Over the years Organisation invested heavily in enterprise firewalls, anti-virus, intrusion detection, intrusion prevention, user authentication and other traditional perimeter security measures to ensure that your organization’s private information is safe and secure. These steps have been quite effective in preventing devastating security breaches caused by malicious remote hackers trying to steal information or disrupt your operations from some dark basement on the other side of the world.
But many business executives who’ve made these investments have a false sense of security. What they’re overlooking is the threat posed by the “trusted insider”. In today’s world of widespread adoption of personal mobile devices in the workplace (commonly known as “BYOD” or Bring Your Own Device), it’s becoming increasingly important to secure your organization’s data assets from both malicious insiders and from unintentional mistakes made by employees, contractors or visitors.
The DeviceLock component includes an entire set of context controls together with event logging and data shadowing printing. DeviceLock also provides the core platform for all other functional modules of the product suite and includes its central management and administration components.
Administrators can control which users or groups can access USB, FireWire, Infrared, COM and LPT ports; WiFi and Bluetooth adapters; any type of printer, including local, network and virtual printers; Windows Mobile, BlackBerry, iPhone and Palm OS-based PDAs and smartphones; Terminal Services devices; as well as DVD/BD/CD-ROMs, floppy drives, and other removable and Plug-and-Play devices. It's possible to set devices in read-only mode and control access to them depending on the time of day and day of the week.
DeviceLock’s network based protection is port-independent and recognizes network applications types and protocols where data leakage can occur. NetworkLock can be configured to control web mail, social networking communications, instant messaging, file transfer operations and Telnet sessions. NetworkLock can intercept, inspect and control plain and SSL-tunneled SMTP email communications with messages and attachments controlled separately, as well as web access and other HTTP-based applications and encrypted HTTPS sessions. Messages and sessions are reconstructed with file, data and parameter information extracted and then passed to the ContentLock module for content filtering. Audit (event) logging and data shadowing trails are maintained as conditionally specified.
Furthering the DLP features of DeviceLock is the ContentLock module which supports content filtering for data objects copied to removable drives, other Plug-n-Play storage devices, sent to printers, and through network communications secured by the NetworkLock module on the endpoint. Recognizing more than 80 file formats and data types, ContentLock extracts and filters the content of files and other data object types including emails, instant messages, web forms, social network exchanges, etc. ContentLock filters data streams based on desired Regular Expression (RegExp) patterns, numerical conditioning and Boolean combinations of “AND/OR” criteria matching. Over 50 contextual parameters can be used. These include users, computers, groups, ports, interfaces, devices, data channels, types, data flow directions, day/time boundaries, etc.