Safetica manages and controls data security at the endpoint through its client-server architecture and three major components: Endpoint Client, Management Server, and the Safetica Management Console. Safetica controls all application inputs and outputs via a rules-based sandbox mechanism. This makes Safetica effectively application-agnostic and enables it to monitor and encapsulate the data flow from an open set of apps. Consequently, Safetica is independent of specific services, IP range or individually defined sets of protocols. Safetica DLP policies use defined "Safe Zones." Similar to whitelisting, the customer just selects locations and devices where data can reside and the system takes care of the rest. "Safe Zones" operate on all levels where data can be recorded, manipulated or taken out of the machine/network, including printers.
Safetica maintains a high level of focus on tamper resistance. The tools also include file and disk encryption; data shredding; password management; Safetica Endpoint Client (SEC), which controls both network and traffic originating from an individual computer; the Safetica Client Service and the Endpoint Security Tools. The Client Service monitors endpoint activity and communicates with the database and the Safetica Management Service. The Safetica Management Console Security policies are defined centrally and management reports made at the Management Console. Administrators can log into the Management Console from any computer within the network for oversight on individual client end-stations (Safetica Endpoint Client), server services (Safetica Management Service) and databases. Safetica Management Server Service runs as a service on a server with three SQL databases (for settings, records and for categories.
Documentation included several manuals along with a set of web-based materials. The installation hardware requirements are a comprehensive list of options based on various installation scenarios. Safetica operates with basic, off-the-shelf PCs and servers. Endpoints use at a minimum Windows XP, Vista, Win 7 (32 and 64-bit) and later. Safetica Management Service (server component) needs a 6 GHz dual-core processor (32-bit or 64-bit), 2 GB of RAM, 2 GB free disk space, MS SQL 2008 or higher. SQL server component for standard installation needs a 1 GHz processor, 4G RAM, 200 GB of free disk space. Standard installation supports synchronization with Microsoft Active Directory and MS SQL database for data storage (not included in the setup). The server component can service 200-plus Safetica Endpoint Clients.
Overall, Safetica performance was good. The dashboard was a responsive and intuitive mix of text and graphics. The management console provided a consolidation of essential information. In addition, some of the most notable features included attention to printers as an endpoint, identification of screen capture events and the attention paid to preventing data loss through non-conventional paths.
Safetica offers a basic, no-cost eight-hours-a-day/five-days-a-week email support service for the duration of the subscription period. Support levels can also be customized with an individual agreement between the customer and the system integrator/reseller that installs Safetica. Other support services include a library with how-to videos, manuals and quick guides. The videos provide installation instructions, instructions on how to monitor user applications, use of the Management Console, file management and much more. The manuals and quick guides provide easy-to-understand instructions and education. Overall, the value for money spent is good.