DeviceLock DLP
Just released

Stop data leaks at the source with complete endpoint data loss prevention (DLP)

Try now
No credit card required

Minimize data loss and increase efficiency of data protection

Control costs with modular architecture

Acronis DeviceLock DLP is comprised of different modules that serve as complementary functional components with incremental licensing to protect data-in-use, data-in-motion, and data-at-rest. Only purchase the functionalities that your business needs for DLP security.

Acronis DeviceLock DLP - Endpoint DLP
  • Acronis DeviceLock Core
    The fundamental, baseline component of Acronis DeviceLock Endpoint DLP to prevent leakage of data-in-use with context-aware controls over local data flows through ports, peripheral devices, and virtualized sessions.
  • Acronis DeviceLock NetworkLock add-on
    Protect data-in-motion with controls over data access and transfer operations through network channels, based on the operation’s context.
  • Acronis DeviceLock ContentLock add-on
    Prevent unauthorized usage and transmission of confidential data, even in images or unstructured data, through content-aware controls over both local and network channels.
  • Acronis DeviceLock User Activity Monitor add-on
    Monitor end-user activity, keystrokes, and running processes on the endpoint based on DLP-related events for security investigations and auditing purposes.
  • Acronis DeviceLock Search Server add-on
    Ease auditing, investigations, and forensic analysis with full-text searches in the central event and shadow log database, populated by Acronis DeviceLock DLP agents.
Acronis DeviceLock Discovery
A standalone product that reduce the risk of data loss with automatic discovery of exposed sensitive data at rest – protecting it with configurable remediation actions, alerting admins, logging, and reporting.
DeviceLock scheme_01 DeviceLock DLP
DeviceLock scheme_02 DeviceLock DLP
DeviceLock scheme_03 DeviceLock DLP
DeviceLock scheme_04 DeviceLock DLP
DeviceLock scheme_05 DeviceLock DLP
DeviceLock scheme_06 DeviceLock DLP
  • Supported solutions
    Microsoft RDS, Citrix XenDesktop, Citrix XenApp, VMware Horizon View, VMware Workstation, VMware Workstation Player, Oracle VM VirtualBox, Windows Virtual PC
  • Supported controls
    Context-aware and content-aware controls, logging, data shadowing and alerting for thorough DLP security over virtualized sessions
  • No leakage of corporate data
    IT retains complete control over virtual corporate environments on employees’ personal devices
  • Private data independency
    Employees maintain full control over the device platform, personal applications, and their private data

Comprehensive data loss prevention capabilities

  • Centralized management and deployment
    Unique

    Centralized management and deployment

    Ease the resource-consuming processes of deploying and managing an enterprise DLP solution. Acronis DeviceLock DLP offers a set of central management consoles based on an organization’s IT environment, along with the ability to manage and deploy natively through Group Policy.
  • Agent-resident optical character recognition (OCR)
    Unique

    Agent-resident optical character recognition (OCR)

    Extract and inspect textual data from more than 30 graphical formats, including graphical files, screenshots, pictures in documents, emails, and instant messages. Improve DLP cybersecurity on endpoints both inside and outside the corporate network.
  • Clipboard control

    Clipboard control

    Prevent unauthorized data transfers at their earliest stage – between application and documents – through the Windows clipboard and print-screen mechanism. Block specific operations, such as print-screen, or granularly control them based on copied content.
  • Log collection

    Log collection

    Automatically collect audit and shadow logs and deliver them to the secure central repository to ease security investigations and auditing, thanks to Acronis DeviceLock DLP agents. Traffic shaping and data compression for log delivery and load-balancing help reduce network impact.
  • Alerting

    Alerting

    Shorten reaction times with real-time SMTP, SNMP, and SYSLOG alerts based on unauthorized actions delivered directly to SIEM systems and administrators.
  • Tamper protection

    Tamper protection

    Prevent tampering with DLP policy settings locally on protected endpoints, even by local sysadmins. When enabled, only designated Acronis DeviceLock DLP administrators using the central management console can uninstall, upgrade the agent, or modify DLP security policies.
  • Allowlisting

    Allowlisting

    Authorize the use of specific USB devices or provide a temporary access code for offline work purposes. Allowlist media storage devices and users that can access them. Specify allowlist-oriented controls over network communications based on protocol and network application properties.
  • Reporting

    Reporting

    Gain visibility over data flows, data protection, and user activities related to them with powerful built-in compliance-related reports based on audit and shadow logs, permissions and settings, connected plug-and-play devices, and user activities.
All features

