1. Enterprise Information Protection
When DLP is Not Enough?
Graham Howton
Channel Manager, EMEA

2. Agenda Introduction to Verdasys Gartner The Insider Threat and APT’s
Enterprise Information Protection (EIP)
Importance of user-awareness
Use-Cases

3. Verdasys: The Leader in EIP
Enterprise Information Protection
Data-centric, risk based protection of structured and unstructured data
Secure business processes not infrastructure
Enable ownership & control independent of network infrastructure
Uniquely satisfy an expanding set of critical use cases
Scale from the desktop to the cloud
FINANCIAL
FINANCIAL
INSURANCE
HI-TECH & OUTSOURCING
RETAIL & TELECOM
LIFE SCIENCES & MANUFACTURING
GOVERNMENT ENERGY & DEFENSE
© 2011 Verdasys Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY

4. Gartner Magic Quadrant 2011

5. Traditional Approaches Have Failed
PROBLEM N… / VENDOR N…
HOST IPS / VENDOR 6
AUDIT & FORENSICS / VENDOR 5
DATA CLASSIFICATION / VENDOR 4
EDRM & ENCRYPTION / VENDOR 3
CONTENT MONITORING / VENDOR 2
DEVICE CONTROL / VENDOR 1
New Threat = New Product, Vendor
Force Business Process to Change
User Productivity Impacted
Security Solution Landscape
Purpose: The purpose of this slide is to assist in describing the fundamental differences between point products focused on combating the internal threat, from a true platform solution delivered by Verdasys.
The slide is to be used to create doubt in the minds of prospects about the long term effectiveness and capabilities of point products employing technologies such as Digital Rights Management (DRM), Disk Encryption, Wire Encryption, Content Monitoring and Database Monitoring.
Key Points:
That the security space is full of point product application that claim to deal with the internal security threat.
Verdasys is focused on delivering a comprehensive platform solution to the internal security threat posed by trusted end users at the “point of use”.
As a platform Verdasys’ solution is capable of being deployed and integrated into a comprehensive security environment at the enterprise level… A point solution can not do this.
Verdasys’ capabilities are extensive and when used in conjunction with other enterprise security solutions form a layered defense.
Verdasys has extensive enterprise level rule enforcement and reporting capabilities that make it a flexible tool for meeting regulatory requirements for both policy enforcement and audit functions.
Does the prospect really want to deals with dozens of vendors or a single comprehensive solution from one vendor?
Does the prospect want to pay purchase and maintenance costs for overlapping product capabilities from lots of vendors…. Or pay once?
When a new threat appears, does a prospect want to begin investing solutions or reconfigure the Verdasys solution to deal with the threat?
Would the prospect expect to view several control panels from multiple vendors to investigate a security threat, or a single comprehensive dashboard?
Does the prospect expect the solution to deploy and scale to the entire enterprise over time?
Numerous Control Panels, Interfaces
Multiple disparate Policies, Reports
Expensive Deployments, Support
Increasing Complexity, Cost and Risk
© 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

7. US National Security Agency
Experts from the US National Security Agency and government labs said America had to change the way it thought about protecting Department of Defense (DoD) computer networks.
"We've got the wrong mental model here," said Dr James Peery, head of the Information Systems Analysis Centre at the Sandia National Laboratories. "I think we have to go to a model where we assume that the adversary is in our networks.“
That change would mean spending less time shoring up firewalls and gateways and more time ensuring data was safe, he said.
Dr Kaigham Gabriel, current head of the Defense Advanced Research Projects Agency, likened the current cybersecurity efforts of the US DoD to treading water in the middle of the ocean.
All that did was slightly delay the day when the DoD drowned under the weight of maintaining its network defences, he said. The DoD oversees 15,000 networks that connect about seven million devices.

