No data leaks missed
Clipboard controlBlock data leaks at their earliest stage – when data is transferred between applications and documents. Control user access to objects of different data types copied into the clipboard (even for redirected BYOD devices) and filter textual data with content-aware DLP policies.
Screen capturing controlPrevent data theft by blocking screenshot operations via Windows PrintScreen or screen capturing features of third-party apps for certain users or groups. Textual data in captured screen images can be extracted and filtered according to content-aware DLP policies.
True file type controlAcronis DeviceLock DLP looks into a file’s binary content to determine its true type, regardless of file name and extension. This can control access to over 5,300 file types for removable media, as a part of content analysis, or for pre-filtering of shadow copies to reduce the volume of captured data.
Tamper protectionEnforce process compliance by preventing tampering with DLP policy settings locally on protected endpoints, even by users with local system administrator privileges. Only designated Acronis DeviceLock DLP administrators can uninstall or upgrade the agent, or modify DLP policies.
Printing securityControl network and local printing from Windows endpoints by enforcing DLP policies over user access and content of printed documents for network, local, and virtual printers. Ensure higher data security by intercepting and inspecting print spooling operations, allowlisting of USB-connected printers, and print data shadowing.
Network-awarenessAdministrators can define different online vs. offline DLP policies for the same user or user group. A reasonable and often necessary setting on a mobile user’s laptop, for example, is to disable Wi-Fi when docked to the corporate network and enable it when undocked.
Increase process compliance
Virtual DLPPrevent data leaks via BYOD devices when using leading remote virtualization solutions. Running on a VDI host or terminal server, Acronis DeviceLock DLP enforces context- and content-aware controls over data exchanges between the virtual workspace and the personal part of the BYOD device, its local peripherals, and the network.
Removable media encryption integrationIncrease data security when copying information to removable media by allowing data to only upload to removable storage encrypted by a set of best-of-breed, integrated encryption solutions. Selectively allowlist encrypted USB media to strengthen internal compliance.
AlertingShorten reaction times with real-time notifications on DLP-sensitive user activities on protected endpoints within and outside the corporate network. Acronis DeviceLock DLP provides SNMP, SYSLOG, and SMTP based alerting capabilities to SIEM systems and administrators.
To ease information security auditing and compliance reporting and gain deeper visibility into data flows and data protection, Acronis DeviceLock DLP offers a wide choice of reporting capabilities.
Comprehensive log collection for increased visibility
AuditingTrack user and file activities for specified device types, ports, and network resources on a computer and collect logs with GMT timestamps centrally in a Microsoft SQL or Postgres database. Pre-filter audit activities by event and context. Audit logs can be exported to many standard file formats for use in other reporting tools.
Data shadowingEnable security compliance auditing, incident investigations, and cyber forensics by mirroring data transferred without authorization via local and network channels. Leverage data shadowing that’s triggered based on operations context and content. Pre-filter shadow activities for network load balancing.
MonitoringMonitor remote computers in real-time with Acronis DLES, checking agents’ status, policy consistency, and policy integrity and writing information to the monitoring log. Define a master policy to be applied across selected remote computers in the event that their current DLP policies are out-of-date or damaged.
- CoreAnti-keyloggerPrevent credentials and data leakage by detecting USB keyloggers and blocking their activities. Acronis DeviceLock DLP obfuscates PS/2 keyboard input and forces PS/2 keyloggers to record random entries instead of the real keystrokes.
- UniversalRSoP supportIncrease visibility into data security by using the Windows standard Resultant Set of Policy (RSoP) snap-in to view the DLP policies currently being applied, as well as to predict what policies would be applied in a given situation.
- UniversalTraffic shapingReduce network load with a Quality of Service (QoS) feature that allows to define bandwidth limits for sending audit and shadow logs from Acronis DeviceLock Agents to Acronis DeviceLock Enterprise Server.
- UniversalStream compressionDecrease the size of data transfers and reduce network load with an ability to compress audit logs and shadow data pulled from endpoints by Acronis DeviceLock Enterprise Server service.
- UniversalOptimal server selectionFor optimal transfer of audit and shadow logs to the central log database, Acronis DeviceLock agents can automatically choose the fastest available Acronis DeviceLock Enterprise Server from a set of available servers.
72% of employees share sensitive information. Prevent any data leaks headed your way.
Looking for help?
Frequently asked questions
- Can Acronis DeviceLock DLP function without internet connection?
There are two different sets of DLP policies, Regular and Offline, which are automatically applied to a controlled endpoint by Acronis DeviceLock DLP agents depending on its network status. The Offline policy can be triggered by the laptop using either cached or confirmed Windows credential authentication, whether it can connect to any of its known Acronis DeviceLock Enterprise Servers, or if in a wired vs. unwired state.
- Is Acronis DeviceLock DLP capable of “passive mode” functioning, i.e. not restricting data transfer, but logging and shadow copying?
Yes, Acronis DeviceLock DLP is capable of functioning in any administrator set mode. We also call this “observation mode”.
In cases where access to ports, devices, or network protocols is not blocked or content-filtered by policy, logging and data shadowing policy can be actively logging and keeping records in audit and shadow logs in “passive mode”.
If there is a restrictive access policy active, Acronis’ DLP solution blocks the transfer and prevents data leakage on a controlled endpoint in real time.
