endpoint data protection and leakage prevention
DESCRIPTION
Endpoint Data Protection and Leakage Prevention. Edy Almer VP Product Management & Marketing. Agenda. What Problem are we solving ? Legislation and Regulation Possible solutions Regaining Control of Endpoints and Data: - PowerPoint PPT PresentationTRANSCRIPT
Endpoint Data Protection and Leakage Prevention
Edy AlmerVP Product Management & Marketing
- Proprietary & Confidential -
Agenda
What Problem are we solving ? Legislation and RegulationPossible solutionsRegaining Control of Endpoints and Data:
Data Protection and Leakage Prevention with Safend Data Protection Suite
Safend AuditorSafend DiscovererSafend InspectorSafend EncyptorSafend ProtectorSafend Reporter
SummarySecuring your Endpoints
- Proprietary & Confidential -
Data Leakage and Targeted AttacksA Clear and Present Danger
- Proprietary & Confidential -
Compliance Requirements
States that currently have data protection laws
States that do not currently have data protection laws
- Proprietary & Confidential -
Government /Industry Regulations
PCI DSS
HIPAA
GLBA
US State PII regulations
SOX
BASEL II
UK Data Protection Act
South Africa PPI
- Proprietary & Confidential -
Cost of Data BreachesRecovery Cost Averages
Source: 5th annual "Cost of a Data Breach" study by the Ponemon Institute
Customer Costs
Brand damage
Loss of existingcustomers
Recruiting newcustomers
Unbudgeted legal, audit and accounting fees
Notification to customers
Free or discounted service to customers
Call center expenses
Public and investor relations
Internal investigations
Incremental Costs
Lost employee productivity
Productivity Costs
54%
30%
16%
Among the incidents reported, the most expensive data breach cost nearly $31 million to resolve, and the
least expensive cost $750,000 .
Average Incident Costper compromised record:
$204
Average Incident Cost:
$6.75 million
- Proprietary & Confidential -
Approaches for Data/Access ProtectionEncryption (at rest)
Encrypt Removable Storage,Hard Drives against accidental loss.
Encryption (in use – DRM)
Microsoft, Adobe, management tools.
Egress point control
Port/Device Control, Endpoint/GW DLP (IPS**, WAF**, FW**)
Access Control List
NTFS ACL, Database proxy, application level proxy, NAC
Full Spyware applications – record everything
- Proprietary & Confidential -
Port & Device Control • Detachable Storage Control• Removable Storage
Encryption• CD/DVD Encryption• Wireless Control• Hardware Keylogger
Protection
Hard Disk Encryption• Centrally Managed and
Enforced• Transparent SSO• Seamless
authentication support• Easy Recovery• Strong Security and
Tamper Resistant
Content Based DLP• Content Aware
Application Control• Data Leakage Prevention
Through:• Email, IM and Web• External Storage • Printers• Any Application/Protocol
safendreporter – Security and Compliance Analysis
safendauditor – Endpoint security status audit
safenddiscoverer - Sensitive Data Location and Mapping
• Single Lightweight Agent• Agent Includes Multi-tiered Anti-tampering Capabilities• Simple and Reliable Installation Process
Safend Data Protection Suite Architecture
- Proprietary & Confidential -
Safend Data Protection SuiteSingle Management Server & Single Management Console
- Proprietary & Confidential -
Content Aware Application Control
Data Leakage Prevention Through:
Email, IM and Web
External Storage
Printers
Application (all protocols)
Out of the box predefined classifications and Policies
Interactive Message Center for user education
Safend Inspector
protector encryptor
discoverer
safendinspector
- Proprietary & Confidential -
Safend Protector
Key Features
Prevents data leakage and penetration via endpoints
Detects and restricts any devices Enforces granular policies over physical, wireless and removable storage devices via real-time analysis of low-level port traffic Tamper-resistant Centrally managed & seamlessly integrates with Active DirectoryEnsures regulatory complianceEasy to use and scalable
encryptor
inspector discoverer
safendprotector
- Proprietary & Confidential -
Reports
Safend Encryptor:
Key Features
Encrypts all data on laptops and desktops – Total Data Encryption
True SSO (Single Sign On) technology Transparent to end users & help-desk personnel
Centrally managed and enforced
Full visibility of organization’s Encryption status
Stable and fault tolerant encryption Total Data Encryption, maintains performance and minimizes the risk of OS failure
safendencryptor
discovererinspector
protector
Safend Encryptor: Full Audit Trail Detailed Client & Server Log Records
Client Logs displayed in the Logs World :
Server Logs displayed in the Logs World :
Clients status displayed in the Clients World :
- Proprietary & Confidential -
Safend Encryptor Full Audit Trail Detailed Server Log Records
Examples of Encryptor specific server logs
- Proprietary & Confidential -
Case Study Healthcare: Firmley Hospital NHS
The CompanyFrimley Park Hospital is a 720 bed NHS Foundation Trust employing
approximately 3,500 staff and serving a catchment population of over 400,000.
