Presentation is loading. Please wait.

Presentation is loading. Please wait.

Endpoint Data Protection and Leakage Prevention

Similar presentations

Presentation on theme: "Endpoint Data Protection and Leakage Prevention"— Presentation transcript:

1 Endpoint Data Protection and Leakage Prevention
Edy Almer VP Product Management & Marketing

2 - Proprietary & Confidential -
Agenda What Problem are we solving ? Legislation and Regulation Possible solutions Regaining Control of Endpoints and Data: Data Protection and Leakage Prevention with Safend Data Protection Suite Safend Auditor Safend Discoverer Safend Inspector Safend Encyptor Safend Protector Safend Reporter Summary Securing your Endpoints Solution Components Architecture Deep Dive into components as time allows - Proprietary & Confidential -

3 Data Leakage and Targeted Attacks A Clear and Present Danger
It seems like more and more we are hearing about data leakage situations. This is not simply because the threat is on the rise with all the new types of removable media in the marketplace but the main reason is that regulatory compliance now requires companies who have incurred a loss to disclose it. Inspector: The Transportation Security Administration is warning 1,195 of its former employees that a contractor may have mailed their Social Security numbers and birth dates to the wrong addresses and left them open to identity fraud --USA Today Protector: An investigation is under way into the disappearance of a computer hard drive which could contain the details of about 100,000 [UK MoD] Armed Forces personnel --BBC Encryptor: Personal data on more than 26 million U.S. veterans had fallen into the hands of thieves… The data were on a laptop and external drive stolen in an apparent random burglar - CNN News All of these types of data leakage examples could have been avoided if the companies had the Safend Solution. - Proprietary & Confidential -

4 Compliance Requirements
Most companies recognize that data is now their most important asset and want to put measures into affect to protect it. The other reason for implementing a solution such as Safend is because Regulatory Compliance dictates that you have to. 45 states currently have data protection laws and soon almost all will have the same type of requirements. Safend helps organizations meet their regulatory compliance requirements for data protection with such regulations as PCI, HIPAA, SOX, GLBA, BASEL II, J SOX, SB 1386, the European Union Directive, and DPA (the UK Data Protection Act), just to mention a few. States that currently have data protection laws States that do not currently have data protection laws - Proprietary & Confidential -

5 Government /Industry Regulations
PCI DSS HIPAA GLBA US State PII regulations SOX BASEL II UK Data Protection Act South Africa PPI During the next hour, I’ll provide you with an overview of Who is Safend; Then frame the Data Leakage Prevention problem in which the Safend Solution is addressing; Then review How Safend specifically solves the DLP problem. And then we will conclude with a Q&A session. Thanks and with that let’s begin. - Proprietary & Confidential -

6 Cost of Data Breaches Recovery Cost Averages
Average Incident Cost: $6.75 million Average Incident Cost per compromised record: $204 Customer Costs Incremental Costs Brand damage Loss of existing customers Recruiting new customers Unbudgeted legal, audit and accounting fees Notification to customers Free or discounted service to customers Call center expenses Public and investor relations Internal investigations 30% 54% 16% One last slide with statistics… According to the Ponemon Institute, The Average Data Loss Incident costs the company $6.75M with the average cost per record of $204 for 2009.$6.6M,$202 for 2008 & $6.3M,$197 for 2007 Once a public company reports a data loss incident, on average their stock will drop 5% and it will take 12 months to regain the loss stock value. By looking at this slide, it is easy to calculate your immediate ROI on the Safend solution. By implementing the Safend solution to protect your sensitive data, you are putting measures in to ensure that you will not encounter a data leakage event from your open port/device drives. Among the incidents reported, the most expensive data breach cost nearly $31 million to resolve, and the least expensive cost $750,000. Productivity Costs Lost employee productivity Source: 5th annual "Cost of a Data Breach" study by the Ponemon Institute - Proprietary & Confidential -

7 Approaches for Data/Access Protection
Encryption (at rest) Encrypt Removable Storage, Hard Drives against accidental loss. Encryption (in use – DRM) Microsoft, Adobe, management tools. Egress point control Port/Device Control, Endpoint/GW DLP (IPS**, WAF**, FW**) Access Control List NTFS ACL, Database proxy, application level proxy, NAC Full Spyware applications – record everything - Proprietary & Confidential -

