Download presentation
Presentation is loading. Please wait.
1
Enterprise Information Protection
When DLP is Not Enough? Graham Howton Channel Manager, EMEA
2
Agenda Introduction to Verdasys Gartner The Insider Threat and APT’s
Enterprise Information Protection (EIP) Importance of user-awareness Use-Cases
3
Verdasys: The Leader in EIP
Enterprise Information Protection Data-centric, risk based protection of structured and unstructured data Secure business processes not infrastructure Enable ownership & control independent of network infrastructure Uniquely satisfy an expanding set of critical use cases Scale from the desktop to the cloud FINANCIAL FINANCIAL INSURANCE HI-TECH & OUTSOURCING RETAIL & TELECOM LIFE SCIENCES & MANUFACTURING GOVERNMENT ENERGY & DEFENSE © 2011 Verdasys Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY
4
Gartner Magic Quadrant 2011
5
Traditional Approaches Have Failed
PROBLEM N… / VENDOR N… HOST IPS / VENDOR 6 AUDIT & FORENSICS / VENDOR 5 DATA CLASSIFICATION / VENDOR 4 EDRM & ENCRYPTION / VENDOR 3 CONTENT MONITORING / VENDOR 2 DEVICE CONTROL / VENDOR 1 New Threat = New Product, Vendor Force Business Process to Change User Productivity Impacted Security Solution Landscape Purpose: The purpose of this slide is to assist in describing the fundamental differences between point products focused on combating the internal threat, from a true platform solution delivered by Verdasys. The slide is to be used to create doubt in the minds of prospects about the long term effectiveness and capabilities of point products employing technologies such as Digital Rights Management (DRM), Disk Encryption, Wire Encryption, Content Monitoring and Database Monitoring. Key Points: That the security space is full of point product application that claim to deal with the internal security threat. Verdasys is focused on delivering a comprehensive platform solution to the internal security threat posed by trusted end users at the “point of use”. As a platform Verdasys’ solution is capable of being deployed and integrated into a comprehensive security environment at the enterprise level… A point solution can not do this. Verdasys’ capabilities are extensive and when used in conjunction with other enterprise security solutions form a layered defense. Verdasys has extensive enterprise level rule enforcement and reporting capabilities that make it a flexible tool for meeting regulatory requirements for both policy enforcement and audit functions. Does the prospect really want to deals with dozens of vendors or a single comprehensive solution from one vendor? Does the prospect want to pay purchase and maintenance costs for overlapping product capabilities from lots of vendors…. Or pay once? When a new threat appears, does a prospect want to begin investing solutions or reconfigure the Verdasys solution to deal with the threat? Would the prospect expect to view several control panels from multiple vendors to investigate a security threat, or a single comprehensive dashboard? Does the prospect expect the solution to deploy and scale to the entire enterprise over time? Numerous Control Panels, Interfaces Multiple disparate Policies, Reports Expensive Deployments, Support Increasing Complexity, Cost and Risk © 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
7
US National Security Agency
Experts from the US National Security Agency and government labs said America had to change the way it thought about protecting Department of Defense (DoD) computer networks. "We've got the wrong mental model here," said Dr James Peery, head of the Information Systems Analysis Centre at the Sandia National Laboratories. "I think we have to go to a model where we assume that the adversary is in our networks.“ That change would mean spending less time shoring up firewalls and gateways and more time ensuring data was safe, he said. Dr Kaigham Gabriel, current head of the Defense Advanced Research Projects Agency, likened the current cybersecurity efforts of the US DoD to treading water in the middle of the ocean. All that did was slightly delay the day when the DoD drowned under the weight of maintaining its network defences, he said. The DoD oversees 15,000 networks that connect about seven million devices.