8. Federal Bureau of Investigation
Shawn Henry - “Top Cyber Cop”
The Federal Bureau of Investigation's top cyber cop offered a grim appraisal of the nation's efforts to keep computer hackers from plundering corporate data networks: "We're not winning," he said.
10 years worth of research and development, valued at more than $1 billion, was stolen by hackers
unidentified company?
Companies need to do more than just react to intrusions!
Source: Mar. 28, 2012, on page B1 in The Wall Street Journal, with the headline: U.S. Outgunned in Hacker War

9. Top Data Security Challenges
Insider Threats

10. Insider Threat
Privileged user data management is the “last mile” of data security
Insiders are trusted with IP, but it is difficult to hold them accountable for its use
When incidents occur, investigations are costly, time-consuming, and don’t necessarily provide smoking guns to prosecute
So far, WikiLeaks has not been a game-changer for privileged user management in banks or insurers, but APT has taken the Insider Threat to another level
Solution value dependent on potential damages caused if insider steals IP

11. Defining Insider Threat Types
Malicious
Motivation = anger, dissatisfaction
Threat = attack systems and network
Theft
Motivation = money, economic gain
Includes corporate & state espionage
Threat = data theft
Hacktivits (e.g. Anonymous)
Motivation = anger & dissatisfaction or belief

12. What Happens When Cyber Espionage Succeeds
The vicious cycle of compromise
Data compromise occurs in market leader
Competitor launches new product or service
Time to market is equal or ahead
Competitive product is offered at a lower price
Greatly reduced R&D costs
Company or business unit financials become negative
- Margins on sales & volume of sales begin to drop
Company can no longer compete and exits market where it was once a leader
- Sale of business loses money for company & investors
Bad guys use profits to define and enter new markets

13. Insider Threat Incident: LG
Joeng (only known name)
Copied 1,182 top secret plasma display design files onto his personal drive and went to Changhong-Orion PDP
Changhong, reportedly paid Joeng $300,000 per year, an apartment and a car (while he still collecting his LG salary)
LG was unaware Jeong had left, leaving his access to the network open
Stole file: plasma display panel production
Stole files: plant’s power system and construction blueprints
LG was made aware of thefts by a distributor in SE Asia
Joeng was extradited, Prosecutors in Seoul indicted Joeng for spying
Cost to LG - estimated at more than $1 Billion
Changhong has not returned any of the stolen secrets

14. Lessons Learned How was Joeng caught? Lessons Learned
Third party distributor recognized technical manuals were copied and alerted LG
Lessons Learned
Data monitoring: location, access and movement related to sensitive data must be understood
De-provisioning process at the network, application and data levels needs to be in place an effective.
Business Managers and HR must work with Security
USB device usage monitoring and controls, as well as other channels need to be in place

15. Insider Threat Mitigation: Best Practices
Create integrated processes Business, HR and Security
Create standard on-boarding and off-boarding processes
Increase data usage monitoring for incidents & departures
2. Distribute trust amongst multiple parties to force collusion
Most insiders act alone
3. Link Policy Training w/ Risk and Compliance Analysis
Real-time education, alerting & justification prompts
Allow self-compliance; create clear deterrence

16. Insider Threat Mitigation: Best Practices
Assess insider risks by content and context
Not just “what”, but “who, where, when, & how”
Using a sliding response scale; risk based approach
Create Data Identification & Classification
Automatic or manual tagging (w/ auditing)
Files using previously tagged content inherit classification
Use Identity-based Data Controls
Based on user rights, file sensitivity, source & destination, etc
Use encryption for data access - closes “super user” loopholes

17. Insider Threat Mitigation: Best Practices
Implement integrated physical and logical (technical) security controls to cover more risks effectively
Camera monitoring, linked with data usage and movement controls
Put Data Usage Monitoring & Control in Place
Host based monitoring is a requirement
Establish data usage norms, watch for behavioral changes
Forensically Log Events
Assure all data transactions are user-attributable
Logs must be evidentiary grade and tamper proof

18. EIP: The Balance of Enablement and Security
Implementing both technology and process to maximize the “left” while minimizing the “right”
LEFT
RIGHT
Productivity
Flexibility
Mobility
Creativity
Simplicity
Ease of Use
Transparency
Value Return
Cost
Information Security
Operational Security
Data Loss Prevention
Regulatory Compliance
User Education & Awareness
Trust but Verify
BALANCE
Build a unified and collaborative information governance program

19. All DLP solutions are not the same!!!!!!
Beware!!!!
All DLP solutions are not the same!!!!!!

20. Enterprise Information Protection
EIP is an information centric platform and methodology
Enables efficient data exchange
Protects sensitive information
Improves data governance, risk mitigation and compliance
Empowers the individual
Allows Business to function
© 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

21. Distinct Information Protection Strategies
Distributed Data Discovery
Automated Classification and Tagging
Host Content & Context Monitoring & Control
Unified Encryption (file, , disk)
Removable Media / Device Mgt
Application Based Monitoring & Control
VDI/Virtual Environment Controls
Logical Network Segmentation
Secure Collaboration
Export Data Controls
Application Vaulting
Application Data Management
eDiscovery & Forensics
Host Based Network Control
Information Policy Awareness & Training
Legacy Application Remediation
Process Compliance Enforcement & Auditing
Network Monitoring & Control
Data Discovery
Monitoring & Control
Host Monitoring & Control
© 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

22. Enterprise Information Protection
EIP focuses on business value creation not on the risks it mitigates
Enables the implementation of value building business drivers, by enforcing the proper, secure and compliant use of information
EIP
Core Business
Processes
Outsourced
Processes
Supply Chain
Processes
Third Party
Processes
© 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

23. Digital Guardian System Architecture
Management Server
Reporting
Policy
Definition
Configuration
Alert
Management
Data Usage
& Alerts
Content &
Control Policies
Virtualization
Infrastructure
(Citrix, VMware)
BES or EAS
Server
Agent
eDiscovery
Agent
Ubiquitous, object level monitoring
Pervasive, enveloping control
Ensures security & confidentiality of regulated data
Prove the integrity of audit & compliance controls
Associates people with actions Traces incidents to their source
Real-time
Autonomous
Desktop/Laptop Agents
Server
Agents
Network
Agents
VDI Agents
Mobile
Users
Repository Remote Scanning
File shares
Sharepoint 23

24. Actionable Data Classification
Increased Flexibility, Adoption and Accuracy
Three levels of data definition
Context
Content
User
Classification travels with the data
Meta Tag
NTFS Tag
Multi-level & multifaceted classification
Sensitivity level & data type tags
Tag verification & propagation
Data movement audit and tracking
Automatic
Tamper Proof
Inheritance
Persistence
Drives policy
Meta & NTFS Tags
Content
Context
User

25. The Context of Data-Centric Security
DISCOVER
MONITOR
What & where is Sensitive Data?
IDENTITY
Who is using the Data?
ACTIVITY
What is the User
Doing With It?
DESTINATION
Where Is the
Data Going?
CONTROL
What action is appropriate?
Classification
Persistent
Inheritance
Context
Application
Location
Type
Content
Expression
Similarity
Keyword
Dictionary
IT Admin
DBA
Desktop
Network
Privileged
Executives
Hi-Value
Rights
Access
Usage
Context
Location
Wireless
LAN
VPN
Files
Move
Copy/Paste
Burn/Print
Upload/IM
Attach
Compose/Send
Application Data
View
Delete
Modify
Export
Servers
Devices
Networks
Applications
Printers
IP Addresses
Recipients
Incident Alert
Detection
Prompt User
Intent/Educate
Warn Users
Awareness
Encrypt Data
Protection
Access Control
Block Action
Prevention
Mask Data
Need to know
Continuous Logging, Auditing – Summary, Inventory, Trending & Forensic Reporting

26. Digital Guardian Enforces A Virtual Information Protection Perimeter
Partner
Site DG
Citrix
Server
Partner
Site
Corporate
File
Server
Web
Trust
Verification
Agent
Digital Guardian
Server
Outsourcer A
Partner
Site
Password _ _ _ _ _ _
Outsourcer B

27. Use-Case - Social Networking Risks
With the tremendous power of social networking, comes a myriad of associated risk:
IP Protection
Privacy Protection
Risks to Reputation
National Security Risk
Key location and movement information
IT Risk
Apps written quickly by unknown parties,
Security and intrusion vulnerabilities,
Inability to control apps contained within browser
User ability to install unauthorized apps.
Incident – Soldier posts operational details on Facebook!
© 2010 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

28. Digital Guardian End Point & Server Data Monitoring and Control
Visibility into data usage
Audit and logging
Data Life Cycle Management
Records management…data retention
Data Usage Control
Enforce acceptable use policies through real-time controls
Mask
Prompt, warn and justify
Alert and incident escalation management
Block
Non-Company Network
Logging
(default)
Accountability
Alert Admin
Detection
Warn User
Awareness
Prompt User
Intent
Encrypt Data
Protection
Block Action
Prevention
Mask Data
Need to Know
myaccess.company.com
company
company
company
company
© 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE. 28

29. Login Warning Prompt
© 2010 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

30. Pasting Data
© 2010 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

31. Report Capability PA Logins by site (When Possible) Uploads by site
Uploads by file extension
Downloads by site
Downloads by file extension
ADE attempts by site
ADE attempts by extension
© 2010 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

32. Typical APT Attack Lifecycle: Example
Network
App
Memory
Secure Perimeter
Machine
User
Network
Spear
Phishing
Server
(?)
Final Destination
APT Attack Lifecycle:
The key to a successful APT attack is complete stealth. An attack discovered at any point before achieving its objective(s) can imperil its mission.
Attacks typically begin using social engineering (i.e. “spear phishing”) to trick a user into opening an attachment or URL link that installs malicious software on the user’s machine, effectively circumventing any perimeter web or security system.
Typically, the most skilled APT designers are tasked with gaining entry into the network. A common attack vector is the use of spear-phishing, a social engineering technique where an authentic-looking is sent to a specific user that appears to be from a trusted source; some spear phishing examples go so far as to reference personal information (taken from social media account profiles) to further the ruse. The will then have a legitimate-looing, but malicious attachment or web link from which malicious code is downloaded onto the user’s machine.
The malware uses unknown “zero day” exploits in applications and/or the O/S to embed malware in system memory that signature-based antivirus technology can’t detect.
Once the first machine is infected, the malware will hide itself by creating a “super user” account that allows it to operate on the machine without detection by normal means.
Once an attack gains a privileged user status, the attack behaves like an “invisible” insider threat. It then begins spreading itself across the network, infecting new machines without detection, in search of the location and access credentials to the IP for which the mission was specifically designed to steal.
Simultaneously, the APT will also set up a stealth “command and control” (“C&C”) form which to send/receive updated intelligence and instructions to facilitate search and acquisition of its target data.
APT will use a variety of new and old malware techniques, including keyloggers and “sniffers” to identify words, applications, or sources that would point to its target’s location and access credentials.
Using another set of privileged user credentials (most likely different than the credentials initially used gain access to the network), the APT may use a sensitive application to extract IP from a server or database. At any point, APT will use its C&C platform to update its “masters”, such as listing the files on a server, or mapping a database schema. Its masters might then send new commands for which files to copy, or SQL queries to run, to get the correct data.
Once the IP is extracted, APT typically encrypts the data and transfers it to another infected machine used as a “staging” platform until its receives instructions to exfiltrate it from the network. The process from entry to final extraction may take days, weeks, or months to complete.
The level of sophistication of APT attacks are beyond the scope of what most companies are prepared to address, and many companies are unable or unwilling to take even basic policy steps (e.g. stripping attachments) to help mitigate their exposure. Often, it takes a visit from the FBI to convince a company they have a serious problem, and at that point it’s probably too late to stop the attack. IP
Network
Machine IP
Network
Internet

