DeviceLock Adds Full-Text Search Engine to Ease Fact-Finding within Its Shadow and Log Databases
DeviceLock, Inc., a worldwide leader in endpoint data leak prevention software solutions, today announced the general availability of DeviceLock Search Server (DLSS) for comprehensive full-text searches of DeviceLock’s central database of shadow copies and log records. An add-on option to DeviceLock as of Version 6.4.1, DLSS can run searches to easily generate detailed snapshots of any content that users have transferred from their endpoint computers through local ports to peripheral devices. DLSS aids in the labor-intensive processes of information security compliance auditing, incident investigations and forensic analysis, making fact-finding faster, more precise and more convenient.
“No enterprise-scale endpoint data security strategy is complete without effective support for security audit, incident investigations, and forensic analysis. That’s why many customers turn on DeviceLock’s audit and data shadowing capabilities. However, larger DeviceLock installations can gather hundreds of thousands to millions of documents of endlessly variable size and format into their shadow databases per year, making post-analysis complex, labor-intensive and slow. By adding a powerful search engine to operate on collected shadow and log data, we’ve slashed the frustrations and labor costs associated with these IT security specialties – and improved response time by an order of magnitude,” commented Ashot Oganesyan, DeviceLock CTO and Founder. “IT security specialists can use DLSS to quickly find, retrieve and analyze all shadow copies of files containing specific business-critical data, for example, customers or price lists. Knowing when and by whom confidential information was copied, they can take swift action to avoid possible information disclosure and distribution outside the company.”
DLSS brings a powerful set of search capabilities to DeviceLock Audit/Shadowing users. It supports indexing and searching in more than 80 file formats. When DLSS creates its initial index of log file contents, it maintains log parameter fields, so queries can be formed to find all shadowed documents from a specific user, specific computer, or specific date, for example. Word, phrase and number queries take only seconds to execute once the data has been indexed. Stemming and noise-word filtering is turned on by default for words and phrases in English, French, German, Italian, Japanese, Russian, and Spanish. DLSS uses “all words” logic (AND logic), with some special characters available to refine or expand searches. Results are sorted by “hit count” by default, though term weighting or field weighting for particular words is possible.
DLSS also supports full-text indexing and searching of printouts in PCL and PostScript languages, bringing vital automation to auditing one of the oldest and most obvious channels of data leakage – document printing. Conventionally, IT security staff investigating data leak incidents or conducting audits have had to delve into this channel using a cumbersome process involving special viewers that call up graphical images. DLSS eliminates such complicated and time-consuming processes. Another breakthrough by the DeviceLock development team, DLSS will also consistently recognize Cyrillic characters in any text within PostScript encoding and accurately index and search them.
For organizations of any industry and scale, DeviceLock software proactively protects endpoint computers against local data leaks and malware infiltration resulting from insider negligence, accidental mistakes or malicious actions. It enables organizations to precisely control, log, shadow-copy and audit end-user access to all types of local ports and peripheral devices, including local and network printers, as well as Windows Mobile®, iPhone®, Palm® and BlackBerry® smartphones. Complementing its port, device, and data channel-based controls with data type-level security, DeviceLock supports true file-type detection and filtering by intercepting any file system’s read/write operations with peripheral devices, performing real-time analysis of the entire binary content of transmitted data and enforcing applicable file-type based security policies. DeviceLock also integrates with leading encryption products from PGP®, Lexar®, SecurStar®, and TrueCrypt® in order to protect data on removable storage devices. In addition, DeviceLock blocks operations of USB and PS/2 hardware keyloggers.
DeviceLock is designed for Microsoft Windows platforms and features comprehensive central management that is natively integrated with Microsoft Active Directory®. For centrally logging and auditing user activities, as well as enforcing data shadowing, a separate management component – DeviceLock Enterprise Server (DLES) can be used. Highly-granular event logging and data shadowing configurations are supported for tracking, collecting evidence and analysing those user actions, system events and transferred data that are required by corporate security policies.
Included by default with any DeviceLock installation, the DLSS functionality will be available for customers as an optional, separately licensed component. The perpetual license price will depend on the total number of documents in the searchable DeviceLock shadow database, as well as the number of event log records in the database.
About DeviceLock, Inc.
Since its inception in 1996 as SmartLine, DeviceLock, Inc. has been providing endpoint device control software solutions to businesses of all sizes and industries. Protecting more than 4 million computers in over 60,000 organizations worldwide, DeviceLock has a vast range of corporate customers including financial institutions, state and federal government agencies, classified military networks, healthcare providers, telecommunications companies, and educational institutions. DeviceLock, Inc. is an international organization with offices in San Ramon (California, US), London (UK), Ratingen (Germany), Moscow (Russia) and Milan (Italy).