Function-Based Modular Solution Architecture with Incremental Licensing
DeviceLock DLP is designed as a modular architecture of standalone-feature products with add-on components whose functional capabilities are complementary to each other while their management is unified and licensing for modules other than Core is optional.
As a result, these products and components can be used in various combinations, thus allowing DeviceLock customers to choose cost-optimized solutions with only those functions necessary to satisfy their current security and/or budgetary needs. This modular architecture enables customers to incrementally upgrade the functionality of deployed DeviceLock products as their data protection requirements grow from the basic device/port control Core option up to the all-inclusive content-aware Endpoint DLP Suite solution.
The full DeviceLock Endpoint DLP Suite prevents leakage of data when they are used and moved locally on protected endpoint computers, as well as when the data are transmitted from corporate endpoints over network communications. Therefore, the Suite implements the functions of “data-in-use” (DIU) and “data-in-motion” (DIM) leak prevention.
The Suite’s fundamental component and basic standalone product option is DeviceLock® Core. It enforces fine-grained contextual controls over data access and transfer operations locally on the protected computer. These include user access to peripheral devices and ports, document printing, clipboard copy/paste operations, screenshot capturing, media format and eject operations, File Type Detection access controls, as well as synchronizations with locally connected mobile devices. It is important that DeviceLock Core includes the framework for all central management and administration components of the entire Suite, and therefore must be used in any Suite installation.
Another Suite’s component called NetworkLock™ is an optional add-on module which can be used together with DeviceLock Core to extend the Suite’s security functions with contextual controls over network communications of protected computers through often risky applications and protocols. These include popular email platforms, webmails, Instant Messengers (IMs), cloud-based file storage, social media, web access, web search engines, local network shares, torrent P2P file sharing, as well as FTP and Telnet protocols.
The third functional component – ContentLock™, which is also an optional add-on to DeviceLock Core, performs content inspection and filtering of files and other data objects used on or transferred from the protected computer. For local access and transfer operations, data objects are supplied for analysis to ContentLock by DeviceLock Core, while NetworkLock provides files, messages, IM sessions, web form interactions, and other data extracted from network communications to ContentLock.
EtherSensor™ is an optional high-performance network event and message extraction system that enables organizations to implement comprehensive monitoring, capturing, and analysis of corporate network traffic in real-time with the aim of reconstructing, filtering, and collecting transmitted application-level data objects. Collected messages, metadata, and logs can be delivered to the central log database of DeviceLock DLP. EtherSensor can capture and log network events, as well as reconstruct and collect messages and files of several thousand Internet services without involving DeviceLock Agents in order to monitor internal and external data exchanges via email, webmails, social networks, instant messengers, job seeking services, blogs, and forums.
In addition to these preventive components, an optional post-analysis component – DeviceLock Search Server (DLSS) can be used to perform full-text searches in the central audit log database and shadow log and file repository. DLSS is aimed at making the labor-intensive processes of log analysis during information security audits and incident investigations much faster and more accurate.
Bundled in different combinations with the basic DeviceLock Core, NetworkLock, ContentLock, and the DLSS implement various functional subsets of the DeviceLock Endpoint DLP Suite.
To prevent leakage of “data-at-rest” stored on corporate endpoints and on network shares, a dedicated content discovery and remediation product called DeviceLock Discovery (DLDS) scans files residing on file shares and network attached storage systems in the corporate network, as well as on Windows endpoint computers. The DLDS locates documents with exposed sensitive content and optionally protects them with configurable automatic remediation actions.
This modular architecture, together with incremental licensing of optional components, make DeviceLock DLP a practical solution for organizations of any size and budget – from SMBs to large enterprises.