1. Endpoint Data Protection and Leakage Prevention
Edy Almer
VP Product Management & Marketing

2. - Proprietary & Confidential -
Agenda
What Problem are we solving ?
Legislation and Regulation
Possible solutions
Regaining Control of Endpoints and Data:
Data Protection and Leakage Prevention with Safend Data Protection Suite
Safend Auditor
Safend Discoverer
Safend Inspector
Safend Encyptor
Safend Protector
Safend Reporter
Summary
Securing your Endpoints
Solution Components
Architecture
Deep Dive into components as time allows
- Proprietary & Confidential -

3. Data Leakage and Targeted Attacks A Clear and Present Danger
It seems like more and more we are hearing about data leakage situations. This is not simply because the threat is on the rise with all the new types of removable media in the marketplace but the main reason is that regulatory compliance now requires companies who have incurred a loss to disclose it.
Inspector: The Transportation Security Administration is warning 1,195 of its former employees that a contractor may have mailed their Social Security numbers and birth dates to the wrong addresses and left them open to identity fraud
--USA Today
Protector: An investigation is under way into the disappearance of a computer hard drive which could contain the details of about 100,000 [UK MoD] Armed Forces personnel --BBC
Encryptor: Personal data on more than 26 million U.S. veterans had fallen into the hands of thieves… The data were on a laptop and external drive stolen in an apparent random burglar - CNN News
All of these types of data leakage examples could have been avoided if the companies had the Safend Solution.
- Proprietary & Confidential -

4. Compliance Requirements
Most companies recognize that data is now their most important asset and want to put measures into affect to protect it. The other reason for implementing a solution such as Safend is because Regulatory Compliance dictates that you have to. 45 states currently have data protection laws and soon almost all will have the same type of requirements. Safend helps organizations meet their regulatory compliance requirements for data protection with such regulations as PCI, HIPAA, SOX, GLBA, BASEL II, J SOX, SB 1386, the European Union Directive, and DPA (the UK Data Protection Act), just to mention a few.
States that currently have data protection laws
States that do not currently have data protection laws
- Proprietary & Confidential -

5. Government /Industry Regulations
PCI DSS
HIPAA
GLBA
US State PII regulations
SOX
BASEL II
UK Data Protection Act
South Africa PPI
During the next hour, I’ll provide you with an overview of Who is Safend;
Then frame the Data Leakage Prevention problem in which the Safend Solution is addressing;
Then review How Safend specifically solves the DLP problem.
And then we will conclude with a Q&A session.
Thanks and with that let’s begin.
- Proprietary & Confidential -

6. Cost of Data Breaches Recovery Cost Averages
Average Incident Cost:
$6.75 million
Average Incident Cost per compromised record: $204
Customer Costs
Incremental Costs
Brand damage
Loss of existing customers
Recruiting new customers
Unbudgeted legal, audit and accounting fees
Notification to customers
Free or discounted service to customers
Call center expenses
Public and investor relations
Internal investigations
30%
54%
16%
One last slide with statistics…
According to the Ponemon Institute, The Average Data Loss Incident costs the company $6.75M with the average cost per record of $204 for 2009.$6.6M,$202 for 2008 & $6.3M,$197 for 2007
Once a public company reports a data loss incident, on average their stock will drop 5% and it will take 12 months to regain the loss stock value.
By looking at this slide, it is easy to calculate your immediate ROI on the Safend solution. By implementing the Safend solution to protect your sensitive data, you are putting measures in to ensure that you will not encounter a data leakage event from your open port/device drives.
Among the incidents reported, the most expensive data breach cost nearly $31 million to resolve, and the least expensive cost $750,000.
Productivity Costs
Lost employee productivity
Source: 5th annual "Cost of a Data Breach" study by the Ponemon Institute
- Proprietary & Confidential -

7. Approaches for Data/Access Protection
Encryption (at rest) Encrypt Removable Storage, Hard Drives against accidental loss.
Encryption (in use – DRM) Microsoft, Adobe, management tools.
Egress point control Port/Device Control, Endpoint/GW DLP (IPS**, WAF**, FW**)
Access Control List NTFS ACL, Database proxy, application level proxy, NAC
Full Spyware applications – record everything
- Proprietary & Confidential -

