Infrastructure: Windows desktops, laptops & thin clients, Linux OES thin clients, VDI Why try & buy? Unauthorized use of peripheral
devices on corporate computers can create security risks and support
nightmares. USB thumb drives and other portable storage devices
represent a danger to corporate data. Users who plug them into
computers may inadvertently introduce viruses or spyware. Even worse,
employees can copy large amounts of confidential data to these
devices, and you won’t know in whose hands this data will end
up.
DriveLock is a leading solution for controlling all peripherals in
your network and securing your mobile data. Unparalleled flexibility
and granular control mean that you can achieve this protection without
adding to the workload for IT administrators. DriveLock has the best
integration with Windows Active Directory. Product description: DriveLock gives you complete and granular control over who is allowed to connect which device to a corporate computer. You can also control what users can copy to or from these devices. For example, you can prevent the use of music players, portable hard drives and novelty items, such as coffee warmers, without blocking approved devices, such as keyboards, mice and printers.
- All configuration is done using a Microsoft Management Console (MMC) snap-in
- Device Scanner allows you to find out which devices are or were ever connected to all computers in your network and simplifies the creation of rules
- Easy client deployment using Group Policy or other software deployment system
- Central configuration using Active Directory and Group Policy
- Alternate configuration mechanism using configuration files via UNC path, HTTP or FTP
- Supports Group Policy Management Console (GPMC) and NetIQ Group Policy Administrator
- Remote connection to Client computers to temporarily unlock devices and to troubleshoot policy enforcement
- Remote identification of devices connected to clients
- Quick policy deployment using templates for common computer models (Dell, HP, IBM, etc.)
- Deployment Wizard
- Customizable taskbar notification with HTML text
- Multilingual user interface (MUI), supporting 6 languages, more to be added soon
- Anti-tampering mechanisms, such as an optional password for uninstalling DriveLock to prevent unauthorized disabling of the system protection
|
Data Filtering (1st of 9 themes)
What can it do for you? DriveLock Standard gives you
control what can be copied to or from removable media.
Features:
DriveLock Standard filters your
in/outbound ports on to be copied confidential information. DriveLock
can allow or block the copying of files according to your rules. File
types are identified based on content, not just by file extension. You
can choose from the many file types that DriveLock can identify, or
you can create additional file definitions and even extend the rule
processing by creating your own custom DLLs. |
Device Control (2nd of 9 themes)
What can it do for you? DriveLock Standard controls the
use of all devices. It gives you intelligent control of mobile
devices, including digital cameras, MP3 players, cell phones,
BlackBerry devices and many others. And that means that you can decide
who can use which devices in your network. You can define general
rules that apply to all devices of the same type and create detailed
whitelist and blacklist rules for specific devices or models.
DriveLock Standard enforces these rules throughout your network to
help you prevent network instability and the loss of important
data.
Features:
|
Port Control (3rd of 9 themes)
What can it do for you? If you do not control your
computer ports, you give the possibility of unauthorized peripheral
devices being connected to your computer ports with all associated
risks. As well as data transfer from the network to a peripheral
device with risk of information theft or leakage, as well as in
opposite direction with virus contamination or unwanted private photos
in your network. DriveLock Standard gives you complete control over
who is authorized to connect which device to your available USB or
wireless computer ports.
Features:
- Blocks most port types (USB
controllers, PCMCIA controllers controllers 1394/Firewire infrared
controllers, serial (COM) and parallel (LPT) ports)
- Configurable whitelists to
authorize access to peripherals (type or model)
- Separate access lists can be
defined for each peripheral device or a group of
peripherals
- Access can be given to users
and user groups
- Full integration with Active
Directory and Group Policy
- Supports other network
operating systems (Novell NetWare, Linux)
- Dynamic policy is enforced
when another user logs into the network
|
Auditing Devices & Drives (4th of 9 themes)
What can it do for you? DriveLock Standard logs
operations with peripheral devices, for example data transfer, read
and write operations to and from removable storage media. Reports can
be generated from log events.
Features:
- Event suppression for double
events.
- Cached events are stored in
a file.
- Advanced features including
log configuration changes (including change details), use of
management console, a temporary release of DriveLock agent, agent
using remote control, encryption events, or launch an application
blocking, network configuration changes.
- Additional analysis
capabilities of these events are possible by using the Security
Reporting Center.
|
Encryption of Full Disks (5th of 9 themes)
What can it do for you? DriveLock Full Disk Encryption
eliminates the risk of data loss by theft of laptops on which data is
not encrypted. DriveLock Full Disk Encryption protects transparently
all data on your hard drives without requiring users to change the way
they work.
The Rapid Recovery mechanism enables fast and targeted recovery of
critical data from a damaged disk. This ensures business continuity by
allowing users to continue working on current projects with a minimum
of downtime.
DriveLock Full Disk Encryption Edition secures all partitions using
FIPS 140-2 certified encryption, including the system partition.
Access is controlled using Pre-Boot Authentication. Encryption happens
entirely in the background and doesn’t disrupt the use of the
computer. Single sign-on lets users log on using their regular Windows
credentials and without multiple authentication prompts. Emergency
logon and recovery tools ensure that you’re in control, even
when the unforeseen happens. Administration is intuitive and simple.