8
Federal Bureau of Investigation
Shawn Henry - “Top Cyber Cop” The Federal Bureau of Investigation's top cyber cop offered a grim appraisal of the nation's efforts to keep computer hackers from plundering corporate data networks: "We're not winning," he said. 10 years worth of research and development, valued at more than $1 billion, was stolen by hackers unidentified company? Companies need to do more than just react to intrusions! Source: Mar. 28, 2012, on page B1 in The Wall Street Journal, with the headline: U.S. Outgunned in Hacker War
9
Top Data Security Challenges
Insider Threats
10
Insider Threat Privileged user data management is the “last mile” of data security Insiders are trusted with IP, but it is difficult to hold them accountable for its use When incidents occur, investigations are costly, time-consuming, and don’t necessarily provide smoking guns to prosecute So far, WikiLeaks has not been a game-changer for privileged user management in banks or insurers, but APT has taken the Insider Threat to another level Solution value dependent on potential damages caused if insider steals IP
11
Defining Insider Threat Types
Malicious Motivation = anger, dissatisfaction Threat = attack systems and network Theft Motivation = money, economic gain Includes corporate & state espionage Threat = data theft Hacktivits (e.g. Anonymous) Motivation = anger & dissatisfaction or belief
12
What Happens When Cyber Espionage Succeeds
The vicious cycle of compromise Data compromise occurs in market leader Competitor launches new product or service Time to market is equal or ahead Competitive product is offered at a lower price Greatly reduced R&D costs Company or business unit financials become negative - Margins on sales & volume of sales begin to drop Company can no longer compete and exits market where it was once a leader - Sale of business loses money for company & investors Bad guys use profits to define and enter new markets
13
Insider Threat Incident: LG
Joeng (only known name) Copied 1,182 top secret plasma display design files onto his personal drive and went to Changhong-Orion PDP Changhong, reportedly paid Joeng $300,000 per year, an apartment and a car (while he still collecting his LG salary) LG was unaware Jeong had left, leaving his access to the network open Stole file: plasma display panel production Stole files: plant’s power system and construction blueprints LG was made aware of thefts by a distributor in SE Asia Joeng was extradited, Prosecutors in Seoul indicted Joeng for spying Cost to LG - estimated at more than $1 Billion Changhong has not returned any of the stolen secrets
14
Lessons Learned How was Joeng caught? Lessons Learned
Third party distributor recognized technical manuals were copied and alerted LG Lessons Learned Data monitoring: location, access and movement related to sensitive data must be understood De-provisioning process at the network, application and data levels needs to be in place an effective. Business Managers and HR must work with Security USB device usage monitoring and controls, as well as other channels need to be in place
15
Insider Threat Mitigation: Best Practices
Create integrated processes Business, HR and Security Create standard on-boarding and off-boarding processes Increase data usage monitoring for incidents & departures 2. Distribute trust amongst multiple parties to force collusion Most insiders act alone 3. Link Policy Training w/ Risk and Compliance Analysis Real-time education, alerting & justification prompts Allow self-compliance; create clear deterrence
16
Insider Threat Mitigation: Best Practices
Assess insider risks by content and context Not just “what”, but “who, where, when, & how” Using a sliding response scale; risk based approach Create Data Identification & Classification Automatic or manual tagging (w/ auditing) Files using previously tagged content inherit classification Use Identity-based Data Controls Based on user rights, file sensitivity, source & destination, etc Use encryption for data access - closes “super user” loopholes
17
Insider Threat Mitigation: Best Practices
Implement integrated physical and logical (technical) security controls to cover more risks effectively Camera monitoring, linked with data usage and movement controls Put Data Usage Monitoring & Control in Place Host based monitoring is a requirement Establish data usage norms, watch for behavioral changes Forensically Log Events Assure all data transactions are user-attributable Logs must be evidentiary grade and tamper proof
18
EIP: The Balance of Enablement and Security
Implementing both technology and process to maximize the “left” while minimizing the “right” LEFT RIGHT Productivity Flexibility Mobility Creativity Simplicity Ease of Use Transparency Value Return Cost Information Security Operational Security Data Loss Prevention Regulatory Compliance User Education & Awareness Trust but Verify BALANCE Build a unified and collaborative information governance program
19
All DLP solutions are not the same!!!!!!
Beware!!!! All DLP solutions are not the same!!!!!!
