3 min read

DriveLock Delivers Zero Trust to the Endpoint


The German IT security specialist supports the paradigm shift in IT security with its fully integrated Zero Trust Platform

Munich, Germany. 28 October 2019 – DriveLock, a leading global provider of IT and data security solutions, protects over 3000 companies around the world from cyberthreats with its Zero Trust Platform. The company has now announced, its new release version 2019.2 (release date fall 2019) will be aligned with the Zero Trust security approach known as “never trust, always verify”.

“Zero Trust is a paradigm shift in IT security with its strategic goals of maintaining data integrity and fighting or containing data protection violations,” says Anton Kreuzer, CEO of DriveLock. “In the past, many companies thought all services, devices and users in their own network were trustworthy. That’s where conventional security concepts fall down, because they hardly ever include measures to combat harmful actions and access attempts from inside the corporate network. In addition, many firms underestimate the threat potential of their own employees.”

The progress of digitalisation has blurred what were previously clear boundaries between the company network and the outside world. The Zero Trust model is a paradigm shift in the sense that it does not differentiate between outside and inside, but rather treats all devices, services and users in the same way – and fundamentally mistrusts them all. Andreas Fuchs, Vice President Products at DriveLock explains: “Security systems must be provided wherever suppliers, partners and customers interact digitally with the company – regardless of how they do so.”

Zero Trust is more than just interconnected security tools

The choice of security platform is a decisive part of a company’s Zero Trust strategy. With its Zero Trust platform comprised of several key pillars, DriveLock provides a holistic approach to more effective security for a company’s digital environment.

DriveLock consolidates the detection of and protection against malware, as well as the elimination of vulnerabilities before they can be exploited. Its range of integrated functions includes anti-malware, encryption, application integrity protection, device and application control as well as the management of native OS security tools such as Windows BitLocker. In this way, the company delivers a broad portfolio of Zero Trust technologies for protection against threats.

The new functions include Endpoint Detection & Response (EDR). Using EDR, companies can identify anomalies and ongoing attacks at an early stage, as these attacks may have escaped detection by other prevention tools. EDR complements preventive control mechanisms that significantly increase companies’ resistance to attacks. EDR is an elementary part of the next generation of endpoint protection, while providing more transparency and control than ever before over user devices.

As its effectiveness has been dramatically enhanced with analytics and automation, it monitors security-related operations and creates behaviour analyses that detect symptoms of misuse. It includes automated and configurable response functions, enabling companies to react to incidents appropriately and prevent false positives. The application can be configured to react automatically to endpoint errors. For business-critical systems, a SOC analyst should check the system’s recommended resolution in order to prevent outages.

In Version 2019.2, DriveLock is also introducing its new DriveLock Pre-boot Authentication (PBA), which supports hard disk encryption by both BitLocker and the DriveLock solution. DriveLock PBA provides additional functionality to facilitate BitLocker management, such as logins with user names and passwords or with smartcards, as well as recovery using the challenge/response authentication protocol. Another new function in this version is obligatory encryption of USB storage media with BitLocker To Go.

Basic technologies like encryption are among the most efficient ways to implement data security and companies should view them as a fundamental and effective element in their Zero Trust concept. DriveLock minimises privileged access to data and uses encryption to protect data at rest, in transmission and in use.

Every Zero Trust initiative starts with an inventory of the data and its classification. The DriveLock solution can also help here. Companies need to know what data they have, where it is being sent and how it is stored – this enables them to protect it with suitable micro-perimeters and encryption. All hardware data, including from connected devices and storage media, is collected, processed centrally, and visualised in the DriveLock Operations Center. This ensures the security team always has an overview of the company’s compliance status.

DriveLock Zero Trust makes the difference

DriveLock shows company employees that they are an important part of a comprehensive risk prevention strategy. Programmes like anti-phishing training and simulation help to prevent phishing and social engineering attacks and create permanent security awareness among users. These soft skills complement the technical security checks.

DriveLock’s multi-level, fully-integrated Zero Trust platform combines the relevant elements of the Zero Trust security model, including Data and Endpoint Protection, Endpoint Detection & Response, and Identity & Access Management.

In addition to its Zero Trust platform, DriveLock also provides products for authentication, such as DriveLock Virtual SmartCard and DriveLock SmartCard Middleware. These are used to segment user access in a similar way to Zero Trust micro-perimeters, and protect the company from the inside with DriveLock’s powerful Identity and Access Management (IAM) solution. IAM is based on the principle of minimal privileges and protects users with administrative permissions. The solution’s two-factor authentication (2FA) minimises the risk of data access being compromised, especially where users use weak passwords or in critical infrastructures.

Written by DriveLock