Firewalls and antivirus software are no defense against acts of data theft and corruption from within your organization at local endpoints. You don't have to be an administrator to connect a small digital camera, MP3 player, or flash memory stick to the USB and begin uploading or downloading whatever you want. If you are a system administrator, you know you can't manage such device-level activity via Group Policy.
Using endpoint device security solution called DeviceLock®, network administrators can lock out unauthorized users from USB and FireWire devices, WiFi and Bluetooth adapters, CD-Rom and floppy drives, serial and parallel ports, PDAs and smartphones, local and network printers and many other plug-and-play devices. Once DeviceLock is installed, administrators can control access to any device, depending on the time of day and day of the week.
For enterprises standardized on software and hardware-based encryption solutions like PGP® Whole Disk Encryption, TrueCrypt and Lexar® SAFE PSD S1100 USB drives, DeviceLock allows administrators to centrally define and remotely control the encryption policies their employees must follow when using removable devices for storing and retrieving corporate data. For example, certain employees or their groups can be allowed to write to and read from only specifically encrypted USB flash drives, while other users of the corporate network can be permitted to "read only" from non-encrypted removable storage devices but not write to them.
The USB white list allows you to authorize only specific devices that will not be locked regardless of any other settings. The intention is to allow special devices (e.g. smart card readers) but lock all other devices. Media White List feature allows you to authorize access to specific DVD/CD-ROM disks, uniquely identified by data signature, even when DeviceLock® has otherwise blocked the DVD/CD-ROM drive. A convenience when DVD/CD-ROM disks are routinely used for the distribution of new software or instruction manuals, Media White Listing can also specify allowed users and groups, so that only authorized users are able to access the contents of the DVD or CD-ROM.
The DeviceLock®'s optional data shadowing capability significantly enhances the corporate IT auditors ability to ensure that sensitive information has not left the premises on removable media. It captures full copies of files that are copied to authorized removable devices, Windows Mobile and Palm OS-based PDAs and smartphones, burned to CD/DVD or even printed by authorized end users. Shadow copies are stored on a centralized component of an existing server and any existing ODBC-compliant SQL infrastructure of the customers choosing.
DeviceLock® Enterprise Server can monitor remote computers in real-time, checking DeviceLock® Service status (running or not), policy consistency and integrity. The detailed information is written to the Monitoring log. Also, it is possible to define a master policy that can be automatically applied across selected remote computers in the event that their current policies are suspected to be out-of-date or damaged.
DeviceLock® allows you to generate a report concerning the permissions that have been set. You can see which users are assigned for what device and what devices are on the USB white list on all the computers across your network.
DeviceLock® provides a level of precision control over device resources unavailable via Windows Group Policy - and it does so with an interface that is seamlessly integrated into the Windows Group Policy Editor. As such, its easier to implement and manage across a large number of workstations.
* Control which users or groups can access USB, FireWire, Infrared, COM and LPT ports; WiFi and Bluetooth adapters; any type of printer, including local, network and virtual printers; Windows Mobile and Palm OS-based PDAs and smartphones; aswell as DVD/CD-ROMs, floppy drives, and other removable and Plug-and-Play devices
* Selectively grant or deny access to certain true file types for removable media
* Control access to devices depending on the time of day and day of the week
* Define which types of data (files, calendars, emails, tasks, notes, etc.) are allowed to synchronize between corporate PCs and personal mobile devices
* Define different online vs. offline security policies for the same user or set of users
* Detect encrypted PGP® and TrueCrypt disks (USB Flash Drives and other removable media) as well as Lexar® SAFE PSD encrypted flash drives and apply special "encrypted" permissions to them
* Authorize only specific USB devices that will not be locked regardless of any other settings
* Grant users temporary access to USB devices when there is no network connection (you provide users with the special access codes over the phone that temporarily unlock access to requested devices)
* Uniquely identify a specific DVD/CD-ROM disk by the data signature and authorize access to it, even when DeviceLock has otherwise blocked the DVD/CD-ROM drive
* Protect against users with local administrator privileges so they can't disable DeviceLock® Service or remove it from their computers, if they are not in the list of DeviceLock® administrators
* Set devices in read-only mode
* Protect disks from accidental or intentional formatting
* Detect and block hardware keyloggers (USB and PS/2)
* Deploy permissions and settings via Group Policy in an Active Directory domain
* Use the standard Windows RSoP snap-in to view the DeviceLock® policy currently being applied, as well as to predict what policy would be applied in a given situation
* Control everything remotely using the centralized management console
* Get a complete log of port and device activity, such as uploads and downloads by users and filenames in the standard Windows Event Log
* Mirror all data (shadowing) copied to external storage devices (removable, floppy, DVD/CD-ROM), Windows Mobile or Palm OS PDAs and smartphones, transferred via COM and LPT ports and even printed
* Store shadow data on a centralized component of an existing server and any existing ODBC-compliant SQL infrastructure
* Monitor remote computers in real-time, checking DeviceLock® Service status (running or not), policy consistency and integrity
* Generate a report concerning the permissions and settings that have been set
* Make graphical reports based on the logs (audit and shadow) stored on the server.