What our customers say about Acronis DeviceLock DLP

  • A product like DeviceLock delivers high value for its intended purpose of port and device-level security. My experience with all-in-one solutions is that they do a bit of everything, but none of them very well. With DeviceLock we got features like integration with Microsoft’s Active Directory, so that we could structure deployment around existing groups. I installed it and had it working within a day. We’re always leveraging this interface when we set-up new users and change permissions. We’ve allowed certain IT Support staff the right to manage DeviceLock permission setting for various user groups; but, they cannot make global changes. DeviceLock allows us these conveniences and fine-tuning.Read more

    Tim Mugherini
    Senior Manager of Network Infrastructure & Security
  • DeviceLock has been our chosen endpoint DLP security solution for years, but its compatibility with Lexar JumpDrive SAFE S3000 USB flash drives at both the encryption detection layer and unique device ID number layer with its granular whitelisting features really helps us with many levels of compliance as well as security. No other endpoint solution provides this flexibility of encryption integration.Read more

    Christopher Long
    CISSP, Chief Security Officer
  • DeviceLock was the ideal product for us. I was primarily looking for a solution that required minimal supervision, allowing me to focus on managing our IT estate and supporting our asset managers. DeviceLock was simple to roll out and it was very competitive on cost. We have just renewed our contract and price is naturally an increasingly important consideration in the current environment. Until we purchased DeviceLock, our policy was to disable USB totally. With the advent of newer PCs with only USB mice and keyboards, this was clearly not a sustainable situation.Read more

    Bruce Paterson
    IT Manager
  • Since 2005 the City of London Police have been successfully using Devicelock to manage device security across the enterprise. This has provided central access control for device management and audit control of information being transferred to and from the secure environment onto portable media. Robust monitoring has been developed using Devicelock and this provides me with a high degree of confidence in the security of our information.Read more

    Gary Brailsford
    Verified Acronis user

DeviceLock DLP

Just released

72% of employees share sensitive information. Prevent any data leaks headed your way.

Controlled workloads and channels

  • Endpoints: Windows PC, Mac, Windows server
  • Virtual: Guest Windows machines on Microsoft RDS, Windows Virtual PC, Citrix XenDesktop, Citrix XenApp, Citrix XenServer, VMware Horizon View, VMware Workstation, VMware Workstation Player, Oracle VM VirtualBox
  • Local channels: ports, peripheral, storage, and redirected devices, connected mobile devices, clipboard
  • Network channels: Emails, webmails, social networks, instant messengers, cloud storage web services, web search, career search, SMB file shares, P2P file sharing, Tor browser, network protocols, stateful IP firewall.
See full specs

DeviceLock DLP

Just released

Capture new market opportunities in the data loss prevention market with a trusted partner.

Looking for help?

  • Can Acronis DeviceLock DLP function without internet connection?

    There are two different sets of DLP policies, Regular and Offline, which are automatically applied to a controlled endpoint by Acronis DeviceLock DLP agents depending on its network status. The Offline policy can be triggered by the laptop using either cached or confirmed Windows credential authentication, whether it can connect to any of its known Acronis DeviceLock Enterprise Servers, or if in a wired vs. unwired state.

  • Is Acronis DeviceLock DLP capable of “passive mode” functioning, i.e. not restricting data transfer, but logging and shadow copying?

    Yes, Acronis DeviceLock DLP is capable of functioning in any administrator set mode. We also call this “observation mode”.

    In cases where access to ports, devices, or network protocols is not blocked or content-filtered by policy, logging and data shadowing policy can be actively logging and keeping records in audit and shadow logs in “passive mode”.

    If there is a restrictive access policy active, Acronis’ DLP solution blocks the transfer and prevents data leakage on a controlled endpoint in real time.

  • Is there an option to configure various access control policies for laptops in- and out of the corporate network?

    Yes, there is. Acronis DeviceLock DLP supports various on- and off-corporate-line security policies. This way you can have one policy when the laptop is behind the firewall or DMZ and a totally different policy when the laptop is out in the wild, strengthening DLP security.

  • What is the critical distinction between Acronis DeviceLock DLP and other competitive DLP solutions?

    First off, Acronis DeviceLock DLP is a best-of-breed enterprise data loss prevention solution (enterprise DLP solution) that is designed exclusively to prevent data leakage at the endpoint layer. It is not an appliance, antivirus, or limited module that you might find in other “endpoint security” protection suites.

    Acronis DeviceLock DLP has no required hardware elements that wouldn’t already be in place, which significantly reduces the typical costs of implementation and maintenance.

