PatchLink says functionality will be added to an upcoming release that will make scripts part of the file-scanning process, which should provide greater granularity over script execution. PatchLink also needs to work on Sanctuary's group policy settings: As the product currently stands, it can get very confusing to tailor policies for multiple groups.
PLUGGING PORTS
The other half of the equation is preventing data leakage. IT can enable or disable hardware devices on the client via Sanctuary's Device Explorer, which bears an uncanny resemblance to Windows device manager. We could set any device as "disabled," "enabled for read-only," or "enabled for read-write." In testing we successfully made a DVD-RW drive on a test laptop read-only for an AD user group and disabled the wireless LAN, Bluetooth, and infrared ports. Each device has both online and offline permissions, so you can create rules that allow full use of the DVD-RW when the client can communicate with the server and disable the device when it can't.
For any removable storage medium (CD-RW media, USB thumb drives, external hard disks, tapes) IT can set copy limits, enable a scheduled window for when copying is permitted, and turn on shadowing. Shadowing logs any files being copied to or from remote devices, and includes an option to place a copy of the file being transferred in a restricted folder. Each of these options can be enabled universally or for files of a specific type, such as DOC, PDF, or XLS.
Sanctuary closes one more loophole with the capability to encrypt removable devices so that data on them is accessible only from other workstations running the Sanctuary client. Alternately, the "Easy Exchange" feature allows a user who knows the password to access the encrypted device from any computer.
Two important pieces of the encryption puzzle missing from the 4.1.3 version--but promised in an upcoming release--are password recovery, to let the Sanctuary administrator recover data from a removable device when passwords are forgotten or locked, and password lockout, to deactivate a device after a number of failed password attempts. Now, you will have to poke a hole in your firewalls, and this hole must stay open for Sanctuary clients to communicate with the application server. However, the client-server communication may be encrypted with Transport Layer Security.
Bottom line, when coupled with sound patching and hardening of the host operating system, Sanctuary provides almost complete endpoint security.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