* Generate a report displaying the USB, FireWire and PCMCIA devices currently connected to computers and those that were connected
* Create a custom MSI package for DeviceLock® Service with predefined policies.
Changelog for this release:
*Added new optional component - NetworkLock (NL) with comprehensive context control capabilities over endpoint network communications. NL supports port-independent network protocol and application detection and selective blocking, message and session reconstruction with file, data, and parameter extraction, as well as event logging and data shadowing. NL controls most popular network protocols and applications such as: plain and SSL-protected SMTP email communications (with messages and attachments controlled separately), web access and other HTTP-based applications including content inspection of encrypted HTTPS sessions (specifically, webmail and social networking applications like Gmail, Yahoo! Mail, Windows Live Mail, Facebook, Twitter, LiveJournal, etc.), Instant Messengers (ICQ/AOL, MSN Messenger, Jabber, IRC, Yahoo! Messenger, Mail.ru Agent), file transfers over FTP and FTP-SSL protocols, as well as telnet sessions.
*Added new optional component - ContentLock (CL). CL brings more complex rules to "Content-Aware Rules". Now you can not only grant or deny access to information based on real file types but also create regular expressions (RegExp) patterns with numerical conditions and boolean combinations of matching criteria and keywords. Recognizing more than eighty file formats and data types, CL extracts and filters the content of data copied to removable drives and plug-n-play storage devices, as well as that transmitted over the network. With CL you can also filter shadowed data down to just those pieces of information meaningful to security auditing, incident investigations and forensic analysis before saving in the shadow log. This tremendously reduces storage space and network bandwidth requirements for shadow log delivery to the central database.
*Now in "Content-Aware Rules" you can create rules for image files based on whether the image contains text or not. This feature allows you to define special rules for document's screenshots and other images with textual information.
*Added new device type "Clipboard" to Permissions, Auditing & Shadowing and in graphical reports.
*Now when applying content rules to archive files (zip, rar, etc.), all files are extracted from an archive are analyzing separately.
*Added new "Archives content inspection on read" and "Archives content inspection on write" parameters to the Service Options which allow you to enable/disable the unpacking of file archives.
*Now the file type detection engine can detect images inside PDF files and MS Office documents.
*Added integration with BitLocker To Go (BL2G), the Windows 7 native data encryption solution for removable drives. DeviceLock detects encrypted BL2G disks and applies special "encrypted" permissions to them.
*Added new parameter "Merge Interval" to DeviceLock Search Server.
*Added ability to whitelist SSL connections, so that DeviceLock can be setup to allow third-party applications with embedded SSL certificates to connect to their servers.
*You can now define a custom message to be displayed to users when a denied attempt is made to use a network protocol.
*Added a notification message that is displayed to users when the content inspection is in progress.
*The user manual has been significantly updated to include information about all new features.
*Improvements in the setup routine for installation update and uninstall.
*Many internal improvements to DeviceLock Service and DeviceLock Driver.
*Many GUI improvements.
64 MB RAM