20
Enterprise Information Protection
EIP is an information centric platform and methodology Enables efficient data exchange Protects sensitive information Improves data governance, risk mitigation and compliance Empowers the individual Allows Business to function © 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
21
Distinct Information Protection Strategies
Distributed Data Discovery Automated Classification and Tagging Host Content & Context Monitoring & Control Unified Encryption (file, , disk) Removable Media / Device Mgt Application Based Monitoring & Control VDI/Virtual Environment Controls Logical Network Segmentation Secure Collaboration Export Data Controls Application Vaulting Application Data Management eDiscovery & Forensics Host Based Network Control Information Policy Awareness & Training Legacy Application Remediation Process Compliance Enforcement & Auditing Network Monitoring & Control Data Discovery Monitoring & Control Host Monitoring & Control © 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
22
Enterprise Information Protection
EIP focuses on business value creation not on the risks it mitigates Enables the implementation of value building business drivers, by enforcing the proper, secure and compliant use of information EIP Core Business Processes Outsourced Processes Supply Chain Processes Third Party Processes © 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
23
Digital Guardian System Architecture
Management Server Reporting Policy Definition Configuration Alert Management Data Usage & Alerts Content & Control Policies Virtualization Infrastructure (Citrix, VMware) BES or EAS Server Agent eDiscovery Agent Ubiquitous, object level monitoring Pervasive, enveloping control Ensures security & confidentiality of regulated data Prove the integrity of audit & compliance controls Associates people with actions Traces incidents to their source Real-time Autonomous Desktop/Laptop Agents Server Agents Network Agents VDI Agents Mobile Users Repository Remote Scanning File shares Sharepoint 23
24
Actionable Data Classification
Increased Flexibility, Adoption and Accuracy Three levels of data definition Context Content User Classification travels with the data Meta Tag NTFS Tag Multi-level & multifaceted classification Sensitivity level & data type tags Tag verification & propagation Data movement audit and tracking Automatic Tamper Proof Inheritance Persistence Drives policy Meta & NTFS Tags Content Context User
25
The Context of Data-Centric Security
DISCOVER MONITOR What & where is Sensitive Data? IDENTITY Who is using the Data? ACTIVITY What is the User Doing With It? DESTINATION Where Is the Data Going? CONTROL What action is appropriate? Classification Persistent Inheritance Context Application Location Type Content Expression Similarity Keyword Dictionary IT Admin DBA Desktop Network Privileged Executives Hi-Value Rights Access Usage Context Location Wireless LAN VPN Files Move Copy/Paste Burn/Print Upload/IM Attach Compose/Send Application Data View Delete Modify Export Servers Devices Networks Applications Printers IP Addresses Recipients Incident Alert Detection Prompt User Intent/Educate Warn Users Awareness Encrypt Data Protection Access Control Block Action Prevention Mask Data Need to know Continuous Logging, Auditing – Summary, Inventory, Trending & Forensic Reporting
26
Digital Guardian Enforces A Virtual Information Protection Perimeter
Partner Site DG Citrix Server Partner Site Corporate File Server Web Trust Verification Agent Digital Guardian Server Outsourcer A Partner Site Password _ _ _ _ _ _ Outsourcer B
27
Use-Case - Social Networking Risks
With the tremendous power of social networking, comes a myriad of associated risk: IP Protection Privacy Protection Risks to Reputation National Security Risk Key location and movement information IT Risk Apps written quickly by unknown parties, Security and intrusion vulnerabilities, Inability to control apps contained within browser User ability to install unauthorized apps. Incident – Soldier posts operational details on Facebook! © 2010 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
28
Digital Guardian End Point & Server Data Monitoring and Control
Visibility into data usage Audit and logging Data Life Cycle Management Records management…data retention Data Usage Control Enforce acceptable use policies through real-time controls Mask Prompt, warn and justify Alert and incident escalation management Block Non-Company Network Logging (default) Accountability Alert Admin Detection Warn User Awareness Prompt User Intent Encrypt Data Protection Block Action Prevention Mask Data Need to Know myaccess.company.com company company company company © 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE. 28
29
Login Warning Prompt © 2010 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
30
Pasting Data © 2010 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
31
Report Capability PA Logins by site (When Possible) Uploads by site
