DeviceLock Endpoint DLP Suite 7.0
Strengths: Performs well with regard to restricting access and protecting data transfer to endpoint devices.
Weaknesses: The MMC-based admin user interface isn’t flashy, but it works.
Verdict: For organizations looking for device control and DLP, the per seat price point is a good value.
SummaryDeviceLock Endpoint DLP is a data and device protection solution which controls access to local Windows devices and watches input/output channels for sensitive data flow. The solution integrates with Active Directory and is managed by a Microsoft Management Console (MMC) snap-in. Both the endpoint agents and the server integration are installed on common Windows platforms, and Microsoft SQL Server is used as the repository.
Deploying the product is quick and easy. Administrators familiar with Windows-based MMC consoles will appreciate the integration, as all administrative tasks are organized in the familiar MMC display. The user interface isn't flashy or the most polished we've seen, but all the common tasks designed for this solution are easy to navigate.
The product overall serves two purposes: to control local access on the endpoints to ports and devices, and to watch for sensitive data flow through regular expressions and pattern matching. Together these two core principles serve as a device and data leakage layer of protection. The console has templates for the most common devices, and policies are deployed using inherited Group Policy Objects based on how the admin wants to control user access to removable media, CD/DVD drives, network adapters and more.
Although the documentation was acceptable in most categories, some of the content felt outdated. Standard support is bundled into the purchase and includes 24/7 web and email help. Phone support is only available nine-hours-a-day/five-days-a-week in the United States. However, there are plans to integrate 24/7 phone support later in 2011.