DeviceLock
DeviceLock® Endpoint DLP Suite provides both contextual and content-based control for maximum leakage prevention at minimum upfront and ownership cost. Its multi-layered inspection and interception engine provides fine-grained control over a full range of data leakage pathways at the context level. For further confidence that no sensitive data is escaping, content analysis and filtering can be applied to select endpoint data exchanges with removable media and PnP devices, as well as with the network. With DeviceLock®, security administrators can precisely match user rights to job function with regard to transferring, receiving and storing data on corporate computers. The resulting secure computing environment allows all legitimate user actions to proceed unimpeded while blocking any accidental or deliberate attempts to perform operations outside of preset bounds.
DeviceLock® Endpoint DLP Suite is comprised of a modular set of complementary functional components that can be licensed separately or in any combination that suits current security requirements.
DeviceLock® Endpoint DLP Suite is comprised of a modular set of complementary functional components that can be licensed separately or in any combination that suits current security requirements.
DeviceLock
This is the core product which can be used by itself or in addition to NetworkLock and/or ContentLock. DeviceLock integrates directly with the Microsoft Management Console (MMC) Active Directory (AD) Group Policy interface. No more new management console interface to learn, support or buy.
- True File Type Control
- Clipboard Control
- Mobile Device Local Sync Control
- Printing Security
- Removable media Encryption Integration
- Multiple Profiles
- Observation Mode
- True File Type Control
- Clipboard Control
- Mobile Device Local Sync Control
- Printing Security
- Removable media Encryption Integration
- Multiple Profiles
- Observation Mode
NetworkLock
An optional component of the DeviceLock Endpoint DLP Suite, this adds comprehensive contextual control over endpoint network communications. It supports port-independent network protocol and application detection with selective blocking, message and session reconstruction with file, data, and parameter extraction, as well as event logging and data shadowing. NetworkLock controls network protocols and applications. These include plain and SSL-tunneled SMTP email communications with messages and attachments handled separately. NetworkLock even has the ability to extract the content from encrypted HTTPS sessions. With NetworkLock you can set user permissions for the network communications used for web mail, SMTP mail, social networking applications, instant messaging, file transfers, telnet sessions and more.
ContentLock
The ContentLock module can filter the actual content of files copied to removable drives and other Plug-n-Play storage devices, as well as various data objects from within network communications. These applications include email, web access and other HTTP-based applications like webmail and social networking, many popular instant messaging applications, FTP file transfers, and telnet sessions. The text analysis engine can extract textual data from more than 80 file formats and other data types and then apply effective and reliable content filtering methods based on Regular Expression (RegExp) patterns with numerical conditions and boolean combinations of matching criteria. Included pre-built industry-specific keyword lists can be used as filter criteria, as well as common “RegExp” data pattern templates for sensitive information types like social security numbers, credit cards, addresses, etc.
- Affordable and easy to implement DLP solution
- Works with existing Microsoft Management Console and AD Group Policies
- Can be deployed in observation mode for audit purposes
- Eases compliance concerns
- Works with existing Microsoft Management Console and AD Group Policies
- Can be deployed in observation mode for audit purposes
- Eases compliance concerns
DeviceLock - FAQs
- What platforms are supported and what about Apple Macs? [+]Windows NT 4.0/2000/XP/Vista/7 or Server 2003/2008 (32-bit/64-bit versions) and now Apple Macs too. Light Windows resource requirements: CPU Pentium 4, 64MB RAM, HDD 25MB.
- Can I whitelist certain USB sticks? [+]Yes. We highly recommend doing this to support company approved, encrypted and managed USB media, which of course you can get from Altaware, Inc.
- Can we determine our DLP risk or exposure without having to fully deploy and configure the solution? [+]Yes, the product offers an "observation" mode for audit logging, data shadowing, Plug-n-Play device reporting. A sepeartely licensed DeviceLock Search Server module can be used to allow full-text searches of centrally collected audit log and shadow file data.
- How well does it scale? [+]It's already running in production environments with tens of thousands of managed devices at a single customer.
- Does it protect laptops when they are roaming in the field? [+]Absolutely. It supports online and offline profiles when you want to implement difference security profiles depending upon network connectivity. This includes highly granular control.
- What about smart phones? [+]DeviceLock can manage PDAs/SmartPhones/tablets by technology base. DeviceLock provides granular options for managing data movement functions for docked Windows Mobile and Apple iOS-based devices.