trend micro data-at-rest solution securedoc solution presentation derek tsang michael desjardins...
Post on 21-Dec-2015
219 views
TRANSCRIPT
Trend Micro Data-at-Rest SolutionSecureDoc Solution Presentation
Derek Tsang
Michael Desjardins
Steven Pomerenk
October 12, 2010
Copyright 2008 - Trend Micro Inc.
Agenda
• Differentiate your State Vendors
• Evaluation Criteria Considered
• SecureDoc Overview
• Ready or Not – here comes new technology
• Questions & Answers
Copyright 2008 - Trend Micro Inc.
Data Security – Be very careful
• Security – best of breed is a must• One stop – all in one suite shopping has never worked
– Security is not a haphazard adventure – get it right the first time
• Antivirus vendor vs. FDE Vendor– Switching AV is easier than switching FDE
• Be very careful of your vendors– M&A activity is very distracting for 2 years
• FDE is the only thing we do– Multiple GSA schedules, BPA’s
3
Copyright 2008 - Trend Micro Inc.
Biggest differentiator
4
Copyright 2008 - Trend Micro Inc.
Biggest differentiator (cont’d)
• Enabling your IT security governance policies• Password rules• Policies on USB usage• Data logs for auditing client, server (sync’d)
(HIPAA, HITECH) • Deployments – we deploy more easily using your
existing push tools (.msi and .exe) (other Gov't agencies 1500 in one week with no help desk calls
• Reduced calls to help desk – total transparency to end user (totally seamless with SSO and custom PBA screen)
5
Copyright 2008 - Trend Micro Inc.
Gartner MQGartner MQ
Client Inquiries• Data Leakage • Stability and Performance• Encryption offered as a managed service• EPP Package Deals. • Government security certifications:
o FIPS 140-2 is the current standard o CC certification is a true international moniker
• Hardware sub systems:o TCG, TPM, Intel AT
• Key management, storage and destruction methods
Copyright 2008 - Trend Micro Inc.
Gartner MQ on WinMagicGartner MQ on WinMagic
Strengths
• WinMagic invests heavily in R&D. For example a recent development involves enhanced integration with Intel AT that will help to process PC lock commands through the motherboard in real time to control boot access and to wipe storage drives.
• WinMagic has the following FIPS and CC certifications: FIPS 140-2 Level 2 and CC EAL4. It was included in the GSA's SmartBuy award.
• Platform support is provided for Windows 2000 through 64-bit Windows 7, Mac OSX and Linux. Embedded system support includes Seagate encrypting drives , TCG encrypting drives, TPM, and Intel AT.
Copyright 2008 - Trend Micro Inc.
Evaluation CriteriaEvaluation Criteria
Enterprise Class Management Automatic, central policy management Consolidated management of Security information and Events Enterprise Key Management & Escrow, on demand key provisioning Seamless sharing of encrypted information Standards based Cryptography
Multi-Platform support: Mac, PC, LINUX
World Class SupportNorth American support
Copyright 2008 - Trend Micro Inc.
Evaluation CriteriaEvaluation Criteria
User Transparency Secure pre-boot authentication with support for your current and future business
process (HIPPA & HITECH BREACH LAW) Tokens Smartcards Future: Biometrics, Proximity
Productivity Single sign on Self help password recovery
Support for Self Encrypting Hardware technology Distribution and Management tools to work with Seagate and OPAL drives
Interoperability Disk imaging tools Works with Any Anti-virus software, disk utilities and data recovery tools
Copyright 2008 - Trend Micro Inc.
Transparent Access to Encrypted Network Files and Folders
Copyright 2008 - Trend Micro Inc.
Certifications
SecureDoc has been accredited by: The National Security Agency (NSA) (SECRET level) Federal Information Processing Standards (FIPS)
• 140-2 Level 1 and Level 2 Common Criteria EAL Level 4 National Institute of Standards and Technology (NIST)
• Certificate #1 Canadian Communications Security Establishment BITS US Federal DARTT initiative – 2 BPAs
Copyright 2008 - Trend Micro Inc.
SecureDoc Architecture
Windows Mac / EFI Linux
PasswordsPasswords
TokensTokens
SmartcardsSmartcards
BiometricsBiometrics
PKIPKI
TPMTPM
FDEData LeakProtection
RME Email
FFE Call Home
PortControl
Antivirus
Interface
API
3rd Party Management Applications
SecureDoc Centralized Management
SecureDoc Client Software
Seagate FDESeagate FDE
New CryptoDevices
API
Intel ATIntel AT
New DevicesNew Devices
Self Encrypting Removable DrivesSelf Encrypting Removable Drives
OPALOPAL
Corporate LAN, Internet, 3G
Authentication
Peripherals
Copyright 2008 - Trend Micro Inc.
Technology Partnerships
80+ technology partners: greatest breadth and depth
Copyright 2008 - Trend Micro Inc.
Enterprise-Class ManagementEnterprise-Class Management
• Automatic synchronization of user / group profiles with Active Directory or other LDAP services
• Consistent, auditable enforcement of security policies and user access privileges
• ‘Silent’ software deployment and initialization
• Local and Remote Password recovery tools andself help capability
• Unique key labeling so that keys encrypted archives can always be restored
• Auditing capabilities
• Accommodates millions of disk sectors, files and folders
Copyright 2008 - Trend Micro Inc.
Comprehensive Data ProtectionComprehensive Data Protection
• Strong encryption for hard drives and removable media
• Single or multi-factor user authentication at pre-boot• Password, USB token, PKI, smartcard, biometrics and/or TPM • Only DARTT-approved vendor to employ TPM at pre-boot
• File and Folder Encryption - Manual and Automatic
• Central configuration and management of user / group profiles• Central assignment of user access privileges
• ‘Silent’ software deployment and initialization • Use “push” technologies like SMS• Supports .msi or .exe files
• Management of multiple encryption schemas
Copyright 2008 - Trend Micro Inc.
New TechnologiesNew TechnologiesIntel® Anti Theft Technology
• What is it?o Hardware based security building blocks to protect your PC
when it is lost or stolen
• How does it work?o PC is disabled via poison pill over the interneto Local intelligence on PC detects theft and triggers actiono PC remains disabled even if OS is re-installed or BIOS is re-
flashedo PC can be easily reactivated via a local password or server-
generated code
• Intel AT helps deter laptop theft and protect data
Copyright 2008 - Trend Micro Inc.
Key Benefits– HW-based capabilities improve asset and data security and offer higher
tamper-resistance– As the PC becomes inoperable and access to encrypted data (with data
encryption software) disabled, Intel AT-enabled solutions can be a deterrent
for thieves– When returned, the PC can be easily reactivated without any loss of data or
damage to PC
Use Cases– System locks after excessive failed login attempts– System locks after failure to check in with management server– User reports loss or theft and IT sends remote disable “Poison Pill”
SecureDoc management of Intel Anti-Theft TechnologySecureDoc management of Intel Anti-Theft Technology
Copyright 2008 - Trend Micro Inc.
New TechnologiesNew TechnologiesOPAL and Seagate
• Partnering to provide next-generation security and security management for portable data-at-risk
• ‘Raising the bar’ for data security, user transparency and ease-of-administration
• Supporting Opal drives from Hitachi, Fujitsu, Toshiba, Samsung
Copyright 2008 - Trend Micro Inc.
SecureDoc ClientsSecureDoc Clients
SecureDoc is becoming the de-facto standard for security-conscious organizations around the world.
Copyright 2008 - Trend Micro Inc.
Questions and Answers
Thank You !!Thank You !!Q & A