We have a client who's requiring that we implement dataloss prevention on workstations that are accessing their project's data. If Alice attaches removable media (USB, FireWire, CD, DVD) to her computer, we need an audit report that she copied files X, Y, Z to/from media. We have a 100% Mac user base.
I've looked at endpoint protector products from CoSoSys and Sophos, but neither supports removable media control on the Mac. I'm looking at McAfee right now, but their product literature is making my head spin.
Can anybody recommend a product to do this? Or are we looking at building something from scratch?
Thanks in advance...
Hmm.. Are you sure CoSoSys doesn't support removable media control on the Mac? It completely seems like they do: http://www.cososys.com/software/device_management_for_Mac_OS_X.html:
Device Management for Mac OS X
What is it missing from your requirements?
I'm Anca from Endpoint Protector Community. I think that we have what you are looking for. It is a new product called Endpoint Protector Appliance, which has the Audit Trail feature available for MAC together with File Tracing and File Shadowing. You can check our product here: http://www.endpointprotector.com/en/index.php/products/endpoint_protector_appliance If you have any questions or you need more information, please let me know.
If you find a working solution there is still another problem I am not sure you can avoid on a Mac: There is always the possibility to mount the physical disk to another computer read-only and copy the data this way, thus leaving no trails at all. You can easily prevent the easiest way of doing this with locking target mode in EFI, but beyond that you will need at least a seal to detect something has been tampered with. The only protection from this would be an encryption that is tied to the hardware (AFAIK you can get that for some PCs) or would work in conjunction with your monitoring software.