Uploads by file extension Downloads by site Downloads by file extension ADE attempts by site ADE attempts by extension © 2010 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
32
Typical APT Attack Lifecycle: Example
Network App Memory Secure Perimeter Machine User Network Spear Phishing Server (?) Final Destination APT Attack Lifecycle: The key to a successful APT attack is complete stealth. An attack discovered at any point before achieving its objective(s) can imperil its mission. Attacks typically begin using social engineering (i.e. “spear phishing”) to trick a user into opening an attachment or URL link that installs malicious software on the user’s machine, effectively circumventing any perimeter web or security system. Typically, the most skilled APT designers are tasked with gaining entry into the network. A common attack vector is the use of spear-phishing, a social engineering technique where an authentic-looking is sent to a specific user that appears to be from a trusted source; some spear phishing examples go so far as to reference personal information (taken from social media account profiles) to further the ruse. The will then have a legitimate-looing, but malicious attachment or web link from which malicious code is downloaded onto the user’s machine. The malware uses unknown “zero day” exploits in applications and/or the O/S to embed malware in system memory that signature-based antivirus technology can’t detect. Once the first machine is infected, the malware will hide itself by creating a “super user” account that allows it to operate on the machine without detection by normal means. Once an attack gains a privileged user status, the attack behaves like an “invisible” insider threat. It then begins spreading itself across the network, infecting new machines without detection, in search of the location and access credentials to the IP for which the mission was specifically designed to steal. Simultaneously, the APT will also set up a stealth “command and control” (“C&C”) form which to send/receive updated intelligence and instructions to facilitate search and acquisition of its target data. APT will use a variety of new and old malware techniques, including keyloggers and “sniffers” to identify words, applications, or sources that would point to its target’s location and access credentials. Using another set of privileged user credentials (most likely different than the credentials initially used gain access to the network), the APT may use a sensitive application to extract IP from a server or database. At any point, APT will use its C&C platform to update its “masters”, such as listing the files on a server, or mapping a database schema. Its masters might then send new commands for which files to copy, or SQL queries to run, to get the correct data. Once the IP is extracted, APT typically encrypts the data and transfers it to another infected machine used as a “staging” platform until its receives instructions to exfiltrate it from the network. The process from entry to final extraction may take days, weeks, or months to complete. The level of sophistication of APT attacks are beyond the scope of what most companies are prepared to address, and many companies are unable or unwilling to take even basic policy steps (e.g. stripping attachments) to help mitigate their exposure. Often, it takes a visit from the FBI to convince a company they have a serious problem, and at that point it’s probably too late to stop the attack. IP Network Machine IP Network Internet
33
DG APT Defense in Depth: Many opportunities to Detect, Alert and Stop
! ! ! ! Network Agent ! STOP Network Agent Core (App Control) APT Module Core DG Server Core Stopping APT requires several layers of detection/prevention in a “defense in breadth” where each security layer is focused on a different APT mission stage (i.e. , application, memory, user, network, etc.). The security model is predicated on three assumptions: All APT must follow a similar mission path: entry; initial infection; secondary infections; command & control communication; privileged user spoofing; data extraction; staging; and exfiltration Any given APT defensive layer will have some rate of assumed failure; the model succeeds so long as EVERY layer doesn’t fail at once. Stopping APT at any mission stage will stop the mission; you do NOT need to stop the initial infection to necessarily stop an attack DG’s APT defense in breadth differs from the “defense in depth” strategy used for signature-based antivirus whereby each “layer” (i.e. , desktop, web, server, etc.) uses a different AV engine to look for the same threat characteristics, with the hope a different vendor will be the fastest to create a signature for any given threat. Many network-based APT solutions take an “all or nothing” approach using virtual machines – i.e. if they don’t detect the initial infection, there’s no plan B. Other APT solutions require an external source to provide a “clue” (e.g. malicious IP address) from which to begin