centralized way of tuning event log processing rules. You can also setup a set of rules that only apply to workstations in a particular department. You may also create separate complementary profiles that provide additional and more specialized event log rules on a computer by computer basis.

Control entry and exit of data via USB sticks, iPods, PDAs and other devices through endpoint security

You have invested in network anti-virus software, firewalls, email and web content security to protect against external threats. Yet any user can come into the office, plug in a USB stick the size of the average keychain and take in/out over 32 GB of data. This poses a tremendous threat: Users can take confidential data or they can unknowingly introduce viruses, trojans, illegal software and more – actions that can affect your network and company severely. Yet, as an administrator you have no way to control this! Group policy offers no control.

According to a 2005 FBI Computer Crime Survey, 44% of organizations have reported network intrusions from within their own organizations. Technology analyst Gartner warns that portable devices containing a USB or FireWire connection are a serious new threat to businesses. In their report, Gartner named removable media devices as a significant security risk in the workplace and advised that these can be used both to download confidential data, and also to introduce a virus into the company network.

Regain control with GFI EndPointSecurity

GFI EndPointSecurity allows administrators to actively manage user access and log the activity of:

• Media players, including iPod, Creative Zen and others
• USB sticks, CompactFlash, memory cards, CDs, floppies & other storage devices
• PDAs, BlackBerry handhelds, mobile phone and similar communication devices
• Network cards, laptops and other network connections

Control user access and log the activity of portable storage media like USB memory sticks, SD cards and more

USB sticks are one of the main threats as they are small, easily hidden and can store up to 4 GB of data. GFI EndPointSecurity recognizes USB storage sticks in addition to any device that can be mounted as a hard disk (whether accessed via USB, FireWire, etc.). For example, plugging a digital camera into a USB port gives users access to storage on an SD card; SD cards are available in several sizes including 2 GB and over.

Control access to CDs and floppies

You can centrally disable users from accessing CD/DVD drives as well as from reading or writing data to and from floppy disks. This way, you can block normal users from bringing in data that could be harmful to your network, such as viruses, trojans and other malware. Although you can switch off CD and/or floppy access from the BIOS, in reality this solution is impractical: You would have to physically visit the machine to temporarily switch off protection and install software. In addition, advanced users can hack the BIOS.

Protect your network against the threats posed by non-removable media devices

GFI EndPointSecurity protects your network against non-removable media devices by allowing you to lock down a machine to a specific hardware level, guaranteeing protection against Bluetooth devices, network cards and more.

Easily configure group-based protection control via Active Directory

You can configure and categorize computers into different protection groups: For each group you may specify different levels of protection and devices to allow or disallow access to. You can also leverage the power of groups and make an entire department a member of the group and easily change the settings for the entire group. Configuration of GFI EndPointSecurity is effortless and leverages the power of Active Directory and does not require the administrator to remember and keep track of which policies were deployed to which computers. Other storage control software requires cumbersome per-machine administration, forcing you to make the changes on a per-machine basis and update the configuration on each machine before the settings can take effect.

Granular access control

GFI EndPointSecurity enables you to allow or deny access to a device as well as to assign read only or full access privileges (where applicable) over every supported device (such as PDAs) on a user by user basis.

Log device-related user activity

With GFI EndPointSecurity you can log device-related user activity to both the event log and a central SQL Server. A list of files accessed to/from the device is recorded whenever users plug in devices both successfully and unsuccessfully.

NEW! – Get full reports on device usage with the GFI ReportPack add-on

The GFI EndPointSecurity ReportPack is a full-fledged reporting add-on to GFI EndPointSecurity. This reporting package can be scheduled to automatically generate graphical IT-level and management reports based on data collected by GFI EndPointSecurity, giving you the ability to report on devices connected to the network, device usage trends, files copied to and from devices (including actual names of files copied!) and much more.

Automated server and network monitoring made easy!

GFI Network Server Monitor is a network monitor that enables administrators to scan the network for failures or irregularities automatically. With GFI Network Server Monitor, you can identify issues and fix unexpected conditions before your users (or managers) report them to you!

