|
 video features & benefits FAQ
About DeviceLock®
The data you are striving to protect behind firewalls and passwords is likely still slipping through your fingers. Data leaks can be initiated by either unwitting employees or users with malicious intent copying proprietary or sensitive information from their PCs to flash memory sticks, smartphones, cameras, PDA’s, DVD/CDROMs, or other convenient forms of portable storage. Or, leaks may spring from user emails, instant messages, web forms, social network exchanges or telnet sessions. Wireless endpoint interfaces like Wi-Fi, Bluetooth, and Infrared as well as device synchronization channels provide additional avenues for data loss. Likewise, endpoint PCs can be infected with vicious malware that harvest user keystrokes and send the stolen data over SMTP or FTP channels into criminal hands. While these vulnerabilities can evade both network security solutions and native Windows controls, the DeviceLock® Endpoint Data Leak Prevention (DLP) Suite addresses them. It enforces data protection policies with awareness of both the context and content of data flows across endpoint channels.
Data leakage prevention starts with contextual control — that is, blocking or allowing data flows by recognizing the user, the data types, the interface, the device or network protocol, the flow direction, the state of encryption, the date and time, etc. Some scenarios call for a deeper level of awareness than context alone can provide; for example, when the data being handled contains personally identifiable information, when the input/output channel is conventionally open and uncontrolled, and when the users involved have situations or backgrounds considered high risk. Security administrators can gain greater peace of mind by passing data flows that fall into any of these categories through an additional content analysis and filtering step before allowing the data transfer to complete.
DeviceLock® Endpoint DLP Suite provides both contextual and content-based control for maximum leakage prevention at minimum upfront and ownership cost. Its multi-layered inspection and interception engine provides fine-grained control over a full range of data leakage pathways at the context level. For further confidence that no sensitive data is escaping, content analysis and filtering can be applied to select endpoint data exchanges with removable media and PnP devices, as well as with the network. With DeviceLock®, security administrators can precisely match user rights to job function with regard to transferring, receiving and storing data on corporate computers. The resulting secure computing environment allows all legitimate user actions to proceed unimpeded while blocking any accidental or deliberate attempts to perform operations outside of preset bounds.
DeviceLock® Endpoint DLP Suite is comprised of a modular set of complementary functional components that can be licensed separately or in any combination that suits current security requirements.
The DeviceLock® component includes an entire set of context controls together with event logging and data shadowing for all local data channels on protected computers including peripheral devices and ports, clipboard, connected smartphones/PDA’s, and document printing. DeviceLock® also provides the core platform for all other functional modules of the product suite and includes its central management and administration components.
The NetworkLock™ component performs all context control functions over endpoint network communications including port-independent protocol/application detection and selective control, message and session reconstruction with file, data, and parameter extraction, as well as event logging and data shadowing.
The ContentLock™ component implements content monitoring and filtering of files transferred to and from removable media and Plug-n-Play devices, as well as of various data objects of network communications reconstructed and passed to it by NetworkLock™ – like emails, instant messages, web forms, files, social media exchanges, and telnet sessions.
DeviceLock® Search Server (DLSS) is another separately licensed component. It performs full-text search in the central shadowing and event log database. DLSS is aimed at making the labor-intensive processes of information security compliance auditing, incident investigations, and forensic analysis more precise, convenient and time-efficient.
For enterprises standardized on software and hardware-based encryption solutions, DeviceLock® allows administrators to centrally define and remotely control the encryption policies their employees must follow when using removable devices for storing and retrieving corporate data. For example, certain employees or their groups can be allowed to write to and read from only specifically encrypted USB flash drives, while other users of the corporate network can be permitted to "read only" from non-encrypted removable storage devices but not write to them.
DeviceLock® provides a level of precision control over devices and network resources unavailable via Windows Group Policy - and it does so with an interface that is seamlessly integrated into the Windows Group Policy Editor. As such, it’s easier to implement and manage across a large number of workstations.
Device Types Controlled:
-
Floppies
-
CD-ROMs/DVDs/BDs
-
Any removable storage (flash drives, memory cards, etc.)
-
Hard drives
-
Tape devices
-
WiFi adapters
-
Bluetooth adapters
-
Apple iPhone/iPod touch/iPad, BlackBerry, Windows Mobile and Palm OS
-
Printers (local, network and virtual)
|
Ports Secured:
-
USB
-
FireWire
-
Infrared
-
Serial and parallel
|
Network Communications Controlled:
-
Web Mail: Gmail, Yahoo!Mail, Windows Live Mail, AOL Mail, Mail.ru, Yandex Mail, GMX.de, Web.de
-
Social Networking: Google+, Facebook, Twitter, LiveJournal, LinkedIn, MySpace, Odnoklassniki, Vkontakte, XING.com, Studivz.de, Meinvz.de, Schuelervz.net
-
Instant Messengers: ICQ/AOL, MSN Messenger, Jabber, IRC, Yahoo! Messenger, Mail.ru Agent
-
Internet Protocols: FTP, FTP over SSL, HTTP/HTTPS, SMTP and SMTP over SSL
-
Telnet sessions
|
Clipboard Control:
-
Inter-application clipboard copy/paste operations
-
Data types controlled separately: file types, textual data, images, audio, unidentified
-
Screenshot operations (for PrintScreen and 3rd party applications)
|
Data Types Controlled:
-
More than 4,000 file types
-
Data synchronization protocol objects: Microsoft ActiveSync®, Palm® HotSync, iTunes®
-
Pictures containing text as image (embedded in MS Office and PDF documents or as separate graphic files)
|
File Formats Parsed:
-
80+ file formats including Microsoft Office, Adobe PDF, OpenOffice, Lotus 1-2-3, WordPerfect, WordStar, Quattro Pro, Email repositories and archives, CSV, DBF, XML, Unicode, GZIP, RAR, ZIP, etc.
|
Content Filtering Technologies:
-
Keyword matching
-
Advanced regular expression patterns with numerical conditions and Boolean combination of matching criteria
-
Pre-built RegExp templates (SSN, credit card, bank account, address, passport, driver’s license, etc.)
-
Industry-specific keyword dictionaries
-
File/Data object properties (name, size, password protected, contains text, date/time, etc.)
|
Encryption Integration:
-
Windows BitLocker To Go
-
PGP® Whole Disk Encryption
-
TrueCrypt®
-
Lexar® Media SAFE S1100 & S3000 Series
-
SafeDisk®
-
SecurStar® DriveCrypt® (DCPPE)
|
|
Identity theft is the top consumer complaint in the 