investigating an attack Most next-gen anti-malware solutions are extremely powerful, but have not been proven at enterprise scale DG can provide several APT defensive layers from a single policy framework: application control; anomaly detection (memory, system, user, and network); privileged user management; file-level access controls; and continuous forensic auditing across multiple attack vectors (kernel, application, user, network, data) DG policies can be used to alert, prompt, and block common APT tactics DG core can prevent users from opening attachments from unknown sources, or prevent malware code from executing from an application The APT Module (HBGary) forensically scans a computer’s memory to detect suspicious activities in memory, and can be used to trigger other DG policies DG core can track suspicious system events, such as increased activities from a privileged account not associated with a normal user (if the user/machine combination is consistent). DG network agent can deconstruct the entire network session to detect suspicious applications, payloads, or network activity that may identify an APT attack. If correlated in a SIEM tool, the combination of network and core agent telemetry may be able to pick up larger traffic patterns across an enterprise. The User Classification module (TITUS) is part of the larger classification suite which DG can use to identify and apply controls to IP at the point of creation or discovery. DG server agents can enact identity-based policies for both controlling privileged user access to the system, as well as to the data within. This includes blocking non-approved user and applications from extracting data and policy-based file encryption. DG network agent can identify suspicious traffic to/from sensitive servers, and detect unauthorized payloads (i.e. encrypted or embedded). The network agent can also identify and apply policies to IP with user-generated classification tags. DG core can also ensure no data can leave a machine through an unauthorized port/protocol, require justification (which an APT attacker couldn’t respond to), or dynamically encrypt as it leaves the system. DG network can use intelligence gathered from multiple internal or external sources to detect comm or data traffic to suspicious or malicious IP addresses across all 65k ports With the use of rule variables, it is possible to create relational policies that associate suspicious APT-like events across all layers of detection in context. This could potentially detect attacks with greater accuracy by detecting a string of likely APT tactics as a single “event”, and without generating too many false positives when analyzing single suspicious events (e.g. elevated HGBary risk score; abnormal privileged account activity, etc.) in isolation. For instance, you could create policy alerts (but no blocking) to detect a series of suspicious activities which, if analyzed individually, may or may not be obviously suspicious; however, it may be very suspicious if ALL alerts are triggered in a specific sequence over time. At that point, the last policy in a master “APT policy” may block the action. This is a very advanced use of DG, but it’s possible to do Attacker Core + AFE Network Agent Core Core + Network Agent
34
US Department of Justice
“…our critical requirements are persistent classification, global visibility and complete data usage audit. Verdasys uniquely delivers those capabilities and partnered with us to extend their platform to do more… ” Chad Fulgham, CISO DOJ Classified information protection, audit and investigation on an unprecedented scale Use Case Coverage Classified information protection Privileged user monitoring and control Mobile workforce enablement Future Coverage Legacy application monitoring & audit Critical Differentiators Actionable & persistent data classification Audit and forensic case management Hardened & Stealthy agent Eliminated physical security paradigms Eliminated $12M in alternative building hardware & software costs Reduced investigative costs Cut investigation costs by $8M per annum Reduced Potential Classified Breach Costs Estimated $100 Million per annum © 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
35
ING BANK “Our security goal is to create more collaborative environments. Digital Guardian mitigates the risk of data loss in our open work places and supports are partnership with Workers Councils ” Eric Luiken, Chief Architect Protecting PII while supporting an open and collaborative working environment Use Case Coverage PII protection User policy awareness & training Remote media control and encryption Social networking control (Face Book & Linked in) Future Coverage encryption Critical Differentiators Social Networking upload controls Workers Council approval ROI: Reduced Software Costs Displaced USB device and gateway & monitoring software reducing licenses and support costs by $2.5M In late 2005, a senior research scientist at a large manufacturing company left to join a competitor. In