SafeXs onboard, non-bypassable security processor encrypts all data copied to and from the device - it has UK Government & Public Sector CESG / CCTM Approval , FIPS 140-2 certification, and also features FIPS 197 certified AES 256bit CBC encryption technology.

SafeXs is also available in a FIPS 140-2 edition for those customers who absolutely must have this certification, however original SafeXs / SafeStick is already more secure than the 140-2 standard.

SafeStick (now replaced by the SafeXs) features total, automatic, hardware based encryption of all data on the SafeStick (now replaced by the SafeXs) - and has a major key difference - it can be fully controlled and managed via an optional Central Enterprise Management Console.

Encryption is totally transparent and requires no software installed anywhere.  Simply plug it in, enter your strong password and starting using it.

SafeStick (now replaced by the SafeXs) provides 100% FULL encryption.  All files, folders and sectors are encrypted automatically - nothing is left to chance or user error.

Unless your data is encrypted it is incredibly simple for anyone to view, remove and share ANY of the data that was stored on it.

There have been many high profile cases recently where company employee details, patient details, bank details, customer databases, credit card details and other confidential information has been retrieved in this way and either distributed or used for criminal purposes.

If your company does not lock down removable drive access, and insist on data being stored on an encrypted devices they are running a huge security risk.

This means that you can share individual files, without giving the person your password which would provide full access to the drive.

You must activate, manage and deploy EasyShare for select users via SafeConsole.

Softek one of the Master Distributors for SafeXs has produced some interesting results during testing.  SafeStick has proven to withstand:

• Repeated rolling over by a 2500lb V8 Range Rover.
• A full washing machine cycle at 90%
• 30 seconds of acetylene blow torch
• Repeated hits with a 2lb lump hammer
• 30 seconds of red-hot angle grinder sparks
• A whack with a 10lb sledge hammer!

Videos are available from this website or Youtube.

Current apps include anti-virus, password manager, VPN Client, Skype™, Web Browsers, IM Client, Word Processor, Spreadsheet, Office tools and more.

• SafeXs  (previously SafeStick)
• SafeXs FIPS (previously SafeStick FIPS)

SafeStick Supersonic has been discontinued.  There is no equivalent SafeXs drive.

• Small size
• Custom passwords of any complexity.
• FIPS 140-2 Edition and CESG Government approval
• Minimum password length / requires strong passwords.
• Zero footprint on the PC / Mac / Linux
• Secure PKI password recovery
• Ultra fast, non-bypassable hardware encryption
• Use as an Authentication token (Deepnet MobileID)
  
• Brute force attack protection
• Tampersafe electronics
• Timer / Userlock
• Central management / auditing / deployment with many killer features - backup, publisher etc.
• Built in Malware / virus protection
• Auto-Lockdown and / or reminder if left in computer for a set period
• No Admin rights required
• Custom "Return to Owner" messages in software.
• Works with all Endpoint Security solutions such as DeviceLock and Vigilance Pro to prevent data leakage
• ...and many many more!

SafeConsole is a feature rich web based application that you install in-house, which allows you to manage hundreds of thousands of SafeXs devices wherever they may be in the world.

With SafeConsole you can KILL lost sticks, backup data automatically and reset forgotten user passwords.

SafeConsole provides full Windows Active Directory integration (although AD is NOT required), management, assigning of different policies depending on OU group membership, changing of password policies, remote reset of passwords, auditing, data shadowing, reporting, disabling, wiping of sticks and much, much more.

With SafeConsole you can also Backup your users SafeXs devices remotely, lock down your PC's to only accepting SafeXs via "Lockout" Port Control, Easyshare (share individual files with a temporary PIN), File Publisher across the WAN and Autorun management.

Absolutely not.

Unlike other solutions there are NO backdoor or secondary fixed passwords which allow access to SafeStick.

Password recovery is certificate based and one-time-use passwords are generated as long as procedures are followed.    Password recovery can ONLY happen one time, on one stick that is was generated for.  Codes are NOT replayable / reusable.

You can also configure this policy via SafeConsole.

