Firewalls and antivirus software are no defense against acts of data theft and corruption from within your organization at local endpoints. You don't have to be an administrator to connect a small digital camera, MP3 player, or flash memory stick to the USB and begin uploading or downloading whatever you want. If you are a system administrator, you know you can't manage such device-level activity via Group Policy.
Using endpoint device security solution called DeviceLock®, network administrators can lock out unauthorized users from USB and FireWire devices, WiFi and Bluetooth adapters, CD-Rom and floppy drives, serial and parallel ports, PDAs and smartphones, local and network printers and many other plug-and-play devices. Once DeviceLock® is installed, administrators can control access to any device, depending on the time of day and day of the week.
For enterprises standardized on software and hardware-based encryption solutions like PGP® Whole Disk Encryption, TrueCrypt and Lexar® SAFE PSD S1100 USB drives, DeviceLock® allows administrators to centrally define and remotely control the encryption policies their employees must follow when using removable devices for storing and retrieving corporate data. For example, certain employees or their groups can be allowed to write to and read from only specifically encrypted USB flash drives, while other users of the corporate network can be permitted to "read only" from non-encrypted removable storage devices but not write to them.