Download presentation
Presentation is loading. Please wait.
1
McAfee Endpoint Encryption
Presenter Name Presentation Date Customer presentation Last updated November 2011
2
Data Protection Challenges
Agenda 1 2 3 4 Data Protection Challenges & Issues McAfee Data Protection Solutions McAfee Endpoint Encryption McAfee ePO Management
3
Data Protection Challenges
Agenda 1 Data Protection Challenges & Issues
4
The goal of all IT security efforts is to PROTECT DATA
It’s All About the Data! Compliance Intellectual Property High Business Impact (HBI) Information SOX HIPAA PCI-DSS GLBA FISMA ITAR State data breach (e.g., CA SB 1386) U.K. Data Protection Act Customer/prospect lists Price/cost lists Design docs Source code Formulas Trade secrets Process advantages Pending patents Company logo/artwork Board minutes Financial reports Merger/acquisitions Product plans Hiring/firing/layoff plans Salary information Acceptable use – 45 U.S. states now have breach notification laws - The U.K. Data Protection Act now has big potential fines. As of 06 Apr 2010, the Information Commissioners’ Office (ICO), the UK’s privacy watchdog, has the power to fine organizations up to 500,000 pounds ($744,000 U.S.) – up from 5,000 pounds previously – for serious data leaks or losses. What’s more, the ICO will be able to audit government departments suspected of having poor data security controls. The goal of all IT security efforts is to PROTECT DATA
5
Data At Risk, Even From Trusted Insiders
80% of CISOs see employees as the greatest data threat 73% of data breaches come from internal sources 77% unable to audit or quantify loss after a data breach 68% plan to use former company’s confidential data in new job Sept 29, SailPoint survey of 1k workers “Would you feel comfortable taking items1 with you when leaving a job?” 52% No, 48% Yes 1- include customer information, electronic files, office supplies, etc. Data Loss Risks During Downsizing, As Employees Exit so Does the Corporate Data Ponemon, February 23, 2009 “It is also surprising to learn that 67% of respondents used their former company’s confidential, sensitive or proprietary information to leverage a new job. Approximately 68% are planning to use such information as lists, customer contact lists and employee records that they stole from their employer. Not only is this putting customer and other confidential information at risk for a data breach but it could affect companies’ competitiveness and future revenues. Employees are stealing data in different ways. It is interesting that most employees (61%) who stole valuable customer and other business information are taking it in the form of paper documents or hard files. The next most popular means of transferring data is by downloading information onto a CD or DVD (53%) or onto a USB memory stick (42%) followed by sending documents as attachments to a personal account (38%). Employees leave their laptops but take CDs, USB memory sticks and PDAs. Ninety-two percent of employees took CDs/DVDs followed by USB memory sticks (73%) and PDAs (17%). Only 9% kept their Blackberry and 3% kept their laptops.” Survey: Dark Reading/InformationWeek (2009) Survey: MIS Training Institute at CISO Summit (2009) McAfee Datagate Report. Produced by DataMonitor (survey of 1400 IT professionals across UK, US, DR, DE, and Australia) Ponemon (2009)
6
Types of Data At Risk: What’s Copied to USB Drives
Data Loss Risks During Downsizing, As Employees Exit so Does the Corporate Data Ponemon, February 23, 2009 “It is also surprising to learn that 67% of respondents used their former company’s confidential, sensitive or proprietary information to leverage a new job. Approximately 68% are planning to use such information as lists, customer contact lists and employee records that they stole from their employer. Not only is this putting customer and other confidential information at risk for a data breach but it could affect companies’ competitiveness and future revenues. Employees are stealing data in different ways. It is interesting that most employees (61%) who stole valuable customer and other business information are taking it in the form of paper documents or hard files. The next most popular means of transferring data is by downloading information onto a CD or DVD (53%) or onto a USB memory stick (42%) followed by sending documents as attachments to a personal account (38%). Employees leave their laptops but take CDs, USB memory sticks and PDAs. Ninety-two percent of employees took CDs/DVDs followed by USB memory sticks (73%) and PDAs (17%). Only 9% kept their Blackberry and 3% kept their laptops.” SanDisk Endpoint Security Survey, April 2009 6
7
“Data Breaches Continue to Become More Common and More Severe1”
“DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor…” “Royal London Mutual Insurance Society loses eight laptops and the personal details of 2,135 people” SC Magazine “The FSA has fined Nationwide £980,000 for a stolen laptop” “Personal data of 600,000 on lost laptop” “ChoicePoint to pay $15 million over data breach—Data broker sold info on 163,000 people” SC Magazine - The Times - Ponemon, 2010 Annual Study: US Enterprise Encryption Trends, Executive Summary Excerpt “U.S. companies have never experienced the intensity of IT implementation challenges and data security threats that they face today. To accomplish their missions, they must strategically devote shrinking IT budgets to use the best mix of new and old technologies that meet increasingly strict regulatory compliance requirements. At the same time, they must protect their data from theft from cyber attacks that are growing more frequent, insidious and damaging. The consequences of failure are severe: U.S. data breach costs continue to rise, averaging $6.75 million per breach and more than $200 per compromised record to pay for detection, response, notification and lost business.” 1 Top Finding from Ponemon 2010 Annual Study: U.S. Enterprise Encryption Trends, November 2010 7
8
Consequences of a Breach
Penalties Fines Costs of remediating a data breach Brand damage Customer churn Loss of competitive edge And more – Data falling into competitive hands often has far-reaching effects – The cost of all these breaches adds up! The Ponemon Institute released their fifth annual "Cost of a Data Breach" study in Jan 2010 summarizing the costs associated with data breaches. They found that on average the cost per record of a PII type data breach was $204. That creates huge liability for companies handling large amounts of customer data (e.g., credit card transactions, hospital records, account numbers, etc.).
9
Increasing Compliance Burden
Datenschutz (Germany) GISRA (USA) Data Protection Act (UK) Government Network Security Act (USA) California SB 1386 (USA) US Senate Bill 1350 Proposed (USA) HIPAA (USA) Gramm-Leach-Bliley (USA) Japan Personal Information Protection Act (PIPA) US Government OMB Initiative (USA) Directive on Protection of Personal Data (EU) Sarbanes-Oxley (USA) Payment Card Industry Data Security Standard The Personal Information protection and Electronic Documents Act (Canada) Federal Desktop Core Configuration (US Civilian) GCSX Code of Connection (CoCo) (UK) 2004 2011 1996 Massachusetts 201 CMR 17.00 Key regulations driving encryption in the US are state privacy laws, PCI requirements & HIPAA1 Find summaries of US & global data protection laws at mcafee.com/us/regulati ons/index.aspx 1 Top Finding from Ponemon 2010 Annual Study: U.S. Enterprise Encryption Trends, November 2010 Ponemon, 2010 Annual Study: US Enterprise Encryption Trends, Top Findings Excerpt “Key regulations driving encryption use remained the same from 2008 and 2009, including state privacy laws (such as those in California, Massachusetts and others), PCI requirements, and the Health Information Portability & Accountability Act (HIPAA). Interestingly, PCI requirements have seen the greatest increase in influence by far over the past four years, rising 49 points from 15 percent in 2007 to 64 percent this year. PCI is becoming one of the most important drivers to action because failure to comply means organizations can’t do online credit card transactions, which holds organizations to a much higher level of accountability. At the same time, traditional compliance drivers such as Sarbanes-Oxley and Graham-Leach-Bliley have decreased in prominence over time in terms of driving encryption projects as companies integrate compliance with those regulations into their standard operations.”
