Zlock^TM Key Features

Key Features

Zlock^TM is an enterprise endpoint security software solution providing network administrators with the ability to secure, monitor and control computer ports and external devices as part of an information security program. The solution protects against internal data leakages occurring when confidential corporate data is printed or copied from internal workstations and laptops to unauthorized portable storage devices through unmanaged USB, LTP, COM, Firewire and IEEE 1394 ports.

Zlock comes with the following key features:

Device Access Control

Zlock controls access to external devices based on administrator defined access policies, establishing a relationship between a device and a set of access rights.

There are three types of defined access rights:

• Full access
• Read-only access
• Denied access

Access rights can be applied to a particular device or group of devices, each with unique settings for an individual or group of users, based on predefined access control lists (ACL).

Access policies have adjustable time periods and can occur once or repeatedly. This flexibility gives system administrators full control over both the device access level and the access time period. For example, a company may grant an employee a different level of USB port access during business hours versus after-business hours. Visitors to a business may have a onetime usage rights for a USB flash memory stick where access is rejected once the device is disconnected from the USB port.

Zlock provides the capability to define default access policies that can be applied to connected devices not specified in any of the existing policies – valuable in implementing corporate information security policies intended to limit/prohibit use of any type of peripheral devices not sanctioned for utilization. In cases where the validity of the device is in question, the default access policy may simply reject use of the device.

Zlock’s access policy can be easily modified, offering administrators the ability to fine-tune access rules and privillages. For example, the type of network connection the computer is using can be crucial in deciding whether to allow access. A policy can sanction the use of peripheral devices when connected through LAN, but disable all USB ports when connected via VPN or when a connection is not available. This adaptable access policy makes Zlock a powerful tool in the implementation of more demanding security requirements.

It is possible to anticipate and resolve policy conflicts by establishing priorities. The policy with the higher set of priorities will determine the device’s access.

Handling Device Access Requests

Within the system, Zlock users can send a request to access a specific device that has not been approved by any of the existing access policies. Subject to the company’s security policies, the system administrator can quickly grant access, while maintaining maximum productivity, without compromising the safety of the network or data.

In case of emergency, users can also request access rights via phone when an Internet connection is not available. Administrators can promptly create new access policies and share a onetime secret code with the user, creating the new policy for the workstation. The policy can either be permanent or a onetime event, blocking the device after: 

• The device has been disconnected from the computer
• The session has ended
• A specified period of time

This provides an organization with the utmost flexibility to support dynamic and ever-changing business requirements.

Supported USB, LPT, COM and Other Devices

Zlock can recognize, control and monitor the following device types:

• USB devices (flash drives, digital cameras and recorders, MP3 audio players, PDAs, smart phones)
• Local network printers
• Internal devices (Wi-Fi controllers, Bluetooth devices, IrDA, network cards & modems, FDD, CD & DVD drives, hard drives)
• USB, LPT, COM, Firewire and IEEE 1394 ports
• Any other connected device that is internally identified by the operating system

Zlock supports large installations by compiling a catalog of all devices on the network and making this log accessible from a single location. The types of information collected include:

• Device name, class, type and serial number
• Device manufacturer
• Other unique device parameters and properties

Creation of access policies is based on this data.

Remote System Management

Zlock employs centralized monitoring and management of all network computer ports and devices through its administration console. The console can be installed anywhere on the network and accessed remotely via TCP/IP protocol with proper administrative credentials. The Zlock management console enables the administration staff to perform vital tasks, such as:

• Remote deployment of Zlock software on workstations and laptops
• Centralized creation and deployment of device access policies
• Monitoring use of ports and devices
• Management of Zlock logs
• “Shadow copy” management

If necessary, client-side installations can be performed without the need to reboot the workstation, making the deployment completely transparent to the user and eliminating any downtime or loss in productivity.

Segregation of Roles

Zlock allows administrators to set up different user roles, defining role-based user accounts, such as administrator, manager or auditor. This clear separation of functions enables the system administrator to manage users’ access permissions, while allowing auditors to view only the collection of system events and the “shadow copy” files.

Integration with Active Directory

Zlock is tightly integrated with Active Directory, delivering immediate access for administrators to the network domain tree structure and the computer’s inventory, greatly improving system scalability and maintainability.

Aside from the management console, Zlock can be deployed and administered from within the Active Directory group policies, where the administrator can install, remove or update Zlock software, as well as disseminate access policies and system configurations. For large enterprise environments with multiple IT departments, this capability simplifies the system installation as the system administrator is not required to have rights on local machines when installations are managed by a domain-level administrative account.

Monitoring

Zlock provides a comprehensive set of tools to monitor client workstations, enabling periodic screenings of Zlock client modules, issuing warnings in case of unauthorized attempts to disable any Zlock modules and making changes to settings and/or device access policies. Having an event-driven architecture, Zlock gives administrators full control over the way the system can respond to events by including a program to run user-defined scripts written in various scripting languages, such as VBscript or Jscript. As the result, the system can perform a wide spectrum of measures, including sending a warning notification by e-mail, starting or stopping applications, or carrying out other required actions.

Events Collection and Analysis

Zlock maintains a log of all significant system developments and events, including:

• Connection and disconnection of devices
• Device details
• Changes in device access policies
• File operation event details (saving, accessing, deleting or renaming of files performed on managed devices)
• Meta-data of the event

Zlock provides a facility for querying and analyzing logged content and exporting the data into HTML format. With the use of standard tags, Zlock gives administrators the flexibility to take full advantage of third-party analysis and report building tools.

Shadow Copy

Zlock’s Shadow Copy functionality gives businesses a way to monitor and inspect files accessed and/or moved/copied from the corporate network, by providing a silent or shadow copy of the file along with other auditable information on corporate servers. This reinforces personal accountability and prevents unnoticed corporate data leakages.

Zlock copies all documents written to an external device to a secure log on the local machine and transfers them to corporate servers during network-connected sessions. Zlock’s Shadow Copy can track specific information about the file and its content – date and time of the event, user’s credentials, type of device used and other useful data – giving an administrator all the necessary facts to investigate any security incident or breach. The information can be tracked and grouped by specific users, user groups, types of media and other criteria, allowing an organization to compile the precise data needed to meet its auditing needs.

In addition to preventing unsanctioned movement and copying for electronic files, Zlock Shadow Copy provides the same audit trail capabilities for printed materials, giving the organization ultimate control over all network endpoints, both inside and outside the network perimeter.

Server Logging

Zlock implements client-server synchronization of event journals for a more reliable collection, storage and handling of the event log entries. While in offline mode, Zlock collects and stores all of the event information locally on the client’s computer. When the network connection is restored, the data is synchronized with a centralized server, where it is stored in MS SQL database or XML files.

Monitoring Zlock Integrity

Zlock carefully maintains full integrity of its files and configurations. If any of Zlock components are removed, modified or tampered with, the system will immediately block the user and only be available to the administrator. This protects Zlock from unauthorized changes made by users or malicious software.