DriveLock™ - Intelligent Control for Devices

Implementing new security policies often impedes productivity as users can no longer perform some familiar tasks and have to change the way they perform others. The challenge for IT departments is to find a balance between maximizing security and preserving the continuity of business processes.

Data security made easy — It takes just a few steps to significantly increase the security of your corporate data and to eliminate the dangers from uncontrolled use of USB and other ports. With DriveLock you can put an end to the use of unapproved devices. To keep your information secure in transit, DriveLock can encrypt the data on internal and external drives and other storage devices. This includes hard drives, USB flash drives, SD media, eSATA drives and even CDs and DVDs you burn. Encryption can be enforced if your corporate policies require that all data on portable storage devices must be secured. Administrators have access to simple-to-use helpdesk tools to quickly and securely restore access to a device if someone forgets a password. No knowledge or transmission of a central password is required to generate a one-time passcode that restores access.

DriveLock is a leading solution for controlling your endpoints. It can protect desktop computers and laptop computers, but also virtual desktops und thin clients. In addition to comprehensive port control, DriveLock offers extensive encryption options and comprehensive application control - all of this is configured and administered centrally using a single management console that is available in multiple languages. And because DriveLock's architecture is so straightforward, it is successfully used wordlwide to protect small networks as well as large enterprises. DriveLock offers dynamic access control for drives (floppy disks, CD-ROMs, USB flash drives, etc.) and also controls all other device types, such as Bluetooth, Palm, Windows Mobile, BlackBerry, and other smart phones. Using whitelist rules (based on device type and hardware ID), you can specify exactly who can use which device at what time. You can even create detailed rules for the use of removable drives based on the drive's manufacturer, model and unique serial number to achieve granular definition and implementation of access rules. Other features let you enable access to specific authorized media, set time limits and create exceptions for certain users, groups, computers and networks. These are just a few of the customization options that are available to let you enforce the exact device usage policies you require. To give a user temporary access to a blocked device, you can use temporary unlocking, even when the computer is offline and not connected to your network.

DriveLock policies are very easy to configure, and distribution of the policy settings to client computers is just as easy. Because of DriveLock's integration with Active Directory Group Policy, no separate infrastructure or servers are required to apply policy changes to clients. If Active Directory is not available (for example in Novell networks), you can instead distribute policies to a single computer or an entire network by using configuration files. To help create a stress-free implementation phase, DriveLock includes a Simulation Mode, which lets you test all policy settings without impeding user productivity because of configuration errors or unanticipated effects of policy enforcement. The built-in Agent self protection lets you decide whether you want complete protection against any tampering with the DriveLock Agent or whether administrators and helpdesk personnel are allowed to disable the Agent for troubleshooting. At every step along the way, you will experience DriveLock's "simple but secure" philosophy.

DriveLock doesn't force you to adjust the way you work to the tools you're using. Instead, you can customize DriveLock to make it work according to your needs. The modern-looking and intuitive DriveLock Console is implemented as an MMC snapin. Experienced IT administrators will immediately feel at home and can take advantage of the flexible configuration options. You can easily adjust the management console to your preferences and experience level. Choose the classic MMC mode or the taskpad mode, which provides additional information about the available configuration choices. To help you get started with DriveLock, there's also a Starter Mode that assists you with the initial configuration steps. Once you're proficient, you can turn off this mode and get access to all configuration settings. 

DriveLock can help you increase security awareness among your staff. For example, you can configure DriveLock to let users access to removable devices only after they have reviewed your corporate policy and have indicated that they will comply with it. Of course you can audit and document which users have signaled accepted. You can even make device access dependent on a password that you only provide to users who have attended a security training class. Instead of placing the burden of security on your IT department, you can incorporate your entire staff and DriveLock into your forward-looking security strategy.

The integrated leading-edge application control can help protect your network against some of the most dangerous threats: zero day exploits, brand-new Trojan horse programs, industrial espionage and data theft. DriveLock lets you utilize the full breadth of this technology. You simply decide which users can run which applications on which computers; DriveLock's Application Launch Filter takes care of the enforcement. The power of DriveLock's application control vastly exceeds the basic protection in Windows 7 and offers unique flexibility. You can choose from several criteria for specifying allowed applications: hash values of executable files (for a single file, or based on a scan of an entire computer), certificate checking and file ownership. You can easily combine these criteria and use them to either enable or prevent the starting of any program. Other rule types let you easily configure access to common groups of applications, such as Windows system files. Other device control solutions require you to configure complicated sets of rules that need to be frequently updated. With DriveLock you can often achieve the same protection with just a few rules that require minimal or no updating.

Using administrator-defined network profiles, DriveLock instantly detects the network a computer is connected to and can automatically adjust configuration and policy settings. You can also disable wireless connections whenever computers are connected to your corporate network to prevent cross-network links between your network and unauthorized wireless networks. Finally, network profiles let you block applications, such as Skype, when a computer is connected to the corporate network, while unblocking these applications when a user is on the road. It's hard to imagine endpoint security that's more effective.

Security in terminal server environments and the Cloud. DriveLock can handle this too. DriveLock lets you control and secure the use of USB flash drives on thin clients and on server-based desktops in a virtual client infrastructure. You can even use DriveLock's file filter to limit data transfers to only allowed file types, such as Microsoft Office documents. You get maximum flexibility for enforcing corporate policies  without impeding employee productivity. DriveLock can be an important element in securely and efficiently migrating clients into to a centrally managed environment.