10
Challenges Shaping Data Protection
Mobile Device Workplace Explosion Employee-Liable Mobile Device Invasion More Data Is Mobile Smartphones, netbooks, tablets, USB storage devices Used for work and personal Indispensible, highly mobile Workers using personal non- compliant devices and applications Gray area around corporate control of personal devices accessing company data Need to deliver corporate data when and where needed Devices store and access vast amounts of confidential data 10 10 10
11
New and Increasing Types of Endpoints
Computing Cycles in Perspective Increasing use of tablets, smartphones and USB drives equates to increasing risks for data loss IDC predicts the combined unit shipments of smartphones and tablets will eclipse total (consumer and corporate) PCs in 20121 2010 worldwide USB flash drive shipments are expected to be 275 million2 Mobile internet connected devices gaining speed 1,000,000 Devices/Users (MM in Log Scale) Mobile Internet 100,000 Desktop Internet 10,000 10B+ Units?? 1,000 PC 1B+ Units/ Users 100 Minicomputer 100M Units 10 Mainframe 10M Units 1 1M Units 1960 1980 2000 2020 Morgan Stanley
12
Agenda 2 McAfee Data Protection Solutions
13
Key Requirements for Securing Data
Protect data on a wide range of endpoints Easy, consistent security management Proof of protection
14
McAfee Data Protection
Desktop Device Control Endpoint Encryption for PC Endpoint Encryption for Mac Host DLP Smartphones Laptop Enterprise Data Center Build slide Enterprise data center houses databases and apps Traditional endpoints like desktops, laptops, removable storage and USB devices access these DB/Apps as well as etc. Definition of an endpoint is changing. Now includes smartphones and tablets McAfee has it covered. From the EDC with nDLP to desktop/laptop with DC/EEPC/hDLP, RMS with EEFF, and encrypted USB drives. Plus EMM for smartphones and tablets. Under centralized management using ePO McAfee enables organizations to fully embrace the on-the-go enterprise by offering integrated and centrally managed end-to-end data protection solutions on a wide range of endpoints Enterprise Mobility Management Databases Apps Network DLP Removable Media Storage Endpoint Encryption for Files and Folders Tablets McAfee ePO USB devices Encrypted USB Devices Comprehensive ● Integrated ● Centrally Managed 14 14
15
McAfee: Proven Leader, Trusted Solutions
Magic Quadrant for Content-Aware Data Loss Prevention Ability to Execute Completeness of Vision Challengers Leaders Niche Players Visionaries Symantec Websense RSA (EMC) Trustwave CA Code Green Networks Fidelis Security Systems Verdasys Palisade Systems Trend Micro GTB Technologies McAfee Leader Gartner Magic Quadrant for Mobile Data Protection 2011 Gartner Magic Quadrant for Content-Aware Data Loss Protection 2010
16
Agenda 3 McAfee Endpoint Encryption
17
Data Protection Challenge
How best to protect confidential corporate data especially on mobile devices from loss, theft, or exposure to unauthorized parties? Laptops lost or stolen in airports, taxis and hotels cost companies an average of $49,2461 36% of data breaches were due to lost or stolen laptop computers Average cost is $6.75 million per breach2 Staying out of the news Best practices: - “Ensure that portable data-bearing devices… are encrypted”2 “Protected health information (PHI) is rendered unusable, unreadable, or indecipherable to unauthorized individuals if encrypted or destroyed”3 “Encryption in past laws have been directed to be considered based upon risk, but now they are more explicitly required in some laws.” Nevada’s SB347 and Massachusetts 201 CMR are specifically discussed.4 People are increasingly using mobile technology to perform their jobs, technology that’s easy to lose and is an attractive theft target “Laptops lost or stolen in airports, taxis, and hotels around the world cost their corporate owners an average of $49,246 reflecting the value of the enclosed data above the cost of the PC. … A senior exec’s notebook is valued at $28k while a director or managers notebook is $61k. The figure can reach as high as $116k.” Laptops lost or stolen in airports, taxis and hotels WW cost companies $28,000 - $116,000 per laptop (average cost $49,246)1 36% of data breaches were due to lost or stolen laptop computers… Average cost is $6.75 million per breach2 Best practices: “Companies should ensure that portable data-bearing devices…are encrypted” 2 “Protected health information (PHI) is rendered unusable, unreadable, or indecipherable to unauthorized individuals if one or more of the following applies: (a) Electronic PHI has been encrypted…(b) The media on which the PHI is stored or recorded has been destroyed”3 Staying out of the news “Stolen laptop contains names, Social Security number, home address, date of birth, encrypted credit card information, personal address, personal telephone numbers and family member information of over 42,000, US Army, Nov datalossdb.org In 2006, a Veterans Affairs Department analyst lost a laptop computer that contained the Social Security numbers and other personal data for more than 26 million veterans and