Data loss prevention software uses USB blocking to prevent data breaches via data exfiltration through USBs and removable storage devices. Control over peripheral devices like USBs includes whitelisting and blacklisting, authorizing read-only access, and enforcing predefined policy rules.
If you are looking for a USB blocking software solution that:
- Can support enterprise-scale organizations. Check out our analysis of USB blocking software products
- It is free, see below.
Top products compared
Comparative table on limitations & OS compatibility
| Product | License | Compatibility | Limitations of free edition |
|---|---|---|---|
| USBGuard | open source | Linux | n/a |
| USBSecure by Lugrain | proprietary | Windows | full functionality with limited PCs (5) & users (10) |
| USB Block by NewSoftwaresNet | proprietary | Windows | full functionality with limited trials (25) |
| Windows USB Blocker by SecurityXploded | proprietary | Windows | n/a |
| Pen Drive Locker /Unlocker by installWhat | proprietary | Windows | n/a |
| USB Lockit | proprietary | Android&Windows | n/a |
| USB Lock RP by Advanced Systems International | proprietary | Windows | full functionality with limited PCs (5) |
Notes
- Open-source products are available on GitHub.1
- Proprietary products are available on the provider’s website.
- The software products are arbitrarily sorted.
Comparative table on differentiating features
| Product | Device white/blacklisting | Read-only mode | Policy enforcement |
|---|---|---|---|
| USBGuard | ✅ | ❌ | ✅ |
| USBSecure by Lugrain | ✅ | ❌ | ✅ |
| USB Block by NewSoftwaresNet | ✅ | ❌ | ❌ |
| Windows USB Blocker by SecurityXploded | ❌ | ❌ | ❌ |
| Pen Drive Locker /Unlocker by installWhat | ✅ | ✅ | ❌ |
| USB Lockit | ❌ | ❌ | ❌ |
| USB Lock RP (demo mode) by Advanced Systems International | ✅ | ✅ | ✅ |
Differentiating features
For more on USB blocking key features
- Multi-OS compatibility: Integration with established operating systems, including Windows, macOS, and Linux.
- Device white/blacklisting: Allowing and denying access to specific devices of choice or as defined in the policy.
- Read-only mode: Allows data to be read only on USB devices.
- Policy enforcement: Configuring devices by user access and device-based rules defined in the policy.
Products & features
1. USBGuard on GitHub
- USB white/blacklisting based on policy enforcement based on daemon computing, meaning the program runs in the background without needing an active controller.
- GUI interface is available.
- A C++ programming language-based API is available.
2. USBSecure by Lugrain
- Applicable on Bluetooth devices, Thunderbolt drives, FireWire ports, eSATA devices, SD cards, floppy disks, and CD/DVDs, based on configured rules.
3. USB Block by NewSoftwaresNet
- Applicable on external drives, SDs, MMCs, memory sticks, CDs, DVDs, HDs, Blu-ray discs, network drives, and network computers, based on configured rules.
4. Windows USB Blocker by SecurityXploded
- Blocking and unblocking USB devices except USBs used for wireless keyboards and mouse.
5. Pen Drive Locker/Unlocker by installWhat
- Users can lock and unlock pen drives (USB flash drives).
- If additional software is required to control USB ports.
6. USB Lockit
- Locking and unlocking USB devices on other devices through password authentication on the application interface.
- It encrypts data on the USB with AES 256-bit.
7. USB Lock RP by Advanced Systems International
- USB white/blacklisting based on policy enforcement.
- Alerting and notifications are enabled when a USB device is detected.
- Read-only mode for configured USB devices.
- A notification log is available.
- File transfer encryption and monitoring are supported.
USB blocking and data loss prevention (DLP)
Data loss caused by unauthorized access to network devices or physical losses is forcefully prevented by data loss prevention (DLP) software that utilizes backup data, encryption of data and endpoints, user authentication, and device control policy enforcement.
Device control ensures that removable storage devices such as USB drives, SD cards, and other removable media are used in accordance with the access rules defined in security policies.
Incidents centered around USB devices
Incidents that take endpoints as subjects are caused by security vulnerabilities resulting from weak encryption, weak authentication, an unsecured connection to the network, and a lack of security programs such as antivirus, firewall, network monitoring, and endpoint security.
Figure 1. Categories of incidents that involve USB devices
Source: ManageEngine Blog
Historical examples of USB attack-led data breaches
Here are two historical examples that center around data exfiltration orchestrated by USB sticks:
1. Stuxnet Worm attack (2010)
The Stuxnet worm, discovered in 2010, was designed to target industrial control systems, particularly those used in Iran’s nuclear program. It spread via USB drives, exploiting vulnerabilities in Windows systems to infiltrate and sabotage uranium enrichment centrifuges.2
2. Edward Snowden leaks (2013)
In 2013, former NSA contractor Edward Snowden leaked classified documents revealing the extent of global surveillance programs conducted by the United States and its allies. Snowden used a USB drive to download and exfiltrate sensitive information from NSA systems. 3
Figure 2. List of malware that exploits USBs and exfiltrates sensitive data
Source: MITRE ATT&CK
Further reading
- Top 5 Alternatives for Digital Guardian Endpoint DLP
- Top 5 Endpoint Management Software: 12 K+ Reviews
External resources
- 1. USBGuard · GitHub.
- 2. The Real Story of Stuxnet - IEEE Spectrum. IEEE Spectrum
- 3. How Snowden did it. NBC News
Comments
Your email address will not be published. All fields are required.