Powerful Encryption Right Out of the Box

Everything you need to encrypt data is built into the FIPS 140-2 Level 3 (#4008) and Common Criteria certified (pending*) K350. No drivers. No setup. Just iron-clad, hardware-based AES 256-bit encryption in an easy-to-use interface, which is further guarded by an army of automated security policies.

Protect Data at Scale

Remote management available with SafeConsole®, lets admins fully control or terminate devices over the Internet. Rapid, no-hands, automated deployment at scale is available for both managed and unmanaged K350 drives using the DeviceDeployer tool.

Ensure User Adoption With Easy-to-Use Keypad

The on board screen streamlines setup and operation making it easier to operate than any keypad device on the market. The screen gives end-users quick access to secure data and allows them to customize device settings. On-screen instructions make setup fast and easy.

Remotely Manage and Audit Your Entire Fleet

All K350 drives are remotely manageable with SafeConsole, giving admins the ability to remotely lock or wipe drives, reset passwords, view last-used locations, and see what data has been added, removed, or changed on the drive. Set device or group-specific policies for all the drives in your fleet.

K350 FEATURES

FIPS 140-2 Level 3 Certification – FIPS 140-2 level 3 certification and pending Common Criteria EAL5+ certification. Provides always-on hardware based encryption. Dedicated AES 256-bit XTS mode crypto engine meets rigorous cryptographic standards and is more secure than software-based alternatives. Hardened internals and enclosure for increased physical security.

Admin Policies and Data Recovery – Admins can set rigorous password policies (non sequential, non-repeating special characters, minimum characters). Should users forget a password, admins can unlock the K350 using the admin password. Admins can also recover the user’s data by logging in with the admin password. The user will be forced to reset their password upon their next use.

Nothing to Install – All encryption, administration, and authentication is performed on the K350 unit. This means devices in standalone mode don’t require a software agent; they work right out of the box.

Fully Manageable Device – Use DataLocker SafeConsole to manage individual and groups of devices using automated policies.

Brute Force Password Protection – Admins can configure how many failed password attempts are needed before the device destroys its payload.

K350 MANAGED FEATURES

Remote Device Detonation – Lets admins functionally destroy the device and its data remotely to protect against data or encryption key theft.

On Board Anti-Malware – Automatically scans files and quarantines/destroys bad apps/files based on policy settings.

Comprehensive Audit Capabilities – Have a complete record of file activity (including name changes on the device), password attempts, device locations and machines, device health, and policies in force.

Data Geofencing – SafeConsole uses geofencing, trusted networks, and ZoneBuilder to ensure a device changes its security posture based on its location.

NetworkLock adds contextual-level control of user network communications via the Internet through such means as: company email, personal webmail, instant messaging services, social networks (like Facebook, Google+, Twitter), web surfing, FTP file transfers, as well as cloud-based file sharing services like Dropbox, SkyDrive and Google Drive.

ContentLock adds the capability to look inside files and other data objects (like emails and webmails, chats, blog posts, etc.) for sensitive information like social security numbers, credit card numbers, bank account numbers or other user-definable information and to make block-or-allow decisions based on policies having to do with file contents.

Discovery is a separately licensed component, which helps network administrators and security personnel locating certain types of content stored within and outside the limits of the corporate network. Discovering unwanted content is essential when trying to protect the company’s intellectual property, control employee activities and administer computer networks.

Search Server is an optional separately licensed component, which provides full-text searching of logged data. The full-text search functionality is especially useful in situations when you need to search for shadow copies of documents based on their contents.

The combination of all of these modules working together is the DeviceLock DLP Suite. The DLP Suite provides protection against local and network data leaks at the endpoint (laptop, desktop or server) via a wide array of threat vectors.

These include: iPhones, Androids, BlackBerry, other smart-phones, iPods, iPads, digital cameras, Wi-Fi, Bluetooth, FireWire, social media, IM, webmail, company email, printing, CD or DVD ROM, USB flash drives, Compact Flash, FTP/FTPS, HTTP/HTTPS and the clipboard.

Natively integrated with Microsoft Active Directory Group Policy, the DeviceLock DLP Suite is very easy and straight-forward to install and configure. Typical installations are handled by Microsoft Network Administrators and do not require expensive, specially trained resources.

The other great customer benefit of DeviceLock’s tight integration with Active Directory is that it gives the solution virtually limitless scalability. The DeviceLock DLP Suite can effortlessly run on every endpoint listed in your Active Directory database … even if there are tens of thousands.