МФИ Софт garda enterprise a handy dlp solution. garda enterprise is a cutting edge solution...
TRANSCRIPT
GARDA Enterprise is a cutting edge solution featuring all the latest technologies in the field of data leak prevention (DLP)
Garda Enterprise: a new view on data leak prevention 3
Capabilities 6
System overview 11 A new generation of DLP solutions Operating principles System management
Getting deeper 16 Security policies Quick search Search criteria Data storage Traffic handling Workstation monitoring Monitoring and blocking traffic flowing over secure
connections System management
Analytical capabilities 26 Statistical reports Employee’s contacts Employees profiles Data dissemination diagrams
Methods of analysis 31
Advantages of Garda Enterprise 32
Hardware and software requirements 33
Support 35
About MFI Soft 36
A new view on data leak prevention
As a rule, configuration and maintenance of DLP
systems, as well as the analysis of results of their
operation requires lots of efforts. Garda Enterprise is
designed to streamline and automate the day-to-day
routine of information security (IS) officers. Garda Enterprise starts revealing information policy violations and potential threats right after deployment, even before all the DLP implementation and setup stages are complete.
Detection of major risks, data categorization, fast
creation and monitoring of information security policies
are intuitive and can be managed without having a
glance at the manual.
Back to contents
Capabilities
New technologies employed in Garda
Enterprise broaden the functionality and
application of DLP solutions
Efficient data leakage preventionBased on in-house smart algorithms of detection of sensitive information Garda Enterprise safeguards all communication channels and immediately alerts IS officers to security policy violation attempts.
Analytical system Analysis of the trends in the Company information flows allows the development of long-term leak prevention strategy and real-time detection of suspicious user activities.
Handy monitoring tool Interactive creation of information security policies, management of employees’ access to information resources, documents and physical devices, productivity monitoring.
Garda Enterprise – a new generation of DLP solutions
Monitor and analyze communications of your employees
to minimize data leak risks. With the rich capabilities of
Garda Enterprise you will be able to:
Prevent data leaks
Identify disgruntled employees and prevent insider
attacks
Use a powerful set of tool for internal investigations
Easily manage information policies and analyze their
efficiency;
Perform comprehensive monitoring and analysis of
user activities
Keep archives of all business communications
Back to contents
Operating principlesGarda Enterprise comprises the following subsystems:
Interception and management module
Storage module
Analytical module
The modules are tightly integrated and supplied on a
single hardware platform:
All software components are the intellectual property of
MFI Soft and does not require any third-party licenses.
Go to next slide for details.
Back to contents
Interception and managementIncludes sniffers handling network channels and workstation
agents monitoring personal computers and devices
connected to them and ensuring various types of blockings
(cloud storages, removable devices, processes, etc.).
StorageA data warehouse that ensures efficient storage and
indexing of all data (messages, files, traffic statistics)
generated and exchanged by the staff.
AnalyticsThe analytical module ensures automated data analysis;
detection of policy violations, user behavior and traffic
irregularities; report generation.
Operating principles:
Subsystems
Back to contents
Garda Enterprise provides an intuitive web interface for
efficient system management.
Usability — an operator can easily learn and start
working with the system even without reading the
manuals;
Efficient handling of day-to-day tasks;
Platform independent — manage the system from any
device and under any operating system.
Managing the system
Вернуться к оглавлению
GETTING DEEPER
Security policies
Quick search
Search criteria
Data storage
Traffic handling
Workstation monitoring
Monitoring and blocking traffic flowing over secure connections
System management
Interactive policy creation and preview of results.
Quick and easy policy configuration. When configuring a policy, you immediately see the outcome of applying it, so you can interactively adjust the policy until you get the required result.
With a comprehensive set of criteria (type of data, employed software, communication channels, etc.) and conditions (key words, tags, search criteria and their combinations) you can design policies of almost limitless complexity.
Policies are based on search — you can preview the result of the policy being created and, if necessary, make appropriate changes to minimize false positives.
Security policies
Back to contents
The search among data objects is done in a similar fashion as searches in the popular search engines. Found objects are displayed in a readable format. The operator can use a rich set of refining search criteria.
The search does not depend on the file types and can be run even inside archives.
Regular scanning and the possibility to save search templates allow the operator to receive notifications about current events without adding them to the policy list.
