DeviceLock 7.0 Endpoint DLP Full Introduction for Partners.
-
Upload
sherman-sanders -
Category
Documents
-
view
273 -
download
1
Transcript of DeviceLock 7.0 Endpoint DLP Full Introduction for Partners.
DeviceLock 7.0 Endpoint DLP
Full Introduction for Partners
www.devicelock.com
2
CONFIDENTIAL
www.devicelock.com
Company Brief The Data Leakage Problem DeviceLock Solution Content Filtering Network Communications Control DeviceLock 7.0 – The Basic Component
Pre-7.0 Fundamentals New Capabilities
Licensing Product Positioning & Value for Partners Messaging for Customers
Agenda
2
www.devicelock.com
3
CONFIDENTIAL
www.devicelock.com
DEVICELOCK, INC.
Company Brief
3
www.devicelock.com
4
CONFIDENTIAL
www.devicelock.com
DeviceLock, Inc. established as SmartLine in 1996
Develops and markets DeviceLock® software Endpoint device control and data leak prevention solution
Leader of Device/Port Control niche 60,000 corporate customers worldwide
4M+ computers protected by DeviceLock
Offices in Russia (HQs, R&D), USA, UK, Germany, Italy About 60 full-time employees including 30+ in R&D
Privately owned, self-funded, dynamically growing
Company Facts
4
www.devicelock.com
5
CONFIDENTIAL
www.devicelock.com
Historically, due to higher data security concerns, most customers came from Financial, Government, Defense, Defense Contractor, Health Care, Bio-Tech, High-Tech Manufacturing, Education, and Gambling Resorts & Casinos verticals
Recently, various organizations regardless of vertical industry, size, network topology, geography…
One of the world’s largest mutual fund groups (in US), City of London Police, SAIC, Societe Generale, BAE Systems, Central Bank of Russia, Lukoil, Savings Bank of Russia, VTB24 Bank, … See case studies at DeviceLock web-site
Major production installation 70,000+ seats (in US)
DeviceLock Customers
5
www.devicelock.com
6
CONFIDENTIAL
www.devicelock.com
DEVICELOCK 7.0 ENDPOINT DLP SUITE
The Data Leakage Problem
6
www.devicelock.com
7
CONFIDENTIAL
www.devicelock.com
Costs of Data Breaches Are Rising
7
Average per-record cost of a data breach in the U.S. raised up to $204
Average total cost of a data breach for a U.S. organization has reached more than $6.7M
Source: “2009 Annual Study: U.S. Cost of a Data Breach”, Ponemon Institute, January 2010
www.devicelock.com
8
CONFIDENTIAL
www.devicelock.com
Cost of a Data Breach – Global Statistics
8
Global average per-record cost of a data breach is $142
On a global scale, the average total cost of a data breach is estimated as $3.43M
Source: “2009 Annual Study: Global Cost of a Data Breach”, Ponemon Institute, April 2010
www.devicelock.com
9
CONFIDENTIAL
www.devicelock.com
Symantec 2010 SMB Information Protection Survey (June 2010) 2,152 respondents from 28 countries
42% have lost proprietary or confidential information in the past
Data loss is the highest risk for SMB organizations
Average annual cost of cyber attacks for an SMB is $188,242
SMBs Hit by Data Breaches
9Source: “Symantec 2010 SMB Information Protection Survey – Global: June 2010”
www.devicelock.com
10
CONFIDENTIAL
www.devicelock.com
Forty six states in the US have already enacted data breach notification laws
In the UK, since of April 2010 the Information Commissioner’s Office can fine organizations up to £500,000 as a penalty for breaches of the Data Protection Act
In EU, data breach notifications will become obligatory for a wide range of businesses In January 2010, European Commission announced the start of
data protection law improvement process
More Stringent Data Protection Laws
10
www.devicelock.com
11
CONFIDENTIAL
www.devicelock.com
Most methods leaving employees used for taking away corporate data relate to local ports and peripheral devices of endpoint computers
Number of local leak cases far outweighs other ways of stealing data
Local Leaks Prevail
11Source: “Data Loss Risks During Downsizing”, Ponemon Institute, February 2009
www.devicelock.com
12
CONFIDENTIAL
www.devicelock.com
Endpoint Data Leak “Mechanics”
12
Corporate Network
Network Communications
Local Synchronization
Removable Memory
& Storage Media
Local Printing
INTERNET
DLP
www.devicelock.com
13
CONFIDENTIAL
www.devicelock.com
INTERNET
Are All Data Channels Really Dangerous?