Maximize network and server uptime

GFI Network Server Monitor maximizes network availability by monitoring all aspects of your Windows and Linux servers, workstations and devices (routers, etc). When a failure is detected, GFI's network monitor can alert you by email, pager or SMS, as well as taking corrective action by, for example, rebooting the machine, restarting the service or running a script.

Performs a real test, rather than deducing status from events generated by the service!

GFI Network Server Monitor actually tests the status of a service, rather than deducing a service status from generated events (as other products do), which is the only real way to ensure server uptime! GFI Network Server Monitor is easy to set up and use, and is competitively priced.

Enterprise class architecture

GFI Network Server Monitor consists of a network monitoring service and a separate management interface. No agent software needs to be installed on the machines you wish to monitor. The Network Monitor Engine is multi-threaded and can run 40 checks at a time. This software architecture allows for high reliability and scalability to monitor both large and small networks.

Includes checks for Exchange 2000/2003, ISA server, IIS and others

Via the Quickstart wizard, you can quickly create a series of checks which monitor all the important services on your network, including Exchange Server, IIS and others. Critical Exchange services and performance counters (Information Store, mailboxes, SMTP service, etc) are monitored.

Monitors terminal servers by actually logging in

GFI Network Server Monitor can check the status of a terminal server by actually performing a complete login and checking if the session is established correctly. This monitoring method is superior to relying on the events that the terminal server generates (as Microsoft MOM does).

Monitor your database servers (SQL/ODBC)

GFI Network Server Monitor can check the availability of all leading database applications. Out of the box, it can monitor Microsoft SQL Server via ADO. Other databases such as Access, FoxPro, Paradox, SyBase, Informix, IBM DB2 and many more can be monitored via ODBC.

Monitor Linux servers

GFI Network Server Monitor includes extensive checks for monitoring Linux servers. You can monitor CPU usage, printer availability, file existence, process running, folder size, file size, users and groups membership, disk partition check and disk space. In addition, administrators can create any check by creating an SSH script.

Performs administrative steps to ensure that a service is running

GFI has developed specialized checks which mimic administrator operations to verify that services offered by various applications are running, for example, logon to a service, perform a task and logoff the service – without the need for any administrative intervention! The monitoring functions that make use of such methodologies include: IMAP, POP3, SMTP Server and the email route check. Through the active use of such services one can guarantee that all aspects of these services are running and functioning.

Takes corrective action automatically

After an unexpected condition has occurred, GFI Network Server Monitor can automatically correct the problem by restarting a service (or multiple services) upon failure; rebooting a server upon failure; or launching an executable, batch job or VBScript.

Rapid Scanning of All Network Endpoints

With no endpoint client installation required, Safend Auditor transparently and rapidly queries all organizational network endpoints, locating and documenting all devices that are or have been locally connected. Safend Auditor checks all USB, PCMCIA, Firewire, and WiFi ports – granularly identifying endpoint devices connected for each user, both currently and historically.

Easy to Understand Reports

The results of the Safend Auditor audit are viewable in HTML formal, or as an XML table that is easily exported to Excel or other applications for additional analysis and review. The report identifies devices by type, manufacturer, model, and serial number, and users according to their Active Directory definitions.

Safend Auditor Advantages

• Simple and easy to use – administrators simply choose the group of computers to audit, and view the results immediately
• Comprehensive coverage -- identifies all USB, FireWire, PCMCIA devices and WiFi network connections
• Current and historical audits -- reports all devices currently or previously connected to any endpoint
• Precise device identification -- gathers detailed device information, allowing tailoring of security policies to exact vulnerabilities
• Clientless -- runs without endpoint client
• Low resource consumption -- audits take minutes and do not affect network performance
• Intuitive output -- audit results presented in easy-to-read HTML or XML report, easily exportable to MS Excel
• Seamless compatibility -- fully compatible with existing network management or administrative tools such as Active Directory
• Endpoint specific audits -– easy auditing of selected endpoints, Active Directory groups, IP address ranges, or the entire enterprise

Security Policy – Flexible Strategy, Simple Implementation

Safend Protector creates forensic logs of all data moving in and out of the organization, allowing administrators to create policies that don’t necessarily restrict device usage, but allow full visibility device activity and content traffic.

