Use Cases - DriveLock in practice

Avoid data loss:

• Control of all endpoint interfaces for data communication
• Implementation of granular policy requirements
• Integrated Security Awareness Module to sensitise your employees to security issues

EU-GDPR compliant:

• Anonymisation of logs and events
• 2-person authentication for encrypted shadow copies
• 2-person authentication for access to reports and events

Predictive whitelisting based on machine learning:

• Prevent zero-day exploits
• Prevent execution of unknown software
• Block unknown endpoint devices and data carriers
• Protect mobile users (notebooks) against cyber attacks

Reporting

• Real-time reporting of unauthorised accesses
• Reporting of data transfers to and from external devices/data carriers including shadow copies (optional)
• Holistic IT security

With the EU-GDPR, companies must take security measures to protect sensitive data.

DriveLock enables you to meet these requirements. You can encrypt your endpoint devices and receive access records and access control information via the Analytics & Forensics function.

Defence against internal and external attacks

Attacks on production facilities, critical infrastructures (KRITIS) or devices that do not belong to conventional IT has become a reality in everyday corporate life. According to a BITKOM study, every second company is now threatened by cyber attacks.

Industrial companies are a particular focus here due to the long runtime of approx. 7 to 10 years, security updates (patches, hotfixes etc.) are no longer provided for these systems. Hackers, therefore, target and exploit these security vulnerabilities. 

The combination of a device and application control effectively protects the manufacturing process. All interfaces of the PCs involved in production are monitored or blocked. The same applies to the applications used. The Machine Learning Algorithm automatically manages the local whitelist and controls the execution of applications. Nevertheless, service technicians must be able to import software updates, for example, via the USB interfaces of the devices.

One simply plugin the USB stick and follow the user guidelines so all applications can be installed in the production line within a defined time window. Machine Learning then ensures that all executed and copied files are entered into the Whitelist.

If, in addition, access to the USB interfaces is to be further restricted, maintenance can still be carried out efficiently and purposefully via the DriveLock SelfService.

Since all external drives are blocked, one can utilise DriveLock SelfService to grant access to the USB stick. This activates the learning mode. All executed and copied files are automatically whitelisted by DriveLock Machine Learning.

After software maintenance, the production line is protected again. It is no longer possible to run unauthorised applications or use devices without explicit user authorisation.

Increasing third-party risks:  The use of sensitive company data by various parties - internal employees, external financial advisors, etc. - entails increased risks for data protection and unwanted data loss

Increased compliance requirements: Introduction of an information security management system based on ISO/IEC 27001 for compliance with legal requirements and internal compliance requirements

Growing number of mobile endpoint devices: Mobile endpoint devices in companies increase the risk potential for data thefts and cyber attacks, and require an endpoint-oriented security concept

Significant increase in cyber attacks: Cyber attacks by organised criminal groups, hackers, activists or even by own employees are growing exponentially

To improve patient care and meet usage standards, hospitals and healthcare providers are increasingly implementing sophisticated, networked IT systems and utilising electronic patient records (ePAs).

The electronic exchange of information represents a major efficiency advantage for patient care but is also a major challenge for IT security in the healthcare sector - because the large amounts of data with sensitive patient data must be securely protected.

Since April 1, 2017, all critical processes must be reported to the BSI. Not every "critical process" is as obvious as an extortion trojan that encrypts patient data or threatens to steal it.

If, for example, a doctor's laptop with unencrypted, confidential patient or study information is lost, this will be considered an incident that needs to be reported.

Especially critical: Patient data does not have an expiration date. Credit card information, passwords etc. can be blocked, but insurance or identity card numbers cannot.

Effective prevention with DriveLock:

• Encryption of data
• USB access control: Data carriers may not simply be connected, authorised mobile data carriers must be encrypted
• Authentication: Protect computers/systems from unauthorised access
• Increasing the security awareness of employees