33. DG APT Defense in Depth: Many opportunities to Detect, Alert and Stop! ! ! !
Network
Agent !
STOP
Network
Agent
Core
(App Control)
APT
Module
Core DG
Server
Core
Stopping APT requires several layers of detection/prevention in a “defense in breadth” where each security layer is focused on a different APT mission stage (i.e. , application, memory, user, network, etc.). The security model is predicated on three assumptions:
All APT must follow a similar mission path: entry; initial infection; secondary infections; command & control communication; privileged user spoofing; data extraction; staging; and exfiltration
Any given APT defensive layer will have some rate of assumed failure; the model succeeds so long as EVERY layer doesn’t fail at once.
Stopping APT at any mission stage will stop the mission; you do NOT need to stop the initial infection to necessarily stop an attack
DG’s APT defense in breadth differs from the “defense in depth” strategy used for signature-based antivirus whereby each “layer” (i.e. , desktop, web, server, etc.) uses a different AV engine to look for the same threat characteristics, with the hope a different vendor will be the fastest to create a signature for any given threat.
Many network-based APT solutions take an “all or nothing” approach using virtual machines – i.e. if they don’t detect the initial infection, there’s no plan B.
Other APT solutions require an external source to provide a “clue” (e.g. malicious IP address) from which to begin investigating an attack
Most next-gen anti-malware solutions are extremely powerful, but have not been proven at enterprise scale
DG can provide several APT defensive layers from a single policy framework:
application control;
anomaly detection (memory, system, user, and network);
privileged user management;
file-level access controls; and
continuous forensic auditing across multiple attack vectors (kernel, application, user, network, data)
DG policies can be used to alert, prompt, and block common APT tactics
DG core can prevent users from opening attachments from unknown sources, or prevent malware code from executing from an application
The APT Module (HBGary) forensically scans a computer’s memory to detect suspicious activities in memory, and can be used to trigger other DG policies
DG core can track suspicious system events, such as increased activities from a privileged account not associated with a normal user (if the user/machine combination is consistent).
DG network agent can deconstruct the entire network session to detect suspicious applications, payloads, or network activity that may identify an APT attack. If correlated in a SIEM tool, the combination of network and core agent telemetry may be able to pick up larger traffic patterns across an enterprise.
The User Classification module (TITUS) is part of the larger classification suite which DG can use to identify and apply controls to IP at the point of creation or discovery.
DG server agents can enact identity-based policies for both controlling privileged user access to the system, as well as to the data within. This includes blocking non-approved user and applications from extracting data and policy-based file encryption.
DG network agent can identify suspicious traffic to/from sensitive servers, and detect unauthorized payloads (i.e. encrypted or embedded). The network agent can also identify and apply policies to IP with user-generated classification tags.
DG core can also ensure no data can leave a machine through an unauthorized port/protocol, require justification (which an APT attacker couldn’t respond to), or dynamically encrypt as it leaves the system.
DG network can use intelligence gathered from multiple internal or external sources to detect comm or data traffic to suspicious or malicious IP addresses across all 65k ports
With the use of rule variables, it is possible to create relational policies that associate suspicious APT-like events across all layers of detection in context.
This could potentially detect attacks with greater accuracy by detecting a string of likely APT tactics as a single “event”, and without generating too many false positives when analyzing single suspicious events (e.g. elevated HGBary risk score; abnormal privileged account activity, etc.) in isolation.
For instance, you could create policy alerts (but no blocking) to detect a series of suspicious activities which, if analyzed individually, may or may not be obviously suspicious; however, it may be very suspicious if ALL alerts are triggered in a specific sequence over time. At that point, the last policy in a master “APT policy” may block the action.
This is a very advanced use of DG, but it’s possible to do
Attacker
Core + AFE
Network Agent
Core
Core
+ Network Agent

34. US Department of Justice
“…our critical requirements are persistent classification, global visibility and complete data usage audit. Verdasys uniquely delivers those capabilities and partnered with us to extend their platform to do more… ” Chad Fulgham, CISO DOJ
Classified information protection, audit and investigation on an unprecedented scale
Use Case Coverage
Classified information protection
Privileged user monitoring and control
Mobile workforce enablement
Future Coverage
Legacy application monitoring & audit
Critical Differentiators
Actionable & persistent data classification
Audit and forensic case management
Hardened & Stealthy agent
Eliminated physical security paradigms
Eliminated $12M in alternative building hardware & software costs
Reduced investigative costs
Cut investigation costs by $8M per annum
Reduced Potential Classified Breach Costs
Estimated $100 Million per annum
© 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

