Client Device Managers

DeviceLock 6.0
Of the three products I tested, SmartLine's DeviceLock 6.0 is the most integrated with Windows management tools. You can deploy the agent by using the DeviceLock console or by using Microsoft Systems Management Server (SMS), a benefit for those already using SMS. Further, in addition to its standalone console, which Figure 3 shows, DeviceLock provides a Microsoft Management Console (MMC) snap-in and a policy editor that integrates into Windows Group Policy Editor (GPE) and lets you create DeviceLock policies in GPE.

When the client agent is installed, it scans all the available ports and devices—including internal hard drives, serial and parallel ports, USB and FireWire ports, CDROM/DVD drives, floppy drives, network cards, and Wi-Fi and Bluetooth connections—on the PC and makes them available for use in policies. This approach is quite different from that of the other products, which don't actively search the ports on the computer. The scan allows DeviceLock to produce a list of ports and devices specific to each client PC, but the results aren't significantly different from those of the other products reviewed. And on a large network, DeviceLock's comprehensive scan would be time consuming.

DeviceLock Enterprise Server is a separate component with a console that lets you configure DeviceLock permissions outside of the GPE and centralize logging data that's otherwise stored on each client. As with the other products in this review, DeviceLock Enterprise Server uses SQL Server to store the logging data. Unfortunately, DeviceLock provides no out-of-the-box way to produce reports on the logging data, so a third-party reporting utility is required to make the best use of the audit trail.

One feature that's unique to DeviceLock is the ability to schedule device policies to take effect at certain times of the day. For example, a business that doesn't require users to lock or log off their computers at the end of the business day could set a policy that locks down all devices at 6 P.M. to prevent data theft by someone in the office after hours. Like DeviceWall, DeviceLock includes the ability to grant temporary device access to offline users.

DeviceLock also has a couple other unique features. Administrators can allow access to specific CD-ROM/DVD media by uniquely identifying them, even if a policy specifies that the drive is normally locked. This feature could be used, for example, to allow internal training CD-ROMs to be used by anyone without having to grant temporary access to a CD-ROM drive. DeviceLock can also make a shadow copy of all data sent to external storage devices or transferred through serial and parallel ports, so you could audit not just filenames but the actual content copied.

As with the other products, I wasn't able to defeat DeviceLock with my array of portable storage devices. Despite the lack of included reporting tools, DeviceLock is a solid, reliable endpoint security product, although it's a bit more expensive than the other products reviewed while offering similar client protection.

Getting the Job Done
It's important to remember that each of these products secures a computer's ports and devices only when the client agent is running on the endpoint. The products help prevent casual data theft made possible by the current crop of small, high-speed portable devices. A more concentrated attempt at data theft by removing a laptop's hard drive or booting from a live CD that contains Linux or another OS will defeat the device control offered by these products.

That said, all three of the reviewed products get the job done in terms of helping prevent data loss due to the connection of unauthorized devices. No matter what device I used to try and steal data, I was prevented from doing so by the policies I created.

Also, each of the products can use SQL Server for centralized collection of auditing data. This is vital because without a centralized audit database, auditing and reporting is time consuming, if not completely unfeasible. Beyond the basics that each of these products handles admirably, I was most impressed by the robustness of DeviceWall's device profiles as well as its support for manually creating new device profiles. This gives administrators the ability to limit connections to specific brands of devices in addition to specifying the general types of devices that can connect to endpoints. (See Table 1 to compare the three products' features.)

Reporting on audit data is critical to a timely, comprehensive view of endpoint security, including reporting on where and when unauthorized activity is taking place. DeviceLock is a fine product for organizations that have the reporting tools and skills in-house to develop custom reports from the audit data, and the GFI EndPointSecurity ReportPack add-on offers some very nice reports. However, DeviceWall offers informative reports built right into the product. Because of the flexibility and customizability of DeviceWall and its powerful built-in reporting features, DeviceWall is this Editor's Choice.