13
Corporate Network
Network Communications
Local Synchronization
Removable Memory
& Storage Media
Local Printing
DLP
www.devicelock.com
14
CONFIDENTIAL
www.devicelock.com
DEVICELOCK 7.0 ENDPOINT DLP SUITE
DeviceLock Solution
14
www.devicelock.com
15
CONFIDENTIAL
www.devicelock.com
What is DeviceLock 7.0 Endpoint DLP Suite Content-Aware Endpoint DLP platform Modular architecture of complementary functional components licensed
separately DeviceLock® = complete device/port control + central management and administration NetworkLock™ = in-depth network communications control ContentLock™ = essential content monitoring and filtering DeviceLock Search Server = full-text searching in shadow and event logs
15
For organizations of any size and budget
Best fit to current security requirements and incremental functionality growth
www.devicelock.com
16
CONFIDENTIAL
www.devicelock.com
Agent 7.0 – DLP Functional Profile
16
Unified DLP Policy(Logical Mix of Content Filtering and Context Controls)
Port/InterfaceControl
Channel-Specific Device, Protocol,Application Control
Data Type Filtering
Content Filtering
Removable Storage / PnP
PrintingChannel
LocalSyncs
Confidential
Printer Types / Print Spooler
Smartphone Types / Local
Sync Apps
Local Ports
PCL & PostScript Formats
Sync Protocol Object Types
Local Ports
Device Types/Classes
File Types
Advanced RegExp
Local Ports
NetworkChannel
Network Protocols & Applications
File & Data Types
Advanced RegExp
Local Ports Used by IP Networking
Endpoint Data Leakage Channels
DLP
Contr
ol La
yers
Advanced RegExp for Data Shadowing only
Advanced RegExp for Data Shadowing only
www.devicelock.com
17
CONFIDENTIAL
www.devicelock.com
DEVICELOCK 7.0 ENDPOINT DLP SUITE
Content Filtering
17
www.devicelock.com
18
CONFIDENTIAL
www.devicelock.com
Controlled data channels Removable media (ContentLock)
Other PnP storage devices (ContentLock)
Network channel (ContentLock + NetworkLock)
Data and file format agnostic textual content extraction 80+ file formats
Emails (messages and attachments)
Webmails and web-forms
Instant messages
Social network exchanges
Telnet data
Content Filtering: Where and What
18
www.devicelock.com
19
CONFIDENTIAL
www.devicelock.com
Advanced Regular Expression patterns with numerical conditions Boolean combination of matching criteria
({regexp("\b(?<patient>\w+)\s+(\k<patient>)\b") > 10} OR … ({regexp(…)>N}) AND …
Pre-built RegExp templates for commonly used sensitive data types
SSN, credit card, bank account, address, passport, driver’s license, etc.
Industry-specific keyword dictionaries
White List based policy Allow/Block/Log/Shadow actions
Identity-based content filtering
Content Filtering: How
19
www.devicelock.com
20
CONFIDENTIAL
www.devicelock.com
For all endpoint data channels Removable and PnP storage devices Network communications Local synchronizations with smartphones Document printing Clipboard copy/paste operations
Content-filtered All 80+ supported file formats and data objects PCL and Postscript printouts
Tremendously reduces Storage space requirements and Network bandwidth consumption
Content-Aware Data Shadowing
20
www.devicelock.com
21
CONFIDENTIAL
www.devicelock.com
DEVICELOCK 7.0 ENDPOINT DLP SUITE
Network Communications Control
21
www.devicelock.com
22
CONFIDENTIAL
www.devicelock.com
Functions Port-independent application/protocol detection and filtering Message/session reconstruction with file/data/parameter
extraction Content filtering (NetworkLock + ContentLock) Event/audit logging & data shadowing
Network-related parameters controlled IP address, range, subnet, masking Network ports, ranges, “more/less than” criteria Protocols and network application types
Identity-based parameters controlled User IDs and groups, email and IP addresses, Instant
Messaging ID, URI/URL, etc.
