Home News End-Point Security News DeviceLock version 6.0 released
DeviceLock version 6.0 released PDF Print E-mail
Tuesday, 22 August 2006 16:00


With native Microsoft Active Directory (AD) Group Policy integration for easy roll-out and management across a large enterprise, unmatched granularity of security policy settings, and robust data auditing and shadowing options, the newest release of DeviceLock gives CSO’s the greatest support yet for enforcing device-related security policy. 



SAN RAMON, CA - SmartLine Inc announced the general availability of DeviceLock v6.0, a release that comprehensively addresses the challenge of enforcing endpoint security policy and auditing activity for all plug-and-play ports, drives, and removable devices on Windows computers. An important milestone in SmartLine’s 10-year mission to deliver the most secure, stable, scalable, and feature-rich product on the market, DeviceLock v6.0 adds simplified policy enforcement, Media White List capabilities and more extensive auditing options including advanced data shadowing. DeviceLock administrators have precision control over which users and groups have what level of access to which devices on which computers and when that access is allowed. DeviceLock can discretely manage any physical Windows port and drive with its layered security architecture and White List options while ensuring that even local computer administrators cannot tamper with its enforcement.

"The harsh reality is corporate customers often need to be protected from themselves." said Jeremy Moskowitz, Group Policy MVP who runs GPanswers.com. "Out of the box, Group Policy might not give administrators the power they need to really protect corporate assets. Windows XP/SP2 does provide a rudimentary way to control some USB functions, but it doesn't go far enough."

DeviceLock’s new optional data shadowing capability significantly enhances the corporate IT auditor’s ability to ensure that sensitive information has not left the premises on removable media. It captures full copies of files that are copied to authorized removable devices, burned to CD/DVD or even printed by authorized end users. The shadow copies are then available for further analysis of any compressed, encrypted, or mis-named files, revealing any breaches of the company’s data integrity policy. DeviceLock will also capture log information on the user, host computer, associated time stamps, and other pertinent data to isolate the source of any breach. Now IT security officials can add this extra layer of monitoring to users with access to high-sensitivity data and establish one more deterrent to policy violators and ‘inside job’ perpetrators.

Shadow copies are stored on a centralized component of an existing server and any existing ODBC-compliant SQL infrastructure of the customer’s choosing. Otherwise, DeviceLock can be deployed and managed from any administrative workstation or server with zero added infrastructure. DeviceLock’s new Media White List feature allows you to authorize access to specific DVD/CD-ROM disks, uniquely identified by data signature, even when DeviceLock has otherwise blocked the DVD/CD-ROM drive. A convenience when DVDs/CD-ROM disks are routinely used for the distribution of new software or instruction manuals, Media White Listing can also specify allowed users and groups, so that only authorized users are able to access the contents of the DVD or CD-ROM.

DeviceLock v6.0 provides an improved and fully integrated Active Directory (AD) Group Policy Manager MMC console that snaps into the AD Group Policy Editor to directly create native Group Policy Objects for distributing peripheral port/device security settings. This allows DeviceLock to be as scalable as any AD environment and to securely and efficiently manage hundreds of thousands of Windows desktops with a tool that is familiar to all Windows administrators. DeviceLock can also manage any LDAP network of Windows computers (Novell, OpenLDAP, etc.), including mixed network operating system environments.

System requirements: DeviceLock requires Windows NT 4.0, Windows 2000, Windows XP or Windows Server 2003, 32 MB RAM, a hard drive with 2 MB of hard disk space.

DeviceLock costs $35 (US) for a single-user license. Discounts are available for multi-user licenses and for Educational Institutions. A free, fully functional demo is available for download from www.advancedforce.com

About the Company: SmartLine Inc, established in 1996, (www.protect-me.com) develops well-integrated and cost-effective network management software solutions. SmartLine's many customers include major technology stakeholders, large US and international financial companies, telecommunications conglomerates, government agencies, classified military networks, and educational institutions.

# # #



What's New in DeviceLock 6.0  (versus 5.73):

  • DeviceLock now supports data shadowing - the ability to mirror all data copied to external storage devices (removable, floppy, DVD/CD-ROM) and transferred via COM and LPT ports. A full copy of the files and data is saved. Shadowing is an extended function of DeviceLock Audit and like auditing can be defined on a per-user basis.
  • A new Media White List feature allows you to uniquely identify a specific DVD/CD-ROM disk by the data signature and authorize access to it, even when DeviceLock has otherwise blocked the DVD/CD-ROM drive. Any change to the content of the media will change the data signature, thus invalidating authorization. In this way, a white-listed disk cannot be used to introduce unwanted data to the network. A DeviceLock Media White List can be configured to grant access to a collection of approved DVD/CD-ROM disks by certain users and groups, so that only authorized users are able to use the approved information.
  • Optional DeviceLock Enterprise Server is added for centralized collecting and storing of shadow files. DeviceLock Enterprise Server uses MS SQL Server to store received data.
  • DeviceLock Management Console (MMC snap-in) now includes a module for remote administration of DeviceLock Enterprise Server. Using this console, you can manage DeviceLock Service and administer DeviceLock Enterprise Server at the same time.
  • For each DeviceLock Service you can now define the name of the DeviceLock Enterprise Server to which the service reports shadow files as soon as they arrive.
  • The new interface for DeviceLock Group Policy Manager. Now it allows you to set parameters to the "not configured" state.
  • In the Service Options dialog you can now set a disk quota for shadowed data, ensuring that the user's free disk space is not overburdened.
  • Now you can view logged files using a built-in viewer on the Shadow Log Viewer dialog.
  • Even deleted shadow data is now logged. When records are removed from the shadow data log, the binary data is deleting from the database but the information about these records is written to a Deleted Shadow Data Log and can be conveniently viewed from the DeviceLock Management Console.
  • A special log for DeviceLock Enterprise Server writes its internal information, warnings and errors for convenient viewing from DeviceLock Management Console.
  • A custom message can now be displayed when temporary access permission expires for devices that were authorized via Temporary White List.
  • Now all DeviceLock components install via a single installation package - setup.exe. Using this package you can install DeviceLock Service, DeviceLock Enterprise Server, all management consoles, as well as documentation and help files. The setup_gp.exe packaged was removed.
  • The user manual and help-files have been significantly updated to include information about all new features and for easier reference overall.

 Existing customers that are within their one-year free maintenance period can use this new version without any fee!

Other customers can also receive an upgrade but for the additional fee.  If you want to purchase an upgrade, please e-mail us at sales (at) advancedforce.com. (Please delete the space before and after the "(at)" letters and also replace "(at)" with @ mark. We are sorry for this inconvenience, but these steps are necessary to help us avoid SPAM.)