Firewalls and antivirus software are no defense against acts of data theft that occur within the organization at local peripheral ports and attached storage devices on Windows endpoints. You don't have to be an administrator to connect a plug-n-play digital camera, MP3 player, or flash memory stick to the USB port and begin uploading or downloading whatever data you want with no audit trail left behind. If you are a system administrator, you already know you cannot granularly manage, audit, or shadow port and device-level activity via Group Policy while also preventing hardware keyloggers and perhaps also enforcing use of only encrypted media. For these reasons and many others, DeviceLock® is the perfect choice for endpoint port-device control and data leak prevention (DLP).
Using DeviceLock®, network administrators can lock out unauthorized users from USB and FireWire devices; WiFi and Bluetooth adapters; CD-Rom and floppy drives; serial and parallel ports; and many other plug-and-play devices like PDAs and smartphones that use Windows Mobile, Palm OS, BlackBerry, and Apple technologies. Once DeviceLock® is installed, administrators can control access levels to any device, including read/write/format restrictions, true file type restrictions, and even restrictions based on the hour-of-day and day-of-the-week.
The USB white list allows you to authorize only specific devices and/or models that will not be locked regardless of any other settings. The intention is to allow special devices (e.g. smart card readers generically or unique USB Removable storage devices assigned to specific users) but lock out all other devices by default.
DeviceLock® allows you to generate reports concerning the permissions that have been set. You can see which users are assigned for what device and what devices are on the USB white list on all the computers across your network. DeviceLock® also provides extensive "canned" and ad hoc reporting, indexing, and search tools on the auto-collected audit and shadowed data activities from allowed devices.
Keep in mind that almost 80% of all security breaches come from the inside! DeviceLock® is a best-of-breed solution to secure Windows and protect your network computers against attack from the inside.
From Microsoft Active Directory Group Policy GPOs (using DeviceLock’s 100% integrated MMC snap-in console) or traditional centralized DeviceLock administrative consoles, DeviceLock administrators can:
- set access permissions (including "Read Only") per peripheral device port, device class, device type, device model, and for unique devices
- grant or deny access per user or per group (domain, LDAP, local)
- specify appropriate days/hours per week for port/device access
- audit and report all file upload/download and device connection activity that occurs with local drives and ports
- prevent users with local PC administrator permissions from bypassing DeviceLock security policy
- use advanced White List and Temporary White List technology to implement a customized access policy for authorized devices
- detect and stop USB and PS/2 hardware-based key loggers
- manage any Microsoft, LDAP (Novell, etc), or mixed network environment of Windows computers
- secure/audit peripheral USB, FireWire, Bluetooth, CD/DVD, WiFi, Floppy, Removable, Infrared, Parallel, Serial, PDAs, Magneto Optical, Tape drives, Printers (local, virtual, network), etc.
- enable Data Shadowing features that allow auditors to analyze the actual data files being copied to removable media
- detect and integrate with top commercial and open source encryption solutions
- provide access controls for over 3,800 grouped file types that can be detected (even if renamed), blocked, allowed, and/or pre-filtered for audit/shadow events
- differentiate between Online ("work" network) vs. Offline (undocked) status and allow different port-device access policy profiles for laptops/portables
- generate and email graphical reports from the raw audit and shadow data gathered and stored by the DeviceLock Enterprise Server collection service
- implement an optional DeviceLock Search Server component for indexing/searching the raw audit and shadow data gathered and stored by the DL Enterprise Server collection service (http://www.devicelock.com/dl/press_release_dlss.html)
- effectively deal with mobile PDA data leakage for Apple iPhones\iTouchs, BlackBerrys, Windows Mobile, and Palm OS-based devices (http://www.devicelock.com/dl/press_release_iphone_blackberry.html)
- manage Windows NT4, 2000, 2003, XP, Vista, 2008, and Windows 7 operating systems (32 and 64 bit)
- And more…