Zlock — Features

Types of Controlled Devices

Zlock helps you to control user access to the following devices:

• External, connected via the USB-interface
• hard drives, disc drives, CD/DVD-ROM drives, COM and LPT ports; PCMCIA, i-Link (IEEE 1394), WiFi, Bluetooth, IrDA controllers, etc.
• All other physical or logical devices connected to a computer.

Zlock identifies individual USB devices by serial numbers, or device classes by attributes (type, manufacturer, etc.), and stores this information in the Device Catalog for easier creation of access policies.

Access Policies

Zlock enforces security via access policies. For each device or group of devices, you can assign one of the following rules:

• Access denied for all users
• Read-only access for all users
• Full access for all users
• Custom access rights for selected users or user groups.

For each device or device class, you can create as many policies as needed. The access policies can be permanent, recurrent, based on preset schedules, one-time, or tied to user- or device-specific events. Each policy is assigned a priority to prevent conflicts. User access is managed via Access Control Lists.

A configurable Default Policy applies to all devices that do not belong to other policies.

Centralized Installation and Management

Zlock allows for remote installation and management; access policies are automatically applied to all computers on the network. Integration with Windows Active Directory allows the administrator to import domain structure and quickly deploy the system, distribute settings and access policies using Active Directory group policies.
Employees who manage Zlock system can have different access rights, from full access to the entire functionality to auditing and log analysis features only. 
Zlock also enables users to easily request access to particular devices via emails created from the system. Based on these requests, administrator can create new temporary or permanent policies.

Monitoring and Event Handling

Zlock has the ability to constantly monitor workstations connected to the network for unauthorized attempts to tamper with the system settings or access policies. It can happen, for example, if an end user has local administrator rights. Zlock immediately reports these attempts together with the details of unauthorized access to files, peripheral devices or network resources, and sends warnings to the IT/Security department. It also allows for pre-programmed responses to such violations.  

Log Analysis

To help you identify potential internal threats at an early stage, Zlock includes log analysis functionality.
Information on all attempts, successful or not, to access peripheral devices, is logged: connect/disconnect devices, read, write, delete, or rename files on portable memory units.
Changes to access policies and event handling settings can also be logged. You can store logs on a local machine or a server, as XML files or in Microsoft SQL Server database.  

Shadow File Copying

To control the data copied to the external media, all files written to portable memory devices can be shadow-copied for further analysis. Shadow copies are stored on the log server with all the information relevant to the copying event: time, date, file name, application, user, external device; and can be opened and viewed by authorized personnel. 

Supported Operating Systems

Microsoft Windows 2000, XP (Home/Professional), 2003, Vista.

Trial Version

A 30 day fully functional trial of Zlock is available upon registration.