8. Content Based DLP Port & Device Control Hard Disk Encryption
Single Lightweight Agent
Agent Includes Multi-tiered Anti-tampering Capabilities
Simple and Reliable Installation Process
Port & Device Control
Detachable Storage Control
Removable Storage Encryption
CD/DVD Encryption
Wireless Control
Hardware Keylogger Protection
Hard Disk Encryption
Centrally Managed and Enforced
Transparent SSO
Seamless authentication support
Easy Recovery
Strong Security and Tamper Resistant
Content Based DLP
Content Aware Application Control
Data Leakage Prevention Through:
, IM and Web
External Storage
Printers
Any Application/Protocol
safenddiscoverer - Sensitive Data Location and Mapping
safendreporter – Security and Compliance Analysis
safendauditor – Endpoint security status audit
- Proprietary & Confidential - 8 8

9. Safend Data Protection Suite Architecture
I’d now like to review the Safend Protection Suite Architecture.
Safend Data Protection Suite consists of Clients, a Management Console and a Management Server.
The Clients are installed on the enterprise endpoints and they enforce the security policies locally on their hosts.
The Management Server provides the services needed for configuring and monitoring Clients. Clients periodically communicate with the Management Server to renew their security policies, submit their logs and to initialize their suspension (one-time) passwords (OTPs). All communication between clients and the server is implemented as Web Service calls over SSL.
Security Admins use the Management Console to interact with the Management Server.
The Management Console is a Windows applications used by Admins to interact with the Management Server. Once logged in to the console, a user can manage and assign security policies, view client properties, view logs, and perform various administration operations such as change domain user credentials.
Security Admins can explicitly request Clients to immediately renew their policy, submit logs or initialize their OTPs.
To facilitate the management of clients in large deployments, the Management Server interacts with external Directory Services such as Active Directory (default) and Novell’s eDirectory.
The Management Server utilizes either mySQL or MS SQL Server database to store its configuration, domain information, policies and logs.
- Proprietary & Confidential -

10. Safend Data Protection Suite Single Management Server & Single Management Console
The Data Protection Suite allows definition of Encryption, Port&Device Control, Content Inspection and Content Discovery in one single server and console with a single agent deployment action.
Common Client status and common logs and reports allow easy control and a short learning period

11. - Proprietary & Confidential -
Safend Inspector
Content Aware Application Control
Data Leakage Prevention Through:
, IM and Web
External Storage
Printers
Application (all protocols)
Out of the box predefined classifications and Policies
Interactive Message Center for user education
protector
encryptor
discoverer
safendinspector
- Proprietary & Confidential - 11

12. - Proprietary & Confidential -
Safend Protector
Key Features
Prevents data leakage and penetration via endpoints
Detects and restricts any devices
Enforces granular policies over physical, wireless and removable storage devices via real-time analysis of low-level port traffic
Tamper-resistant
Centrally managed & seamlessly integrates with Active Directory
Ensures regulatory compliance Easy to use and scalable
safendprotector
encryptor
inspector
discoverer
Safend Protector monitors real-time traffic and applies customized, highly-granular security policies over all physical, wireless and storage interfaces, including:
USB, Firewire, PCMCIA, SD, Parallel, Serial Modem, Removable media devices, external hard drives, CD/DVD Drives, Floppy Drives, Tape Drives, WiFi, Bluetooth, and InfraRed.
It detects and allows restrictions of devices by device type, model or even specific device serial number.
Protector is centrally managed & it seamlessly integrates with Active Directory and Novell Edirectory to enable Admins to leverage the native organizational units that have already been established.
As I previously mentioned, we are a company that prides itself on “eating our own dog food” and have build an insurmountable amount of security into our solution. It is virtually impossible to circumvent, disable or uninstall the Protector Client.
Not only do we have reporting and alerting built into the product, which by the way helps meet the many of regulatory compliance requirements, the logging that is sent to the management server is encrypted.
From a scalability perspective, Protector has been tested and able to manage up to 100,000 clients with one management server.
I’d now like to quickly describe a couple of Security features in Protector. In the backup slides that will be provided to you, there is a dedicated slide to each of these features should you feel that any one of these are of particular interest to your customer.
- Proprietary & Confidential -

13. - Proprietary & Confidential -
Reports
- Proprietary & Confidential -

14. Safend Encryptor: Key Features
Encrypts all data on laptops and desktops – Total Data Encryption
True SSO (Single Sign On) technology Transparent to end users & help-desk personnel
Centrally managed and enforced
Full visibility of organization’s Encryption status
Stable and fault tolerant encryption Total Data Encryption, maintains performance and minimizes the risk of OS failure
safendencryptor
protector
discoverer
inspector
Safend Encryptor enforces an enterprise wide encryption policy to protect the data stored on laptop and desktop hard disks, so that sensitive data cannot be read by unauthorized users in the case of loss or theft.
Safend Encryptor provides True SSO (Single Sign-On functionality). Safend Encryptor uses your existing Windows login interface for user authentication, and requires no changes to work processes. Highly scalable - a single management server can manage more than 75,000 agents. Additional servers can be seamlessly added to create a server cluster.
Transparent to End Users - transparently uses Windows login to access the encrypted data and therefore does not require any end-user training. Transparent to Help Desk - transparently uses the generic AD domain password reset process. No dedicated password recovery procedure is required.

