DriveLock offers dynamic, configurable access control for mobile drives, such as floppy disk drives, CD-ROM drives and USB memory sticks. DriveLock also lets you control the use of most other device types, such as Bluetooth transmitters, Palm, Windows Mobile, BlackBerry, cameras, smartphones and media devices
There are several components that make up the system. The Agent is a lightweight Windows service that runs in the background and maintains control over hardware ports and interfaces and enforces security policy. The Management Console is used to configure setting, set policies, unlock stations and centrally manage the devices. The console is a Microsoft Management Console (MMC) snap-in making it easy for Windows administrators to use. The Control Center is used for reporting and forensic analysis. Events from the agent can be viewed and reported on using this module. You can create high-level views of such things as devices in use with very granular reports down to a device or policy level. The forensic analysis is done via a drilldown-type user interface. The Enterprise Service centrally stores events from all DriveLock Agents. This service is not required for DriveLock to operate, but it lets administrators easily monitor all DriveLock operations and user activities in the entire organization.
Installation is fairly easy. The DriveLock Enterprise Service (DES) is installed on a member server (Windows Server 2008 R2) and can be used with an existing instance of SQL or it will load a packaged version of SQL Express. The agent can be installed manually or pushed out through software distribution tools. Agents are supported for Microsoft XP, Vista, Windows 7 and Windows 8. One does have the option during installation to set the desired language, as the software come with a multilingual user interface.
DriveLock provides several layers of security geared toward both external threats and internal data loss. Included in the agent are encryption, device control, application control and anti-virus. Encryption covers data, both at rest and in motion, and covers all media, such as hard drives, CD/DVD drives, mobile devices and cloud storage.
The management console provided some good tools to allow users to recover encrypted data from bad drives or recover lost passwords, something that is always an issue when deploying encryption through a large enterprise. Device Control enforces centrally configured rules for access to all drives/media ports. The rules engine provides users with very granular control over who can use what media and goes deeper into managing what data can be transferred. Admins have complete control over every type of device and media port. This granular control and ease-of-use interface makes it easy to provide flexible access for people who need it while still having things locked down for those who don't. The same device that has everything locked down for one user, can allow access to a USB port, for example, for a separate user.
The Application Control feature allows admins to specify allowed or not allowed access to specific applications. You can manage this through either a whitelist or blacklist-mode/approach. You have control over who can use which applications on which computer or control which ones will be blocked. The granular control and ease of use DriveLock offers is far easier than trying to do this at the operating system or GPO level. Anti-virus protection is also part of the agent.
Support is provided by the channel partners with second level escalation on an eight-hours-a-day/five-days-a-week basis (included).