DeviceLock Endpoint DLP Suite + DeviceLock DLP Discovery
August 22, 2016
At 1,000 endpoints, £31 perpetual per endpoint.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Very effective endpoint DLP application with all of the bells and whistles you might think of, plus some that you may not.
- Weaknesses: None that we found.
- Verdict: This is a very strong solution to endpoint DLP challenges.
This is one of the best-known endpoint DLP products in the industry. It is effective and straightforward to deploy and set up. It contains all of the forensic tools necessary to perform a data exfiltration investigation. The tool covers the full gamut of exfiltration vectors from malware-induced - noting, of course, that SSL or other encryption used by malware to steal data may impact detection - to user data theft or accident. In this regard, it adheres to the traditional definition of what an endpoint DLP product should do. While it does not have malware detection or alerting capabilities that one might expect in an endpoint security product, that is not the sandbox in which DeviceLock plays. It is very focused on DLP and does that extremely well.
Any DLP product needs to watch such things as peripherals and network connections. This tool does that. It is policy-driven and it can be configured to intercept specific organisational keywords for such things as trade secrets. Its network monitoring is protocol and context aware. So an exfiltration through Facebook, Skype and an instant messaging route will be caught.
DeviceLock is not restricted to physical devices, of course. We tested in our virtual and our physical environments. As regards detection in the virtual, there are lots of ways to address devices in a virtual system. For example, you could be accessing virtual endpoints using remote desktop protocol (RDP) or VMware View, as we did at a university where we deployed virtualisation. This limits what the user sees and can do. For example, our malware forensics lab was set up to avoid student removal of malware samples. We did that by placing the endpoint in the virtual and allowing the students to access only using RDP.
That is fine for protecting against file removal, but what about going to a virtual endpoint, opening a document and reading it, which is captured on the physical workstation. Even RDP won't prevent that and it may be nearly undetectable since reading a document is a normal activity. However, DeviceLock addresses that problem and will alert and capture evidentiary data to facilitate an investigation.
DeviceLock is administered in cooperation with Microsoft Active Directory using a snap-in Microsoft Management Console for deployment. Of course there is a server component and a web console for day-to-day management of such things as policies and alerting. Alerting can be done using SNMP or SMTP. The product even has a 30-plus language optical character recognition system.
Data-at-rest detection and endpoint remediation are functions of the optional Discovery module. In addition to the provided content filtering templates, there are specialised capabilities, including regular expressions and binary discovery of file types avoiding the trick of renaming a file with an incorrect extension to make it look harmless. Most of the templates are useful as supplied, but modifying them is a very straightforward process.
The endpoint agents can be deployed as any other Microsoft software deployment or the DeviceLock Enterprise Manager can be used for that as well as for management of the agents when deployed.
The website is among the best we've seen. Everything one needs - whether making the selection of a new product or already a DeviceLock customer - is right there available for download. In addition, there are quite a few bits of supplementary materials such as white papers. Support is available eight-hours-a-day/five-days-a-week by phone and email/web tickets any time. It is included in the price of the product. Premium services are available at extra cost.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry