Download presentation
Presentation is loading. Please wait.
Published byBlaze Wells Modified over 7 years ago
1
SecureAge SecureData – A Proactive Solution against APT and Malwares
SecureAge Technology December 2012
2
Contents Data Security SecureAge SecureData Why SecureAge SecureData?
What can SecureAge SecureData do? Why is SecureAge SecureData a better solution? How does SecureAge SecureData work? SecureAge Management Server
3
Data Security
4
2012 Data Breach Investigations Report (A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit and United States Secret Service.) Source: Data Breach Investigations Report by Verizon
5
Malware Source: Data Breach Investigations Report by Verizon
6
Hacking Source: Data Breach Investigations Report by Verizon
7
Are no news really good news?
Not Quite! Breaches that remain undiscovered for months or more Source: Data Breach Investigations Report by Verizon
8
Data Security Breaches continue to Increase…
9
Security Breaches in recent years
Companies Type of Accounts Compromised No. of Accounts Compromised Username Phone Number Password Address Date of Birth Credit Card Number 2011 Sony 1 24,600,000 Sega 1,290,755 Sony 2 1,000,000 Citigroup 360,000 2012 Zappos 24,000,000 Global Payments 1,500,000 Twitter 60,000 Linked In 6,500,000 Last.FM Formspring 420,000 Yahoo 400,000 Google 106,000 Hotmail 55,000 AOL 25,000 Gamigo 8,240,000 Apple 12,367,232
10
Recent APT Cases Gauss, Aug 2012 Flame, May 2012
(Source: Kaspersky) Strong resemblances with Flame with online banking Trojan. Flame, May 2012 An information stealing toolkit created in 2010, targeted at Middle East countries. Night Dragon, Feb 2011 (Source: McAfee) Attack on oil, energy and petrochemical companies that stretches back to November 2009. Stuxnet, Jul 2010 (Source: VirusBlokAda) Target large-scale industrial-control systems that may not be connected to the Internet. Iran nuclear enrichment plant was the hardest hit. Operation Aurora, Jan 2010 (Source: Google) Access to Google accounts of human rights activists. Other affected companies: Yahoo, Adobe Systems, Juniper Networks and Rackspace Hosting.
11
Existing Solutions Do Not Work!
Anti-virus or black-list solutions Quarterly Audit with Pen Testers User education SSL Encryption Network & Application Protection Firewalls and IPS
12
Anti-malware Terminator – Carberp Malware (2011)
What is it? A banking trojan, botnet, rootkit, … An anti-malware terminator (80% with AV installed)
13
Malware is always one step ahead!
We need to stop treating the symptom and start protecting the cause!
14
Genuine data protection against APT and Malwares
SecureAge SecureData Genuine data protection against APT and Malwares
15
What is SecureData? SecureData Protects your data In use At rest
Creation Access Manipulation At rest Local Drive Network Drive Removable Media On cloud storage In motion Over network Over Internet SecureData
16
Basic SecureAge SecureData Features
A Fully Encrypted Environment Policy & log server for centralized control PKI based support for 2FA & secure file sharing End-to-End data on-the-move encryption Policy based encryption for all storage devices Encrypt all user data & temporary files , system page file Transparent Data / File Encryption
17
The Ultimate in Application and Data Control
Automatically encrypts user data files in all storage media, at rest and on the move. Ensures only trusted application can be executed. Defines and binds data to be accessed by only authorized applications. SecureData Provides detailed logs on blocked application execution or abnormal user data access activities. Protects data from data leakage, APT and malwares.
18
Protects Data Anytime, Anywhere
Cloud Computing Removable media SecureData Cloud Storage Computer Server
19
Protects Data from General and Advanced Malwares
APT Malwares Trojan RootKit Spyware Zero Day Attack Malware Terminator Virus
20
Why SecureAge SecureData?
21
A Reliable Solution Intensively tested, reviewed and approved by the governments. Over 20,000 successful deployment across militaries and governments. Fulfill the regulatory compliances / guidelines in US and the Asia Pacific Region. Easy to use without any user’s intervention or training. Fast and easy to configure and setup.