With a MobileID factory installed on a SafeXs (users cant change or delete it!) SafeXs becomes a full authentication token which can be used to authenticate users against Windows Logon, Outlook Web Access, VPN, Websites, Citrix and more.

By providing your users with a SafeXs MobileID token, you can require users to enter their username, password, PLUS a one-time password which can only be generated by their own MobileID token.

You can also secure Windows logon by requiring a user has their SafeXs inserted, and the correct password entered before they can logon to Windows / your network!

A Deepnet Authentication Server installation (which manages the back-end tokens, secured applications and users) is required before you can deploy and use SafeXs MobileID. Deepnet authentication is quick, easy to setup and very cost effective to deploy.  Information on Deepnet MobileID can be found here.

SafeConsole is required to deploy and manage MobileID.

If the password is forgotten then there are two options.

• The stick can be reset, which permanently wipes all the data
• Using the optional Enterprise Management Software (SafeConsole) a company IT Department can use challenge / response to remotely reset the password as required and as pocily dictates.

Please note that you cannot retrospectively recover lost user passwords with SafeConsole.  Therefore it is critical to decide if you wish to be able to recover lost user passwords.  If it is, then you must deploy SafeConsole.

Official documentation can be found on the NIST website.

Also several other "high profile" units have also been cracked.  for example the McAfee MXI stick has been cracked, as has the Secustick.

Many other vendors "secure" drives have been hacked - included Sandisk's, Verbatims and other "most secure" FIPS offerings! Read more.

November 2010: SanDisk terminated Cruzer Enterprise (the entire Cruzer Enterprise secure USB product family), and will no longer be offering any products.

SafeConsole LITE features;

• Password Reset - if users forget their password they can be reset via challenge & response procedures
• Device State Management - remotely ‘kill’ rogue drives and erase all data. An administrator can set the device state to '‘killed’, ‘disabled’ and ‘lost’.
• Password Policy - configure multiple complex password policies within SafeConsole and assign them to different groups within the organisation.
• Auditing, Logging & Device Inventory. Find out who owns what drive, when they used it, where, and what files were accessed.

*Excl. NHS contract customers.

Remote Password Reset

Reset lost user passwords via challenge / response manual procedure, or self-service via zonebuilder.

**NOTE** Password reset is a totally secure, certificate based one time password recovery mechanism - it is NOT a backdoor or replayable. There are no backdoor passwords in SafeXs or SafeXs.

Application Publisher & Content Delivery

Your work force will always have the latest price-lists, updated PowerPoint templates and the latest version of a customer presentation. When you need to send top-secret documents to a supplier, you can send them an empty stick and then distribute the content when you know the device is in the right hands. All files in transit are compressed to improve installation and transfer times, which also minimises bandwidth usage.

The continuous incremental backup is a transparent procedure that does not affect the users’ everyday routines or work. The recreate procedure involves no end-user actions other than plugging a SafeXs drive into their machine. The versioning of the backup information makes it possible to retrieve a file that was accidentally erased or overwritten.

File Audit Trail is an extension of the Device Audit. It allows an administrator to see what files have been copied to or deleted from the devices, as well as a trail of the files that have had their names changed.

Combining this new feature with Publisher and Authorized Autorun makes it an extremely powerfull tool. An administrator may now publish data to drives knowing that users will not be able to modify the content of the drive once the drive has left the organization. This is ideal for sensitive information that needs to stay intact after having been sent to the target audience. The admin can also set a file to auto-open when the user logs in - that way important new content on the drive will never be missed.

There is also the option to set a limited life-span for the password based on the number of unlocks or days passed since the last password change. Faulty unlock attempts are alerted to the user to make sure that social engineered hacks will not succeed.

If a user forgets an unlocked drive in a computer, the drive will automatically lock down in accordance with the set policy.

The inactivity lock gracefully handles file operations in progress and avoids interruptions to everyday work.

To still be able to have authorised applications autorun off the devices, you can specify trusted commands in SafeConsole.

Web Log-in enables the administrator to connect a SafeConsoleReady device with a user’s web-based email account (or any other web log-in) and give direct access to the account through a shortcut displayed in the “Shortcuts” window.

With this setup, the user never needs to remember the (sometimes-)complicated URL or more than one password to get to the log-in.