Gone are the days when corporate endpoint computers spend most of their life inside the office network environment, with the occasion foray outside the office when used by employees to access corporate servers remotely via the Internet or from home. Nowadays, as Web 2.0 applications, instant messengers and cloud file sharing services are being used by employees on their computers for both private and business needs, every corporate endpoint “lives” simultaneously in the corporate network environment and on the Internet. In reality, the border between them disappears entirely for any computer that is used by an individual in the corporate IT system – be it a desktop, laptop or BYOD device. And it is users themselves who are in control of segregating and sharing the data they create, use and store between these two network environments.
However, users are prone to making data handling mistakes, whether accidental or malicious – so that sensitive data can be routed to the wrong network. This also happens when employees become victims of social engineering attacks, because the cybercrime industry is now “hunting for data” rather than merely to just disrupt or inconvenience the user. Cybercrime’s ultimate goal is the financial profit gained from selling valuable information stolen from individuals, businesses and government organizations – everything from personal credit cards and passwords to intellectual property and national secrets. As the cybercrime ecosystem has become information-centric, the technologies and tools used by cyber thieves are purely targeting data while often using consumer apps and human nature’s weaknesses to penetrate into the protected corporate network.
Ubiquitous mobile data communications and the Internet, a load of social media and other consumer applications in corporate IT and the commercialization of cybercrime have all combined to fundamentally change the way network security is currently perceived and achieved.
No longer is network security entirely limited to the security of network infrastructure such as routers, switches, computing nodes and protected corporate perimeters. An additional crucial component of network security now requires the security of “data in motion.” This involves not only the confidentiality, authenticity and integrity of data when being transmitted but also includes controls over the distribution of sensitive business data across the perimeter of protected corporate environment, as well as between users and departments within the organization. In order to be effective, such controls must combine both network-specific and data-centric mechanisms to detect restricted content in transferred data and additionally, to prevent those transfer operations from violating an organization’s corporate security policy.
The “data in motion” security is equally necessary for corporate users both when they are in the office network environment and when they work via the Internet. For the majority of users, it is endpoint computers, such as physical or virtual desktops and laptops that are being used for processing and storing business data so preventing the uncontrolled distribution of information within the office network or outside the organization requires a content-aware data leak prevention (DLP) solution that effectively protects corporate endpoints regardless of where they are being used.
DeviceLock DLP provides the critical functionality to protect sensitive data both inside and outside the network. DeviceLock includes a lightweight enforcement agent installed on every computer and central management through traditional consoles or Active Directory Group Policy Objects that scale to the size and type of corporate network. Running transparently for users and applications, DeviceLock Agents detect and prevent unauthorized data access and transfer through local ports and peripheral devices, as well as via popular network applications and services like email, web browsers, instant messengers, and more.
The main features of DeviceLock Agent’s controls over network communications come from its NetworkLock component with its unique built-in deep packet inspection (DPI) engine. The DPI engine detects network applications and protocols regardless of the network ports they use. It intercepts and disassembles the traffic of the detected application, reconstructs its sessions and extracts the parameters necessary for applying contextual controls. In addition, the payload data, such as messages and files transferred in the communication can be extracted and handed over to ContentLock for content inspection.
It is important that DPI-based controls are not limited to particular applications running on the protected computer – as a result, NetworkLock controls traffic from any web browser, any SMTP email client, any FTP client and any Torrent agent. This unique capability differentiates the DeviceLock Agents from other DLP products.
The agent-hosted DPI technology also enables NetworkLock to flexibly control the level of user permissions to receive and send data in network communications. It starts from the basic receive/download/view-only access to web services and network applications. For Instant Messengers, the basic level allows for chatting but not for sending files. The next more extended level adds permissions to send email and webmail messages, fill in web forms, and publish posts and comments. And, finally, users with full permissions can additionally send emails and webmails with attachments, send files via IMs, and upload files to social networks, FTP servers, cloud-based file storage, and so on.
If necessary, some communications can be whitelisted from controls by using a granular mix of various network, user and application-related parameters. It is even possible to control whether the content of whitelisted communications is inspected or not.
Another critical capability of NetworkLock can inspect not only plain but also any SSL-protected communications. The inspection is done without any external SSL proxies and is completely transparent to end users.
At the same time, NetworkLock’s controls cannot be bypassed by communications tunneled through HTTPS or SOCKS proxies. These tunnels can be detected and blocked. In addition to the features noted above, a built-in stateful packet firewall can be used to control those connections unrecognized by the DPI engine. As well, NetworkLock enables administrators to log monitored communications, send real-time alerts on DLP policy violations, and shadow-copy the data transferred to the network from protected computers. This data is automatically delivered to the central shadow log for further analysis, such as IT security audit and incident investigations.
With its unique set of features, functionality and underlying technology, DeviceLock DLP is designed to intercept and analyze data transfers though network channels, apply effective content-aware mechanisms, and significantly increase the level of network security in organizations of any size and industry.