22
Perfect Solution for Enterprises
Never interfere with productivity Simple security is the strongest No Training Required Automatic Data Encryption No more employee Error or Deliberate Side-stepping 3. Simple security is the strongest security. (Solution: do not interfere with user work flow or computer functionality) - security policy requiring structured training will be violated unintentionally or deliberately - security policies or tools that diminishes efficiency will be promote insecure practices; employees will sidestep policies that interfere with production - the only security decision that should ever be made is what data should be made plain for outside use or consumption (*** Key point of differentiation***)
23
Addresses Three Universal Issues
Solution: secure data at all times, everywhere Data will be lost Solution: obviate errors resulting in plain data Users will make mistakes Solution: never interfere with productivity Simple security is the strongest 1. Data will be lost. (Solution: secure the data at all times) 2. Users will make mistakes. (Solution: reduce possibility for user error with transparency and failsafe defaults) 3. Simple security is the strongest security. (Solution: do not interfere with user work flow or computer functionality)
24
Not Just End-Point Protection
Data Protection on Server Server Database, file, data encryption Prevent system admin from accessing sensitive data Ensure tape backup remain encrypted Data Protection on Cloud Cloud Ensure data on VM are fully encrypted Ensure data store on cloud storage are encrypted Ensure data travel between VM and cloud storage are encrypted End-Point, Server & Cloud APT Protection Ensure user data is protected against malware Ensure stealthy malware cannot steal user data Ensure advanced & zero-day attack cannot compromise user data
25
SecureData for Cloud Computing
Remote Desktop / Citrix in Cloud or Data Center Encrypts all user data Multiple-key support: different key for each user User key stored in smart card, USB token or soft token Secure Remote Cloud Storage Remote cloud storage for data backup or data sharing Data encrypted before leaving user machine Cloud operator has no access to user data content! Generic Cloud Computing Data encryption runs in VM that hosts the application Data files & DB are stored in network/cloud storage Data files & DB are protected in storage and over network
26
What can SecureAge SecureData do?
27
3P Data Encryption Proactive Pervasive
Automatic data encryption No user involvement & training Pervasive Data stays encrypted in all storage devices No plain data anywhere Persistent Encryption at rest and on-the-move Only plain data in memory
28
Application Whitelisting
Only white-listed applications and scripts can run Untrusted malware & scripts cannot run Malware already loaded cannot inject new malware easily Automate management of white list
29
Application Binding Traditional Data Access Control
Any application can access any files on machines Malware can access any file! Traditional Data Access Control Data files can be accessed by authorized applications only Application Binding
30
Protects Against Low-level Rootkit
Regular Applications Trusted applications execute normally Malware cannot execute if not trusted Integrated Defense 3P Data Encryption Application Control Low Level Malware Rootkit can hide from Anti-malware But now they see only encrypted data!
31
Mitigate Zero Day Risk – Application Binding
Protected by Application Whitelisting Executable Malware Data Sandbox lock down sensitive data, e.g. only MS Word can read *.doc files Code injection into trusted applications Application Sandbox for high risk applications like web browsers
32
What if Malware Disable the Protection?
Any anti-malware, including application whitelisting, can be ‘easily’ disabled Attacker cannot access plain data if Integrated Defense is disabled
33
Combine Encryption with App Control
3P Data Encryption Stop low level rootkit from accessing plain data Stop spreading of malware over network file server or removable media Application Binding Allow Data & Path to be accessed only by associated Application Mitigate risk of zero day attacks Logs on illegal execution & data access to detect attacks Integrated Defense Disabling of application control also disable data encryption / decryption engine Sensitive Data become unusable / unreadable
34
Filling the Gaps of App Whitelisting
Block low level Rootkit Mitigate risk of Zero Day attacks Prevents malware from disabling protection
35
Data Access Control 3P Encryption
Data access is restricted to specific users Unauthorized users cannot access the data Application Binding Data access is restricted to specific applications Unauthorized applications cannot access the data APT wants to steal your data, so Protect the Data!!
36
Application and Data Access Logs
Provides detailed logs on blocked application execution or abnormal user data access activities. Helps system administrator to detect potential threats.
37
Why is SecureAge SecureData a better solution?
