GARDA ENTERPRISE МФИ Софт A handy DLP solution

Garda Enterprise: a new view on data leak prevention 3 Capabilities 6 System overview 11 A new generation of DLP solutions Operating principles System management Getting deeper 16 Security policies Quick search Search criteria Data storage Traffic handling Workstation monitoring Monitoring and blocking traffic flowing over secure connections Analytical capabilities 26 Statistical reports Employee’s contacts Employees profiles Data dissemination diagrams Methods of analysis 31 Advantages of Garda Enterprise 32 Hardware and software requirements 33 Support 35 About MFI Soft 36 GARDA Enterprise is a cutting edge solution featuring all the latest technologies in the field of data leak prevention (DLP)

A new view on data leak prevention As a rule, configuration and maintenance of DLP systems, as well as the analysis of results of their operation requires lots of efforts. Garda Enterprise is designed to streamline and automate the day-to-day routine of information security (IS) officers. Garda Enterprise starts revealing information policy violations and potential threats right after deployment, even before all the DLP implementation and setup stages are complete. Detection of major risks, data categorization, fast creation and monitoring of information security policies are intuitive and can be managed without having a glance at the manual. Back to contents

Efficient data leakage prevention Based on in-house smart algorithms of detection of sensitive information Garda Enterprise safeguards all communication channels and immediately alerts IS officers to security policy violation attempts. Analytical system Analysis of the trends in the Company information flows allows the development of long-term leak prevention strategy and real-time detection of suspicious user activities. Handy monitoring tool Interactive creation of information security policies, management of employees’ access to information resources, documents and physical devices, productivity monitoring. Capabilities New technologies employed in Garda Enterprise broaden the functionality and application of DLP solutions

SYSTEM OVERVIEW A new generation of DLP solutions Operation principles System management SYSTEM OVERVIEW

Garda Enterprise – a new generation of DLP solutions Monitor and analyze communications of your employees to minimize data leak risks. With the rich capabilities of Garda Enterprise you will be able to: Prevent data leaks Identify disgruntled employees and prevent insider attacks Use a powerful set of tool for internal investigations Easily manage information policies and analyze their efficiency; Perform comprehensive monitoring and analysis of user activities Keep archives of all business communications Garda Enterprise – a new generation of DLP solutions Back to contents

Operating principles Garda Enterprise comprises the following subsystems: Interception and management module Storage module Analytical module The modules are tightly integrated and supplied on a single hardware platform: All software components are the intellectual property of MFI Soft and does not require any third-party licenses. Go to next slide for details. Back to contents

Interception and management Includes sniffers handling network channels and workstation agents monitoring personal computers and devices connected to them and ensuring various types of blockings (cloud storages, removable devices, processes, etc.).   Storage A data warehouse that ensures efficient storage and indexing of all data (messages, files, traffic statistics) generated and exchanged by the staff.   Analytics The analytical module ensures automated data analysis; detection of policy violations, user behavior and traffic irregularities; report generation. Operating principles: Subsystems Back to contents

Managing the system Garda Enterprise provides an intuitive web interface for efficient system management. Usability — an operator can easily learn and start working with the system even without reading the manuals; Efficient handling of day-to-day tasks; Platform independent — manage the system from any device and under any operating system. Вернуться к оглавлению

GETTING DEEPER Security policies Quick search Search criteria Data storage Traffic handling Workstation monitoring Monitoring and blocking traffic flowing over secure connections System management GETTING DEEPER

Security policies Interactive policy creation and preview of results. Quick and easy policy configuration. When configuring a policy, you immediately see the outcome of applying it, so you can interactively adjust the policy until you get the required result.  With a comprehensive set of criteria (type of data, employed software, communication channels, etc.) and conditions (key words, tags, search criteria and their combinations) you can design policies of almost limitless complexity. Policies are based on search — you can preview the result of the policy being created and, if necessary, make appropriate changes to minimize false positives. Back to contents

Quick search The search among data objects is done in a similar fashion as searches in the popular search engines. Found objects are displayed in a readable format. The operator can use a rich set of refining search criteria.   The search does not depend on the file types and can be run even inside archives.  Regular scanning and the possibility to save search templates allow the operator to receive notifications about current events without adding them to the policy list. Garda Enterprise keeps the full copy of all traffic. Upon creation of new rules and policies, you can run a retrospective analysis of data in the archive. Yet no other system can offer such a useful feature. Back to contents