Network Communications Control
22
www.devicelock.com
23
CONFIDENTIAL
www.devicelock.com
NetworkLock + ContentLock
Plain and SSL-tunneled SMTP emails Messages and attachments – separately
HTTP/HTTPS-based web access, popular webmail & social networking applications
Gmail, Yahoo! Mail, Windows Live Mail
Facebook, Twitter, LiveJournal, LinkedIn, MySpace, Odnoklassniki, Vkontakte
Instant Messaging ICQ/AOL, MSN Messenger, Jabber, IRC, Yahoo Messenger, Mail.ru
Agent
File transfer via FTP and FTP-SSL
Telnet sessions
Network Traffic Content Filtering
23
www.devicelock.com
24
CONFIDENTIAL
www.devicelock.com
DEVICELOCK 7.0 ENDPOINT DLP SUITE
DeviceLock 7.0 The Basic Component
24
www.devicelock.com
25
CONFIDENTIAL
www.devicelock.com
Comprehensive Port/Device Control
Lightweight software solution
for device/port access control Enforcement agents run on
endpoint computers Transparently for end users
and applications Protection against local data
leaks and malware infiltration resulting from insider threats
Scalable central management Native integration with
Microsoft Active Directory Multiple options of central
management consoles DeviceLock 7.0 can be used
separately or as a platform for other Suite’s components
25
www.devicelock.com
26
CONFIDENTIAL
www.devicelock.com
DEVICELOCK 7.0
New Capabilities
26
www.devicelock.com
27
CONFIDENTIAL
www.devicelock.com
DeviceLock controls user access to BL2G-protected drives on Windows 7 powered endpoints
Integrated solution is a functional analog of a built-in Removable Media Encryption for DeviceLock
Windows’ native encryption DeviceLock and BL2G are centrally & natively managed from the
same Active Directory platform DeviceLock “heals” BL2G limitations
User/Group/Time-based “Encrypted” permissions make BL2G’s per-computer enforcement far more granular and flexible
Read, Read/Format, Read/Write/Format “Encrypted” operations instead of BL2G’s “full access only” option
DeviceLock reinforces BL2G security Being logically chained with BL2G’s enforcement, DeviceLock prevents
unauthorized data copying to unencrypted removable drives when local sysadmins turn BL2G off
Integration with BitLocker To Go™
27
www.devicelock.com
28
CONFIDENTIAL
www.devicelock.com
Clipboard copy/paste operations Prevents unauthorized data transfers between applications
Controlled data types Text
Images
Audio (e.g. audio recordings captured by Windows Sound Recorder)
File types (4K+)
Screenshots (PrintScreen + 3rd party screenshot applications)
Unidentified
Clipboard Operations Control
28
www.devicelock.com
29
CONFIDENTIAL
www.devicelock.com
Incoming data shadowing Shadowing of data copied/transmitted to the computer
New parameters controlled for file operations File size, date of modification, process initiated the operation
“Text-in-picture” detection & control In intercepted graphical files and pictures embedded in
documents (e.g. MS Office)
Block, shadow-copy, and log the file transfer/storage/access operation
Improved Context Controls
29
www.devicelock.com
30
CONFIDENTIAL
www.devicelock.com
DEVICELOCK 7.0
Pre-7.0 Fundamentals
30
www.devicelock.com
31
CONFIDENTIAL
www.devicelock.com
Highly-granular control over end user access to local ports, peripheral devices, and data input/output channels on endpoint computers
Detailed event logging and data shadowing Event Log: automatic collection, centralized storage and auditing support Data Shadowing: hidden copying, centralized collection, storage,
searching and reviewing of data uploaded through local ports & interfaces
Central database: Microsoft SQL or any ODBC-compliant Built-in full-text search server, Audit Log and Shadow Log Viewers
Integration with 3rd party removable device encryption solutions Software: PGP WDE, DriveCrypt from SecurStar, TrueCrypt, SafeDisk, USB drives with hardware encryption: BlockMaster (SafeStick 4.0), Lexar,
IronKey
Blocking USB and PS/2 hardware keyloggers Tamper-proof operations
No chance to disable or remove DeviceLock agent for end users and local system administrators
Security Functions
31
www.devicelock.com
32
CONFIDENTIAL
www.devicelock.com
Who: User, user group, Windows system user types/groups, Group
Objects from Microsoft Active Directory
Where From & Where To: Any type of standard Windows local ports/interfaces and
peripherals
USB devices by type/vendor/model, unique device
Windows Mobile®, iPhone®/iPad®/iPod®, BlackBerry®, Palm® devices
Printers (local, network, virtual)