doing so, the scientist downloaded over 20,000 sensitive documents from the corporate network, and took at least 150 of those documents with him to his new employer. Once discovered, the data breach was estimated to have cost this company approximately $400 million. The staggeringly high value illustrates the magnitude of the consequences for loss of sensitive intellectual property, and set off an initiative to introduce risk management measures to guard against an incident of this kind happening again. The company sought a solution to this problem in the form of DRM (thinking that they might be able to control who is allowed to use documents containing intellectual property) and access control (they went so far as to lock down access to data and implemented a request/approval process). Unfortunately, neither of those solutions addressed the business need because DRM didn’t scale well and the access control/request/approval mechanism impeded progress. By implementing Digital Guardian, the company was able to return to the old model so that scientists had ready access to the data, but controls were implemented to keep the information protected. In the end, the key to success was the ability to classify and encrypt the information as soon as it was checked out of the repository (Documentum in this case). By classifying the files, risk appropriate controls could be used to protect the data (for example, the customer could now prevent a document classified as “highly sensitive IP” from being sent via ). And since the files are encrypted, they can only be used by employees who have Digital Guardian agents available to decrypt them. Once the files are taken out of the organization, they are unusable. Much of the protection is completely transparent to the user, allowing collaboration to occur without interruption. Digital Guardian only interrupts the user when the intellectual property is being mishandled by the user. © 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
36
Ferrari Formula-1 Racing
“Digital Guardian has grown to be one of the pillars of our security strategy and our foremost tool for insider threat prevention and protection.” Davide Ferrari, Direzione Operazioni Securing critical design IP across the enterprise and at 20 race tracks around the globe. Current Use Case Coverage Race car design and racing strategy IP protection Privileged user monitoring & Control eDiscovery and Forensics Future Platform Development Unified encryption ( , file and full disk) Critical Differentiators Real-time Privileged user monitoring and audit Forensic case management Secure collaboration at race sites Save $2M per annum in alternative security costs Decreased administrative staff Reduce FTE costs by $4M per annum Prosecuted Insider Compromise $100 Million fine to F-1 Racing Default victory of Constructor Cup $500M In July, 2007 McLaren chief designer Mike Coughlan was found in possession of a 780-page dossier of Formula-1 rival Ferrari's technical data. This document allegedly possessed valuable intellectual property regarding Ferrari’s 2007 race car. Digital Guardian helped the Ferrari IT team deliver a “windfall” ROI by alerting the security staff to a “high-risk” activity by a privileged user. Further forensic reporting through the Digital Guardian reporting console confirmed that a Ferrari privileged user had printed large amounts of highly sensitive Intellectual Property leading Ferrari to open a formal investigation into the incident with Italian Authorities and the Formula One Racing commission. In the legal proceeding against McLaren, Ferrari utilized Digital Guardian’s audit logs and forensic reporting to prove the design dossier was printed at a Ferrari office, the date and time the dossier was printed and the printer that was used, and the identity of the Ferrari employee who printed the dossier. In addition, Digital Guardian proved that no other Ferrari employee, contractor or partner could have printed the dossier or any sub-portion of the dossier in the same time frame. Digital Guardian’s forensic reporting provided complete visibility down to the end user, allowing Ferrari to hold its employees accountable. © 2009 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
37
Data-Centric Questions?
How do you know where your sensitive data is right now? How do you know how data moves within your business processes and what your employees are actually doing with the data they access to do their jobs? What are your employees doing with your data when they are off or outside the network? How do you manage data on mobile devices and BYOPC?
38
More Data-Centric Questions?
What is the 3rd line of your corporate security policy? How many of your employees actually know it? How do you effectively train your employees on data security polices and ensure they are in compliance - in real-time? What would the benefit be to the organization if security enabled the business instead of security controls or policies hindering business processes?
