Endpoint device USB Lockdown

Coro can lock USB device drives using a device policy. The USB Lockdown device policy governs the blocking of USB devices. Use the USB Lockdown device policy to:

  • Block portable devices : USB connected mobile device.
  • Block mass storage devices : USB flash drive or USB external hard drive.
Important

Coro does not trigger Endpoint Security tickets for this policy type as it directly enforces functionality on affected devices.

note

The USB Lockdown device policy supports both Windows and macOS devices. Block portable devices and Block mass storage devices are supported on Windows devices. Block mass storage devices is supported on macOS devices.

Locking USB drives on a device enhances security and data protection, offering several key benefits:

  • Reduced attack surface : Limiting USB usage reduces the attack surface, simplifying the security landscape and allowing organizations to focus on other critical areas of defense against malware.
  • Malware prevention : Safeguard against malware spread via infected USB drives, lowering the risk of infecting your device or network. Malware can infect a device via:
    • Malware distribution : Malicious software can easily spread via infected USB drives when plugged into a device. Blocking USB devices reduces the chances of malware being introduced through these means, protecting the network from potential infections.
    • Automated malware execution : Some malware is designed to execute automatically when a USB drive is inserted into a device. By blocking USBs, this automatic execution is prevented, giving security teams more time to analyze and respond to potential threats.
    • Zero-day exploits : USB-related vulnerabilities, known as zero-day exploits, can be targeted by malware. Blocking USB devices can mitigate the risk associated with such vulnerabilities, reducing the potential for malware attacks.
    • Insider threat mitigation : Blocking USB devices helps mitigate insider threats where employees with malicious intent attempt to introduce malware via portable storage devices. This proactive measure reduces the risk of internal attacks.

Creating a new USB Lockdown policy

To create a new USB Lockdown policy:

  1. From the Device Posture tab, select + ADD :

    Add new device posture policy

  2. Select Add to Windows or Add to macOS .

    Coro displays the Add new device policy dialog.

  3. Select USB Lockdown from the Select policy type dropdown:

    New USB Lockdown policy dialog

  4. Configure the Action :
    • Block portable devices
    • Block mass storage devices
    note

    Block portable devices and Block mass storage devices are supported on Windows devices. Block mass storage devices is supported on macOS devices.

  5. Enter label names (predefined or custom) to the Labels field listed under Apply policy to devices with these labels to apply the new policy to specific groups of devices.

    Apply device policy labels

  6. Select SAVE .

    Coro creates the policy with the configured settings.

Select the dropdown next to USB Lockdown on the Device Posture tab to view the policy. See Device posture configuration overview.

Coro displays the following policy details:

  • Device labels applicable to the policy.
  • The action(s) applicable to the policy, for example, Block portable devices .

    View USB Lockdown policy