How a compliance-driven enterprise strengthened USB visibility across its EMEA operations with Netwrix

Challenges

• Meeting ISO 27001 and Cyber Essentials Plus requirements with limited USB controls
  Convergint needed strict removable media controls to maintain ISO 27001 and Cyber Essentials Plus certification. However, native tools like Microsoft Intune only provided all-or-nothing USB blocking, lacking the granular control required to ensure compliance without disrupting operations.
• Need for broader visibility and management across all USB-connected devices
  While USB storage was a known risk, Convergint had limited visibility into other connected USB devices, including mobile phones and peripherals. This created security blind spots across endpoints.
• Balancing security with frontline needs
  With more than half of its workforce in frontline engineering roles, fully blocking USB access was not an option. The company needed controlled, temporary access that maintained productivity without compromising security.
• Lack of granular device management
  Convergint required device-level control, including serial number whitelisting and the ability to manage different USB types individually capabilities not available with existing tools.
• High administrative overhead
  The IT team sought a streamlined solution that minimized help desk workload and avoided complex workflows for USB unlock requests.

Netwrix Solution

• Granular USB device control with flexible policies
  Netwrix Endpoint Protector enabled Convergint to move beyond all-or-nothing blocking and implement precise, policy-based USB controls across its EMEA operations. Different USB device types could be managed individually, ensuring secure and practical enforcement of removable media policies.
• Device whitelisting by serial number
  The solution allowed Convergint to whitelist approved devices by serial number, ensuring only authorized storage and peripherals could be used while maintaining flexibility for frontline engineers.
• Secure one-time passcodes for temporary access
  With one-time passcodes, help desk teams could quickly grant controlled, temporary USB access to field colleagues without compromising compliance.
• Full visibility across USB devices
  Beyond storage, the solution provided visibility and control over all USB-connected devices, eliminating previous blind spots.
• Streamlined management with low overhead
  A lightweight interface and simplified unlock process reduced help desk workload and supported day-to-day operations efficiently.
• Seamless migration to SaaS
  Convergint smoothly transitioned from on-premises to Azure and ultimately to a SaaS deployment, aligning with its cloud-first strategy.

Key benefits

• Stronger USB security
• Continuous compliance
• Secure frontline access
• Lower IT overhead