Secure key drive polices itself to protect the enterprise
- By John Breeden II
- May 30, 2013
Portable USB storage devices have had a rocky relationship with government. When they first came out, key drives were hailed as the greatest thing since the floppy disk. Then agencies got nervous about a drive having the ability to remove so much storage from a network or introduce a virus. The Defense Department even banned the drives and other removable media for a while. And some agencies even rubber-cemented over their USB ports.
Today they are used fairly often, with strategies in place to keep them under control. Yet key drive security is still a concern. Although enterprise virus and malware scanners can often detect threats coming in from outside sources, key drives sometimes can be overlooked. Not only that, but they could easily become a carrier for a malicious program. Even if malware can't infect one network, it could ride around with the drive and attempt to infect every other one it connects into. Eventually it might get through if the drive is used enough. Or, malware could simply be designed to snoop the data from a portable drive, quietly sending it back to its masters and possibly eluding local protection.
Given those concerns, we wanted to see how a key drive with its own internal protection would perform. Kingston makes a wide variety of key drives with different levels of security. Some of the higher security models are now coming equipped with ClevX DriveSecurity powered by ESET.
We put a Kingston 4G DataTraveler 4000 with the embedded ESET security to the test. On the surface, our DataTraveler looked like any other drive. The 4G model cost $60, plus another $15 for having the ESET software embedded. Kingston sells drives as large as 32G for $319. Both the price of the drive and the protection software are eligible for government and bulk discounts, so agencies looking to equip an entire workforce will pay significantly less than the cost of a single unit. The ESET security is valid for three years, and buyers will receive program and definitions updates for that entire time before the license has to be renewed.
When a protected key drive is first attached to a system, it will install the ClevX DriveSecurity software into a hidden folder on the portable drive. Nothing ever goes onto the host computer. If the security software is ever deleted, which really can't be done accidentally, the launcher will re-install it at the next opportunity. Other than the installation process the first time, users probably won't notice ClevX unless it detects a problem.
The one negative is that the software has a large footprint, taking up 300M of space on a drive. For a big drive that's not too much of a problem. But for a smaller 4G model like the one we tested, that's about 13 percent of the drive space. So the size of the DriveSecurity software should be considered when making a purchase. Users who need all 4G of the space on the drive will need to buy a larger model.
In use, the DriveSecurity software stayed out of the way. We carried out extensive transfer tests both to and from the drive, and we compared those results to the same tests done on a drive of the same size but without the anti-malware security. We found that when using a USB 2.0 interface, the difference in write times for most files was less than three seconds. The difference in read times was almost negligible, about a second for very large files.
The DriveSecurity software looks for malware of all types, not just viruses. It's heuristics-based, so it looks at how programs behave. This could lead to a false positive every now and then. There may be an instance where a users wants a program on the key drive to overwrite the system registry. We think this would be an extremely rare occurrence, but in that instance the user would be warned by the key drive and would have to authorize the process.
The good thing about heuristic scanning is that it's not completely dependent on malware definitions. If a drive does not have the latest profiles, it can still stop programs from taking questionable actions. Even so, the drive updates itself and its definitions every chance it gets. The default is hourly when connected to a network with Internet access. But it's nice to know it can sit on a shelf for a couple years and still protect users from malware the next time it's used.
The DataTraveler we tested had some additional security that is worth mentioning. It could encrypt data up to 256-bit AES using hardware encryption. It was also validated for FIPS 140-2 Level 2, meaning it can prevent and show evidence of any physical tampering with the drive. We also liked the fact that all the heuristic malware scanning and encryption did not require any resources from a host system to operate, and it also does not need to install anything on a host computer. We tested our 4G DataTraveler 4000 on a variety of desktops and notebooks running different types of antivirus and anti-malware scanners, and the programs never interfered with one another. Security on the key drive is its own universe.
There isn't really anything negative to say about a key drive protected by the DriveSecurity software. Even over a USB 2.0 connection, there is not much of a performance hit. Even that could be eliminated if it were made compatible with the new speedy USB 3.0 interface, though finding a free 3.0 port is still pretty rare. And the 300M of space the software takes up probably isn't that big of a deal, especially with the larger drives. One thing to note is that the DriveSecurity software only works properly with Windows software and file types, so users won't get the full protection if they try to use it with Mac or Linux computers.
Agencies spend a lot of time and money trying to lock down their enterprises, as they should. But thinking a little outside the box and protecting a fleet of key drives makes a lot of sense, too. Not only will networks be protected when the drives are accessed locally, but the data itself will be safer in transit or when connected to outside or public networks. A DataTraveler 4000 equipped with ClevX DriveSecurity can go a long way to making the world a bit safer.
John Breeden II is a freelance technology writer for GCN.