With experts noting a troubling threefold surge in USB drive malware incidents in early 2023, Device Control has just leveled up with a key addition: the Advanced Auto Scanning & Block Until Scan feature.
Here’s the breakdown: When a USB device is connected, ThreatDown now doesn’t just control access—it actively scans it. You can also now choose to block the device until the system scans it. This means threats are stopped in their tracks, well before they can do any harm.
Available for both Nebula and OneView users, the new update also offers detailed device insights on the Quarantine and Detections pages. The interactive “Device” column, for example, reveals comprehensive details like the serial number and volume name.
Advanced Device Control is designed to make it that much easier for organizations to defend against USB malware, which can cause data breaches and other system compromises. Let’s dive deeper into the update!
Automated Scanning
When a USB device is inserted, the new feature automatically initiates a scan for potential threats. This is proactive, as opposed to the more passive nature of traditional device control, which simply controlled access when storage drives were connected via USB.
Conditional Access Based on Scan Results
Perhaps the most significant addition is the ability to block access to the device until it has been scanned for threats. This ensures that no potentially harmful files are accessed before they are verified as safe, a capability not present in the original Device Control setting.
Customizable Alerts
Users can craft an optional alert message that appears when a USB device is blocked pending a scan. This can help in communicating security protocols to users who might not be aware of why their device access is restricted.
Quarantine and Detections Pages Update
Nebula’s Quarantine and Detections pages have been upgraded for improved management of USB-originated threats:
- “Device” Column: A new clickable column has been added, listing devices associated with threats.
- Device Details Slideout: Clicking on a device link provides immediate access to details like serial number and volume name.
These updates streamline the threat analysis process, integrating crucial information directly into your workflow.
Additional features
Restoration & Exclusion Enhancements
Quickly restore false positives from quarantine when the device is reconnected and set exclusions to prevent future unnecessary blocks.
Detailed Threat Information
The Endpoint details slide-out has been enhanced. Under the Detections and Quarantine tabs, users can now access comprehensive data on any USB threats discovered.
Action Taken
A new “Action taken” column clearly shows the device scan history and status updates.
Try Advanced Device Control today
Advanced Device Control marks a leap in helping organizations stay ahead of USB malware, featuring proactive scanning, conditional access, and improved visibility to proactively thwart potential breaches.
Try Advanced Device Control in Nebula and OneView today!
Not a Nebula or OneView user? Get a free demo.
