Presentation is loading. Please wait.

Presentation is loading. Please wait.

GARDA ENTERPRISE МФИ Софт A handy DLP solution.

Published byLeona Burns Modified over 8 years ago

Similar presentations

Presentation on theme: "GARDA ENTERPRISE МФИ Софт A handy DLP solution."— Presentation transcript:

1 GARDA ENTERPRISE МФИ Софт A handy DLP solution

2 Garda Enterprise: a new view on data leak prevention 3
Capabilities System overview A new generation of DLP solutions Operating principles System management Getting deeper Security policies Quick search Search criteria Data storage Traffic handling Workstation monitoring Monitoring and blocking traffic flowing over secure connections Analytical capabilities Statistical reports Employee’s contacts Employees profiles Data dissemination diagrams Methods of analysis Advantages of Garda Enterprise Hardware and software requirements Support About MFI Soft GARDA Enterprise is a cutting edge solution featuring all the latest technologies in the field of data leak prevention (DLP)

3 A new view on data leak prevention
As a rule, configuration and maintenance of DLP systems, as well as the analysis of results of their operation requires lots of efforts. Garda Enterprise is designed to streamline and automate the day-to-day routine of information security (IS) officers. Garda Enterprise starts revealing information policy violations and potential threats right after deployment, even before all the DLP implementation and setup stages are complete. Detection of major risks, data categorization, fast creation and monitoring of information security policies are intuitive and can be managed without having a glance at the manual. Back to contents

4 Efficient data leakage prevention
Based on in-house smart algorithms of detection of sensitive information Garda Enterprise safeguards all communication channels and immediately alerts IS officers to security policy violation attempts. Analytical system Analysis of the trends in the Company information flows allows the development of long-term leak prevention strategy and real-time detection of suspicious user activities. Handy monitoring tool Interactive creation of information security policies, management of employees’ access to information resources, documents and physical devices, productivity monitoring. Capabilities New technologies employed in Garda Enterprise broaden the functionality and application of DLP solutions

5 SYSTEM OVERVIEW A new generation of DLP solutions Operation principles
System management SYSTEM OVERVIEW

6 Garda Enterprise – a new generation of DLP solutions
Monitor and analyze communications of your employees to minimize data leak risks. With the rich capabilities of Garda Enterprise you will be able to: Prevent data leaks Identify disgruntled employees and prevent insider attacks Use a powerful set of tool for internal investigations Easily manage information policies and analyze their efficiency; Perform comprehensive monitoring and analysis of user activities Keep archives of all business communications Garda Enterprise – a new generation of DLP solutions Back to contents

7 Operating principles Garda Enterprise comprises the following subsystems: Interception and management module Storage module Analytical module The modules are tightly integrated and supplied on a single hardware platform: All software components are the intellectual property of MFI Soft and does not require any third-party licenses. Go to next slide for details. Back to contents

8 Interception and management Includes sniffers handling network channels and workstation agents monitoring personal computers and devices connected to them and ensuring various types of blockings (cloud storages, removable devices, processes, etc.). Storage A data warehouse that ensures efficient storage and indexing of all data (messages, files, traffic statistics) generated and exchanged by the staff.   Analytics The analytical module ensures automated data analysis; detection of policy violations, user behavior and traffic irregularities; report generation. Operating principles: Subsystems Back to contents

9 Managing the system Garda Enterprise provides an intuitive web interface for efficient system management. Usability — an operator can easily learn and start working with the system even without reading the manuals; Efficient handling of day-to-day tasks; Platform independent — manage the system from any device and under any operating system. Вернуться к оглавлению

10 GETTING DEEPER Security policies Quick search Search criteria
Data storage Traffic handling Workstation monitoring Monitoring and blocking traffic flowing over secure connections System management GETTING DEEPER

11 Security policies Interactive policy creation and preview of results.
Quick and easy policy configuration. When configuring a policy, you immediately see the outcome of applying it, so you can interactively adjust the policy until you get the required result.  With a comprehensive set of criteria (type of data, employed software, communication channels, etc.) and conditions (key words, tags, search criteria and their combinations) you can design policies of almost limitless complexity. Policies are based on search — you can preview the result of the policy being created and, if necessary, make appropriate changes to minimize false positives. Back to contents

12 Quick search The search among data objects is done in a similar fashion as searches in the popular search engines. Found objects are displayed in a readable format. The operator can use a rich set of refining search criteria.   The search does not depend on the file types and can be run even inside archives.  Regular scanning and the possibility to save search templates allow the operator to receive notifications about current events without adding them to the policy list. Garda Enterprise keeps the full copy of all traffic. Upon creation of new rules and policies, you can run a retrospective analysis of data in the archive. Yet no other system can offer such a useful feature. Back to contents

13 Search criteria Key words and phrases, including their occurrences in attached files and archives Regular expressions Search for similar documents File name, document attributes, type, size, protocol, port, etc. User accounts in Active Directory (import of user data from the LDAP server) IP address IM idetifiers (Skype, MSN, ICQ, etc.) Social network IDs addresses VoIP account names / phone numbers Back to contents