The Challenge:incorporate differing requirements across different areas of the business where unusual or complex medical devices are in use.
The organization required a solution, which could be deployed within the short timeframes required by the new mandates, which was easy to manage and deploy and would not impact on the productivity of medical staff and administrators.
Safend’s Solution:flexibility and granularity of the Safend solution, with a phased roll-out of the policies on a ‘by department’ basis. This ensured that a consistent machine-based policy could be implemented on most PCs with the occasional custom machine-based policy for unusual medical equipment and custom user-based policies layered on top to address individual needs. The end result is that the Trust has an endpoint and mobile data security system that is largely invisible to the user but which provides full assurance that it has satisfied its obligations in securing mobile data.
Having evaluated a number of solutions, including one from McAfee/SafeBoot, (which at the time was centrally procured by the NHS), the Trust decided that the Safend solution was the best fit in terms of manageability and performance. “Safend was chosen because of its comprehensive integrated suite of endpoint security tools, including reporting, port control and disk and media encryption. The other major criterion for the selection was the need for a centralised solution with minimal management overheads and the need for a system that was largely transparent to the
user”. -Firmley Park Hospital NHS, Head
of IT
- Proprietary & Confidential -
Case Study Government: Navy Mine Warfare Training Center
The CompanyThe only training center that trains sailors for shipboard mine counter measures.
The Challenge:To ensure the integrity and security of the sensitive data used for instruction
Seamlessly control data access via portable devices without impeding on instructors’ abilities to access data for teaching purposes.
Safend’s Solution:Deploying 350 licenses of Safend Protector to guard against data leakage on nearly 850 ports throughout the Navy Mine Warfare Training CenterComprehensive Security of WiFi, FireWire and game ports
“Safend was the no-brainer choice to meet the Navy Mine Warfare Training Center’s needs. Of the 17 products we tested, it was the only one that could not be bypassed because it is loaded at the kernel and since it is not loaded as a service, users can’t shut the software off and circumvent the protection. The product was also very granular, making it easy to control access based on everything from device type to serial number. We found that it’s impossible to beat from our testing – you know you have found the right solution when no matter how hard you bang on it, it won’t
break”.- The Navy Mine Warfare Training
Center’s Director of Information Technology Herb Armstrong
- Proprietary & Confidential -
Case Study Healthcare: LA County Department of Mental Health
The CompanyThe Los Angeles County Department of Mental Health (DMH) serves approximately one-quarter of a million residents each year, making it the largest mental health service system in the nation.
The Challenge:Protection from leakage of the Department of Mental Health sensitive and personal client data for thousands of residents.
Appropriately allow the safe use of USB memory sticks while blocking dangerous file types.
Safend’s Solution:Seamless deployment of Safend Auditor and Protector to over 4,000 machines at its 130 locations across LA County
Enforce protection policies to ensure that the data being saved was authorized, encrypted and approved to access our corporate ports
“Safend was the clear choice to manage DMH’s thousands of endpoints. We chose Safend because its auditing and alerting capabilities were superior to other products we tested. Additionally, Safend offers a tamper proof agent that is
unbeatable” ”, -DMH’s Departmental Security
Officer Jeff Zito