39
Comprehensive Data Security, Lowest TCO
Increased Complexity, Cost and Risk Lower TCO, Complexity & Risk PROBLEM N… / VENDOR N… HOST IPS / VENDOR 6 AUDIT & FORENSICS / VENDOR 5 DATA CLASSIFICATION / VENDOR 4 EDRM & ENCRYPTION / VENDOR 3 CONTENT MONITORING / VENDOR 2 DEVICE CONTROL / VENDOR 1 Force Business Process to Change No Change to Business Process User Productivity Impacted User Productivity Not Impacted Security Solution Landscape Purpose: The purpose of this slide is to assist in describing the fundamental differences between point products focused on combating the internal threat, from a true platform solution delivered by Verdasys. The slide is to be used to create doubt in the minds of prospects about the long term effectiveness and capabilities of point products employing technologies such as Digital Rights Management (DRM), Disk Encryption, Wire Encryption, Content Monitoring and Database Monitoring. Key Points: That the security space is full of point product application that claim to deal with the internal security threat. Verdasys is focused on delivering a comprehensive platform solution to the internal security threat posed by trusted end users at the “point of use”. As a platform Verdasys’ solution is capable of being deployed and integrated into a comprehensive security environment at the enterprise level… A point solution can not do this. Verdasys’ capabilities are extensive and when used in conjunction with other enterprise security solutions form a layered defense. Verdasys has extensive enterprise level rule enforcement and reporting capabilities that make it a flexible tool for meeting regulatory requirements for both policy enforcement and audit functions. Does the prospect really want to deals with dozens of vendors or a single comprehensive solution from one vendor? Does the prospect want to pay purchase and maintenance costs for overlapping product capabilities from lots of vendors…. Or pay once? When a new threat appears, does a prospect want to begin investing solutions or reconfigure the Verdasys solution to deal with the threat? Would the prospect expect to view several control panels from multiple vendors to investigate a security threat, or a single comprehensive dashboard? Does the prospect expect the solution to deploy and scale to the entire enterprise over time? New Threat = New Product, Vendor New Threat = New Policy, Control Numerous Control Panels, Interfaces Single Control Panel & Interface Multiple Policies, Reports Unified Policies, Integrated Reports Expensive Deployments, Support Single Vendor, Lower Costs © 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
40
Proven EIP Success USG agrees settlement with Lafarge
Lower TCO, Complexity & Risk “Rival Racing Team Fined $100 Million in Spy Scandal” USG agrees settlement with Lafarge Mon, 07 Dec 2009 Under the agreement USG will receive USD105m No Change to Business Process User Productivity Not Impacted New Threat = New Policy, Control Single Control Panel & Interface Unified Policies, Integrated Reports Single Vendor, Lower Costs Security Solution Landscape Purpose: The purpose of this slide is to assist in describing the fundamental differences between point products focused on combating the internal threat, from a true platform solution delivered by Verdasys. The slide is to be used to create doubt in the minds of prospects about the long term effectiveness and capabilities of point products employing technologies such as Digital Rights Management (DRM), Disk Encryption, Wire Encryption, Content Monitoring and Database Monitoring. Key Points: That the security space is full of point product application that claim to deal with the internal security threat. Verdasys is focused on delivering a comprehensive platform solution to the internal security threat posed by trusted end users at the “point of use”. As a platform Verdasys’ solution is capable of being deployed and integrated into a comprehensive security environment at the enterprise level… A point solution can not do this. Verdasys’ capabilities are extensive and when used in conjunction with other enterprise security solutions form a layered defense. Verdasys has extensive enterprise level rule enforcement and reporting capabilities that make it a flexible tool for meeting regulatory requirements for both policy enforcement and audit functions. Does the prospect really want to deals with dozens of vendors or a single comprehensive solution from one vendor? Does the prospect want to pay purchase and maintenance costs for overlapping product capabilities from lots of vendors…. Or pay once? When a new threat appears, does a prospect want to begin investing solutions or reconfigure the Verdasys solution to deal with the threat? Would the prospect expect to view several control panels from multiple vendors to investigate a security threat, or a single comprehensive dashboard? Does the prospect expect the solution to deploy and scale to the entire enterprise over time? © 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE.
41
The Four Seminal Ideas of Data Security
1. Data is the correct unit of measurement Requirement is data-centric not Network or Device centric Visibility, monitoring, control 2. Operate close to the user The desktop is today’s data router Understand full-context of data type, content & user action 3. Take a risk based approach to protection Automated, persistent discovery & classification of data Classification-driven information monitoring and policy enforcement 4. Flexibility to support and enhance business processes No one response/control is appropriate to all risks Shaping user behavior through warnings/prompts of greatest value Encryption as an integrated control safeguards data; establishes trust
42
Thank You
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.