14 Data storage Garda Enterprise is one of the first DLP solutions developed with the use of the BIG DATA technology. Our data storage subsystem was designed to address the typical problems of other DLP solutions. It ensures: Storing of a wide range of data – information about incidents, specific data flows or full copy of the company data flows. Fast access to data, search and analysis. Low cost of storage in comparison with other similar solutions. Garda Enterprise collects data from different sources (network traffic, mail servers, users’ workstations, etc.) and keeps it in the storage for further processing and analysis. Back to contents

15 Traffic handling Monitor all possible data transfer channels.
Garda Enterprise supports the following network protocols: Mail and news protocols SMTP; SMTPs; IMAP4; POP3; POP3s; MAPI; NNTP; S/MIME: MS Exchange. HTTP, HTTPs (GET and POST methods) v 1.0, v 1.1. FTP, FTP over HTTP, Tunneling protocols (IP-in-IP, L2TP, PPTP, PPoE), Telnet, Kerberos 5 authentication protocol Messengers OSCAR (ICQ v7, v 8, v9); HTTPIM (messaging in social networks); MSNP v.12, v.13 (MSN Messenger, Windows Live Messenger); YMSG v (Yahoo Messenger Protocol); IRC; MMP (Mail.Ru Agent); Skype (text messaging and file exchange); MS Lync; XMPP (Google Talk, Jabber QIP, SMS) VoIP telephony SIP v .2.0 (RFC 2543bis/3261); SDP, H.323 v .2; H.245 v .7; H.225 v .4; T.38; Megaco/H248; MGCP, SKINNY; H.263 ABC; H.264 (single NAL unit mode), including video calls. Each VoIP session can be stored as a full dialog or can be split by channels (both incoming and outgoing calls) File sharing networks BitTorent (standard 11031); Gnutella (v0.6); E-Mule (v0.49b); Direct Connect Protocol (dc++ v0.707) Back to contents

16 Workstation monitoring
Ensure all-round monitoring of your staff workstations. In addition to in-depth analysis of communications and information about the usage of software and peripherals, Garda Enterprise provides a wide set of capabilities for user workstation monitoring. Features of the workstation agent: Scheduled captures of the screen; Logging of applications run by users with time tracking; Blocking of unwelcome applications (separately and by categories); Monitoring of files sent to printer (interception, covert copying); Key logging; Blocking of file transfer over Skype; Blocking of removable devices (internal and external); White lists of external devices with permissions for reading/writing data; Covert copying of data transferred to external devices; Workstation monitoring Back to contents

17 Monitoring and blocking traffic flowing over secure connections
Monitoring of traffic transferred over secure connections is ensured by a special module tapped into the protected network. How it works The module blocks HTTP and HTTPs connections to a pre- defined list of resources (by URLs). For instance, it can ban access to social networks and cloud storages. Main features of the module: Instant interception of data transferred over secure connections; Possibility to use external SSL certificates; Bypass adapter for increased fault-tolerance. Monitoring and blocking traffic flowing over secure connections Back to contents

18 System management The Garda Enterprise web interface was designed with a deep understanding of the tasks of information security officers and provides maximum efficiency and ease of use. The web interface features the following pages: Main page — shows the current status of information security in the company — latest incidents, detected irregularities, general statistics. Policies — serves for configuration of security policies. Employees— displays the list of employees, their personal profiles and latest activities. Search — the page where the user can search intercepted data for the objects of interest (messages, documents, visited web pages, etc.), group them and use searches for policy creation. Reports — multi-level graphical reports with exhaustive statistics Settings — system settings, workstation agent management (including installation and removal). Back to contents

19 Analytical capabilities
A unique reporting system allows IS officers to not only monitor how company’s sensitive data is being used, but also to detect irregularities in the information flows and predict potential leaks. See next slide for details. Back to contents

20 Analytical capabilities
Interactive All data displayed in graphical reports are interactive and allow IS officers to “drill down” to a specific object ( message, web page, IM dialog, etc.). Real-time All reports are generated in real time. When drawing up interactive diagrams of data flows and staff contacts you can just drag-and- drop the object of interest into the report area, the rest will be done by Garda Enterprise. Big data The use of the latest big data technologies provides great analytical capabilities. The system generates a variety of reports, both general and incident-specific reports for investigations. In addition to information security aspects, Garda Enterprise allows monitoring of staff productivity by revealing facts of improper activities during office hours. Details: Analytical capabilities Back to contents

21 Statistical reports The reporting mechanism is implemented with the use of the drill- down approach — from a summary report you can move to a more detailed one and eventually right to a specific information object. Reports allow IS officers to detect deviations in the statistical picture of information exchange between employees and track important trends. Back to contents

22 Employees’ contacts This interactive diagram shows the cloud of both internal and external contacts of an employee, communication intensity and means. Back to contents

