Advanced Technologies Ensure Customer Benefits
DeviceLock DLP benefits for customers are based on its advanced technologies and unique product capabilities:
DeviceLock kernel mode Agents enforce the widest set of endpoint contextual controls in the industry over local ports; peripheral, virtual, and redirected devices; the Windows clipboard, true file types, Windows print screen functions, and over network applications and protocols to prevent endpoint data leaks. Technically, “the widest” claim means that more data leak scenarios are controlled for local channels and network communications, as well as more depth and breadth of control parameters and their configurable options can be enforced over data access and transfers.
The DeviceLock Agent is the only endpoint DLP agent with a built-in deep packet inspection (DPI) engine, which provides for universal, application, and web browser-independent control of user communications via most network protocols and applications. These include SMTP, HTTP/HTTPS, WebDAV, FTP(S), Telnet, as well as Torrent-based P2P file sharing. NetworkLock uses this DPI technology to detect the protocol and application type regardless of the network ports they use. The DPI engine intercepts and disassembles the traffic of detected applications, reconstructs their sessions, and extracts their parameters necessary for enforcing contextual controls – such as who’s account is transferring data and to whom or where to, what is being transferred (e.g. email, instant message session, file, webform, or blog post), how the data are transferred (e.g. which type of email application/protocol or IM is used), and when (during business hours, “after hours”, or on weekends as might be restricted).
DeviceLock DLP administration can be deployed and fully managed natively via Group Policies from a Microsoft Active Directory installation – without any separate DLP management server. In fact, DeviceLock can use Active Directory (AD) as its DLP management platform, and uses native AD objects, containers, and MMC snap-in friendly tools.
Going beyond DLP for Windows computers, DeviceLock has developed an endpoint agent for Macintosh (Mac) computers, which supports essential port and device security control and audit capabilities. Uniquely with the assistance of our DeviceLock Enterprise Server module, if the Mac computer accounts are members of the domain bindery, they can also be conveniently managed via Group Policies from Microsoft Active Directory in the same uniform way as are the DeviceLock Agents for Windows. In addition, the DeviceLock Agent for Macs integrates with the Apple’s FileVault encryption feature where DeviceLock policy can allow users copying data to a removable storage, but only if it a partition that is verifiably encrypted by FileVault.
For most of the Instant Messaging (IM) applications controlled by DeviceLock, it can inspect and filter the content of not only outgoing files but also chat session messages. An indicative example of such a messenger is Skype Desktop for Windows and all web-based Skype clients, including those used in Skype for Business. In addition, DeviceLock can control permissions to make and receive Skype media calls depending on user identities or group memberships.
Another unique technology enables DeviceLock to universally block or allow Torrent-based file sharing communications for any torrent agents over TCP, UDP, and HTTP/HTTPS protocols.
DeviceLock can also completely block Tor Browser communications – regardless of the obfuscation methods used to hide the Tor traffic.
Major advantages of the unique agent-resident DeviceLock Optical Character Recognition (OCR) in comparison with server-based OCR solutions include its ability to prevent leakage of sensitive textual data in images via local data channels on the endpoint, as well as from laptops when used physically outside of the corporate network.
With DeviceLock, data leaks via the printing channel are prevented by a printer and application independent content filtering technology that also enables for all shadow copies of printed documents to be stored as searchable PDF files regardless of their original file formats.
DeviceLock DLP features a comprehensive and scalable logging subsystem with optional automated log collection and delivery to the central database, content-aware data shadowing, a forensic viewer, and built-in full-text searching.
The tamper-proof DeviceLock Agent protects itself in configurable degrees from the malicious actions of end users but can also prevent access to local system administrators – a unique capability for endpoint DLP agents.
Uniquely, the DeviceLock Virtual DLP (VDLP) feature delivers content-aware endpoint DLP for BYOD solutions using remote virtualization platforms, such as Microsoft RDS, Citrix XenDesktop, Citrix XenApp, and VMware View. Citrix and VMware have certified DeviceLock DLP as Citrix® Ready and VMware® Ready respectively. DeviceLock’s VDLP capabilities that provide on-the-fly content-filtering security with OCR capabilities for users with shared virtual clipboards and virtually “mapped drives” regardless of the user’s device are exclusive in the industry for virtual desktop (VDI) and virtual/remote session use cases.