Advanced Data Loss Prevention Technologies
DeviceLock DLP benefits for customers are based on its advanced technologies and unique product capabilities.
DeviceLock DLP technical differentiators complemented by functional incremental licensing, unique scalability, as well as easy learning, deployment, and maintenance altogether define its business advantages over the competition:
- With more endpoint data channels and communications protected at contextual and content levels, more leakage scenarios blocked and a higher control quality, DeviceLock Agent has better preventive DLP controls than its rivals.
- DeviceLock DLP does not require a separate, dedicated management platform – because DeviceLock Agents can be centrally deployed and fully managed natively via Group Policies from the corporate Active Directory. As a result, the solution scales from SMB to large enterprises. To put it simply, DeviceLock DLP is as scalable as Active Directory.
- At the same time, due to its full administrative interface integration with the Microsoft GPMC, which is familiar to every system and security administrator, DeviceLock is much easier to learn, deploy and maintain than any other DLP solution.
- Yet, any customer investments in DeviceLock products are fully protected, because DeviceLock DLP supports incremental functional upgrades from the basic device control option up to its full content-aware and network-aware DLP Suite. It is important to note that the upgrade does not require a DeviceLock re-installation and neither system nor network modifications have to be made in the customer’s IT infrastructure. The presence of DLP module licensing and settings being pushed by the policy will activate the necessary processes latent in the existing endpoint Agent.
- With its successful 20+ year history on the international market and with customers from sensitive industries, defense, and government in 100+ countries, DeviceLock is a time-proven and trusted infosecurity product.
Advanced Technologies Ensure Customer Benefits
- DeviceLock kernel-mode Agents enforce the widest set of endpoint contextual controls in the industry over local ports; peripheral, virtual, and redirected devices; the Windows clipboard, true file types, Windows print screen functions, and over network applications and protocols to prevent endpoint data leaks. Technically, “the widest” claim means that more data leak scenarios are controlled for local channels and network communications, as well as more depth and breadth of control parameters and their configurable options can be enforced over data access and transfer scenarios.
- The DeviceLock Agent is the only endpoint DLP agent with a built-in deep packet inspection (DPI) engine, which provides for universal, application, and web browser-independent control of user communications via most network protocols and applications. These include SMTP, HTTP/HTTPS, WebDAV, FTP(S), Telnet, as well as Torrent-based P2P file sharing. NetworkLock uses this DPI technology to detect the protocol and application type regardless of the network ports they use. The DPI engine intercepts and disassembles the traffic of detected applications, reconstructs their sessions, and extracts their parameters necessary for enforcing contextual controls – such as who’s account is transferring data and to whom or where to, what is being transferred (e.g. email, instant message session, file, webform, or blog post), how the data are transferred (e.g. which type of email application/protocol or IM is used), and when (during business hours, “after hours”, or on weekends as might be restricted).
- DeviceLock DLP administration can be deployed and fully managed natively via Group Policies from a Microsoft Active Directory installation – without any separate DLP management server. In fact, DeviceLock can use Active Directory (AD) as its DLP management platform, and uses native AD objects, containers, and MMC snap-in friendly tools.
- Going beyond DLP for Windows computers, DeviceLock has developed an endpoint agent for Macintosh (Mac) computers, which supports essential port and device security control and audit capabilities. Uniquely with the assistance of our DeviceLock Enterprise Server module, if the Mac computer accounts are members of the domain bindery, they can also be conveniently managed via Group Policies from Microsoft Active Directory in the same uniform way as are the DeviceLock Agents for Windows with the assistance of a DeviceLock Enterprise Server instance. In addition, the DeviceLock Agent for Macs integrates with the Apple’s FileVault encryption feature where DeviceLock policy can allow users copying data to a removable storage, but only if it is a partition that is verifiably encrypted by FileVault.
- For most of the Instant Messaging (IM) applications controlled by DeviceLock, the Agent can inspect and filter the content of not only outgoing files but also chat session messages. An indicative example of such a messenger is Skype Desktop for Windows and all web-based Skype clients, including those used in Skype for Business. In addition, DeviceLock can control permissions to make and receive Skype media calls depending on user identities or group memberships.
- Another unique technology enables DeviceLock to universally block or allow Torrent-based file sharing communications for any torrent agents over TCP, UDP, and HTTP/HTTPS protocols.
- DeviceLock can also completely block Tor Browser communications – regardless of the obfuscation methods used to hide the Tor traffic.
- Major advantages of the unique agent-resident DeviceLock Optical Character Recognition (OCR) in comparison with server-based OCR solutions include its ability to prevent leakage of sensitive textual data in images via local data channels on the endpoint, as well as from laptops when used physically outside of the corporate network and any of its perimeter controls.
- With DeviceLock, data leaks via the printing channel are prevented by a printer and application independent content filtering technology that also enables for all shadow copies of printed documents to be stored as searchable PDF files regardless of their original file formats.
- DeviceLock DLP features a comprehensive and scalable logging subsystem with optional automated log collection and delivery to the central database, content-aware data shadowing, a forensic viewer, and built-in full-text searching. Alternatively, DeviceLock Agents can feed your preferred SYSLOG or SNMP-based SEIM system in real-time for reporting purposes.
- The tamper-proof DeviceLock Agent protects itself in configurable degrees from the malicious actions of end users, but can also prevent access to local system administrators – a unique capability for endpoint DLP agents.
- Uniquely, the DeviceLock Virtual DLP (VDLP) feature delivers content-aware endpoint DLP for solutions using remote virtualization platforms, such as Microsoft RDS, Citrix XenDesktop, Citrix XenApp, and VMware View. Citrix and VMware have certified DeviceLock DLP as Citrix® Ready and VMware® Ready, respectively. DeviceLock’s VDLP capabilities that provide on-the-fly content-filtering security with OCR capabilities for users with shared virtual clipboards and virtually “mapped drives” regardless of the user’s device are exclusive in the industry for virtual desktop (VDI) and RDP/virtual/remote session use cases.