Search criteria Key words and phrases, including their occurrences in attached files and archives Regular expressions Search for similar documents File name, document attributes, type, size, protocol, port, etc. User accounts in Active Directory (import of user data from the LDAP server) IP address IM idetifiers (Skype, MSN, ICQ, etc.) Social network IDs Email addresses VoIP account names / phone numbers Back to contents

Data storage Garda Enterprise is one of the first DLP solutions developed with the use of the BIG DATA technology. Our data storage subsystem was designed to address the typical problems of other DLP solutions. It ensures: Storing of a wide range of data – information about incidents, specific data flows or full copy of the company data flows. Fast access to data, search and analysis. Low cost of storage in comparison with other similar solutions. Garda Enterprise collects data from different sources (network traffic, mail servers, users’ workstations, etc.) and keeps it in the storage for further processing and analysis. Back to contents

Traffic handling Monitor all possible data transfer channels. Garda Enterprise supports the following network protocols: Mail and news protocols SMTP; SMTPs; IMAP4; POP3; POP3s; MAPI; NNTP; S/MIME: MS Exchange. HTTP, HTTPs (GET and POST methods) v 1.0, v 1.1. FTP, FTP over HTTP, Tunneling protocols (IP-in-IP, L2TP, PPTP, PPoE), Telnet, Kerberos 5 authentication protocol Messengers OSCAR (ICQ v7, v 8, v9); HTTPIM (messaging in social networks); MSNP v.12, v.13 (MSN Messenger, Windows Live Messenger); YMSG v9.0.0.2034 (Yahoo Messenger Protocol); IRC; MMP (Mail.Ru Agent); Skype (text messaging and file exchange); MS Lync; XMPP (Google Talk, Jabber QIP, SMS) VoIP telephony SIP v .2.0 (RFC 2543bis/3261); SDP, H.323 v .2; H.245 v .7; H.225 v .4; T.38; Megaco/H248; MGCP, SKINNY; H.263 ABC; H.264 (single NAL unit mode), including video calls. Each VoIP session can be stored as a full dialog or can be split by channels (both incoming and outgoing calls) File sharing networks BitTorent (standard 11031); Gnutella (v0.6); E-Mule (v0.49b); Direct Connect Protocol (dc++ v0.707) Back to contents

Workstation monitoring Ensure all-round monitoring of your staff workstations. In addition to in-depth analysis of communications and information about the usage of software and peripherals, Garda Enterprise provides a wide set of capabilities for user workstation monitoring. Features of the workstation agent: Scheduled captures of the screen; Logging of applications run by users with time tracking; Blocking of unwelcome applications (separately and by categories); Monitoring of files sent to printer (interception, covert copying); Key logging; Blocking of file transfer over Skype; Blocking of removable devices (internal and external); White lists of external devices with permissions for reading/writing data; Covert copying of data transferred to external devices; Workstation monitoring Back to contents

Monitoring and blocking traffic flowing over secure connections Monitoring of traffic transferred over secure connections is ensured by a special module tapped into the protected network. How it works The module blocks HTTP and HTTPs connections to a pre- defined list of resources (by URLs). For instance, it can ban access to social networks and cloud storages. Main features of the module: Instant interception of data transferred over secure connections; Possibility to use external SSL certificates; Bypass adapter for increased fault-tolerance. Monitoring and blocking traffic flowing over secure connections Back to contents

System management The Garda Enterprise web interface was designed with a deep understanding of the tasks of information security officers and provides maximum efficiency and ease of use. The web interface features the following pages: Main page — shows the current status of information security in the company — latest incidents, detected irregularities, general statistics. Policies — serves for configuration of security policies. Employees— displays the list of employees, their personal profiles and latest activities. Search — the page where the user can search intercepted data for the objects of interest (messages, documents, visited web pages, etc.), group them and use searches for policy creation. Reports — multi-level graphical reports with exhaustive statistics Settings — system settings, workstation agent management (including installation and removal). Back to contents