- Is there an option to configure various access control policies for laptops in- and out of the corporate network?
Yes, there is. Acronis DeviceLock DLP supports various on- and off-corporate-line security policies. This way you can have one policy when the laptop is behind the firewall or DMZ and a totally different policy when the laptop is out in the wild, strengthening DLP security.
- What is the critical distinction between Acronis DeviceLock DLP and other competitive DLP solutions?
First off, Acronis DeviceLock DLP is a best-of-breed enterprise data loss prevention solution (enterprise DLP solution) that is designed exclusively to prevent data leakage at the endpoint layer. It is not an appliance, antivirus, or limited module that you might find in other “endpoint security” protection suites.
Acronis DeviceLock DLP has no required hardware elements that wouldn’t already be in place, which significantly reduces the typical costs of implementation and maintenance.
Historically, Acronis DeviceLock DLP evolved as a solution with every necessary feature to prevent data leakage through peripheral devices and ports. Now, compared to competitive port-device control solutions, Acronis DeviceLock DLP has the most features to meet the challenge. Acronis NetworkLock and Acronis ContentLock add-on components advanced the product into the class of fully-featured enterprise DLP solutions by incorporating the most commonly used network channels using the most effective techniques of content analysis and filtering.
With the integration of the user activity monitor in Acronis DeviceLock in 2020, the solution implements another differentiating feature – allowing you to record user on-screen actions, keystrokes, and running processed, based on DLP-related events.
The ability to try the solution before buying it is another important competitive distinction of Acronis DeviceLock DLP. Having nothing to conceal from existing and potential customers, we stick to the principle of total transparency by providing a freely available trial version for 30 days.
Another important distinction of Acronis DeviceLock DLP is the host-resident optical character recognition (OCR), which allows for more thorough content-aware controls not only in network, but also in local channels and for endpoints outside the corporate network.
Moreover, for network communications, Acronis DeviceLock DLP is the only DLP solution that employs deep packet inspection (DPI) with an universal-application, and web browser-independent controls of user communications via most network protocols and applications. These include SMTP, HTTP/HTTPS, WebDAV, FTP(S), Telnet, as well as Torrent-based P2P file sharing. NetworkLock uses this DPI technology to detect the protocol and application type regardless of the network ports they use.
Another advantage of Acronis DeviceLock DLP is that all modules are pre-integrated and deployed “sight unseen” with the core platform with module-based licensing that allows for the ability to phase desired modules of the DLP solution into the environment when ready by simply turning licensing on and configuring settings. This reduces the costs and labor contribution to both the initial rollout and ongoing maintenance.
- Is there a server component of Acronis DeviceLock DLP and what does it serve as?
There are two server components in the suite: Acronis DeviceLock Enterprise Server (DLES) and Acronis DeviceLock Content Security Server, and both require a Microsoft SQL or SQL Express database. They are referred to as “server” components as they generally need to run on Windows server class operating systems due to the concurrent connection limitations of workstation class clients. They can be hosted on virtual servers or piggyback on existing servers that have available user-connection bandwidth during the day (“backup”, “staging”, “patch” servers, etc.).
The Acronis DeviceLock Enterprise Server component is not critical to administration and is only necessary if the customer intends to centrally aggregate audit and shadow data for reporting and forensic analysis. In mid-to-large size environments, generally there would be multiple DLES agents used for performing the collection tasks efficiently. The server module does not perform any endpoint management tasks (Acronis DeviceLock DLP agents receive the access control policies either via Active Directory Group Policy GPOs, or directly from DeviceLock administrative consoles), nor does it store DLP policy settings.
The customer does not need to purchase licenses for the Acronis DeviceLock Enterprise Server component, as it is included with the Acronis DeviceLock Core module licensing that is tied to the number of endpoints being managed. The server can be installed and used in any number of instances required for efficient collection of audit and shadow data. Acronis DeviceLock DLP agents can have audit data and shadow copies pulled back by any number of Acronis DeviceLock Enterprise Servers to the back-end SQL and folder repository. Traffic optimization with stream compression, fastest server response history, and quality of service settings is included.
The Acronis DeviceLock Content Security Server is an additional component used to perform other security reporting related tasks. There is one server function – Acronis DeviceLock Search Server-DLSS – included now, and more coming.
The Acronis DeviceLock Search Server provides full-text indexing and search of logged data and shadow files collected by the Acronis DeviceLock Enterprise Servers and placed in the common Microsoft SQL/SQL Express and folder repository. These search capabilities make it easier and more efficient to manage the increasing amount of data in Acronis DeviceLock Enterprise Server databases to validate and/or assist in tuning security policies.
The Acronis Search Server can automatically detect, index, find and display documents of many formats including Adobe Acrobat (PDF), Ami Pro, archives (GZIP, RAR, ZIP), Lotus 1-2-3, Microsoft Access, Microsoft Excel, Microsoft PowerPoint, Microsoft Word, Microsoft Works, OpenOffice, Quattro Pro, WordPerfect, WordStar and many more.
Note that in most cases, the customer does need to purchase a separate license to use the Search Server component. Licensing is based on the desired maximum number of searchable documents and log entries.
Subscribe for tips, news and occasional promotional offers from Acronis