active duty troops.cnn.com And there are many more The National Archives and Records Administration (NARA) are investigating a potential data breach involving a lost hard drive that could affect 70 million records of US military veterans with social security numbers, health records, discharge info, and more. A report by Wired claimed that a defective hard drive that powered eVetRecs, the system veterans use to request copies of their health records and discharge papers, was sent by an agency back to its vendor for repair and recycling without first destroying the data. Writing on the IDtheftsecurity.com blog, consultant Robert Siciliano claimed that the hard drive should have never left the facility and should have been destroyed. Siciliano said: “A $2,000 hard drive with millions of social security numbers is worth millions, maybe billions of dollars if it gets into the hands of a criminal. The ‘loss' of data like this can cost a government agency or corporation millions to respond to the breach. 1 Ponemon 2 Ponemon, 2009 Cost of a Data Breach 3 HIPAA DHHS Guidance 2009 4
18
McAfee Endpoint Encryption for PCs, McAfee Endpoint Encryption for Mac
Full disk encryption for Windows PCs or Mac Protects all data on desktop PCs1 and laptops transparently No need to be concerned about workers deciding which files to encrypt or the myriad of “hidden” temp files that applications create which contain your data Easy to use Encryption happens in the background & on the fly High performance Easy to manage Via integrated McAfee ePolicy Orchestrator Centralized deployment, management, policy administration, auditing, reporting, and recovery via a single console Demonstrate compliance & proof of consistent/persistent security High Performance - McAfee EEPC leverages Intel® AES-NI technology, delivering up to 300% faster encryption performance over software-only approaches Supported Operating Systems - Microsoft Windows 7, Microsoft Vista (all 32- and 64-bit versions), Microsoft Windows XP, Microsoft Windows Server 2008, Microsoft Windows Server 2003 1 Only EEPC supports desktops
19
Endpoint Encryption for Files and Folders
Encryption where it’s needed Local file and folder encryption File and folder encryption on file servers Removable media: file and folder encryption on USB drives User initiated encryption of attachments Data protection made easy Designed for sharing of encrypted data Persistent encryption On-the-fly, transparent data encryption and decryption when writing to/reading from disk Automatic policy enforcement beyond user control Managed via McAfee ePolicy Orchestrator platform
20
McAfee Enterprise Mobility Management
Makes it secure Configures, enforces and manages native device security settings Enforces compliance to enterprise policies Securely connect to enterprise services: VPN, Wi-Fi, messaging and LOB apps Makes it easy Self-service provisioning Personalizes devices to optimize end-user productivity Makes it scalable Integrates into the enterprise’s existing environment and scales to 10s of 1000s of devices iPad Enterprise Environment Messaging Android Applications iPhone EMM + ePO Directory Trust Digital securely empowers enterprise mobility 2.0 in three ways. First, Trust Digital makes it secure. Second, Trust Digital makes it easy. And third, Trust Digital makes it scalable. It makes enterprise mobility secure by configuring, enforcing, and managing the native device security settings, not just the sandbox. It enforces compliance to enterprise policies and configures VPN, WiFi messaging, and line-of-business applications. Trust Digital also makes it easy. This is why we provide a self-service interface for employees to provision themselves to connect to enterprise resources. It personalizes the devices to optimize end-user productivity as well. Scalability is also a big factor when it comes to the large enterprise. Trust Digital ensures that they can scale up tens of thousands of devices. Along the right-hand side of this slide, you see the different types of platforms supported by Trust Digital: iPads, Android, iPhone, Web OS, Microsoft Windows Mobile, and Simian. All of these mobile device platforms are unique, and we offer different features for each type of platform. webOS Certificate Services Files Windows Mobile Symbian Database 20 April 20, 2017 20
21
Modular, Comprehensive Data Protection Solutions
ToPS for Data Suite Individual Solutions EE for PCs EE for PCs EE for Files and Folders EE for Files and Folders Endpoint Encryption EE for Removable Media (feature of EEFF) EE for Removable Media (feature of EEFF) Encrypted USB (devices) Host DLP Device Control (feature of Host DLP) DLP + Enterprise Mobility Mgmt. Host DLP Device Control (feature of Host DLP) McAfee ePO McAfee ePolicy Orchestrator + Network DLP McAfee ePO
22
Agenda 4 McAfee ePO Management
23
McAfee ePO Foundation of Optimized Security