8 Content Based DLP Port & Device Control Hard Disk Encryption
Single Lightweight Agent Agent Includes Multi-tiered Anti-tampering Capabilities Simple and Reliable Installation Process Port & Device Control Detachable Storage Control Removable Storage Encryption CD/DVD Encryption Wireless Control Hardware Keylogger Protection Hard Disk Encryption Centrally Managed and Enforced Transparent SSO Seamless authentication support Easy Recovery Strong Security and Tamper Resistant Content Based DLP Content Aware Application Control Data Leakage Prevention Through: , IM and Web External Storage Printers Any Application/Protocol safenddiscoverer - Sensitive Data Location and Mapping safendreporter – Security and Compliance Analysis safendauditor – Endpoint security status audit - Proprietary & Confidential - 8 8

9 Safend Data Protection Suite Architecture
I’d now like to review the Safend Protection Suite Architecture. Safend Data Protection Suite consists of Clients, a Management Console and a Management Server. The Clients are installed on the enterprise endpoints and they enforce the security policies locally on their hosts. The Management Server provides the services needed for configuring and monitoring Clients. Clients periodically communicate with the Management Server to renew their security policies, submit their logs and to initialize their suspension (one-time) passwords (OTPs). All communication between clients and the server is implemented as Web Service calls over SSL. Security Admins use the Management Console to interact with the Management Server. The Management Console is a Windows applications used by Admins to interact with the Management Server. Once logged in to the console, a user can manage and assign security policies, view client properties, view logs, and perform various administration operations such as change domain user credentials. Security Admins can explicitly request Clients to immediately renew their policy, submit logs or initialize their OTPs. To facilitate the management of clients in large deployments, the Management Server interacts with external Directory Services such as Active Directory (default) and Novell’s eDirectory. The Management Server utilizes either mySQL or MS SQL Server database to store its configuration, domain information, policies and logs. - Proprietary & Confidential -

10 Safend Data Protection Suite Single Management Server & Single Management Console
The Data Protection Suite allows definition of Encryption, Port&Device Control, Content Inspection and Content Discovery in one single server and console with a single agent deployment action. Common Client status and common logs and reports allow easy control and a short learning period

11 - Proprietary & Confidential -
Safend Inspector Content Aware Application Control Data Leakage Prevention Through: , IM and Web External Storage Printers Application (all protocols) Out of the box predefined classifications and Policies Interactive Message Center for user education protector encryptor discoverer safendinspector - Proprietary & Confidential - 11

12 - Proprietary & Confidential -
Safend Protector Key Features Prevents data leakage and penetration via endpoints Detects and restricts any devices Enforces granular policies over physical, wireless and removable storage devices via real-time analysis of low-level port traffic Tamper-resistant Centrally managed & seamlessly integrates with Active Directory Ensures regulatory compliance Easy to use and scalable safendprotector encryptor inspector discoverer Safend Protector monitors real-time traffic and applies customized, highly-granular security policies over all physical, wireless and storage interfaces, including: USB, Firewire, PCMCIA, SD, Parallel, Serial Modem, Removable media devices, external hard drives, CD/DVD Drives, Floppy Drives, Tape Drives, WiFi, Bluetooth, and InfraRed. It detects and allows restrictions of devices by device type, model or even specific device serial number. Protector is centrally managed & it seamlessly integrates with Active Directory and Novell Edirectory to enable Admins to leverage the native organizational units that have already been established. As I previously mentioned, we are a company that prides itself on “eating our own dog food” and have build an insurmountable amount of security into our solution. It is virtually impossible to circumvent, disable or uninstall the Protector Client. Not only do we have reporting and alerting built into the product, which by the way helps meet the many of regulatory compliance requirements, the logging that is sent to the management server is encrypted. From a scalability perspective, Protector has been tested and able to manage up to 100,000 clients with one management server. I’d now like to quickly describe a couple of Security features in Protector. In the backup slides that will be provided to you, there is a dedicated slide to each of these features should you feel that any one of these are of particular interest to your customer. - Proprietary & Confidential -

13 - Proprietary & Confidential -
Reports - Proprietary & Confidential -

14 Safend Encryptor: Key Features
Encrypts all data on laptops and desktops – Total Data Encryption True SSO (Single Sign On) technology Transparent to end users & help-desk personnel Centrally managed and enforced Full visibility of organization’s Encryption status Stable and fault tolerant encryption Total Data Encryption, maintains performance and minimizes the risk of OS failure safendencryptor protector discoverer inspector Safend Encryptor enforces an enterprise wide encryption policy to protect the data stored on laptop and desktop hard disks, so that sensitive data cannot be read by unauthorized users in the case of loss or theft. Safend Encryptor provides True SSO (Single Sign-On functionality). Safend Encryptor uses your existing Windows login interface for user authentication, and requires no changes to work processes. Highly scalable - a single management server can manage more than 75,000 agents. Additional servers can be seamlessly added to create a server cluster. Transparent to End Users - transparently uses Windows login to access the encrypted data and therefore does not require any end-user training. Transparent to Help Desk - transparently uses the generic AD domain password reset process. No dedicated password recovery procedure is required.

