Zecurion DLP, Device Control Subscription

Description

Devices like external hard drives or USB thumb drives can pose a significant risk when it comes to data loss. Technology has evolved to the point where even microSD cards can store 1TB of data.

A disgruntled employee could steal gigabytes or terabytes of data in their pocket. Data on portable devices poses a risk even with loyal employees because the devices are easily lost or stolen.

In many cases, though, portable storage and other devices can be a crucial part of working effectively and efficiently. Simply blocking all USB thumb drives or access to USB ports is too strict or draconian and can negatively impact productivity.

Zecurion DLP gives you the following very granular device control so you can limit access and protect your data without hindering legitimate use of devices.

Flexible and granular access controls for peripheral devices

You can enable only company-issued or approved devices or enable only the devices that are deemed necessary for business with policy controls that can grant or deny access based on the type, class, vendor, model, or serial number of the device. Policies can be applied to groups or individuals, and separate policies can be applied depending on whether the endpoint is connected to the network, connected remotely over VPN, or disconnected.

Company-wide device catalog

Device descriptions are stored in a company-wide catalog, and policy can be created based on the descriptions in the catalog, enabling policy creation even when a device itself is not accessible.

Shadow copies

Zecurion Device Control can save a copy of every file that is written to an external device or printed — enabling you to monitor activity even when there is no violation of security policy and giving you the tools, you need to conduct comprehensive retrospective analyses, audits, and forensic investigations.

Content-based policies with the use of content analysis algorithms

You can allow the general use of printers and portable storage devices while blocking the ability to save or print files that contain sensitive or confidential data.

Policy-based on content analysis algorithms can proactively identify and protect sensitive data.

Preventive content analysis

Zecurion’s patented preventive content analysis ensures that confidential and sensitive data is never written to external media in the first place. Files are analyzed and sensitive files are blocked from being written. Competing products write the file first, then perform analysis and delete the content if it violates policy.

Encryption

The encryption capabilities of Zecurion Device Control provide flexibility and protection. You can automatically encrypt files written to external media based on the content and security policies. You can configure encryption so that encrypted content can only be accessed by authorized users from endpoints connected to the corporate network.

Centralized deployment and management

Zecurion Device Control gives you the framework for centralized deployment and management of your DLP protection. Endpoint agents can be deployed through a dedicated deployment server or using Active Directory Group Policy.

A web console enables an Admin to connect to any endpoint for diagnostics and provides the ability to manage hundreds of thousands of endpoints remotely through a single pane of glass.

Device access request by email or phone

To minimize the potential impact on productivity, a remote employee can request access to use a specific device. An Admin can grant the request on a one-time basis or create a policy that permanently allows the use of the device.

Protection from tampering with an endpoint agent

To ensure the integrity of your data protection, Zecurion Device Control will alert the admin in the event of any sort of tampering or attempts to remove or change settings on the endpoint.