VTB 24, one of Russia’s largest retail banks, has invested in endpoint device control security to prevent data leaks and uncontrolled use of locally connected devices from employees’ computers.

 

The company is deploying an endpoint security software from DeviceLock, an international firm with offices in San Ramon, CA, London, Milan, and Ratingen, Germany. DeviceLock’s Microsoft-based technology enables users to control, log, shadow-copy, and audit end-user access to any type of computer’s ports or peripheral devices. This includes detecting the presence of personal mobile devices, blocking the operations of USB and PS/2 hardware keyloggers, and protecting data on removable storage devices through encryption.

 

“With the proliferation of high-capacity removable storage devices available today, there is a much greater threat of information leaks from the bank’s IT system, as well as infiltration by destructive malware elements. DeviceLock is the software product that can most effectively help us to fight such threats. It has been on the market for almost a decade building a rich feature set that has been field proven by other financial service customers around the world,” says Anatoly Bragin, chief of VTB 24’s information security department.

 

Before the implementation of DeviceLock, any unauthorized local connection of external devices to computers was blocked either by physically switching off some of the device interfaces or by disabling them at the BIOS level. The bank’s IT staff realized that this approach was becoming impossible to implement and manage and that the situation would only get worse given VTB 24’s rapid growth plans. The number of computers in the bank’s network was quickly escalating and the network itself was extending its distribution over several more geographic locations. Meanwhile the number of peripheral devices employees were connecting to the network was growing, particularly USB connected devices. There were too many ways employees could connect devices locally to computer endpoints spread across the network, without any controls, creating potential channels for data leakage – from USB flash drives to printers, scanners and Web cameras.

 

“We used a previous version of DeviceLock and found it a highly functional and reliable product. DeviceLock provides flexible control over a computer’s local ports and devices, thus addressing one of our most significant information security problems,” Bragin says.

 

DeviceLock features a comprehensive central management natively integrated with Microsoft Active Directory and Windows NT/200/XP/2003/2008/Vista support. VTB 24’s IT infrastructure is a distributed heterogeneous system that included Microsoft Windows as well as some UNIX and Novell Network operating systems. DeviceLock now protects servers and desktop computers across the entire IT infrastructure, whether at one of VTB 24’s large metropolitan corporate offices, or any of the many branch customer service centers across Russia. 

 

“Installing DeviceLock was simple. The administrators of the IT security department were pleased with the results of the DeviceLock software deployment. The deployment did not impact the bank’s existing information security policy,” Bragin says. “Once deployed, DeviceLock enabled strict enforcement of device-related policy and easy audit of the rules defined in the policy. It has optimized our device management processes.”