We were approached by a customer with concerns around the use of flash drives in their company, both in terms of the introduction of malware and exfiltration of data.
After discussion with managers, staff and security personnel, we designed a solution that encompassed a mix of technology, company policys and some re-training.
The result was a stand-alone “sheep dip” for all visitors inbound USB drives to be scanned on before they were allowed to be used on any machines in the building.
Additionally, all pre-existing USB drives were wiped and removed from the site.
Finally, an encrypted and remotely managed USB drive platform was introduced, providing USB drives that could only be encrypted on company machines and could be ‘destroyed’ remotely (unfortunately we were unable to locate devices that could be detonated).