Version 6 helps prevent internal data theft or accidental malicious downloads
Desktop PCs are like sieves when it comes to potential data leaks. Each port and drive is like a hole through which data can escape or be stolen.
Firewalls and encryption can protect a network from external threats, but locally unsecured devices and ports are vulnerable to internal attacks or simple carelessness.
Endpoint security products aim to prevent those types of data loss. One such product is DeviceLock from SmartLine, which we reviewed a couple of years ago. We found the product an easy-to-use, highly customizable and effective way to prevent internal data theft or accidental malicious downloads.
The company recently released Version 6.0 of the product, which contains several significant new features and improvements.
The core functionality of the product remains the same. It prevents leaks by controlling user access to devices and ports on a PC. It does this by intercepting every request from a user to the device and then checking to see whether the user has permission to use the device. If not, the user receives an “access denied” message.
DeviceLock can protect a surprisingly long list of ports and devices. They include USB ports, FireWire ports, serial ports, parallel ports, Bluetooth adapters, Wi-Fi adapters, CD and DVD drives (including writable drives), floppy drives, tape devices and removable storage devices such as memory sticks, flash drives, external hard drives and Iomega Zip drives.
We like the one-stop shopping interface that lets you view computers that are running DeviceLock, remotely deploy the software and set permissions for each device type. Setting time and day access for users or groups is a simple matter of selecting squares on a grid.
One important new feature in DeviceLock 6.0 is an optional data-shadowing capability. Data shadowing captures all data that users copy to removable devices, burn to CDs and DVDs, or print. The shadow copies can reveal whether the duplication breaches the agency’s data integrity policy.
Another new feature is the Media White List, which allows administrators to authorize access to specific DVD/CD-ROM disks even when DeviceLock has otherwise blocked access to the DVD/CD-ROM drive. DeviceLock identifies the allowable disks by a special data signature.
If anyone changes the content of the disk, the data signature will change and DeviceLock will then block that disk. This safeguard prevents people from using a white-listed disk to introduce unwanted data to the network.
The Media White List is useful to agencies that routinely use CDs and DVDs to distribute software or instruction manuals over the network. This feature can also let administrators specify allowed users and groups so that only authorized users can access the contents of the disk.
DeviceLock 6.0 also offers an improved and integrated Active Directory Group Policy Manager console. The console allows DeviceLock to be as scalable as any Active Directory environment, allowing administrators to manage hundreds of thousands of Microsoft Windows desktop PCs.
DeviceLock can also manage any Lightweight Directory Access Protocol network of Windows PCs, including mixed network operating system environments.
Pricing starts at $35 per license with volume discounts beginning at 25 licenses.
NEXT STORY: DOD IT resources failed during Katrina