Garda Enterprise keeps the full copy of all traffic. Upon creation of new rules and policies, you can run a retrospective analysis of data in the archive. Yet no other system can offer such a useful feature.
Quick search
Back to contents
Key words and phrases, including their occurrences in attached files and archives
Regular expressions
Search for similar documents
File name, document attributes, type, size, protocol, port, etc.
User accounts in Active Directory (import of user data from the LDAP server)
IP address
IM idetifiers (Skype, MSN, ICQ, etc.)
Social network IDs
Email addresses
VoIP account names / phone numbers
Search criteria
Back to contents
Garda Enterprise is one of the first DLP solutions developed with the use of the BIG DATA technology.
Our data storage subsystem was designed to address the typical problems of other DLP solutions. It ensures:
Storing of a wide range of data – information about incidents, specific data flows or full copy of the company data flows.
Fast access to data, search and analysis.
Low cost of storage in comparison with other similar solutions.
Garda Enterprise collects data from different sources (network traffic, mail servers, users’ workstations, etc.) and keeps it in the storage for further processing and analysis.
Data storage
Back to contents
Monitor all possible data transfer channels.
Garda Enterprise supports the following network protocols:
Mail and news protocolsSMTP; SMTPs; IMAP4; POP3; POP3s; MAPI; NNTP; S/MIME: MS Exchange. HTTP, HTTPs (GET and POST methods) v 1.0, v 1.1. FTP, FTP over HTTP, Tunneling protocols (IP-in-IP, L2TP, PPTP, PPoE), Telnet, Kerberos 5 authentication protocol
MessengersOSCAR (ICQ v7, v 8, v9); HTTPIM (messaging in social networks); MSNP v.12, v.13 (MSN Messenger, Windows Live Messenger); YMSG v9.0.0.2034 (Yahoo Messenger Protocol); IRC; MMP (Mail.Ru Agent); Skype (text messaging and file exchange); MS Lync; XMPP (Google Talk, Jabber QIP, SMS)
VoIP telephonySIP v .2.0 (RFC 2543bis/3261); SDP, H.323 v .2; H.245 v .7; H.225 v .4; T.38; Megaco/H248; MGCP, SKINNY; H.263 ABC; H.264 (single NAL unit mode), including video calls. Each VoIP session can be stored as a full dialog or can be split by channels (both incoming and outgoing calls)
File sharing networksBitTorent (standard 11031); Gnutella (v0.6); E-Mule (v0.49b);Direct Connect Protocol (dc++ v0.707)
Traffic handling
Back to contents
Ensure all-round monitoring of your staff workstations. In addition to in-depth analysis of communications and information about the usage of software and peripherals, Garda Enterprise provides a wide set of capabilities for user workstation monitoring.
Features of the workstation agent:
Scheduled captures of the screen;
Logging of applications run by users with time tracking;
Blocking of unwelcome applications (separately and by categories);
Monitoring of files sent to printer (interception, covert copying);
Key logging;
Blocking of file transfer over Skype;
Blocking of removable devices (internal and external);
White lists of external devices with permissions for reading/writing data;
Covert copying of data transferred to external devices;
Workstation monitoring
Back to contents
Monitoring of traffic transferred over secure connections is ensured by a special module tapped into the protected network.
How it works
The module blocks HTTP and HTTPs connections to a pre-defined list of resources (by URLs). For instance, it can ban access to social networks and cloud storages.
Main features of the module:
Instant interception of data transferred over secure connections;
Possibility to use external SSL certificates;
Bypass adapter for increased fault-tolerance.
Back to contents
Monitoring and blocking traffic flowing over secure connections
The Garda Enterprise web interface was designed with a deep understanding of the tasks of information security officers and provides maximum efficiency and ease of use.
The web interface features the following pages:
Main page — shows the current status of information security in the company — latest incidents, detected irregularities, general statistics.
Policies — serves for configuration of security policies.
Employees— displays the list of employees, their personal profiles and latest activities.
Search — the page where the user can search intercepted data for the objects of interest (messages, documents, visited web pages, etc.), group them and use searches for policy creation.
Reports — multi-level graphical reports with exhaustive statistics
Settings — system settings, workstation agent management (including installation and removal).