35. ING BANK
“Our security goal is to create more collaborative environments. Digital Guardian mitigates the risk of data loss in our open work places and supports are partnership with Workers Councils ” Eric Luiken, Chief Architect
Protecting PII while supporting an open and collaborative working environment
Use Case Coverage
PII protection
User policy awareness & training
Remote media control and encryption
Social networking control
(Face Book & Linked in)
Future Coverage
encryption
Critical Differentiators
Social Networking upload controls
Workers Council approval
ROI: Reduced Software Costs
Displaced USB device and gateway & monitoring software reducing licenses and support costs by $2.5M
In late 2005, a senior research scientist at a large manufacturing company left to join a competitor.  In doing so, the scientist downloaded over 20,000 sensitive documents from the corporate network, and took at least 150 of those documents with him to his new employer.  Once discovered, the data breach was estimated to have cost this company approximately $400 million.  The staggeringly high value illustrates the magnitude of the consequences for loss of sensitive intellectual property, and set off an initiative to introduce risk management measures to guard against an incident of this kind happening again.
The company sought a solution to this problem in the form of DRM (thinking that they might be able to control who is allowed to use documents containing intellectual property) and access control (they went so far as to lock down access to data and implemented a request/approval process).  Unfortunately, neither of those solutions addressed the business need because DRM didn’t scale well and the access control/request/approval mechanism impeded progress.  By implementing Digital Guardian, the company was able to return to the old model so that scientists had ready access to the data, but controls were implemented to keep the information protected.  In the end, the key to success was the ability to classify and encrypt the information as soon as it was checked out of the repository (Documentum in this case).  By classifying the files, risk appropriate controls could be used to protect the data (for example, the customer could now prevent a document classified as “highly sensitive IP” from being sent via ).  And since the files are encrypted, they can only be used by employees who have Digital Guardian agents available to decrypt them.  Once the files are taken out of the organization, they are unusable.  Much of the protection is completely transparent to the user, allowing collaboration to occur without interruption.  Digital Guardian only interrupts the user when the intellectual property is being mishandled by the user.
© 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

36. Ferrari Formula-1 Racing
“Digital Guardian has grown to be one of the pillars of our security strategy and our foremost tool for insider threat prevention and protection.”
Davide Ferrari,
Direzione Operazioni
Securing critical design IP across the enterprise and at 20 race tracks around the globe.
Current Use Case Coverage
Race car design and racing strategy IP protection
Privileged user monitoring & Control
eDiscovery and Forensics
Future Platform Development
Unified encryption ( , file and full disk)
Critical Differentiators
Real-time Privileged user monitoring and audit
Forensic case management
Secure collaboration at race sites
Save $2M per annum in alternative security costs
Decreased administrative staff
Reduce FTE costs by $4M per annum
Prosecuted Insider Compromise
$100 Million fine to F-1 Racing
Default victory of Constructor Cup $500M
In July, 2007 McLaren chief designer Mike Coughlan was found in possession of a 780-page dossier of Formula-1 rival Ferrari's technical data. This document allegedly possessed valuable intellectual property regarding Ferrari’s 2007 race car.
Digital Guardian helped the Ferrari IT team deliver a “windfall” ROI by alerting the security staff to a “high-risk” activity by a privileged user. Further forensic reporting through the Digital Guardian reporting console confirmed that a Ferrari privileged user had printed large amounts of highly sensitive Intellectual Property leading Ferrari to open a formal investigation into the incident with Italian Authorities and the Formula One Racing commission.
In the legal proceeding against McLaren, Ferrari utilized Digital Guardian’s audit logs and forensic reporting to prove the design dossier was printed at a Ferrari office, the date and time the dossier was printed and the printer that was used, and the identity of the Ferrari employee who printed the dossier. In addition, Digital Guardian proved that no other Ferrari employee, contractor or partner could have printed the dossier or any sub-portion of the dossier in the same time frame. Digital Guardian’s forensic reporting provided complete visibility down to the end user, allowing Ferrari to hold its employees accountable.
© 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

37. Data-Centric Questions?
How do you know where your sensitive data is right now?
How do you know how data moves within your business processes and what your employees are actually doing with the data they access to do their jobs?
What are your employees doing with your data when they are off or outside the network?
How do you manage data on mobile devices and BYOPC?

38. More Data-Centric Questions?
What is the 3rd line of your corporate security policy?
How many of your employees actually know it?
How do you effectively train your employees on data security polices and ensure they are in compliance - in real-time?
What would the benefit be to the organization if security enabled the business instead of security controls or policies hindering business processes?