Through a built-in and flexible management console, Safend Protector allows administrators to create comprehensive and granular endpoint security policies. Policies are exported directly to Active Directory as Group Policy Objects (GPOs), ready to be assigned to relevant Organizational Units (OUs) and silently installed on clients.

With built-in alerting capability, administrators can get immediate notifications of any activity that needs immediate response. Alerts are available via email, SNMP, Syslog, Windows Event Viewer, popup messages and even custom scripts.

Uncompromised Control with Tamper-Proof Agent

Safend Protector’s lightweight and tamper-proof client-side agents are easily deployed, installed silently at the endpoint with no reboot required. The Protector agent operates at the kernel level, and includes redundant, multi-tiered anti-tampering features to guarantee permanent control over endpoints. Even local administrators can’t circumvent security policy. In addition, agents are invisible to end-users until a non-approved device is connected, at which time a custom-defined notification appears.

Safend Protector Advantages

• Granular control -- detects and restricts devices by device type, device model or unique serial number
• Policy flexibility -- separate policies can be defined for any domain, group, computer, or user; policies are easily associated with Active Directory Organizational Units (OUs) for GPO update
• Advanced policy enforcement -- via independent, kernel-level, real-time analysis of low-level port traffic
• Secure agent – silent deployment, redundant multi-tiered anti-tampering prevents security policy circumvention
• Intuitive management -- seamlessly integrates into Active Directory or other network management software
• Easy auditing and visibility - Encrypted logs and alerts can be viewed in the management console or integrated with third-party software for comprehensive analysis or immediate notifications
• Multilingual – Safend Protector speaks your language, allowing easier local administration

What’s New in Safend Protector

The newest version of Safend Protector introduces additional strong security features and enhanced usability:

• Media encryption - Transparently encrypts data copied to removable media devices
• Anti Hardware Keylogger - detects and blocks keyloggers connected to USB keyboards and renders PS/2 port keyloggers useless - preventing attempts to record your keystrokes
• Hybrid network bridging prevention - blocks access to WiFi, Bluetooth, Modems or IrDA links while the PC is connected to the wired corporate LAN.
• Granular WiFi control - by MAC address, SSID, or the security level of the network
• File name logging – creates forensic logs of all data moving in and out of the organization via removable storage
• U3 and autorun control – turns U3 USB drives into regular USB drives while attached to organization endpoints, and protects against dangerous auto-launch programs by blocking autorun
• Cisco NAC integration - creates rules that mandate the presence of Safend Protector Client before the endpoint is allowed on your network.
• Check Point OPSEC certification - ensures complete integration and interoperability with Check Point's Secure Virtual Network Architecture.
• Microsoft WHQL certification - ensures comprehensive security as well as full compatibility with current and future Windows Operating Systems.
• Usability, management and other functional enhancements - tighter Active Directory integration, OTP for suspending agents securely, defining roles within the management console, server architecture, enhanced logging, alerting and reporting, and integral interfaces to third party management tools

Product Description

Plugging the Leak – Your First Line of Defense

To make sure that your sensitive data stays private, Safend offers the first simple, plug-and-play port protection solution: Safend Personal Protector.

Based on Safend’s award-winning Digital Membrane technology, Safend Personal Protector returns control over your computer ports to you. Your first line of data defense, Safend Personal Protector lets you – and only you - decide who connects what and when to your machine.

Personal Plug-and-Play Port Protection

Safend Personal Protector prevents unauthorized access to your data via all physical communications ports (USB, FireWire, PCMCIA), blocking any unrecognized device. Once approved and verified by password, devices operate completely unhindered – enabling you to enjoy the convenience of removable media and other devices, while remaining confident that your data is safe. Safend Personal Protector delivers complete visibility and control over:

• Removable mass storage devices
• Media players like iPods
• USB flash drives
• Smartphones or PDAs
• Printers and scanners
• External CD or DVD drives
• Wireless adaptors and other networking devices