note: you need to customize slides 2, 5, 7 and 8 before using this presentation, and delete slide 1

Note: You need to customize slides 2, 5, 7 and 8 before using this presentation, and delete slide 1.

© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.

Keeping Sensitive Data Secure

Prospect Logo Here


Data Loss is Having Devastating Global Impact

Although potentially devastating, these breaches are preventable, Litan says. "These types of attacks can be stopped with a layered fraud-prevention approach that starts with secure

browsing and includes multiple layers of user and account monitoring, and appropriate

interventions." Avivah Litan, Gartner Group “IMF Attack: 1 of Dozens of Breaches?”


Data Loss Is Expensive

► Average cost of data breach is $5.4M

► Human errors cause 35% of data breaches

► Malicious attacks cause 37% of data breaches

► Average lost business cost is $3.03M

► Greatest risks are third-party applications, remote employees/mobile devices, cloud computing and removable media

► Average malware incidents have nearly doubled from 27% in 2010 to 43% 50+ malware attempts per month within organizations Only 40 percent say AV in top five most effective technologies

► Web applications are the third most common breach vector and account for over one-third of data loss1

Ponemon Institute 2013 Cost of Data Breach and 2012 State of the Endpoint Studies

12012 Verizon Data Breach Investigations Report


Browsers Are The New Security Perimeter

► Browsers are the information consumption platform Enterprise web apps, cloud, BYOD, SaaS services

► Browsers are weakest link in security chain Key loss vector for cybercrime and data theft

► Unmanaged devices: little visibility or mitigation control No knowledge of security state of machine No knowledge of user handling of content

Cloud

Web AppsBYOD

SaaS

Insert prospect website


About Quarri Technologies

► Security software that keeps sensitive data secure Prevent unauthorized use & replication of confidential data Defend against both external and internal threats Enable IT to enforce secure web sessions on demand

► Headquartered in Austin, TX, USA Privately held, investor-backed company Patented, unique web information security technology


Enforce Secure Web Sessions On Demand

Data Leakage Prevention

Data PrivacyAnti-Malware

Keyloggerblocking

Zero hour malwaredefenses

MITM blocking

SSL Certificate defenses

End of session data cleanse

Session data (cookies, cache file, password

store, history) encrypted

Browser firewall

User info controls — block copy, save, print,

screen capture

User info controls extend to Acrobat & MS Office applications

Frame Grabber blocking

• On-the-fly deployment; no client software to manage

• Enforce single web session usage

• Centrally log users' browser-related file operations

Session timers



How Protect On Q Works

► Deployable with internal or external apps► Windows, iOS and Android platforms

1. User connects to protected web app (no token)

4. Protected web sessions (with token)

Protect On Q

2. Enforcement check (token valid?)

EmployeesBusiness PartnersCustomers

4. Event logging

Protect On Q: the world’s only on-the-fly browser security system

Web Site Data Center

3. Deliver site-specific protected browserRedirect to Apple/Google Play to download



Protect On Q Benefits

► Mitigate Data Loss Risk and Maintain Compliance for Cloud, SaaS and Web Applications Protect valuable browser-delivered data from being

replicated or stolen by internal and external threats while in transport and in use

Central log files of user activities for audits Organization can enforce usage

► Cost Effective No client software installation or management Deploys off existing infrastructure Subscription pricing by user, not application

► Increased Business Productivity Securely implement BYOD Policies

• Windows, iOS and Android Extend data access while managing risk


Client Use Cases

► Novartis: Top 5 Global Pharmaceutical Drug trial information displayed in

SharePoint, Outlook Web Access and Office Live

Authorized users or malware can extract IP

► Miele: Global Appliance Manufacturer Call center employees PCI compliance

► Whiting & Partners: Accounting Firm Secure remote access from client sites to

confidential financial & corporate information via OWA & Virtual Desktop

Man-in-the-browser attacks and keyloggers


Client Use Cases

► US Infrastructure: Energy Company Information security for documents

accessible through their website On-the-fly information controls for registered users

► Move With Us: UK Real Estate Firm Zeus keyloggers, malware and cache mining

for call center employees PCI compliance

► Fisher Accounting: Accounting Firm Secure remote access from client sites to

confidential financial & corporate information MitB, keyloggers and data replication


Quarri Summary

► Protect your most valuable browser-delivered data from being replicated or stolen by internal and external threats while in transport and in use.

► Quarri enables you to: Enforce secure web sessions on demand

Prevent unauthorized use & replication of confidential data

Defend against both external and internal threats

Thank you


Securing Internal Web Applications

► POQ enforcement is placed between users and web app

► Can be deployed directly on web app or HTTP front end device

► No web app modification required

POQ Partner Enforcement Module

POQ Filter Module

or


Securing Enterprise SaaS Apps

Enterprise SaaS (Salesforce Workday, Google Docs, Office365)

Web SSO

► No need to install POQ at SaaS provider► Secures browser access without need to

proxy connections► No change to web application

POQ Filter Module

or

POQ Partner Enforcement Module


Deploying Protect On Q

► Software (Java) based solution► All communications via HTTPS► Recommend locating near web services► POQ integration via SOAP or NetScaler► POQ verification via .NET or Java servlet filter modules

POQ Manager

Web Site Data Center

POQ Server

POQ Manager:- Support UI for policy definition- Maintains policies & Enforcer

binaries- Collects log files

POQ Server:- Provisions Enforcer to end users- Pulls policy from POQ Manager- Integrates with web apps - Multiple POQ servers can be

deployed


Third Party Validation

Product Financial Malware Zeus Malware Zero-hour Financial Malware

Windows 7 (32)

Windows 7 (64)

Windows 7 (32)

Windows 7 (64)

Windows 7(32)

Windows 7(64)

Prevx

Quarri Protect On Q

Rapport

SandboxIE

SpyShelter

► Accuvant LABS concluded that the product performed as advertised and can resist browser-centric attacks: By malware Efforts by typical users to commit data leakage Common exploitation approaches in use by a typical advanced

attacker or malware author► Malware Tests Conducted by Malware Research Group

note: you need to customize slides 2, 5, 7 and 8 before using this presentation, and delete slide 1

Documents

data breachesaverage

proprietary information

service names

respective owners

data breachesmalicious

data loss1ponemon institute

data theft unmanaged

security chainkey loss