For any businesses in the modern economy, information used in corporate IT systems in the form of digital data has become a critical intangible asset for their growth, sustainability, and competitiveness. Such information includes intellectual property, customer data, company’s financials and trade secrets, PII and PHI of clients and employees, technology “know-how”, competitive intelligence, and many more types of meaningful knowledge.
Protecting data is critical in today’s hyper-networked reality where ubiquitous mobile data communications, the Internet, social media, email, and other consumer applications, as well as the commercialization of cybercrime, have all combined to sharply increase the threats to IT security. The global pandemic of data breaches resulting from unauthorized access to, and dissemination of, valuable corporate information can lead to heavy financial losses from costly litigation, compliance fines by authorities, damage to reputation, and loss of revenue.
With DeviceLock DLP, security administrators can precisely match user rights to job functions with regard to transferring, receiving, and storing data on corporate computers. The resulting secure computing environment allows all legitimate users’ actions to proceed unimpeded while blocking any inadvertent or deliberate attempts to perform operations outside of preset rules.
The DeviceLock DLP solution is simple, easy to operate, and designed to effortlessly scale from small to large installations and to simplify DLP deployment and management such that it can usually be performed by in-house Windows administrators using the Microsoft Active Directory’s Group Policy Management Console or DeviceLock’s companion consoles. The complete package delivers an unprecedented level of functionality among endpoint DLP solutions in an affordable price range.
Function-Based Modular Solution Architecture with Incremental Licensing
DeviceLock DLP is designed as a modular architecture of standalone-feature products with add-on components whose functional capabilities are complementary to each other while their management is unified and licensing for modules other than Core is optional.
As a result, these products and components can be used in various combinations, thus allowing DeviceLock customers to choose cost-optimized solutions with only those functions necessary to satisfy their current security and/or budgetary needs. This modular architecture enables customers to incrementally upgrade the functionality of deployed DeviceLock products as their data protection requirements grow from the basic device/port control Core option up to the all-inclusive content-aware Endpoint DLP Suite solution.
The full DeviceLock Endpoint DLP Suite prevents leakage of data when they are used and moved locally on protected endpoint computers, as well as when the data are transmitted from corporate endpoints over network communications. Therefore, the Suite implements the functions of “data-in-use” (DIU) and “data-in-motion” (DIM) leak prevention.
The Suite’s fundamental component and basic standalone product option is DeviceLock® Core. It enforces fine-grained contextual controls over data access and transfer operations locally on the protected computer. These include user access to peripheral devices and ports, document printing, clipboard copy/paste operations, screenshot capturing, media format and eject operations, File Type Detection access controls, as well as synchronizations with locally connected mobile devices.
Another Suite’s component called NetworkLock™ is an optional add-on module which can be used together with DeviceLock Core to extend the Suite’s security functions with contextual controls over network communications of protected computers through often risky applications and protocols. These include popular email platforms, webmails, Instant Messengers (IMs), cloud-based file storage, social media, web access, web search engines, local network shares, torrent P2P file sharing, as well as FTP and Telnet protocols.
The third functional component – ContentLock™, which is also an optional add-on to DeviceLock Core, performs content inspection and filtering of files and other data objects used on or transferred from the protected computer. For local access and transfer operations, data objects are supplied for analysis to ContentLock by DeviceLock Core, while NetworkLock provides files, messages, IM sessions, web form interactions, and other data extracted from network communications to ContentLock.
EtherSensor™ is an optional high-performance network event and message extraction system that enables organizations to implement comprehensive monitoring, capturing, and analysis of corporate network traffic in real-time with the aim of reconstructing, filtering, and collecting transmitted application-level data objects. Collected messages, metadata, and logs can be delivered to the central log database of DeviceLock DLP..
In addition to these preventive components, an optional post-analysis component – DeviceLock Search Server (DLSS) can be used to perform full-text searches in the central audit log database and shadow log and file repository. DLSS is aimed at making the labor-intensive processes of log analysis during information security audits and incident investigations much faster and more accurate.
To prevent leakage of “data-at-rest” stored on corporate endpoints and on network shares, a dedicated content discovery and remediation product called DeviceLock Discovery (DLDS) scans files residing on file shares and network attached storage systems in the corporate network, as well as on Windows endpoint computers. The DLDS locates documents with exposed sensitive content and optionally protects them with configurable automatic remediation actions.
DeviceLock DLP – Comprehensive Features List
- Devices Access Control
- Network Communications Control
- Content Discovery
- Tamper Protection
- Active Directory Group Policy Integration
- Centralized Configuration and Deployment
- True File Type Control
- Clipboard Control
- Removable Media Encryption Integration
- Search Server
- Virtual DLP for BYOD Devices
- USB White List
- Media White List
- Temporary White List
- Protocols White List
- Mobile Device Local Sync Control
- Printing Security
Extended DeviceLock DLP Functions
- RSoP Support
- Batch Processing
- Graphical Reporting
- Permissions Report
- Report Plug-n-Play Devices
- Clipboard Control
- Traffic Shaping
- Stream Compression
- Optimal Server Selection