39. Comprehensive Data Security, Lowest TCO
Increased Complexity, Cost and Risk
Lower TCO, Complexity & Risk
PROBLEM N… / VENDOR N…
HOST IPS / VENDOR 6
AUDIT & FORENSICS / VENDOR 5
DATA CLASSIFICATION / VENDOR 4
EDRM & ENCRYPTION / VENDOR 3
CONTENT MONITORING / VENDOR 2
DEVICE CONTROL / VENDOR 1
Force Business Process to Change
No Change to Business Process
User Productivity Impacted
User Productivity Not Impacted
Security Solution Landscape
Purpose: The purpose of this slide is to assist in describing the fundamental differences between point products focused on combating the internal threat, from a true platform solution delivered by Verdasys.
The slide is to be used to create doubt in the minds of prospects about the long term effectiveness and capabilities of point products employing technologies such as Digital Rights Management (DRM), Disk Encryption, Wire Encryption, Content Monitoring and Database Monitoring.
Key Points:
That the security space is full of point product application that claim to deal with the internal security threat.
Verdasys is focused on delivering a comprehensive platform solution to the internal security threat posed by trusted end users at the “point of use”.
As a platform Verdasys’ solution is capable of being deployed and integrated into a comprehensive security environment at the enterprise level… A point solution can not do this.
Verdasys’ capabilities are extensive and when used in conjunction with other enterprise security solutions form a layered defense.
Verdasys has extensive enterprise level rule enforcement and reporting capabilities that make it a flexible tool for meeting regulatory requirements for both policy enforcement and audit functions.
Does the prospect really want to deals with dozens of vendors or a single comprehensive solution from one vendor?
Does the prospect want to pay purchase and maintenance costs for overlapping product capabilities from lots of vendors…. Or pay once?
When a new threat appears, does a prospect want to begin investing solutions or reconfigure the Verdasys solution to deal with the threat?
Would the prospect expect to view several control panels from multiple vendors to investigate a security threat, or a single comprehensive dashboard?
Does the prospect expect the solution to deploy and scale to the entire enterprise over time?
New Threat = New Product, Vendor
New Threat = New Policy, Control
Numerous Control Panels, Interfaces
Single Control Panel & Interface
Multiple Policies, Reports
Unified Policies, Integrated Reports
Expensive Deployments, Support
Single Vendor, Lower Costs
© 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

40. Proven EIP Success USG agrees settlement with Lafarge
Lower TCO, Complexity & Risk
“Rival Racing Team Fined $100 Million in Spy Scandal”
USG agrees settlement with Lafarge 
Mon, 07 Dec 2009
Under the agreement USG will receive USD105m
No Change to Business Process
User Productivity Not Impacted
New Threat = New Policy, Control
Single Control Panel & Interface
Unified Policies, Integrated Reports
Single Vendor, Lower Costs
Security Solution Landscape
Purpose: The purpose of this slide is to assist in describing the fundamental differences between point products focused on combating the internal threat, from a true platform solution delivered by Verdasys.
The slide is to be used to create doubt in the minds of prospects about the long term effectiveness and capabilities of point products employing technologies such as Digital Rights Management (DRM), Disk Encryption, Wire Encryption, Content Monitoring and Database Monitoring.
Key Points:
That the security space is full of point product application that claim to deal with the internal security threat.
Verdasys is focused on delivering a comprehensive platform solution to the internal security threat posed by trusted end users at the “point of use”.
As a platform Verdasys’ solution is capable of being deployed and integrated into a comprehensive security environment at the enterprise level… A point solution can not do this.
Verdasys’ capabilities are extensive and when used in conjunction with other enterprise security solutions form a layered defense.
Verdasys has extensive enterprise level rule enforcement and reporting capabilities that make it a flexible tool for meeting regulatory requirements for both policy enforcement and audit functions.
Does the prospect really want to deals with dozens of vendors or a single comprehensive solution from one vendor?
Does the prospect want to pay purchase and maintenance costs for overlapping product capabilities from lots of vendors…. Or pay once?
When a new threat appears, does a prospect want to begin investing solutions or reconfigure the Verdasys solution to deal with the threat?
Would the prospect expect to view several control panels from multiple vendors to investigate a security threat, or a single comprehensive dashboard?
Does the prospect expect the solution to deploy and scale to the entire enterprise over time?
© 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.

41. The Four Seminal Ideas of Data Security
1. Data is the correct unit of measurement
Requirement is data-centric not Network or Device centric
Visibility, monitoring, control
2. Operate close to the user
The desktop is today’s data router
Understand full-context of data type, content & user action
3. Take a risk based approach to protection
Automated, persistent discovery & classification of data
Classification-driven information monitoring and policy enforcement
4. Flexibility to support and enhance business processes
No one response/control is appropriate to all risks
Shaping user behavior through warnings/prompts of greatest value
Encryption as an integrated control safeguards data; establishes trust

42. Thank You