System management
Back to contents
A unique reporting system allows IS officers to not only monitor how company’s sensitive data is being used, but also to detect irregularities in the information flows and predict potential leaks.
See next slide for details.
Analytical capabilities
Back to contents
Interactive
All data displayed in graphical reports are interactive and allow IS officers to “drill down” to a specific object (email message, web page, IM dialog, etc.).
Real-time
All reports are generated in real time. When drawing up interactive diagrams of data flows and staff contacts you can just drag-and-drop the object of interest into the report area, the rest will be done by Garda Enterprise.
Big data
The use of the latest big data technologies provides great analytical capabilities. The system generates a variety of reports, both general and incident-specific reports for investigations.
In addition to information security aspects, Garda Enterprise allows monitoring of staff productivity by revealing facts of improper activities during office hours.
Details:
Analytical capabilities
Back to contents
The reporting mechanism is implemented with the use of the drill-down approach — from a summary report you can move to a more detailed one and eventually right to a specific information object.
Reports allow IS officers to detect deviations in the statistical picture of information exchange between employees and track important trends.
Statistical reports
Back to contents
This interactive diagram shows the cloud of both internal and external contacts of an employee, communication intensity and means.
Employees’ contacts
Back to contents
Save your time on routine tasks. Garda Enterprise automatically fills-in employees profiles.
Click over the person of interest to view his/her:
Account names in different services
Activity statistics
Latest actions
For better monitoring results, you can manually enter additional data.
Employees’ profiles
Back to contents
Visual representation of all data movements starting from first communication inside the company till the moment it is passed outside.
Diagrams show both engaged employees and communication means and allow IS officers to quickly investigate incidents, reveal insider threats and find employees who got unauthorized access to sensitive data before it leaks out.
Data dissemination diagrams
Back to contents
Garda Enterprise uses the most efficient technologies of data analysis
Search for similar documents
Search for specific documents and their fragments in the volumes of data exchanged by users. Ensures detection of unauthorized access and dissemination of sensitive information.
Patterns (regular expressions)
The use of patterns allows scanning data flows for such data as passport and credit card numbers, email addresses, etc. Ensures detection of personal data, financial documents.
Linguistic analysis
Advanced linguistic analysis algorithms ensure quick and efficient search for required data using built-in search engine. Also these algorithms increase the efficiency of policy operation.
Methods of analysis
Back to contents
First DLP solution using technologies for storing and analysis of Big Data
Fast and user friendly web interface
Stores all the company data
Powerful analytical system with predictive capabilities
Efficient interception on all major communication channels
Control over removable devices
Monitoring of VoIP services
All sorts of reports even for the most demanding users
Productivity monitoring
Back to contents
Garda Enterprise —
Advantages
A full-functional system (including workstation agents management, monitoring of HTTPS, interception and analysis of traffic, data storage) runs on a 1U\3U or 4U server depending on the number of monitored workstations and required storage period.
Example
A system for monitoring of 400 workstations and 6-month storage period runs on a 1U server.
Hardware and software requirements
Back to contents
Up to100 Mb/s
до 104 cores8 GB RAM1 TB HDD (data storage period: up to 1 month)
Up to1000 Mb/s до 10016 cores32 GB RAM1 TB HDD (data storage period: up to 7 days)
Traffic rate Number of workstations Hardware requirements
Recommended hardware requirements for trial deployment:
Back to contents
1. Audit of information resources
On the first stage our specialists will study your requirements for the DLP system and analyze your information infrastructure. Based on this data we will develop a set of security policies tailored specifically for your company
2. DLP deployment
Soon after deployment of Garda Enterprise you will experience its efficiency. Right of the box you will get a rich set of pre-configured policies and reports.
Within the first several days the system will learn and accommodate itself to your data flows to avoid false positives in the future.
3. Support
After commissioning of the solution, our technical support team will readily assist you with its configuration and further usage.
SupportMFI Soft provides comprehensive technical support of its DLP solutions at all stages of integration with the customers’ infrastructure.
Back to contents
20+ years in development of advanced solutions
Over 300 highly skilled specialists
In-house research center developing new strategic projects
1500 deployments
Quality management system certified for compliance with ISO 9001:2008 by the British Standards Institution (BSI)
Back to contents
Garda [email protected]
+7 951 910 4052www.tida.su