DeviceLock Endpoint DLP Suite
Strengths: Too many to list.
Weaknesses: None that we found.
Verdict: If you want a traditional tool for managing and preventing data leakage at the endpoint, this has got to be your cup of tea. If functionality isn’t here you probably don’t need it. For its excellent update of the traditional approach to endpoint security we make this our Recommended traditional product this month.
To those of us who have been in the security space for a long time it feels as if these guys have been around forever. Their current offering is the old school approach of a suite of tools for every function and in that context they are the Swiss Army knife of endpoint security. Lest you think that is a criticism, let us assure you that while the approach may be old school, the implementation absolutely is not. There is a tool for every conceivable endpoint security challenge and, amazingly, they all work equally well.
The focus of this suite is stopping data leakage at the endpoint. While that is a noble goal, it is by no means all this tool does. In fact, one might look at its functionality and impute DLP to just about every function, but protecting the overall health of the enterprise from the endpoint is also is a very strong feature. Just about everything this tool does is managed through Microsoft Active Directory. Agents are lightweight and will run on just about any environment including virtual systems.
If one were to enumerate the threat vectors that DeviceLock protects, the list would include USB devices, removable media, Wi-Fi, Bluetooth, clipboard, print screen, email, mobile devices, social media, file transfers and file shares. All of these vectors for data leakage are protected by the DeviceLock suite. The suite is software-only and the management console is a snap-in to Active Directory.
In addition to the obvious functionality suggested by the list of protected threat vectors, there is a DLP discovery module for identifying data at rest and OCR on-the-fly content filtering. It recognises 5,500 file types and 160 file formats, and the OCR can scan documents in over 25 languages. Interestingly, there is a Bluetooth exemption option. This allows the administrator to exempt such non-data devices as Bluetooth mice and keyboards from checking for data leakage.
The suite is comprised of three separately licensed modules: DeviceLock, NetworkLock and ContentLock. The DeviceLock piece looks at endpoint-based leakage points and pinpoints the who, what, when, how and where to actions. NetworkLock provides context while ContentLock watches the network channel, removable media, locally synced services and the printing channel. eDiscovery also is a function.
The system sports a tamper-proof functionality ensuring that even admins of their own individual workstations cannot make unauthorised changes. Encryption is provided by any of several third parties so if you are encrypting now there will be no need to change products.
The key word for the suite seems to be granularity. Digging down into events gives a lot of detail. For example, an iPhone plugged into a USB port is subject to very granular control. For regulatory compliance there is a list of keywords that are important for effective, compliant DLP. The OCR is effective even on graphics, allowing enforcement of regulatory requirements. If you do data classification, it can be enforced by the suite. The NetworkLock controls file sharing by such resources as Google Drive, DropBox, etc. Most popular web mail systems, OWA and social networks all are controlled, and the audit logs are complete and very granular. The forensic viewer allows deep dives into such things as email without altering the file. Overall, this is just about everything for DLP at the endpoint in a single package. The basic support offering includes eight-hours-a-day/five-days-a-week phone and 24/7 email and trouble ticket support. There are fee-based options that even include a dedicated system engineer for consulting. The website has just about everything you need - from a knowledge base to an FAQ, a user forum and lots of downloads.
Overall, this suite of tools covers all the bases in DLP and total endpoint protection. It is tightly integrated into Microsoft Active Directory and is straightforward to deploy and manage. The pricing is excellent making it a good value. While anti-malware isn't explicitly included, the rest of the functionality makes it almost redundant since any attempted exfiltration would be stopped by other functions.