With the huge popularity of iPods, USB thumb drives, and smartphones, data loss through removable media is one of the greatest security risks facing organizations today. Data Clone Labs provides planning, policy, and implementation of appropriate removable security tools.
Firewalls and antivirus software are no defense against acts of data theft from within an organization. If you are a system administrator, you know you can't truly manage device-level activity via Group Policy.
With DeviceLock, organizations can manage, monitor and control USB and FireWire devices, WiFi and Bluetooth adapters, CD-Rom and floppy drives, serial and parallel ports, PDAs and smartphones, local and network printers and many other plug-and-play devices.
For enterprises standardized on software and hardware-based encryption solutions like PGP® Whole Disk Encryption, TrueCrypt and Lexar® SAFE PSD S1100 USB drives, DeviceLock® allows administrators to centrally define and remotely control the encryption policies their employees must follow when using removable devices for storing and retrieving corporate data. For example, certain employees or their groups can be allowed to write to and read from only specifically encrypted USB flash drives, while other users of the corporate network can be permitted to "read only" from non-encrypted removable storage devices but not write to them.
The USB white list allows you to authorize only specific devices that will not be locked regardless of any other settings. Media White Listing can also specify allowed users and groups, so that only authorized users are able to access the contents of the DVD or CD-ROM.
The DeviceLock's optional data shadowing capability significantly enhances the corporate IT auditor’s ability to ensure that sensitive information has not left the premises on removable media. It captures full copies of files that are copied to authorized removable devices, Windows Mobile and Palm OS-based PDAs and smartphones, burned to CD/DVD or even printed by authorized end users. Shadow copies are stored on a centralized component of an existing server and any existing ODBC-compliant SQL infrastructure of the customer’s choosing.
DeviceLock® Enterprise Server can monitor remote computers in real-time, checking DeviceLock® Service status (running or not), policy consistency and integrity. The detailed information is written to the Monitoring log. Also, it is possible to define a master policy that can be automatically applied across selected remote computers in the event that their current policies are suspected to be out-of-date or damaged.
DeviceLock® provides a level of precision control over device resources unavailable via Windows Group Policy - and it does so with an interface that is seamlessly integrated into the Windows Group Policy Editor. As such, it’s easier to implement and manage across a large number of workstations.
With DeviceLock you can:
Control which users or groups can access USB, FireWire, Infrared, COM and LPT ports; WiFi and Bluetooth adapters; any type of printer, including local, network and virtual printers; Windows Mobile and Palm OS-based PDAs and smartphones; aswell as DVD/CD-ROMs, floppy drives, and other removable and Plug-and-Play devices
Control access to devices depending on the time of day and day of the week
Define which types of data (files, calendars, emails, tasks, notes, etc.) are allowed to synchronize between corporate PCs and personal mobile devices
Detect encrypted PGP® and TrueCrypt disks (USB Flash Drives and other removable media) as well as Lexar® SAFE PSD encrypted flash drives and apply special "encrypted" permissions to them
Authorize only specific USB devices that will not be locked regardless of any other settings
Grant users temporary access to USB devices when there is no network connection (you provide users with the special access codes over the phone that temporarily unlock access to requested devices)
Protect against users with local administrator privileges so they can't disable DeviceLock® Service or remove it from their computers, if they are not in the list of DeviceLock® administrators
Set devices in read-only mode
Protect disks from accidental or intentional formatting
Detect and block hardware keyloggers (USB and PS/2)
Deploy permissions and settings via Group Policy in an Active Directory domain
Use the standard Windows RSoP snap-in to view the DeviceLock® policy currently being applied, as well as to predict what policy would be applied in a given situation
Control everything remotely using the centralized management console
Get a complete log of port and device activity, such as uploads and downloads by users and filenames in the standard Windows Event Log
Mirror all data (shadowing) copied to external storage devices (removable, floppy, DVD/CD-ROM), Windows Mobile or Palm OS PDAs and smartphones, transferred via COM and LPT ports and even printed
Store shadow data on a centralized component of an existing server and any existing ODBC-compliant SQL infrastructure
Monitor remote computers in real-time, checking DeviceLock Service status (running or not), policy consistency and integrity
Generate a report displaying the USB, FireWire and PCMCIA devices currently connected to computers and those that were connected
Create a custom MSI package for DeviceLock® Service with predefined policies.
Data Clone Labs is one the nation's leading experts on removable security, and on the effective use of tools like DeviceLock. Contact Us right away to find out how best to add this important layer of security to your organization.