15. Safend Encryptor: Full Audit Trail Detailed Client & Server Log Records
Clients status displayed in the Clients World:
Client Logs displayed in the Logs World:
Server Logs displayed in the Logs World:

16. - Proprietary & Confidential -
Safend Encryptor Full Audit Trail Detailed Server Log Records
Examples of Encryptor specific server logs
- Proprietary & Confidential -

17. Edy Almer edy@safend.com
Thank You !
Edy Almer

18. - Proprietary & Confidential -
Case Study
Healthcare: Firmley Hospital NHS
The Company
Frimley Park Hospital is a 720 bed NHS Foundation Trust employing approximately 3,500 staff and serving a catchment population of over 400,000. 
The Challenge:
incorporate differing requirements across different areas of the business where unusual or complex medical devices are in use.
The organization required a solution, which could be deployed within the short timeframes required by the new mandates, which was easy to manage and deploy and would not impact on the productivity of medical staff and administrators.  
Safend’s Solution:
flexibility and granularity of the Safend solution, with a phased roll-out of the policies on a ‘by department’ basis.  This ensured that a consistent machine-based policy could be implemented on most PCs with the occasional custom machine-based policy for unusual medical equipment and  custom user-based policies layered on top to address individual needs.
The end result is that the Trust has an endpoint and mobile data security system that is largely invisible to the user but which provides full assurance that it has satisfied its obligations in securing mobile data.
Having evaluated a number of solutions, including one from McAfee/SafeBoot, (which at the time was centrally procured by the NHS),  the Trust decided that the Safend solution was the best fit in terms of manageability and performance. “Safend was chosen because of its comprehensive integrated suite of endpoint security tools, including reporting, port control and disk and media encryption.  The other major criterion for the selection was the need for a centralised solution with minimal management overheads and the need for a system that was largely transparent to the user.” 
- Firmley Park Hospital NHS, Head of IT
- Proprietary & Confidential -

19. - Proprietary & Confidential -
Case Study
Government: Navy Mine Warfare Training Center
The Company
The only training center that trains sailors for shipboard mine counter measures.
The Challenge:
To ensure the integrity and security of the sensitive data used for instruction
Seamlessly control data access via portable devices without impeding on instructors’ abilities to access data for teaching purposes.
Safend’s Solution:
Deploying 350 licenses of Safend Protector to guard against data leakage on nearly 850 ports throughout the Navy Mine Warfare Training Center
Comprehensive Security of WiFi, FireWire and game ports
“Safend was the no-brainer choice to meet the Navy Mine Warfare Training Center’s needs. Of the 17 products we tested, it was the only one that could not be bypassed because it is loaded at the kernel and since it is not loaded as a service, users can’t shut the software off and circumvent the protection. The product was also very granular, making it easy to control access based on everything from device type to serial number. We found that it’s impossible to beat from our testing – you know you have found the right solution when no matter how hard you bang on it, it won’t break.”
- The Navy Mine Warfare Training Center’s Director of Information Technology Herb Armstrong
- Proprietary & Confidential -

20. - Proprietary & Confidential -
Case Study
Healthcare: LA County Department of Mental Health
The Company
The Los Angeles County Department of Mental Health (DMH) serves approximately one-quarter of a million residents each year, making it the largest mental health service system in the nation.
The Challenge:
Protection from leakage of the Department of Mental Health sensitive and personal client data for thousands of residents.
Appropriately allow the safe use of USB memory sticks while blocking dangerous file types.
Safend’s Solution:
Seamless deployment of Safend Auditor and Protector to over 4,000 machines at its 130 locations across LA County
Enforce protection policies to ensure that the data being saved was authorized, encrypted and approved to access our corporate ports
“Safend was the clear choice to manage DMH’s thousands of endpoints. We chose Safend because its auditing and alerting capabilities were superior to other products we tested. Additionally, Safend offers a tamper proof agent that is unbeatable,” ”
- DMH’s Departmental Security Officer Jeff Zito
- Proprietary & Confidential -