Enterprise Data Loss Prevention & Device Control


November 04, 2009 – DeviceLock, Inc., a worldwide leader in endpoint data leak prevention software solutions, today announced two milestone achievements in its drive to provide protection from data leakage via mobile devices. In its newest release, version 6.4.1, DeviceLock® software now delivers highly granular, interface-independent control over local data synchronizations between iPhone® and iPod® touch mobile devices and corporate endpoint computers like employee desktops and laptops. DeviceLock 6.4.1 also adds phase-one BlackBerry® device type support including device presence detection, access control and logging. With iPhone and BlackBerry support, DeviceLock delivers an unprecedented level of completeness and quality of local synchronization control between DeviceLock-protected computers and most popular business-level smartphones including Windows Mobile®, Palm®, iPhone, and BlackBerry platforms.

There are many legitimate reasons for an employee to connect a smartphone to their office PC and run a local synchronization for data transfer. However, anyone with an illegitimate purpose in mind, like data theft, knows that such transfers completely bypass the corporate network and cannot be controlled by any network-based security solutions,” explained Ashot Oganesyan, DeviceLock CTO and Founder. “An all-or-nothing approach – when all smartphones are either allowed or prohibited to sync locally with a particular computer – is too risky. The ‘all’ setting risks security, the ‘none’ productivity. You need a means of defining and enforcing permissions on a more flexible, granular basis. Our customers already count on DeviceLock for permissions-based management of removable storage devices, so it’s a natural extension to cover local syncs by popular smartphone platforms. With DeviceLock in place, IT security organizations can impose a “least privilege” mobile device policy that limits data exchanges to only specific smartphones and to only the types of data required for exercising an employee’s business duties.”

Featuring a patent-pending local synchronization filtering technology, DeviceLock gives security administrators the ability to centrally control which types of data specified users or their groups are allowed to synchronize between corporate computers and locally connected mobile devices including Windows Mobile, Palm, iPhone, and iPod. In addition, BlackBerry® smartphones are supported including device presence detection, access control and event logging.

For Windows ActiveSync®, Windows Mobile Device Center, HotSync® and iTunes® protocols, DeviceLock can recognize and filter numerous data object types, thus empowering administrators to selectively allow or block synchronization of files, emails, email attachments and accounts, contacts, tasks, notes, calendar items, bookmarks, and various media types. For Windows Mobile devices, permissions can also be defined for remote installation and execution of applications.

Time or schedule-based policies, as well as data flow direction control can also be enforced for local synchronizations to allow corporate security policies to be more flexible, precise and dynamic. DeviceLock detects the presence of any supported mobile device regardless of its connection interface. Smartphones that connect through a USB interface can be identified and white-listed with fine granularity, up to a unique device.

For organizations of any size and industry, DeviceLock software proactively protects endpoint computers against local data leaks and malware infiltration resulting from insider negligence, accidental mistakes or malicious actions. It enables IT security personnel to precisely control, log, shadow-copy and audit end-user access to all types of local ports and peripheral devices, including personal mobile devices, as well as local and network printers. Complementing its port, device, and data channel-based controls with data type-level security, DeviceLock supports true file type detection and filtering. This function works by intercepting any file system’s read/write operations with peripheral devices, performing real-time analysis of the entire binary content of transmitted data, and enforcing applicable file-type based security policies. DeviceLock also integrates with leading encryption products from PGP, Lexar, SecurStar, and TrueCrypt in order to protect data on removable storage devices. In addition, DeviceLock blocks operations of USB and PS/2 hardware keyloggers.

DeviceLock provides scalable, centralized, and easy-to-learn management and administration via a Microsoft Management Console (MMC) that natively integrates with Group Policy Object Editor in Microsoft Active Directory. DeviceLock agents can be deployed, managed and administered completely from within an existing Microsoft Active Directory domain. A separate component, the DeviceLock Enterprise Server (DLES), is available for centrally auto-collecting audit and shadow data from managed endpoints. Highly-granular event logging and data shadowing configurations are supported for tracking and analyzing user actions on peripheral ports/devices, related system events and data transferred to peripheral devices. In addition, DLES can monitor remote DeviceLock-managed computers in real-time to check on agent status and policy template consistency. New in DeviceLock 6.4.1 is an optional add-on component for full-text search in the central shadowing and event log database – DeviceLock Search Server (DLSS). DLSS is aimed at making the labor-intensive processes of information security compliance auditing, incident investigations, and forensic analysis more precise, convenient and time-efficient.

About DeviceLock, Inc.

Since its inception in 1996 as SmartLine, DeviceLock, Inc. has been providing endpoint device control software solutions to businesses of all sizes and industries. Protecting more than 4 million computers in over 60,000 organizations worldwide, DeviceLock has a vast range of corporate customers including financial institutions, state and federal government agencies, classified military networks, healthcare providers, telecommunications companies, and educational institutions. DeviceLock, Inc. is an international organization with offices in San Ramon (California, US), London (UK), Ratingen (Germany), Moscow (Russia) and Milan (Italy).