DeviceLock® Endpoint DLP Suite provides both contextual and content-based control for maximum leakage prevention at minimum upfront and ownership cost. Its multi-layered inspection and interception engine provides fine-grained control over a full range of data leakage pathways at the context level. For further confidence that no sensitive data is escaping, content analysis and filtering can be applied to select endpoint data exchanges with removable media and PnP devices, as well as with the network. With DeviceLock®, security administrators can precisely match user rights to job function with regard to transferring, receiving and storing data on corporate computers. The resulting secure computing environment allows all legitimate user actions to proceed unimpeded while blocking any accidental or deliberate attempts to perform operations outside of preset bounds.
DeviceLock® Endpoint DLP Suite is comprised of a modular set of complementary functional components that can be licensed separately or in any combination that suits current security requirements.
The DeviceLock® component includes an entire set of context controls together with event logging and data shadowing for all local data channels on protected computers including peripheral devices and ports, clipboard, connected smartphones/PDA’s, and document printing. DeviceLock® also provides the core platform for all other functional modules of the product suite and includes its central management and administration components.
The NetworkLock™ component performs all context control functions over endpoint network communications including port-independent protocol/application detection and selective control, message and session reconstruction with file, data, and parameter extraction, as well as event logging and data shadowing.
The ContentLock™ component implements content monitoring and filtering of files transferred to and from removable media and Plug-n-Play devices, as well as of various data objects of network communications reconstructed and passed to it by NetworkLock™ – like emails, instant messages, web forms, files, social media exchanges, and telnet sessions.
DeviceLock® Search Server (DLSS) is another separately licensed component. It performs full-text search in the central shadowing and event log database. DLSS is aimed at making the labor-intensive processes of information security compliance auditing, incident investigations, and forensic analysis more precise, convenient and time-efficient.
For enterprises standardized on software and hardware-based encryption solutions, DeviceLock® allows administrators to centrally define and remotely control the encryption policies their employees must follow when using removable devices for storing and retrieving corporate data. For example, certain employees or their groups can be allowed to write to and read from only specifically encrypted USB flash drives, while other users of the corporate network can be permitted to "read only" from non-encrypted removable storage devices but not write to them.
DeviceLock® provides a level of precision control over devices and network resources unavailable via Windows Group Policy - and it does so with an interface that is seamlessly integrated into the Windows Group Policy Editor. As such, it’s easier to implement and manage across a large number of workstations.
Features:
Control which users or groups can access USB and FireWire ports, WiFi and Bluetooth adapters, PDAs, CD-ROMs, floppy drives, other removable devices
Control access to devices depending on the time of day and day of the week
Authorize only specific USB devices that will not be locked regardless of any other settings
Grant users temporary access to USB devices when there is no network connection (you provide users with the special access codes over the phone that temporarily unlock access to requested devices)
Uniquely identify a specific DVD/CD-ROM disk by the data signature and authorize access to it, even when DeviceLock has otherwise blocked the DVD/CD-ROM drive
Protect against users with local administrator privileges so they can't disable DeviceLock Service or remove it from their computers, if they are not in this list of DeviceLock administrators
Set devices in read-only mode
Protect disks from accidental or intentional formatting
Detect and block hardware keyloggers (USB and PS/2)
Deploy permissions and settings via Group Policy in an Active Directory domain
Use the standard Windows RSoP snap-in to view the DeviceLock policy currently being applied, as well as to predict what policy would be applied in a given situation
Control everything remotely using the centralized management console
Get a complete log of port and device activity, such as uploads and downloads by users and filenames in the standard Windows Event Log that stores locally and/or in the special protected log that sends to DeviceLock Enterprise Server for centralized storage
Mirror all data (shadowing) copied to external storage devices (removable, floppy, DVD/CD-ROM) and transferred via COM and LPT ports
Store shadow data and audit logs on a centralized component of an existing server and any existing ODBC-compliant SQL infrastructure
Generate a report concerning the permissions and settings that have been set
Generate a report displaying the USB, FireWire and PCMCIA devices currently connected to computers and those that were connected
Install and uninstall it automatically
|