Safend Auditor – Review

By | September 11, 2006

Safend Auditor is a clientless Windows-based software utility that illuminates enterprise endpoint blind spots – providing enterprises with the visibility they need to identify and manage properly endpoints vulnerabilities.

Safend AuditorManaging effectively enterprise endpoints is a crucial step for preventing data theft and keeping malicious code off the network. However, the presence of new connectivity options in desktops and laptops – Wireless, Bluetooth, USB etc. – can create hassle-free connections between desktops and devices, making it much harder for IT staff to track which devices are connected to the network.

Safend Auditor provides an intuitive way for IT staff to differentiate between secure portable devices, such as authentication tokens, and potential security threats such as iPods and other portable mass-storage devices. In addition, IT staff can track which Wireless networks employees are connecting to – secure and encrypted or public and open.

The Setup

The installation process is simple and does not require additional configuration. Our test setup is a domain with three endpoints running Windows XP2 and Windows 20003 Server.

With no endpoint client installation required, once installed, you can start auditing enterprise endpoints. The advantage of being clientless allows you to install Safend Auditor on any computer in the network, preferably with access to the entire domain, and start enumerating devices attached to network endpoints.

When started, Safend Auditor transparently and rapidly queries all organizational network endpoints, locating and documenting all devices that are or have been locally connected. Safend Auditor checks all USB, PCMCIA, Firewire, and WiFi ports – granularly identifying endpoint devices connected for each user, both currently and historically.

Safend Auditor has three scanning options: Organizational Unit – a domain or a workgroup; Computer Name(s) – scan a single or a number of computers; and IP Range, which just as its name implies, allows you to scan a range of IP addresses. In our test, we used the third option to scan the computers in our domain.

The default configuration is set to enumerate all currently and previously connected devices. In order to meet your network environment needs, you can use the Audit Filters option to select a limited type of devices you want to detect. Safend Auditor supports a vast range of portable devices: mobile phones, wireless cards, removable storage, Blackberry devices, imaging devices (such as digital cameras) and more.

For the test, we used a domain with three computers. Each computer had a portable device attached to it (Digital Camera, USB MP3 Player, PocketPC PDA). Once installed and configured, we did several scans, each time changing the devices. It took Safend Auditor to finish the scan and generate a report approximately within half a minute. During the test, we did not see effects on the endpoint device, nor did we see interruptions to the end user.

Following each scan, Safend Auditor generates a detailed HTML report. The report identifies devices by type, manufacturer, model, and serial number. By looking at the report, IT managers can map out granular security policies that meet their business needs.

Final Thoughts

We found Safend Auditor to be an essential tool for the network auditing arsenal. This software utility, in combination with policy management tools, provides a great solution for securing enterprise endpoints.

Finally, Safend Auditor has several advantages we found that worth a mention: it’s simple and intuitive – within a click of a mouse you get all the portable devices on your network; provides a comprehensive coverage of almost all common portable devices; and it has no affects on network performance.

Leave a Reply