DeviceLock Discovery Stops Data Breaches
A functional component of the DeviceLock DLP Suite, DeviceLock Discovery enables organizations to gain visibility and control over confidential “data at rest” stored across their IT environment in order to proactively prevent data breaches and achieve compliance with regulatory and corporate data security requirements.
By automatically scanning data residing on network shares, storage systems, and endpoint computers inside and outside of the corporate network, DeviceLock Discovery locates documents with exposed sensitive content, provides options to protect them with remediation actions, and can initiate incident management procedures by sending real-time alerts to Security Information and Event Management (SIEM) systems used in the organization.
Depending on the network topology and other specifics of the protected IT environment, DeviceLock Discovery can perform scans in several modes: agentless, agent-based, and mixed scanning.
DeviceLock Discovery scans can be initiated by administrators manually or can be configured to run on a schedule. DeviceLock Discovery Agents can be remotely installed on and removed from target computers by the DeviceLock Discovery Server in a fully automatic and transparent process to end users.
DeviceLock Discovery inspects textual data in more than 120 file formats and more than 40 types of nested archives. For identifying confidential content, DeviceLock Discovery uses structured data detection methods like keyword matching and regular expressions (RegExp). To ease the task of specifying content filters, the product ships with hundreds of pre-built industry-specific and country-specific keyword dictionaries, as well as RegExp templates for common sensitive information types, such as Social Security Numbers, credit cards, bank accounts, addresses, driving licenses, etc. In addition, customers can develop their own keyword dictionaries and templates, as well as modify pre-built ones for customized filtering needs.
The accuracy of content detection is increased by morphological analysis of keywords in English, French, German, Italian, Portuguese, Russian, Spanish, and Catalan Spanish.
Validated File Type Detection (more than 5300 file types are recognized) is another content-aware method that can be used in DeviceLock Discovery independently or in combination with textual content inspection. A binary content signature-based method is used to detect the verified file type regardless of its extension or header.
In addition to content discovery in textual-based data objects, a built-in optical character recognition (OCR) engine allows DeviceLock Discovery to extract and inspect textual data from pictures in documents and graphical files of many image formats. With 26 languages recognized, DeviceLock keyword dictionaries and regular expressions used to improve recognition, as well as dozens of other advanced features supported, this highly efficient OCR engine delivers the ability to discover and protect exposed confidential data in information assets presented in graphical form to DeviceLock customers. The distributed OCR architecture tremendously improves the overall performance of the solution, primarily because the graphical objects stored on endpoints can be scanned and inspected locally by Agent-resident OCR modules, thus significantly decreasing any load on the Discovery Server and reducing the scan traffic in the corporate network.
Once confidential content has been detected in a file stored in the wrong place, the following preventive actions can be enforced to remediate the exposure:
- Safe Delete
- Delete Container (if a violation found in a file inside the container/archive)
- Set Permissions (for NTFS files)
- Notify User and
- Encrypt (with EFS for NTFS files only).