All settings are configured using central policies that are controlled
by the DriveLock management console. Encryption is monitored by
DriveLock Security Reporting Center.
DriveLock has an easy Rapid Recovery mechanism in case of damaged disk
or forgotten password.
DriveLock Full Disk encryption has AD/ADAM direct management. AD can
be used for management of Windows users. Fully integrated with Windows
User Management. Synchronisation with external database is not
required. Fast and easy deployment.
Features:
- Encrypt entire hard drives,
including system partition
- FIPS140-2
encryption
- Pre-boot authentication with
single sign-on
- Mature tools to decrypt
damaged drives
- One-time logon options for
users who forgot a password
- Support for token and
smartcard logon
- Central administration and
monitoring of encryption status
- DriveLock Full Disk
Encryption uses DriveLock Management Console
|
Application Control (6th of 9 themes)
What can it do for you? With DriveLock Application Launch
Filter (ALF) Edition you can control who can run which application.
You can also make programs available only when a computer is connected
to a specific network. The high flexibility and ease of configuration
of the DriveLock ALF Edition combine to make it an invaluable tool for
making your network more secure. Flexible whitelist and blacklist
rules allow for unparalleled granular control. It enforces
comprehensive policies for application usage.
With DriveLock ALF you can also block the execution of applications
running on a computer or in a Terminal Services session.
DriveLock ALF protects your network against zero-day exploits and
Trojan Horse programs by allowing only authorized programs to be used.
With the auditing mode you can monitor application use and get a
complete picture of who is running which programs in your network.
Features:
DriveLock Application Launch
Filter has a continually updated online database of millions of
applications which makes configuration of the DriveLock Application
Launch Filter (ALF) extremely easy. The same ease of use applies to
updating the DriveLock ALF in your internal network. The Application
Scan feature makes an administrator’s job even easier. You can
scan a computer that is configured according to company standards and
then apply the same configuration to all other computers in the
network.
More features:
- Comprehensive control over
who can start which programs
- Flexible combination of
whitelists and blacklists
- Auditing of all application
usage
- Easy administration of
allowed applications using application hash databases
- Online hash database with
millions of application hash values
|
Encryption of Removable Media (7th of 9 themes)
What can it do for you? Accidental disclosure of
sensitive data due to lost or stolen storage devices can be very
costly. DriveLock 2GO Edition can give you peace of mind by
automatically and transparently encrypting data that’s copied to
removable drives. It encrypts data on any mobile device, like
USB-stick, CD, DVD, smart phones, PDA.
There are times when employees have a legitimate need to copy data to
mobile devices. However, laptop computers, flash drives, CDs, DVDs,
smart phones and PDAs are frequently lost. With the comprehensive
encryption features of DriveLock 2GO Edition you can be confident that
such a loss won’t result in the disclosure of confidential data.
From encryption to burning encrypted CDs. DriveLock has the tool to
keep your data confidential, no matter what device they're stored on.
If you need to work on your data at home or share files with someone
else, the Mobile Encryption Application lets you access your encrypted
information even on computers where DriveLock is not installed, and
without the need for local administrative rights.
Password recovery for encrypted removable media and container files is
easy and flexible. If a user forgets a password, a challenge-response
mechanism lets the helpdesk create a pass code that restores access to
the user. This works whether user is online or offline and
doesn’t require transmitting any administrative credentials.
Features:
- Encrypt data with
state-of-the-art encryption (up to 256-bit encryption strength)
- Choice of industry-standard
encryption algorithms (AES, 3DES, Blowfish, etc.)
- Encrypt data on mobile
devices or hard disks
- Automatic and transparent
encryption of data copied to mobile devices
- Wizard for burning
encrypted CDs and DVDs
- Ability to decrypt data on
computers without requiring installation of DriveLock
- Safe recovery of containers
with lost password (online and offline)
When you need to ensure that only encrypted data is stored on these
devices, DriveLock 2GO Edition can enforce encryption and monitor data
transfers for compliance reporting.
DriveLock 2GO Edition offers a
very affordable option for all used drives (disks) to delete these
completely and securely before they are sold or traded. Removes all
trace of confidential data on all drives.
Unencrypted confidential data should for safety reasons not to be
removed by "standard" features, but special secure deletion
software like this. Supports secure deletion algorithms of BSI, U.S.
Department of Defense and others. Suitable for hard disks and
removable disks of client computers.
|
Network Profiles (8th of 9 themes)
What can it do for you? DriveLock Standard immediately
recognizes when the computer is connected to a different network and
applies the settings you configured for this network.
Features:
With DriveLock Standard each
drive, device or application whitelist rule can be set to apply to one
or more network profiles, which correspond to specific networks. You
can use network profiles to prevent connections to unapproved
networks. You can also ensure whether devices or applications can be
used while a computer is connected to your corporate network or while
outside the office. To prevent network intrusions you can
automatically disable wireless connections while a computer is
connected to your company LAN. |
Shadowing (9th of 9 themes)
What can it do for you? DriveLock Standard is able to
create a shadow copy of files that are copied to and from removable
storage media including memory sticks.
Features:
With DriveLock Standard it is
possible to use a limitation of the first x KB file. Exclusion is
possible for a list of file extensions. |
|