Cloud Solution with Data Loss Prevention and Mobile Device Management

Endpoint Protector is a Data Loss Prevention (DLP) solution that protects against unintentional data leaks as well as data theft.

The software offers five modules designed to keep your sensitive information secure, these are Device Control, Content Aware Protection, Enforced Encryption, Mobile Device Management, and eDiscovery.

As a dedicated data loss prevention solution, Endpoint Protector does not monitor or measure employee productivity. Rather, this leading software emphasizes enterprise-level security by providing businesses with total control over the flow of information.

In this review, we look specifically at My Endpoint Protector 5, a cloud-based data loss prevention and mobile device management solution with a modern and intuitive user interface. Its main features include file transfer tracking, file shadowing, USB and port tracking, data encryption, optical character recognition, pre-defined and custom alerts, as well as plenty of mobile device control and security features.

Due to the scope of features on offer, we will not discuss Attendance Tracking, Productivity Tracking, Communication Tracking, Network Analysis, and Password Management. This review will focus on Endpoint Protector’s Data Loss Prevention and Mobile Device Management components.

Compared to competitors, Endpoint Protector’s ability to secure endpoints and manage internal security threats is top-notch. However, unlike more comprehensive employee monitoring solutions such as KnowIT, it does not cover external threats such as phishing or DDOS attacks.

As a cross-platform solution that also offers full control of Android and IOS devices, one of the things that stood out to us most was Endpoint Protector’s ability to secure endpoints for every data extraction medium imaginable. From Android, IOS, and USB storage devices, to printers, webcams, and Bluetooth; Endpoint Protector allows you to enforce device control policies on them all and regulate the flow of data throughout your company.

Overall, Endpoint Protector effectively prevents, detects, and blocks malicious file activity while providing investigation and remediation capabilities needed to dynamically respond to security incidents and alerts.

With over a decade’s experience in data loss prevention, Endpoint Protector is a fine choice for SMEs and top-level enterprises in any industry.

ProsCons

  • Comprehensive Data Loss Prevention

  • Comprehensive Mobile Device Management

  • Modulated Features and Pricing

  • Manage laptops and mobile devices from the same console

  • File tracing and file shadowing

  • File Transfer Tracking and Auditing

  • Covers every data extraction medium imaginable

  • EasyLock Enforced Encryption



  • 10-step installation & setup process

  • Cloud version has limited functionalities compared to on-premise

  • Does not offer attendance tracking

  • Does not offer productivity tracking

  • eDiscovery only available as on-premise

  • OCR only available as on-premise

  • Does not offer network analysis

  • No Application based security

  • Does not offer application or website blocking

  • Does not offer screenshot recording


What should you be looking for?

At Employee Monitoring Software Reviews, we believe there are a few crucial components that make a comprehensive employee monitoring solution. Let’s take a look at how Endpoint Protector stacks up against other software reviewed on our site.

Data Loss Prevention

After testing Endpoint Protector’s Data Loss Prevention components, we believe they can be categorized into Content Aware Protection, Device Control, Enforced Encryption, and eDiscovery.

Furthermore, Endpoint protector’s Data Loss Prevention features are based entirely around tracking, preventing, and remediating malicious data transfers. In a nutshell, it allows you to know what happens across your system, receive alerts for suspicious activity or attacks in progress, as well as understand what exactly transpired so you can avoid repeat attacks.

With new methods and frequency of cyber-attacks increasing every year, securing your data has never been more important. In fact, according to Breach Level Index, data records are lost or stolen at a rate of 6,320,240 every day, 263,343 every hour, 4,389 every minute, and 73 every second. While the total compromised in the first half of 2018 was 3,353,172,708.

Remarkably, these figures almost doubled between 2017 and 2018. Considering this, having an out-of-the-box DLP solution such as Endpoint Protector is crucial to ensure your company’s data security.

The basis of EndPoint Protector’s DLP is securing data at rest, in use, and in motion.

Content-Aware Protection (CAP)

Let’s start by talking about Content Aware Protection (CAP). Here, you can create rules based on predefined policies, keywords or file type, monitor and prevent unauthorized file transfers, and get in-depth audit trails for remedial action. In the CAP dashboard, get started by setting filters for the file type, application, predefined and custom content, Regex, and more.

A great way to dive into Endpoint Protector is by familiarizing yourself with the CAP features discussed below.

Through File Tracing, CAP scans data in motion and allows you to monitor and control data transfers containing confidential information through various exit points such as emails, browsers, cloud services, file-sharing services, instant messaging, as well as social media platforms.