Encrypted removable storage
Computers, computer groups, computers in organizational unit
Computers inside or outside of corporate network
Access & Log Policy Granularity (1)
32
www.devicelock.com
33
CONFIDENTIAL
www.devicelock.com
When Time & date intervals, weekly schedule Per user request (Temporary White List)
What Input/output and device control operations Operations with generic and encrypted storage Data channels (removable storage, printing spooler, local
synchronizations with smartphones and PDAs) Data flow directions Data types (file types, data objects of local sync protocols) Specific media content (CDs/DVDs)
All the above in a flexible mix
Access & Log Policy Granularity (2)
33
www.devicelock.com
34
CONFIDENTIAL
www.devicelock.com
File transfer operation control based on its true type
For any File System operations with peripheral devices NOT limited to Windows Explorer operations
Binary signature-based file type detection algorithm Based on data type analysis of the entire file content
NOT vulnerable to encapsulation concealment techniques
4,000+ formats supported out-of-the-box
Extensible architecture for adding new file types
File type-based data shadowing policy Increased control flexibility
Reduced memory consumption
True File Type Control
34
www.devicelock.com
35
CONFIDENTIAL
www.devicelock.com
Patent-pending access and data type control for locally connected mobile devices
Windows Mobile, Palm OS, iPhone/iPod/iPad, BlackBerry* Local Sync protocol filtering
Microsoft ActiveSync, Windows Mobile Device Center, HotSync, iTunes
Control granularity – protocol object types Files, emails, contacts, tasks, notes, calendars, Web bookmarks,
email accounts, media types (music, photos, podcasts, movies,…) Data flow direction control (read, write) Time-based permissions Device presence detection and white-listing
Regardless of connection interface Device vendor/model/unique ID (for USB connections)
Detailed centralized event logging and data shadowing
Local Sync Control
35
www.devicelock.com
36
CONFIDENTIAL
www.devicelock.com
Printing channel control technology Print Spooler operations intercepted & filtered
User access control to local, network, and virtual printers
Printer connections detected regardless of the connection interface USB control granularity: vendor ID, model ID, unique printer
Time-based permissions Centralized event logging and data shadowing
Built-in printout viewer Full-text search in PCL and PostScript printouts
DeviceLock Printing Security
36
www.devicelock.com
37
CONFIDENTIAL
www.devicelock.com
Centralized automatic log and shadow data collection Scalable multi-server architecture for load sharing Agent-based server connection quality detection algorithm Traffic shaping & data compression for event/shadow log
delivery to central server Central data storage in MS SQL database Full-text search server in Data Shadowing / Audit Log
Database Facilitates compliance auditing, incident investigations, forensic
analysis 80+ file formats and PCL/PostScript printouts
Built-in tools for Audit and Shadow Log viewing, filtering, and graphical report generation
Event Logging & Data Shadowing
37
www.devicelock.com
38
CONFIDENTIAL
www.devicelock.com
Management consoles with same look-n-feel GUI to fit any size customer
DeviceLock Group Policy Manager Native & full integration with GPO Editor in Microsoft Active Directory MMC snap-in for Group Policy Editor Full life-cycle management for DeviceLock agents from Microsoft AD domain
DeviceLock Enterprise Manager Separate management server Full support of non-AD customers
DeviceLock Management Console (MMC snap-in) Per-computer remote management for small organizations
Real-time agent status and policy consistency monitoring/repair Agent installation, upgrade and removal in unattended centralized,
interactive or local mode without system reboot Network-awareness with automatic policy mode switching
Management & Administration
38
www.devicelock.com
39
CONFIDENTIAL
www.devicelock.com
DeviceLock Agents, Management Consoles, Enterprise Server, Enterprise Manager Windows NT/2000
Windows XP/2003/Vista/2008 (32/64-bit)
Windows 7 (32/64-bit)
Directory integration Microsoft AD (native), Novel eDirectory, any LDAP
Databases (optional) Microsoft SQL, MSDE, any ODBC-compliant SQL
Operating Platforms
39
www.devicelock.com
40
CONFIDENTIAL
www.devicelock.com
DEVICELOCK 7.0 ENDPOINT DLP SUITE
