Enterprise Data Loss Prevention & Device Control


October 21, 2009 – Today, DeviceLock, Inc., a worldwide leader in endpoint data leak prevention software solutions, announced support for Microsoft’s newest operating system, Windows 7. Delivering a full set of context-aware data leak prevention capabilities, the latest release of DeviceLock® software version 6.4.1 can be installed on all new Windows 7 desktops, laptops and servers for immediate protection from insider-originated data breaches.

With Windows 7 so highly anticipated, we recognize that many customers will want to waste no time in migrating to the new platform. So we pulled out all the stops to build Windows 7 support into DeviceLock before the operating system launch,” noted Ashot Oganesyan, DeviceLock CTO and Founder. “This just underscores our commitment to providing the best-in-class endpoint DLP product and to supporting our customers in their effort to stay compliant with stringent state regulations and industry standards regarding protection of their corporate and customer data.”

Far exceeding device control features available in Windows 7, DeviceLock enables customers to precisely control, log, shadow-copy and audit end-user access to all types of local ports and peripheral devices on corporate endpoint computers, including USB, FireWire, LPT, COM, IrDA, Removable, HDD, Floppy, DVD/CD-ROM, Tape, Modem, Bluetooth, Wi-Fi, etc.

Featuring a patent-pending local synchronization filtering technology, DeviceLock gives security administrators the ability to centrally and granularly control which types of data specified users or their groups are allowed to synchronize between corporate computers and locally connected mobile devices including Windows Mobile®, Palm® and, now with the release of v6.4.1, iPhone® smartphones. DeviceLock 6.4.1 also adds phase-one BlackBerry® device type support that includes device presence detection, access controls and event logging. For Windows ActiveSync®, Windows Mobile Device Center, HotSync® and iTunes® protocols, DeviceLock can recognize and filter numerous data object types, thus empowering administrators to selectively allow or block the synchronization of files, emails, email attachments and accounts, contacts, tasks, notes, calendar items, bookmarks, and various media types. Time-based or schedule-based policies as well as data flow directional control can also be enforced for local synchronizations to allow corporate security policies to be more flexible, precise and dynamic.

Protecting organizations from uncontrolled printing activities at corporate endpoints, DeviceLock puts local and network printing under the strict control of IT security administration. By intercepting, filtering and tracing print spooler operations, DeviceLock enables centralized specification and local enforcement of user access privileges to any local, network, or virtual printers regardless of how they are connected to the computer, including any non-USB connections.

Complementing its port, device, and data channel-based controls with data type-level security, DeviceLock supports true file type detection and filtering. This function works by intercepting any file system’s read/write operations with peripheral devices, performing real-time analysis of the entire binary content of transmitted data, and enforcing applicable file-type-based security policies.

DeviceLock also integrates with leading encryption products from PGP, Lexar, SecurStar, and TrueCrypt in order to protect data exported to removable storage devices. In addition, DeviceLock blocks operations of USB and PS/2 hardware keyloggers.

DeviceLock provides scalable, centralized, and easy-to-learn management and administration via a customized Microsoft Management Console (MMC) snap-in that natively integrates with Group Policy Object Editor in Microsoft Active Directory. DeviceLock agents can be deployed, managed and administered completely from within an existing Microsoft Active Directory domain. A separate component, the DeviceLock Enterprise Server (DLES), is available for centrally auto-collecting audit and shadow data from managed endpoints. Highly-granular event logging and data shadowing configurations are supported for tracking and analyzing user actions on peripheral ports/devices, related system events and data transferred to peripheral devices. In addition, DLES can monitor remote DeviceLock-managed computers in real-time to check on agent status and policy template consistency.

New in DeviceLock 6.4.1 is an optional add-on component for full-text search in the central shadowing and event log database – DeviceLock Search Server (DLSS). DLSS is aimed at making the labor-intensive processes of information security compliance auditing, incident investigations, and forensic analysis more precise, convenient and time-efficient.

DeviceLock’s comprehensive mix of configurable policy parameters and options facilitates the definition and enforcement of a “least privilege” corporate IT security policy. With DeviceLock, IT security administrators are equipped to logically profile the business role of every employee, group or department with regard to their use of local PC ports and peripheral devices, keeping each to the minimal set of operations required to perform their role. This reduces the overall risk of data leaks and helps organizations to better comply with applicable IT security regulations and industry standards.

About DeviceLock, Inc.

Since its inception in 1996 as SmartLine, DeviceLock, Inc. has been providing endpoint device control software solutions to businesses of all sizes and industries. Protecting more than 4 million computers in over 60,000 organizations worldwide, DeviceLock has a vast range of corporate customers including financial institutions, state and federal government agencies, classified military networks, healthcare providers, telecommunications companies, and educational institutions. DeviceLock, Inc. is an international organization with offices in San Ramon (California, US), London (UK), Ratingen (Germany), Moscow (Russia) and Milan (Italy).