In addition, File Shadowing is a great function which synchronously saves a copy of all files that were flagged as violating security policies. This can be a useful tool for managers with regards to auditing purposes and assessing the impact of data loss on your network.

You can also set up Threshold Settings to define the number of times a file transfer violation is allowed. In our opinion, perhaps most useful is the ability to set a threshold based on file sizes. For example, if the file size is a good indicator of a possible data breach for your company, then you can set the maximum size that is allowed and any upload or attachment that exceeds that limit will be blocked.

Furthermore, to avoid interrupting workflow, managers can Whitelist to allow file transfers from a specific location to be allowed or exempted. On the other hand, the Blacklist approach prohibits data transfer for specific devices, URLs, and domain names for certain computers, users, or groups. Whitelist and Blacklist are useful because they provide exceptions and will function regardless of the Content-Aware Protection policy violated.

Content-Aware Protection also enhances data security by preventing data leaks of sensitive content through Clipboard Monitoring, and blocks printing of confidential documents through Printer DLP.

Lastly, employers can gain insights by monitoring activity related to file transfers with a powerful Reporting and Analysis tool. All logs can be exported to SIEM solutions, so all your security events and records can be centralized in your enterprise tool.

Content-Aware Protection policies from Endpoint Protector are impressive but their effectiveness depends significantly on how they are customized and optimized. Based on our criteria, lack of key capabilities such as application-level security, network analysis, email and instant messaging tracking are some limitations of this software.

Device control

The next module we looked at was Device Control, which is designed to reduce the risks of data loss, data theft, and data leakage while managing all company devices including mobile from a single centralized online console.

This module provides granular control over devices like desktop computers, smartphones, tablets, keyboards, mice, and more.

Managers can monitor and control USB and peripheral ports as well as set rights per device, user, computer, group, or globally. With powerful device control policies, you can rest assured that your workplace remains safe with a peace of mind that all removable storage devices are being monitored.

You can also set predefined and custom alerts to be sent via email providing information on the most important or risky events related to device usage. For example, when an unauthorized device is connected to a PC or a sensitive file is transferred out of your network.

Perhaps best of all, Endpoint Protector gives you total control and user access over devices on or off-site, online or offline, making it easier to deal with unexpected situations on short notice. This feature is especially useful given the rise of BYOD and remote working trends.

As part of this component, an Offline Temporary Password can be used to access encrypted files for offline and onsite employees. For example, administrators will be able to grant permission for a specific USB storage device to be used by a user only on the specified computer for a limited time interval from 30 minutes to 30 days as defined by the admin.

A Network Offline Mode is also available and helps to ensure that protected PCs or notebooks that are temporarily disconnected from the internet remain protected and that email notifications are transmitted upon the next internet connection.

EasyLock

Next up is EasyLock, which works hand in hand with Device Control.

EasyLock Enforced Encryption or Automatic USB encryption is one of Endpoint Protector’s flagship features. Password-based, EasyLock helps to encode, manage and secure USB storage devices by safeguarding data in transit.

USB devices are a common cause of data loss as they are convenient and widely used, however they are also easy to forget, misplace, or steal. Endpoint Protector’s Enforced Encryption addresses this specific vulnerability by enabling companies to automatically encrypt any data copied from a company network onto a USB device.

If you have any confidential or sensitive data you wish to limit access to, EasyLock will provide a password-based military-strength AES 256 bits CBC-mode encryption. To ensure all endpoints are secured, EasyLock Encryption can also be applied to CD/DVDs, local folders, and cloud storage.

eDiscovery

The eDiscovery module scans data at rest and provides insight into stored sensitive information that managers would want to discover, encrypt, or delete.

Scans can be scheduled in advance for one-time or reoccurring sessions, on a weekly or monthly basis. This makes it much easier for admins to conduct device control policies at specific intervals.

With eDiscovery, data stored on an employee’s endpoints can be scanned based on specific file types, predefined content, file names, regular expressions, and more. Based on results managers can choose to encrypt or delete sensitive data.

Through Optical Character Recognition, images can also be scanned for sensitive information. You can enable OCR by ticking the option in Client Settings. Unlike Teramind which provides OCR as a cloud-based solution, Endpoint Protector only offers OCR as an on-premise solution, resulting in significantly higher installation, maintenance, and licensing costs.

What if the security risk to your company does not involve file transfers or data storage devices at all?

