GFI Software creates packages for small and middle-sized enterprises that probably don’t have an IT department and might not have any computer experts on their payroll. This market demands systems that are easy to install and don’t need much maintenance. In many cases, the business owner might be performing the duties of the IT manager, or the business might rely on the services of a freelance consultant or engineer. In either case, the company probably doesn’t want to spend too much time or money on software systems.
GFI EndPointSecurity provides a data leak prevention (DLP) service that focuses on protecting files containing sensitive data and patrolling the system’s points where data can be transferred out.
Data theft strategies
There are two ways to steal data from a company: electronically and physically. Big corporations are primarily under threat from remote hackers in places such as Russia and North Korea. While insider threats – the term for data theft or employee sabotage – is an issue to be aware of, the most significant source of threats to a large business comes over the internet.
Small businesses need to be aware of the dangers of malware and install appropriate protection. However, in the realm of data theft, they are more susceptible to physical strategies. Kim Jong-Un of North Korea is not interested in your local bakery; however, the bakery down the street might. The idea that international hackers are going to jimmy open a window at the back of your strip mall law practice, get in, and transfer data off your PC onto a USB stick is not very realistic. However, the ex-partner of one of your divorce clients might.
The relatively small amounts of data that your business has means that your biggest threats come from rival companies of similar size or individuals who bear a grudge against you. Small amounts of data can more reasonably be carried away. It is unimaginable that someone would ever try to print off the entire client list of American Airlines and walk out with it. Still, the secretary of a landscaping firm might if enticed by higher wages at a rival business. Thus, the threat of a physical data theft strategy is much higher for small companies than large organizations.
Features
GFI EndPointSecurity offers two strategies for data theft protection. The first relates to the devices that connect to the network, either directly or as a peripheral to a connected computer. The second protection service assesses data stores and identifies sensitive data.
Hardware protection
The hardware assessment module includes a risk analysis of each device. This extends to BYOD devices and peripherals, such as USB memory sticks. The service can be set to block new devices connecting to the network automatically. Alternatively, a device can be permitted. On enrollment onto the system, the device gets a GFI EndPointSecurity agent downloaded onto it. This includes that device in security monitoring and enables the systems administrator to control the peripherals connecting to it.
The service enables the system manager to block all peripheral devices unless expressly permitted. Furthermore, the granting of permission can be time-limited. Thus, this simple step rules out the possibility of an employee or a physical intruder into the office copying data onto a memory stick without the business owner’s knowledge.
Newly connected devices can have added activity logging applied to them, which tells the system manager what files are being transferred.
Data controls
The data movement can be controlled according to its contents defined in the sensitive data discovery service. The issue of data discovery is different for small businesses when compared to the activities of large organizations. Large companies have many endpoints, and each can be running many software packages and services. Each software system will create its preferred storage directory locally and possibly also in a central store.
System managers in large businesses might not realize that even if they set up applications to store data centrally, there may also be local copies, such as the shadow copies of documents created as restore points by productivity packages, such as Microsoft Word.
The file location issue is less critical for small businesses with only a few devices to check. Thus, the search routines in GFI EndpointSecurity don’t need to be as complicated as those built for extensive operations. The data protection system in the GFI package just searches through all folders on a computer, looking for data files and scanning through their contents. The searcher uses a library of regular expressions that look for data formats commonly used for sensitive data, such as Social Security Numbers or payment card numbers.
Once sensitive data has been identified, different activity tracking processes can be activated to monitor the use of those files. There is also the option to control the size of files that can be moved.
One shortfall of the GFI system is that it doesn’t impose file integrity monitoring (FIM). A typical FIM will encrypt files and only allow access to specific users with specially flagged credentials. This means that only permitted user accounts will get those files automatically decrypted when they open them. Any other person that tries to open the file will not get it decrypted.
There is one area of the system where it is possible to impose encryption. That is in the use of a USB drive. As well as allowing a specific memory stick to connect to a computer on the network, the service can be set up to implement encryption for all data transferred onto that stick. This is a helpful feature for valid copies so that loss of the USB drive won’t result in data disclosure.
System requirements
GFI EndPointSecurity is implemented in two types of installation – a central server and endpoint agents for each protected computer. The system requirements for each module are shown here below.