38
Other Solutions - False Sense of Security
Full Disk Encryption Data Loss Prevention Volume / Container Encryption Device Port Control Folder Encryption Removable Media Encryption
39
Be Wary! Otherwise, your company’s profitability
and viability will get burnt!!!
40
Similarities: SecureData vs Full Disk Encryption (FDE)
Data-at-rest encryption No plain data files created Block-by-Block encryption/decryption On-the-Fly Encryption / Decryption Data files, temporary files, system page files Encrypt All User Data Files on Local Disk Tweakable block cipher with AES Password or RSA key encryption Standard Cryptographic Support On-the-Fly Encryption / Decryption Data-at-rest encryption No plain data files created Block-by-Block encryption/decryption Encrypt All User Data Files on local disk Data files, temporary files, system page files Standard Cryptographic Support Tweakable block cipher with AES Password or RSA key encryption
41
Differences: SecureData vs FDE
Granularity FDE encrypts disk volumes SecureData encrypts individual data files, excluding OS Storage Encryption FDE only encrypts local hard disk SecureData encrypts all data files on local hard disk, removable media, rdp drives, network drives, and cloud Policy Based Data Protection FDE does not provide data level protection SecureData supports policy-based file level protection with full data access audit log End-to-End Protection FDE only provides data-at-rest encryption support SecureData ensures end-to-end encryption for data files transferred or accessed via network, with full audit logs PKI Capability FDE has limited support for PKI SecureData has full PKI support: certs from AD, LDAP, PKCS#11 support for smart card, USB token, TPM & HSM User authentication FDE uses pre-boot authentication SecureData authenticates user via PKCS#11 or profile password
42
From client to server & other devices
Full Disk Encryption FDE is like bank vault with the door wide open. Data, once travels out of this bank vault, becomes unprotected and vulnerable to attack. From client to server & other devices Hackers and insiders Can see your files!! Network
43
From server to client & other devices
Full Disk Encryption FDE is like bank vault with the door wide open. Data, once travels out of this bank vault, becomes unprotected and vulnerable to attack. From server to client & other devices Hackers and insiders Can see your files!! Network
44
SecureAge SecureData – File-level Encryption (3P Data Encryption)
Individual file gets automatically encrypted. Hence, intruders cannot access the data without the proper decryption key. Hackers and insiders Cannot see your files!! Network
45
SecureAge SecureData – File-level Encryption (3P Data Encryption)
End-to-end Data Protection – Protects data at work, at rest and in motion. Hackers and insiders Cannot see your files!! Network
46
How Does SecureAge SecureData Work?
47
Encrypted and Decrypted Files
48
SecureData File How the same file appears to others
Encrypted file appears normal with proper SecureData key How the same file appears to others
49
SecureData Secure File Sharing
File Sharing Indicator Shared User List
50
Application Whitelisting
Ensures only trusted application can be executed. List of trusted and untrusted applications
51
Application Whitelisting
Ensures malware cannot be executed if not trusted. Malware has been blocked from running
52
Application Binding Defines and binds application to access only associated data. Fine-grain encrypted data access rule Only MS Word can read word files Block all other applications
53
Microsoft Sharepoint : Network place
Map shared documents directory in site collection on SharePoint Server: Drag and Drop
54
Microsoft Sharepoint: Unauthorised Opening of Document from Web
55
Dropbox – Files remain encrypted
56
SecureAge Management Server
57
What is a SecureAge Management Server?
Centrally controls large-scale SecureAge software deployment. Centrally manages the security configurations and policies for multiple SecureAge users. Centrally manages SecureAge user’s key and certificates. Centrally manages the audit logs.
58
SecureAge Management Server Components
Key Management Server Manages and controls the creation, management, revocation, backup and recovery of digital certificates and encryption keys for multiple SecureAge users. Role-based Policy Server Configures and manages individual user’s access rights to data and application based on their functional role. Log Server Provides detailed logs of user’s data and application access activities for easy forensic investigation when unusual activities are found.
59
Flexible Key Management
Key Generation Generates and manages user’s keys. Unlimited Key History Allows access to unlimited key history so that all archive s and data can still be decrypted even if the encryption keys are renewed. Centralized Key Escrow Backs up and recovers keys and key history when the users lost their keys or left the organization.
60
Thank You Questions and Answers
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.