4/20/2017 McAfee ePO Foundation of Optimized Security World’s most scalable security and compliance mgmt platform Manages 60M+ endpoints 35,000+ enterprises Largest deployment @ > 5M endpoints Deploy, manage and report on Endpoint security Data Loss Prevention Endpoint Encryption Encrypted USB devices Enterprise Mobility Manager Web and messaging security Network access control Vulnerability management Integration with network IPS Threat alerts from Avert Labs The center of McAfee’s endpoint protection solutions and our security risk management strategy is ePO, which is the industry standard for centralized management consoles to manage all endpoint protection. ePO is tried and tested managing more than 60 million endpoints in 35,000 enterprises. It’s designed to scale from small environments to the largest, for example, managing one customer’s 5 million endpoint environment. ePO is the command and control console where you manage protection, implement and enforce policies, and report on results from one intuitive display. It is the McAfee framework for other products such as data loss prevention and device encryption with integration with network IPS and risk and compliance. And to further leverage your investment, EPO receives automated updates from McAfee Avert Labs to help you maintain comprehensive defenses. “ePO has historically been the standard for centralized administration consoles.” Endpoint Protection Platform Magic Quadrant Confidential McAfee Internal Use Only 23 23
24
Security Management Challenges
LIMITED VISIBILITY INEFFECTIVE RISK MANAGEMENT COMPLEX, GLOBAL OPERATIONS Fragmented technologies No support for on- premise and SaaS No real time security monitoring Reactive programs and processes No integration with business systems Limited analytic capabilities Dynamic regulatory requirements Manual assessment and enforcement Increased stakeholder pressures Loss of Revenue Increased Risk Exposure Increased operational costs X X X April 20, 2017
25
An Upgrade to ”Enterprise”
ENFORCE ASSESS ePolicy Orchestrator MONITOR RESPOND SECURE THE DEVICE SECURE THE INFORMATION SECURE THE INFRASTRUCTURE April 20, 2017
26
PROACTIVE RISK ANALYTICS
McAfee ePO Benefits COMPLETE VISIBILITY Complete visibility and transparency cross all systems and processes PROACTIVE RISK ANALYTICS Prioritize and proactively respond to critical risks before a loss occurs Automate key security and compliance processes and controls $ REDUCED COSTS € April 20, 2017
27
Integration of Endpoint Encryption and ePO
Automation of monitoring, reporting, and auditing Reduces Costs! McAfee Endpoint Encryption McAfee Encrypted USB Single console endpoint deployment and management 1 Single consolidated source for incident response and reporting 2 McAfee DLP Comprehensive incident views, case management and workflow 3
28
Why McAfee Endpoint Encryption
1 Marketing leading, enterprise-class encryption 2 Comprehensive, customizable, extensible product offering includes full disk, file and folder, removable media, encrypted USB storage devices 3 Superior integration and robust management with McAfee ePO 4 Full featured compliance and audit reporting using McAfee ePO Why do customers ultimately buy McAfee? Because we’re the de facto world standard for enterprise-class data protection. You might hear this from other vendors as well but the difference is enterprise class. McAfee is very well suited, it’s designed to help an organization that truly has enterprise-class needs and desires to build a strategy around. We’ve got a very, very complete and deep product offering that includes encryption, device control, secure media and full DLP. We've got superior integration, the ability to consolidate not only our own technologies within a common management infrastructure, but to be able to leverage points of integration between the various pieces of the portfolio. Giving you the capability to leverage things like encryption in combination with technologies like DLP. This leads to giving us the capability to create automatic compliance and audit reporting. After all nobody deploys these types of solutions unless you can unequivocally state that you’re protected at any given time. Especially when it comes to the loss of an asset that may hold sensitive information. And at the end of the day we can give you the quickest in deployment and lowest operational costs in the industry with our efficient and effective data protection solution portfolio. 5 Quick deployment and lowest operational cost
29
Summary Data security risks continue to increase
Insiders are seen as the main source of leaks Data breaches growing at an alarming rate McAfee has a better solution Comprehensive modular solutions with integrated, centralized management and reporting make data easier to protect Rapid deployment and integration deliver fast results Getting started is easy Create a strategic data security plan Focus on a specific problem to start (i.e., encrypt mobile laptops and USB drives)
31
Compliance Report Endpoint Encryption for PCs
Fully Encrypted Yes/No? Detailed Encryption Status Report per Drive/Partition Installation Status Report Endpoint Encryption Installed: Yes/No? Risk and Compliance Sales Accreditation Presentation April 20, 2017
32
McAfee Endpoint Encryption
Comprehensive ● Integrated ● Managed
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.