It can be argued that Endpoint Protector focuses on endpoint security to the detriment of other cybersecurity events. Endpoint protection functions best when paired with other detection solutions such as Teramind’s capability to track webmail attachments helping to reduce the risks of phishing, or better yet KnowIT’s ability to block risky websites or applications, filter incoming or outgoing emails by keywords, detect hidden botnets, and provide alerts for DDOS attacks. Lack of application-based security, network analysis, and archive data communication features are limitations which reduce Endpoint Protector’s viability as a standalone DLP solution.

Endpoint Protector excels at securing data at endpoints. However, it addresses only internal threats dealing primarily with data transfers out of the organization.

At Employee Monitoring Software reviews.com, our position is that a complete DLP solution should be able to deal with external, as well as internal security threats.

Application Management

Compared to other employee monitoring solutions, Endpoint Protector offers only basic Application Management.

A Device Activity Log is saved for all devices connected, along with all administrative actions such as device authorizations, giving a complete history of devices and users for detailed analysis. By being able to keep detailed records of user activity within company networks, you can identify patterns in policy violation or potential insider threats. It can also be good support for compliance claims with different legislations.

Endpoint Protector also provides information such as Application Usage by Device, Installation Audit Trail, Application Audit Trail.

Unlike other solutions such as Teramind, KnowIT or Interguard, Endpoint Protector do not allow you to block applications or websites.

Mobile Device Management

Endpoint Protector allows you to control, secure, and locate all mobile devices on your network.

After testing Endpoint Protectors Mobile Device Management, we found the features to be as comprehensive as any offered by other employee monitoring solutions.

Available for both IOS and Android, Endpoint Protector’s Mobile Device Management features help to safeguard your company’s data by applying effective data protection measures on all tablets and smartphones.

In the modern workplace, mobile devices deal with company data in an increasing number of ways. Regulating emails are no longer your only worry, applications may come with malware designed to extract personal or other sensitive information. Furthermore, today’s mobile device can store huge amounts of sensitive data, making your company vulnerable in case of the loss or theft of a device.

Misplaced or lost a device containing sensitive data? Endpoint Protector MDM allows you to Track & Locate your company’s mobile or tablet devices and know where critical data is carried at all times. You can also use Geofencing to set a virtual perimeter on a geographic area and receive email alerts if the device leaves a defined area.

Today, BYOD and remote work are on the rise with more and more employees working on the go – 74% of companies allow employees to work on their own device, while 66% of all emails are read on a smartphone or tablet.

Ideal for BYOD policies, Endpoint Protector provides fail-safe features to prevent data leaks. Remote Lock instantly locks the mobile device preventing access or use by the holder.

While Remote Wipe is designed for critical situations where the only way to avoid data leak is to completely wipe the device. From a company’s perspective, such policies mean security is not compromised for efficiency.

Mobile Application Management allows you to easily discover which apps employees are using and remove apps that pose a security risk.

Endpoint Protector’s MDM features also include the ability to disable built-in functionalities such as camera or video recording to avoid data breaches.

When selecting your choice of employee monitoring software in today’s dynamic business environment, keep in mind the importance of mobile device management and compatibility. The best solutions such as Endpoint Protector and KnowIT will offer monitoring and DLP capabilities for both office and mobile devices. As a result, companies can rest easy knowing that their sensitive data is comprehensively secured on or off location.

The Verdict

Endpoint Protector is an employee monitoring software that focuses purely on Data Loss Prevention and Mobile Device Management.

Continuous monitoring and scheduled system scans are the two main ways endpoint protection software identifies data security threats. Through its Content Aware Protection and eDiscovery features, Endpoint Protector is a capable solution for both. Unfortunately, the latter is only available as an on-premise solution, resulting in higher installation and maintenance costs if you would prefer to get all modules.

Endpoint Protector’s ability to secure sensitive data on or off-site is first-rate. While Device Control, Easylock Encryption, and Mobile Device Management components provide effective methods of identifying and remedying data security breaches.

Indeed, Endpoint Protector specializes in what it chooses to do. However, considering industry alternatives, the software lacks key components such as network analysis, screenshots, malicious website and app blocking, as well as webmail and IM tracking, to name a few.

For example, Endpoint Protector software does not prevent infection or data breaches via a phishing attack. More comprehensive cybersecurity platforms such as KnowIT [link] provide provisions for identifying and blocking local phishing attacks and data exfiltration, while also preventing malware from spreading laterally throughout your network.

That being said, Endpoint Protector is a powerful solution designed and dedicated to securing data in all forms. Depending on what type of solution you are looking for, Endpoint Protector may be the right choice for you. Be sure to check all options, as the best Employee Monitoring Solutions will offer a balanced approach to gauging productivity and ensuring data loss prevention.