Licensing
40
www.devicelock.com
41
CONFIDENTIAL
www.devicelock.com
Perpetual with 1st year upgrades and support included Annually paid upgrades and support for the 2nd year and further on
DeviceLock – complete contextual controls over local devices/ports/channels
Basic and mandatory Suite’s component Can be purchased independently
ContentLock (CL) – content filtering functionality Optional add-on with DeviceLock (2-license pack: DL+CL) Upgrade from DeviceLock (CL license)
NetworkLock (NL) – network communications control functionality Optional add-on with DeviceLock (2-license pack: DL+NL) Upgrade from DeviceLock (NL license)
DeviceLock Endpoint DLP DeviceLock + ContentLock + NetworkLock (3-license pack) Upgrade from DL+NL or DL+CL
DeviceLock Search Server (DLSS) Optional add-on for any other Suite configurations
Licensing
41
www.devicelock.com
42
CONFIDENTIAL
www.devicelock.com
DEVICELOCK 7.0 ENDPOINT DLP SUITE
Product Positioning & Value for Partners
42
www.devicelock.com
43
CONFIDENTIAL
www.devicelock.com
Best price/performance endpoint DLP solution with essential content filtering capabilities that makes DLP
technologies
practical for the mainstream corporate market, and
affordable for organizations of any size and budget including SMBs
Customers – pragmatic organizations from the mainstream corporate market including SMBs Need a cost-effective, reliable, and scalable endpoint DLP
solution with the potential to grow consistently with customer requirements
Would like to deploy an endpoint DLP solution cost-effectively and safely, by gradually growing its capabilities from necessary to enhanced
Product Positioning & Target Customers
43
www.devicelock.com
44
CONFIDENTIAL
www.devicelock.com
Partners can sell DeviceLock 7.0 Endpoint DLP as a mainstream revenue-generating product Product price/seat increased manifold vs earlier versions
Aggregate margin/seat (in $) justifies dedicated sales efforts
Product can generate significant Professional Services revenue while being deployed and in post-sales support phases
DeviceLock DLP policy becomes much more complex and needs to be fine-tuned to comply with organization’s data protection policy, state regulations, industry standards
DeviceLock Endpoint DLP targets all market segments SMB – where DLP penetration is still minimal
Enterprise segment – competing as the best “price/performance” endpoint DLP with well-balanced overall functionality
Product Value for Partners (1)
44
www.devicelock.com
45
CONFIDENTIAL
www.devicelock.com
Large customer/installed base – let’s go upsell
DeviceLock product Trusted and widely used in (= sellable to)
Financial, health-care, defense, military, government verticals across the globe
Complementary to (= sellable with) Popular Anti-Virus solutions (ESET, Kaspersky, Panda)
Network-based DLP solutions (Fidelis, Palisade)
Easy to learn, deploy and support
Product Value for Partners (2)
45
www.devicelock.com
46
CONFIDENTIAL
www.devicelock.com
DEVICELOCK 7.0 ENDPOINT DLP SUITE
Messaging for Customers
46
www.devicelock.com
47
CONFIDENTIAL
www.devicelock.com
Best price/performance endpoint DLP solution with essential content filtering capabilities that makes DLP
technologies practical and affordable for the mainstream corporate market
Well-balanced set of endpoint DLP features Best-in-class context DLP controls with granular and flexible
policy Essential content filtering functionality – effective, highly
configurable, reliable Control over all endpoint input/output channels with protection
for all data leakage scenarios Comprehensive audit logging and data shadowing with built-in
full-text searching Centrally managed removable media encryption at no additional
cost through integration with BitLocker To Go™
DeviceLock Value for Customers (1)
47
www.devicelock.com
48
CONFIDENTIAL
www.devicelock.com
Scalable from small to largest organizations With central management natively integrated in Microsoft
Active Directory
Affordable for any organizations including SMBs Competitive price and flexible function-based licensing Cost-effective deployment of required DLP functions Incrementally “turn on” new capabilities as requirements grow
Easy to learn, deploy, use and maintain Familiar Windows native MMC interface AD’s stylistics Transparent for end users
Time-proven, trusted and widely deployed in data security sensitive organizations worldwide
DeviceLock Value for Customers (2)
48
THANK YOU!