Even if you block every physical port on your employee’s endpoint computer (USB, parallel and serial, Firewire, etc.) and wireless connection (Bluetooth, WiFi), there are still a multitude of ways for sensitive data to leak out of your organization. (And incidentally, our DeviceLock Core Module provides the world’s most robust and trusted peripheral port-device blocking controls on the market.)
Peripheral port controls, whether for physical or wireless connections, are still a critical first step in implementing an effective data leak prevention strategy.
However, the proliferation of social media, cloud based storage and email services require a “next level” approach to ensure that confidential data is not leaving your organizations, either intentionally or accidently, via these network-based channels. And with new cloud services and social sites constantly being created, there are likely more than 50 ways to leak your data!
Whether it’s an employee accidently posting sensitive company information to their personal social sites or intentionally transferring data from their work computer via web-based email or cloud storage services, the end result is the same: the data is now out in the wild and no longer under any kind of security or administrative control.
We created our NetworkLock module specifically to deal with the myriad of uncontrolled or under-controlled network channels accessible to endpoint computers. The NetworkLock module provides comprehensive contextual controls over endpoint network communications such as internet protocols (http/https, ftp/ftps), web applications, social media, email/webmail, torrents, and an array of Instant Messenger applications.
If there’s a way for sensitive data to leave your organization via the Internet, DeviceLock can either block or restrict what goes out.
NetworkLock stops those “oh, no” moments that can happen when an employee accidently attempts to post something they shouldn’t to their social sites as well as those, “I know I’m not supposed to, but I’m going to email myself that customer list using my Hotmail account.” These are just a couple scenarios, but with more and more unauthorized ways for data to leave an organization through the internet, the increasing importance of providing effective network controls is obvious.
In addition to logging all endpoint network activity regarding file or data transfers, NetworkLock also enables “Data Shadowing” which makes an archival copy of the file (or IM session) in question in its current state at the time of the transfer or attempted transfer. This copy can later be used for forensic or litigation purposes to prove what was in the file at the time of the incident in question.
Further, the ContentLock module can be licensed and configured to inspect the email, file, or session content going outbound on network channels and block, allow, shadow and alert according to your desired content rules per channel.
If you’d like to know more about DeviceLock and our NetworkLock module, call us at 925-231-4400 or email to us.sales (at) devicelock.com to talk to one of our endpoint security specialists. If you’d like to trial the DeviceLock DLP Suite for 30 days, please visit our website at: http://www.devicelock.com/download.