15 Safend Encryptor: Full Audit Trail Detailed Client & Server Log Records
Clients status displayed in the Clients World: Client Logs displayed in the Logs World: Server Logs displayed in the Logs World:

16 - Proprietary & Confidential -
Safend Encryptor Full Audit Trail Detailed Server Log Records Examples of Encryptor specific server logs - Proprietary & Confidential -

17 Edy Almer
Thank You ! Edy Almer

18 - Proprietary & Confidential -
Case Study Healthcare: Firmley Hospital NHS The Company Frimley Park Hospital is a 720 bed NHS Foundation Trust employing approximately 3,500 staff and serving a catchment population of over 400,000.  The Challenge: incorporate differing requirements across different areas of the business where unusual or complex medical devices are in use. The organization required a solution, which could be deployed within the short timeframes required by the new mandates, which was easy to manage and deploy and would not impact on the productivity of medical staff and administrators.   Safend’s Solution: flexibility and granularity of the Safend solution, with a phased roll-out of the policies on a ‘by department’ basis.  This ensured that a consistent machine-based policy could be implemented on most PCs with the occasional custom machine-based policy for unusual medical equipment and  custom user-based policies layered on top to address individual needs. The end result is that the Trust has an endpoint and mobile data security system that is largely invisible to the user but which provides full assurance that it has satisfied its obligations in securing mobile data. Having evaluated a number of solutions, including one from McAfee/SafeBoot, (which at the time was centrally procured by the NHS),  the Trust decided that the Safend solution was the best fit in terms of manageability and performance. “Safend was chosen because of its comprehensive integrated suite of endpoint security tools, including reporting, port control and disk and media encryption.  The other major criterion for the selection was the need for a centralised solution with minimal management overheads and the need for a system that was largely transparent to the user.”  - Firmley Park Hospital NHS, Head of IT - Proprietary & Confidential -

19 - Proprietary & Confidential -
Case Study Government: Navy Mine Warfare Training Center The Company The only training center that trains sailors for shipboard mine counter measures. The Challenge: To ensure the integrity and security of the sensitive data used for instruction Seamlessly control data access via portable devices without impeding on instructors’ abilities to access data for teaching purposes. Safend’s Solution: Deploying 350 licenses of Safend Protector to guard against data leakage on nearly 850 ports throughout the Navy Mine Warfare Training Center Comprehensive Security of WiFi, FireWire and game ports “Safend was the no-brainer choice to meet the Navy Mine Warfare Training Center’s needs. Of the 17 products we tested, it was the only one that could not be bypassed because it is loaded at the kernel and since it is not loaded as a service, users can’t shut the software off and circumvent the protection. The product was also very granular, making it easy to control access based on everything from device type to serial number. We found that it’s impossible to beat from our testing – you know you have found the right solution when no matter how hard you bang on it, it won’t break.” - The Navy Mine Warfare Training Center’s Director of Information Technology Herb Armstrong - Proprietary & Confidential -

20 - Proprietary & Confidential -
Case Study Healthcare: LA County Department of Mental Health The Company The Los Angeles County Department of Mental Health (DMH) serves approximately one-quarter of a million residents each year, making it the largest mental health service system in the nation. The Challenge: Protection from leakage of the Department of Mental Health sensitive and personal client data for thousands of residents. Appropriately allow the safe use of USB memory sticks while blocking dangerous file types. Safend’s Solution: Seamless deployment of Safend Auditor and Protector to over 4,000 machines at its 130 locations across LA County Enforce protection policies to ensure that the data being saved was authorized, encrypted and approved to access our corporate ports “Safend was the clear choice to manage DMH’s thousands of endpoints. We chose Safend because its auditing and alerting capabilities were superior to other products we tested. Additionally, Safend offers a tamper proof agent that is unbeatable,” ” - DMH’s Departmental Security Officer Jeff Zito - Proprietary & Confidential -

Download ppt "Endpoint Data Protection and Leakage Prevention"

Similar presentations

Ads by Google