    Historically, Acronis DeviceLock DLP evolved as a solution with every necessary feature to prevent data leakage through peripheral devices and ports. Now, compared to competitive port-device control solutions, Acronis DeviceLock DLP has the most features to meet the challenge. Acronis NetworkLock and Acronis ContentLock add-on components advanced the product into the class of fully-featured enterprise DLP solutions by incorporating the most commonly used network channels using the most effective techniques of content analysis and filtering.

    With the integration of the user activity monitor in Acronis DeviceLock in 2020, the solution implements another differentiating feature – allowing you to record user on-screen actions, keystrokes, and running processed, based on DLP-related events.

    The ability to try the solution before buying it is another important competitive distinction of Acronis DeviceLock DLP. Having nothing to conceal from existing and potential customers, we stick to the principle of total transparency by providing a freely available trial version for 30 days.

    Another important distinction of Acronis DeviceLock DLP is the host-resident optical character recognition (OCR), which allows for more thorough content-aware controls not only in network, but also in local channels and for endpoints outside the corporate network.

    Moreover, for network communications, Acronis DeviceLock DLP is the only DLP solution that employs deep packet inspection (DPI) with an universal-application, and web browser-independent controls of user communications via most network protocols and applications. These include SMTP, HTTP/HTTPS, WebDAV, FTP(S), Telnet, as well as Torrent-based P2P file sharing. NetworkLock uses this DPI technology to detect the protocol and application type regardless of the network ports they use.

    Another advantage of Acronis DeviceLock DLP is that all modules are pre-integrated and deployed “sight unseen” with the core platform with module-based licensing that allows for the ability to phase desired modules of the DLP solution into the environment when ready by simply turning licensing on and configuring settings. This reduces the costs and labor contribution to both the initial rollout and ongoing maintenance.

  • Is there a server component of Acronis DeviceLock DLP and what does it serve as?

    There are two server components in the suite: Acronis DeviceLock Enterprise Server (DLES) and Acronis DeviceLock Content Security Server, and both require a Microsoft SQL or SQL Express database. They are referred to as “server” components as they generally need to run on Windows server class operating systems due to the concurrent connection limitations of workstation class clients. They can be hosted on virtual servers or piggyback on existing servers that have available user-connection bandwidth during the day (“backup”, “staging”, “patch” servers, etc.).

    The Acronis DeviceLock Enterprise Server component is not critical to administration and is only necessary if the customer intends to centrally aggregate audit and shadow data for reporting and forensic analysis. In mid-to-large size environments, generally there would be multiple DLES agents used for performing the collection tasks efficiently. The server module does not perform any endpoint management tasks (Acronis DeviceLock DLP agents receive the access control policies either via Active Directory Group Policy GPOs, or directly from DeviceLock administrative consoles), nor does it store DLP policy settings.

    The customer does not need to purchase licenses for the Acronis DeviceLock Enterprise Server component, as it is included with the Acronis DeviceLock Core module licensing that is tied to the number of endpoints being managed. The server can be installed and used in any number of instances required for efficient collection of audit and shadow data. Acronis DeviceLock DLP agents can have audit data and shadow copies pulled back by any number of Acronis DeviceLock Enterprise Servers to the back-end SQL and folder repository. Traffic optimization with stream compression, fastest server response history, and quality of service settings is included.

    The Acronis DeviceLock Content Security Server is an additional component used to perform other security reporting related tasks. There is one server function – Acronis DeviceLock Search Server-DLSS – included now, and more coming.

    The Acronis DeviceLock Search Server provides full-text indexing and search of logged data and shadow files collected by the Acronis DeviceLock Enterprise Servers and placed in the common Microsoft SQL/SQL Express and folder repository. These search capabilities make it easier and more efficient to manage the increasing amount of data in Acronis DeviceLock Enterprise Server databases to validate and/or assist in tuning security policies.

    The Acronis Search Server can automatically detect, index, find and display documents of many formats including Adobe Acrobat (PDF), Ami Pro, archives (GZIP, RAR, ZIP), Lotus 1-2-3, Microsoft Access, Microsoft Excel, Microsoft PowerPoint, Microsoft Word, Microsoft Works, OpenOffice, Quattro Pro, WordPerfect, WordStar and many more.

    Note that in most cases, the customer does need to purchase a separate license to use the Search Server component. Licensing is based on the desired maximum number of searchable documents and log entries.

  • Product help

    In case you have any difficulties, we have collected all the useful materials for this product in our FAQ and Documentation. Also you can always ask your question on our Discussion Boards.

  • Technical support

    Customers with active product maintenance or subscription are entitled to 24/7 technical support. Follow the instructions at the Technical Support Site to get prompt support by phone, chat or e-mail.