Analytical capabilities A unique reporting system allows IS officers to not only monitor how company’s sensitive data is being used, but also to detect irregularities in the information flows and predict potential leaks. See next slide for details. Back to contents

Analytical capabilities Interactive All data displayed in graphical reports are interactive and allow IS officers to “drill down” to a specific object (email message, web page, IM dialog, etc.). Real-time All reports are generated in real time. When drawing up interactive diagrams of data flows and staff contacts you can just drag-and- drop the object of interest into the report area, the rest will be done by Garda Enterprise. Big data The use of the latest big data technologies provides great analytical capabilities. The system generates a variety of reports, both general and incident-specific reports for investigations. In addition to information security aspects, Garda Enterprise allows monitoring of staff productivity by revealing facts of improper activities during office hours. Details: Analytical capabilities Back to contents

Statistical reports The reporting mechanism is implemented with the use of the drill- down approach — from a summary report you can move to a more detailed one and eventually right to a specific information object. Reports allow IS officers to detect deviations in the statistical picture of information exchange between employees and track important trends. Back to contents

Employees’ contacts This interactive diagram shows the cloud of both internal and external contacts of an employee, communication intensity and means. Back to contents

Employees’ profiles Save your time on routine tasks. Garda Enterprise automatically fills-in employees profiles. Click over the person of interest to view his/her: Account names in different services Activity statistics Latest actions  For better monitoring results, you can manually enter additional data. Back to contents

Data dissemination diagrams Visual representation of all data movements starting from first communication inside the company till the moment it is passed outside. Diagrams show both engaged employees and communication means and allow IS officers to quickly investigate incidents, reveal insider threats and find employees who got unauthorized access to sensitive data before it leaks out. Back to contents

Methods of analysis Search for similar documents Search for specific documents and their fragments in the volumes of data exchanged by users. Ensures detection of unauthorized access and dissemination of sensitive information. Patterns (regular expressions) The use of patterns allows scanning data flows for such data as passport and credit card numbers, email addresses, etc. Ensures detection of personal data, financial documents. Linguistic analysis Advanced linguistic analysis algorithms ensure quick and efficient search for required data using built-in search engine. Also these algorithms increase the efficiency of policy operation. Methods of analysis Garda Enterprise uses the most efficient technologies of data analysis Back to contents

Advantages Garda Enterprise — First DLP solution using technologies for storing and analysis of Big Data Fast and user friendly web interface Stores all the company data Powerful analytical system with predictive capabilities Efficient interception on all major communication channels Control over removable devices Monitoring of VoIP services All sorts of reports even for the most demanding users Productivity monitoring Garda Enterprise — Advantages Back to contents

Hardware and software requirements A full-functional system (including workstation agents management, monitoring of HTTPS, interception and analysis of traffic, data storage) runs on a 1U\3U or 4U server depending on the number of monitored workstations and required storage period. Example A system for monitoring of 400 workstations and 6-month storage period runs on a 1U server. Back to contents

Recommended hardware requirements for trial deployment: Traffic rate Number of workstations Hardware requirements 4 cores 8 GB RAM 1 TB HDD (data storage period: up to 1 month) Up to100 Mb/s до 10 16 cores 32  GB RAM 1 TB HDD (data storage period: up to 7 days) Up to1000 Mb/s до 100 Back to contents

Support 1. Audit of information resources On the first stage our specialists will study your requirements for the DLP system and analyze your information infrastructure. Based on this data we will develop a set of security policies tailored specifically for your company 2. DLP deployment Soon after deployment of Garda Enterprise you will experience its efficiency. Right of the box you will get a rich set of pre-configured policies and reports. Within the first several days the system will learn and accommodate itself to your data flows to avoid false positives in the future. 3. Support After commissioning of the solution, our technical support team will readily assist you with its configuration and further usage. Support MFI Soft provides comprehensive technical support of its DLP solutions at all stages of integration with the customers’ infrastructure. Back to contents

20+ years in development of advanced solutions Over 300 highly skilled specialists In-house research center developing new strategic projects 1500 deployments Quality management system certified for compliance with ISO 9001:2008 by the British Standards Institution (BSI) Back to contents

Garda Enterprise info@tida.su +7 951 910 4052 www.tida.su