GFI EndPointSecurity server
Hardware
- Processor: 2GHz processor clock speed
- RAM: 512 MB (minimum); 1 GB (recommended)
- Hard Disk: 100 MB of available space
Operating System (x64 or x86)
- Microsoft Windows XP Professional
- Microsoft Windows Vista (Enterprise, Business or Ultimate edition)
- Microsoft Windows 7
- Microsoft Windows 8 Professional (x86)
- Microsoft Windows 8 Enterprise (x64)
- Microsoft Windows 10 (Pro and Enterprise) (x86 and x64)
- Microsoft Windows Server 2003
- Microsoft Small Business Server 2003
- Microsoft Windows Server 2008 (Standard or Enterprise edition)(SR1 – SR2)
- Microsoft Windows Server 2008 R2
- Microsoft Small Business Server 2008
- Microsoft Windows Server 2012 (Standard or Enterprise edition)
- Microsoft Small Business Server 2011
Services
- Internet Explorer 5.5 or later
- NET Framework version 4.0
- SQL Server (Full and Express versions) 2000, 2005, 2008, 2008 R2, 2012
GFI EndPointSecurity server
Hardware
- Processor: 1GHz processor clock speed
- RAM: 256 MB (minimum); 512 MB (recommended)
- Hard Disk: 50 MB of available space
Operating System (x64 or x86)
- Microsoft Windows Server 2008 R2 x64 (Standard or Enterprise edition)
- Microsoft Windows Server 2008 (Standard or Enterprise edition)
- Microsoft Windows Server 2003 (Standard, Enterprise or Web edition)
- Microsoft Windows 10 (Pro and Enterprise) 1709 and older only
- Microsoft Windows 8 Professional (x86)
- Microsoft Windows 8 Enterprise (x64)
- Microsoft Windows 7 (Enterprise, Professional or Ultimate editions)
- Microsoft Windows Vista (Enterprise, Business or Ultimate editions)
- Microsoft Windows XP (Professional edition)
- Microsoft Small Business Server 2008 (Standard or Enterprise editions)
- Microsoft Small Business Server 2003
- Microsoft Windows 2012 Server (Standard or Enterprise edition)
- Microsoft Small Business Server 2011
Deployment and Price
GFI EndPointSecurity is at the end of its service life, and GFI no longer sells the product individually. However, it does sell the system as part of a package of its products. This bundle is called GFI Unlimited. It includes:
- GFI MailEssentials – Anti-spam and email security applied to mail servers
- GFI Archiver – An archive manager for emails, calendar entries, files, and folders
- GFI FaxMaker – A secure fax solution
- GFI HelpDesk – An IT support management solution
- Kerio Connect – A security service for email and messaging systems
- Kerio Control – A firewall and unified threat management system
- GFI EndPointSecurity – A data protection service
- GFI EventsManager – An event log collector and analyzer
- Kerio Operator – A VoIP network creator and manager
GFI EventsManager and Kerio Operator are also at the end of their service lives and are no longer sold individually.
The price for this package is levied per unit per year, and the exact amount depends on the number of endpoints covered by the license. That price per device is:
- 10 – 59 units: $39.90
- 50 – 249 units: $37.90
- 250 + units: $35.90
It is possible to get a 30-day free trial of GFI EndPointSecurity. There are also free trials available for the other products contained in the GFI Unlimited bundle.
Strengths and weaknesses
GFI EndPointSecurity protects small businesses from data theft. However, it is not a fully comprehensive data loss prevention system. GFI created this package as a low-cost solution for small businesses that don’t need all of the features of a fully-blown DLP. Without cheaper solutions like this, hard-pressed small companies with tight budgets would either end up overpaying for an extensive system that provided more services than they actually need or just skip data theft protection entirely.
Here are the good points and bad points that we have discovered about GFI EndPointSecurity.
Pros:
- A distributed system with a central controller and agents for each endpoint
- The option to block all new devices from connecting to the network
- The ability to intercept all peripheral devices from connecting to endpoints
- A data scanner that identifies instances of sensitive data
- The option to encrypt data on USB memory sticks
Cons:
- Only available for Windows and Windows Server
- Going out of circulation and only currently available as part of a bundle
Alternatives to GFI EndPointSecurity
GFI EndPointSecurity has an appeal to a specific market sector – small businesses. This is because there aren’t many data loss prevention systems that compete in that sector. However, as GFI EndPointSecurity is no longer available, you must look for an alternative DLP solution.
Our methodology for selecting a GFI EndPointSecurity alternative
We reviewed the market for data loss prevention systems and analyzed the options based on the following criteria:
- An automated scanner to locate and log sensitive data
- File activity tracking
- File encryption and data store protection
- Controls over peripheral devices
- Controls over data transfer methods
- A free trial or a demo system for a no-cost assessment period
- Value for money in a product that provides complete data protection
With this set of criteria in mind, we have identified some data loss prevention options that will protect your business from data leaks.
Here is our list of the best alternatives to GFI EndPointSecurity:
- ManageEngine Device Control Plus (FREE TRIAL) This software package is a good alternative for the peripheral controls in GFI. The centralized controller reaches across the network to each endpoint and implements port management. It will only allow trusted devices to connect to the endpoint and the activities of the device can only be utilized by authorized users. The controls block or allow the movement of files from the peripheral onto the endpoint and also from the endpoint onto the device. Device Control Plus installs on Windows Server and there is a Free edition to manage up to 25 endpoints. The paid version, called the Professional edition is available for a 30-day free trial.
- CrowdStrike Falcon Prevent This is a next-generation anti-virus that installs on each endpoint – it will run on Windows, Linux, and macOS. The package performs user and entity behavior analytics (UEBA) in anomaly detection for threat detection that spots intrusion as well as malware. A higher plan, called Falcon Insight coordinates between installations of Falcon Prevent.
- Endpoint Protector A DLP system to protect PII, credit card data, PHI, and IP. This package includes file activity tracking and data movement control. There are endpoint agents on Windows, macOS, and Linux while the server is offered as a SaaS platform, as a service on AWS, GCP, or Azure, or as a virtual appliance on site.
- Digital Guardian DLP A SaaS platform with endpoint agents on Windows, macOS, and Linux. This package includes data discovery and classification service for PII and intellectual property and controls peripheral devices, printers, faxes, file transfer systems, messaging services, and emails. There is a demo account available.
- Teramind DLP A SaaS package that operates across sites and cloud platforms. Features include OCR scanning on digital documents and images, user behavior tracking to detect insider threats and account takeover, plus controls on data exfiltration points.
- Rapid7 InsightIDR A cloud-based SIEM with endpoint agents that includes user and entity behavior analytics (UEBA), sensitive data discovery, file integrity monitoring, and a vulnerability scanner.
