Stop data leaks at the source with complete endpoint data loss prevention (DLP)

Frequently asked questions

• Can Acronis DeviceLock DLP function without internet connection?

  There are two different sets of DLP policies, Regular and Offline, which are automatically applied to a controlled endpoint by Acronis DeviceLock DLP agents depending on its network status. The Offline policy can be triggered by the laptop using either cached or confirmed Windows credential authentication, whether it can connect to any of its known Acronis DeviceLock Enterprise Servers, or if in a wired vs. unwired state.

• Is Acronis DeviceLock DLP capable of “passive mode” functioning, i.e. not restricting data transfer, but logging and shadow copying?

  Yes, Acronis DeviceLock DLP is capable of functioning in any administrator set mode. We also call this “observation mode”.

  In cases where access to ports, devices, or network protocols is not blocked or content-filtered by policy, logging and data shadowing policy can be actively logging and keeping records in audit and shadow logs in “passive mode”.

  If there is a restrictive access policy active, Acronis’ DLP solution blocks the transfer and prevents data leakage on a controlled endpoint in real time.

• Is there an option to configure various access control policies for laptops in- and out of the corporate network?

  Yes, there is. Acronis DeviceLock DLP supports various on- and off-corporate-line security policies. This way you can have one policy when the laptop is behind the firewall or DMZ and a totally different policy when the laptop is out in the wild, strengthening DLP security.

• What is the critical distinction between Acronis DeviceLock DLP and other competitive DLP solutions?

  First off, Acronis DeviceLock DLP is a best-of-breed enterprise data loss prevention solution (enterprise DLP solution) that is designed exclusively to prevent data leakage at the endpoint layer. It is not an appliance, antivirus, or limited module that you might find in other “endpoint security” protection suites.

  Acronis DeviceLock DLP has no required hardware elements that wouldn’t already be in place, which significantly reduces the typical costs of implementation and maintenance.

  Historically, Acronis DeviceLock DLP evolved as a solution with every necessary feature to prevent data leakage through peripheral devices and ports. Now, compared to competitive port-device control solutions, Acronis DeviceLock DLP has the most features to meet the challenge. Acronis NetworkLock and Acronis ContentLock add-on components advanced the product into the class of fully-featured enterprise DLP solutions by incorporating the most commonly used network channels using the most effective techniques of content analysis and filtering.

  With the integration of the user activity monitor in Acronis DeviceLock in 2020, the solution implements another differentiating feature – allowing you to record user on-screen actions, keystrokes, and running processed, based on DLP-related events.

  The ability to try the solution before buying it is another important competitive distinction of Acronis DeviceLock DLP. Having nothing to conceal from existing and potential customers, we stick to the principle of total transparency by providing a freely available trial version for 30 days.

  Another important distinction of Acronis DeviceLock DLP is the host-resident optical character recognition (OCR), which allows for more thorough content-aware controls not only in network, but also in local channels and for endpoints outside the corporate network.

  Moreover, for network communications, Acronis DeviceLock DLP is the only DLP solution that employs deep packet inspection (DPI) with an universal-application, and web browser-independent controls of user communications via most network protocols and applications. These include SMTP, HTTP/HTTPS, WebDAV, FTP(S), Telnet, as well as Torrent-based P2P file sharing. NetworkLock uses this DPI technology to detect the protocol and application type regardless of the network ports they use.

  Another advantage of Acronis DeviceLock DLP is that all modules are pre-integrated and deployed “sight unseen” with the core platform with module-based licensing that allows for the ability to phase desired modules of the DLP solution into the environment when ready by simply turning licensing on and configuring settings. This reduces the costs and labor contribution to both the initial rollout and ongoing maintenance.

• Is there a server component of Acronis DeviceLock DLP and what does it serve as?

  There are two server components in the suite: Acronis DeviceLock Enterprise Server (DLES) and Acronis DeviceLock Content Security Server, and both require a Microsoft SQL or SQL Express database. They are referred to as “server” components as they generally need to run on Windows server class operating systems due to the concurrent connection limitations of workstation class clients. They can be hosted on virtual servers or piggyback on existing servers that have available user-connection bandwidth during the day (“backup”, “staging”, “patch” servers, etc.).

  The Acronis DeviceLock Enterprise Server component is not critical to administration and is only necessary if the customer intends to centrally aggregate audit and shadow data for reporting and forensic analysis. In mid-to-large size environments, generally there would be multiple DLES agents used for performing the collection tasks efficiently. The server module does not perform any endpoint management tasks (Acronis DeviceLock DLP agents receive the access control policies either via Active Directory Group Policy GPOs, or directly from DeviceLock administrative consoles), nor does it store DLP policy settings.

  The customer does not need to purchase licenses for the Acronis DeviceLock Enterprise Server component, as it is included with the Acronis DeviceLock Core module licensing that is tied to the number of endpoints being managed. The server can be installed and used in any number of instances required for efficient collection of audit and shadow data. Acronis DeviceLock DLP agents can have audit data and shadow copies pulled back by any number of Acronis DeviceLock Enterprise Servers to the back-end SQL and folder repository. Traffic optimization with stream compression, fastest server response history, and quality of service settings is included.

  The Acronis DeviceLock Content Security Server is an additional component used to perform other security reporting related tasks. There is one server function – Acronis DeviceLock Search Server-DLSS – included now, and more coming.

  The Acronis DeviceLock Search Server provides full-text indexing and search of logged data and shadow files collected by the Acronis DeviceLock Enterprise Servers and placed in the common Microsoft SQL/SQL Express and folder repository. These search capabilities make it easier and more efficient to manage the increasing amount of data in Acronis DeviceLock Enterprise Server databases to validate and/or assist in tuning security policies.

  The Acronis Search Server can automatically detect, index, find and display documents of many formats including Adobe Acrobat (PDF), Ami Pro, archives (GZIP, RAR, ZIP), Lotus 1-2-3, Microsoft Access, Microsoft Excel, Microsoft PowerPoint, Microsoft Word, Microsoft Works, OpenOffice, Quattro Pro, WordPerfect, WordStar and many more.

  Note that in most cases, the customer does need to purchase a separate license to use the Search Server component. Licensing is based on the desired maximum number of searchable documents and log entries.