23 Employees’ profiles Save your time on routine tasks. Garda Enterprise automatically fills-in employees profiles. Click over the person of interest to view his/her: Account names in different services Activity statistics Latest actions  For better monitoring results, you can manually enter additional data. Back to contents

24 Data dissemination diagrams
Visual representation of all data movements starting from first communication inside the company till the moment it is passed outside. Diagrams show both engaged employees and communication means and allow IS officers to quickly investigate incidents, reveal insider threats and find employees who got unauthorized access to sensitive data before it leaks out. Back to contents

25 Methods of analysis Search for similar documents
Search for specific documents and their fragments in the volumes of data exchanged by users. Ensures detection of unauthorized access and dissemination of sensitive information. Patterns (regular expressions) The use of patterns allows scanning data flows for such data as passport and credit card numbers, addresses, etc. Ensures detection of personal data, financial documents. Linguistic analysis Advanced linguistic analysis algorithms ensure quick and efficient search for required data using built-in search engine. Also these algorithms increase the efficiency of policy operation. Methods of analysis Garda Enterprise uses the most efficient technologies of data analysis Back to contents

26 Advantages Garda Enterprise —
First DLP solution using technologies for storing and analysis of Big Data Fast and user friendly web interface Stores all the company data Powerful analytical system with predictive capabilities Efficient interception on all major communication channels Control over removable devices Monitoring of VoIP services All sorts of reports even for the most demanding users Productivity monitoring Garda Enterprise — Advantages Back to contents

27 Hardware and software requirements
A full-functional system (including workstation agents management, monitoring of HTTPS, interception and analysis of traffic, data storage) runs on a 1U\3U or 4U server depending on the number of monitored workstations and required storage period. Example A system for monitoring of 400 workstations and 6-month storage period runs on a 1U server. Back to contents

28 Recommended hardware requirements for trial deployment:
Traffic rate Number of workstations Hardware requirements 4 cores 8 GB RAM 1 TB HDD (data storage period: up to 1 month) Up to100 Mb/s до 10 16 cores 32  GB RAM 1 TB HDD (data storage period: up to 7 days) Up to1000 Mb/s до 100 Back to contents

29 Support 1. Audit of information resources
On the first stage our specialists will study your requirements for the DLP system and analyze your information infrastructure. Based on this data we will develop a set of security policies tailored specifically for your company 2. DLP deployment Soon after deployment of Garda Enterprise you will experience its efficiency. Right of the box you will get a rich set of pre-configured policies and reports. Within the first several days the system will learn and accommodate itself to your data flows to avoid false positives in the future. 3. Support After commissioning of the solution, our technical support team will readily assist you with its configuration and further usage. Support MFI Soft provides comprehensive technical support of its DLP solutions at all stages of integration with the customers’ infrastructure. Back to contents

30 20+ years in development of advanced solutions
Over 300 highly skilled specialists In-house research center developing new strategic projects 1500 deployments Quality management system certified for compliance with ISO 9001:2008 by the British Standards Institution (BSI) Back to contents

31 Garda Enterprise

Download ppt "GARDA ENTERPRISE МФИ Софт A handy DLP solution."

Similar presentations

NetPay provides best and effective solution for company Managers to maintain their employee scheduling task (including staff in/out details, overtime,

NetPay provides best and effective solution for company Managers to maintain their employee scheduling task (including staff in/out details, overtime,
Business Development Suit Presented by Thomas Mathews.

Business Development Suit Presented by Thomas Mathews.
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
XProtect ® Professional Efficient solutions for mid-sized installations.

XProtect ® Professional Efficient solutions for mid-sized installations.
LeadManager™- Internet Marketing Lead Management Solution May, 2009.

LeadManager™- Internet Marketing Lead Management Solution May, 2009.
Using Asterisk to Implement Intelligent Call Center Solutions James Kleckner AMTELCO.

Using Asterisk to Implement Intelligent Call Center Solutions James Kleckner AMTELCO.
XProtect ® Express Integration made easy. With support for up to 48 cameras, XProtect Express is easy and affordable IP video surveillance software with.

XProtect ® Express Integration made easy. With support for up to 48 cameras, XProtect Express is easy and affordable IP video surveillance software with.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
«Knowledge is power». DO YOU KNOW WHAT’S GOING ON IN YOUR COMPANY? LanAgent «Knowledge is power»

«Knowledge is power». DO YOU KNOW WHAT’S GOING ON IN YOUR COMPANY? LanAgent «Knowledge is power»
29 Oded Moshe, Director of Product Management Beta Release May 3rd, 2010 Official Release May 24, 2010.

29 Oded Moshe, Director of Product Management Beta Release May 3rd, 2010 Official Release May 24, 2010.
Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,

Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,
SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)
Track, View, Manage and Report on all aspects of the Recruitment Process… with ease!

Track, View, Manage and Report on all aspects of the Recruitment Process… with ease!
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.

Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall

Similar presentations

Ads by Google