note: you need to customize slides 2, 5, 7 and 8 before using this presentation, and delete slide 1
TRANSCRIPT
Note: You need to customize slides 2, 5, 7 and 8 before using this presentation, and delete slide 1.
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Keeping Sensitive Data Secure
Prospect Logo Here
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Data Loss is Having Devastating Global Impact
Although potentially devastating, these breaches are preventable, Litan says. "These types of attacks can be stopped with a layered fraud-prevention approach that starts with secure
browsing and includes multiple layers of user and account monitoring, and appropriate
interventions." Avivah Litan, Gartner Group “IMF Attack: 1 of Dozens of Breaches?”
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Data Loss Is Expensive
► Average cost of data breach is $5.4M
► Human errors cause 35% of data breaches
► Malicious attacks cause 37% of data breaches
► Average lost business cost is $3.03M
► Greatest risks are third-party applications, remote employees/mobile devices, cloud computing and removable media
► Average malware incidents have nearly doubled from 27% in 2010 to 43% 50+ malware attempts per month within organizations Only 40 percent say AV in top five most effective technologies
► Web applications are the third most common breach vector and account for over one-third of data loss1
Ponemon Institute 2013 Cost of Data Breach and 2012 State of the Endpoint Studies
12012 Verizon Data Breach Investigations Report
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Browsers Are The New Security Perimeter
► Browsers are the information consumption platform Enterprise web apps, cloud, BYOD, SaaS services
► Browsers are weakest link in security chain Key loss vector for cybercrime and data theft
► Unmanaged devices: little visibility or mitigation control No knowledge of security state of machine No knowledge of user handling of content
Cloud
Web AppsBYOD
SaaS
Insert prospect website
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
About Quarri Technologies
► Security software that keeps sensitive data secure Prevent unauthorized use & replication of confidential data Defend against both external and internal threats Enable IT to enforce secure web sessions on demand
► Headquartered in Austin, TX, USA Privately held, investor-backed company Patented, unique web information security technology
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Enforce Secure Web Sessions On Demand
Data Leakage Prevention
Data PrivacyAnti-Malware
Keyloggerblocking
Zero hour malwaredefenses
MITM blocking
SSL Certificate defenses
End of session data cleanse
Session data (cookies, cache file, password
store, history) encrypted
Browser firewall
User info controls — block copy, save, print,
screen capture
User info controls extend to Acrobat & MS Office applications
Frame Grabber blocking
• On-the-fly deployment; no client software to manage
• Enforce single web session usage
• Centrally log users' browser-related file operations
Session timers
Insert prospect website
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
How Protect On Q Works
► Deployable with internal or external apps► Windows, iOS and Android platforms
1. User connects to protected web app (no token)
4. Protected web sessions (with token)
Protect On Q
2. Enforcement check (token valid?)
EmployeesBusiness PartnersCustomers
4. Event logging
Protect On Q: the world’s only on-the-fly browser security system
Web Site Data Center
3. Deliver site-specific protected browserRedirect to Apple/Google Play to download
Insert prospect website
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Protect On Q Benefits
► Mitigate Data Loss Risk and Maintain Compliance for Cloud, SaaS and Web Applications Protect valuable browser-delivered data from being
replicated or stolen by internal and external threats while in transport and in use
Central log files of user activities for audits Organization can enforce usage
► Cost Effective No client software installation or management Deploys off existing infrastructure Subscription pricing by user, not application
► Increased Business Productivity Securely implement BYOD Policies
• Windows, iOS and Android Extend data access while managing risk
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Client Use Cases
► Novartis: Top 5 Global Pharmaceutical Drug trial information displayed in
SharePoint, Outlook Web Access and Office Live
Authorized users or malware can extract IP
► Miele: Global Appliance Manufacturer Call center employees PCI compliance
► Whiting & Partners: Accounting Firm Secure remote access from client sites to
confidential financial & corporate information via OWA & Virtual Desktop
Man-in-the-browser attacks and keyloggers
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Client Use Cases
► US Infrastructure: Energy Company Information security for documents
accessible through their website On-the-fly information controls for registered users
► Move With Us: UK Real Estate Firm Zeus keyloggers, malware and cache mining
for call center employees PCI compliance
► Fisher Accounting: Accounting Firm Secure remote access from client sites to
confidential financial & corporate information MitB, keyloggers and data replication
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Quarri Summary
► Protect your most valuable browser-delivered data from being replicated or stolen by internal and external threats while in transport and in use.
► Quarri enables you to: Enforce secure web sessions on demand
Prevent unauthorized use & replication of confidential data
Defend against both external and internal threats
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Securing Internal Web Applications
► POQ enforcement is placed between users and web app
► Can be deployed directly on web app or HTTP front end device
► No web app modification required
POQ Partner Enforcement Module
POQ Filter Module
or
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Securing Enterprise SaaS Apps
Enterprise SaaS (Salesforce Workday, Google Docs, Office365)
Web SSO
► No need to install POQ at SaaS provider► Secures browser access without need to
proxy connections► No change to web application
POQ Filter Module
or
POQ Partner Enforcement Module
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Deploying Protect On Q
► Software (Java) based solution► All communications via HTTPS► Recommend locating near web services► POQ integration via SOAP or NetScaler► POQ verification via .NET or Java servlet filter modules
POQ Manager
Web Site Data Center
POQ Server
POQ Manager:- Support UI for policy definition- Maintains policies & Enforcer
binaries- Collects log files
POQ Server:- Provisions Enforcer to end users- Pulls policy from POQ Manager- Integrates with web apps - Multiple POQ servers can be
deployed
© 2013 Quarri Technologies Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri Technologies. All other product or service names are the property of their respective owners.
Third Party Validation
Product Financial Malware Zeus Malware Zero-hour Financial Malware
Windows 7 (32)
Windows 7 (64)
Windows 7 (32)
Windows 7 (64)
Windows 7(32)
Windows 7(64)
Prevx
Quarri Protect On Q
Rapport
SandboxIE
SpyShelter
► Accuvant LABS concluded that the product performed as advertised and can resist browser-centric attacks: By malware Efforts by typical users to commit data leakage Common exploitation approaches in use by a typical advanced
attacker or malware author► Malware Tests Conducted by Malware Research Group