DriveLock Device Control
Start your test now!
Category: Use Case
Module: Device Control
Testing time: 30 min
This use case, will show you how easy it is to protect your endpoints with DriveLock Device Control.
1. What is the use case about?
DriveLock provides intelligent device control, with or without cloud services. USB flash drives continue to be an important means of exchanging data. To protect sensitive information from ending up in the wrong hands, DriveLock monitors transactions performed via USB storage devices. In case you have to use a USB flash drive to store such data, you can encrypt it with DriveLock. Staff also use company USB ports to charge cell phones or other devices. This allows malware to quickly enter devices and systems.
Survey shows that 80 % of employees have already copied data from or to USB flash drive or connected devices to the USB port for charging without even considering the consequences. DriveLock protects your business effectively. Threats like Meltdown or Spectre reveal the need for more than just sophisticated permissions, antivirus software and firewalls.
This use case is aimed at protecting your test computers in terms of devices. Device control is configured in a very simple but effective way. Additionally, DriveLock monitors and checks each connection and date flow. This provides you with all the necessary information you need for your compliance reporting or for forensics in case of a data breach.
2. How does it affect your client computer?
After you have assigned the policy 010 - Device Control to a computer, all drives, except fixed disks and encrypted volumes, will be locked. To use a drive like a USB drive, you must first add a drive rule. This can easily be done by plugging the drive into the client. Now inventory data will be collected which can be found in the DriveLock Operations Center in the Inventory workbench > Devices. By right-clicking on the drive you can add it to a drive rule or create a new one. Now this drive can be used on computers with DriveLock Device Control.
Drive and device events will be audited by the DriveLock agent and can be monitored in the DOC.
The added devices can be found under Administration > Rules, where they can also be removed.
USB drives that you have added to a drive rule with Enforced Encryption option can be used, if they are encrypted. If they are not, a wizard will appear that will allow you to encrypt the USB drive.
With the Device Control policy, DriveLock provides two encryption solutions for removable media: Microsoft BitLocker To Go and DriveLock Encryption 2-Go.
To use encryption, the computer needs to be added to the specific DriveLock group: Config BitLocker To Go or Config Encryption-2-Go.
You cannot access the flash drive until it is encrypted. Once encrypted, you can unlock it either with the password set at the beginning, the administration password (e.g. here: DriveLock1), or the recovery certificate (in the DOC, in Settings > Certificates or locally in C:\ProgramData\Center Tools DriveLock\PolicyFileStg (PW: DriveLock1).
Access to the connected device is only granted after accepting the notification. Also, any data flow related to this device is monitored and tracked. If you urgently need to access a device, you can temporarlily unlock it.
Learn more about tomporarily unlocking agents here.
Locked devices - BadUSB
Known BadUSB devices like USB controllers (e.g. BashBunny) and Human Interface Devices will be locked by default with the DriveLock Device Control policy.
3. How to monitoring the results in the DOC?
The DriveLock Operations Center provides you with a lot of information about your endpoints. You can, for example, use the existing Device Control dashboard, which displays graphs based on events.
It is also possible to create reports for this purpose, templates are available, too. They can also be exported to PDF and downloaded.
