Lumension® Device Control is an award-winning leader in preventing data loss / theft via removable devices / media, and is available as a modular offering on the Lumension EndPoint Management and Security Suite. With Lumension® Device Control, organizations can quickly identify all endpoint-connected devices in their environment and flexibly enforce a comprehensive security policy that prevents unauthorized use, limits malware intrusion, and forces encryption of sensitive data.

Lumension® Device Control enforces flexible usage policies for removable devices, removable media, and data (such as read/write, encryption) that enable organizations to embrace productivity-enhancing tools while limiting the potential for data leakage and its impact.

  • Data Loss & Theft Prevention Lumension® Device Control provides organizations with the means to control the use of removable storage devices / media.
  • Media Encryption Lumension® Device Control provides organizations with the FIPS 140-2 validated technology needed to protect data on removable storage devices / media.
  • Detailed Forensics Lumension® Device Control provides the in-depth information required to understand the risk posed by data transfers, to report on it for compliance or forensics purposes, and to update policies as business needs dictate.
  • Malware Protection Lumension® Device Control provides an added layer of defense against malware, specifically those being distributed via removable devices like USB flash drives.
  • Device Whitelisting Assign permissions for authorized removable devices (such as USB sticks) and media (such as DVDs / CDs) to individual users or user groups; once in ‘enforcement mode’ only explicitly authorized devices / media / users are allowed access by default.
  • Flexible Policy with Granular Control Permission settings include read/write, forced encryption, scheduled / temporary access, online / offline, port accessibility, HDD / non-HDD devices and much more; can be set for individual and/or groups of users, machines, ports and devices.
  • Read-only Access Define any device (e.g., a floppy drive, DVD / CD writer, USB external hard drive, and so on) as read-only; other device permissions include: write, and encrypt / decrypt restrictions.
  • Temporary /Scheduled Access Grant users temporary access to removable devices / media, which can be used to grant access “in the future” for a limited period. Also, limit device usage during a specific time period; allows for development of sophisticated security policies where certain devices can only be used at certain times (e.g., from 9 A.M. to 5 P.M., Monday to Friday).
  • OffLine Enforcement Permissions / Restrictions remain effective even when endpoint is offline; these can be the same as when online or different (see Context-Sensitive Permissions).
  • Device Management Detect and manage all devices – including Plug-and-Play and non-standard / user-defined devices – “on the fly” within the system.
  • Data Copy Restriction Restrict the daily amount of data copied to removable devices (such as USB flash drives) on a per-user basis.
  • Pre-Device Permissions Granular permissions to control access at device class (e.g., all USB flash drives), device group, device model and/or even unique ID levels; for instance, restrict access rights to a specific device of a company-approved model.
  • Uniquely Identify and Authorize Specific Media Authorize and manage DVD / CD collections, by granting access to specific users or user groups and encrypting removable media with unique IDs.
  • Context-Sensitive Permissions Apply different permissions / restrictions depending on network connectivity status. For example, disable WiFi cards when laptops are connected to the network, but enable them when the machine does not have a wired connection to the network.
  • File Type Filtering Restrict and manage the types of files that are moved to and from removable devices (such as USB sticks) and media (such as DVDs / CDs); combine with forced encryption for added protection.