Safend General Presentation 2010
description
Transcript of Safend General Presentation 2010
Data Leakage Prevention
- Proprietary & Confidential -
Agenda
Who is Safend?Endpoint Security
An imperative for all organizationsRegaining Control of Endpoints and Data:
Data Protection and Leakage Prevention with Safend Data Protection Suite
Safend AuditorSafend DiscovererSafend InspectorSafend EncyptorSafend ProtectorSafend Reporter
SummarySecuring your Endpoints
2003Company founded
2004
First release of Safend Protector
2005Safend Protector available through resellers internationally
Safend Data Protection Suite Transparent SSO for EncryptionSafend DiscovererSafend Inspector
2008
Protector 3.3Safend ReporterSafend Encryptor: Full Hard Disk Encryption
2006
Protector 3.1 Anti-Network Bridging,PS/2 Keylogger Protection
2007Protector 3.2File Type Control, Media & Content Monitoring and Tracking Offline File Transfers
2010+ Hardware Encryption Management;Persistent Encryption;Network
700 Customers
1800 Customers
1200 Customers
2009 FISMA Compliance
Company Timeline
- Proprietary & Confidential -
Why Safend ?
Advanced Technology Control all your data protection measures with a single management server, single management console and a single lightweight agent
Partnership with leading hardware encrypted device vendors
Operational friendly deployment and management
Best of breed port and device control
Hard disk encryption is completely transparent and does not change end user experience and common IT procedures
Comprehensive and enforceable removable media encryption
Full control over sensitive data both inside and outside organizational network
Track file transfers from encrypted devices even on non-corporate computers
- Proprietary & Confidential -
Why Safend ?
Strong partnershipsEnterprise Resellers
Partnership with leading hardware encrypted device vendors
Complementing Enterprise DLP Vendors• Fidelis Security
Major Partnerships• Lenovo
• Utimaco
• Credant
• Fujitsu
• Websense
• Workshare
- Proprietary & Confidential - - Proprietary & Confidential -
Why Safend?
Advanced technology
World class leadership team
Strong partnerships
Analysts endorsements
Industry recognitionIn 2009 alone – • Received five stars and Best Buy in
SC Magazine’s 2009 Group Test• Recipient of the Frost and Sullivan
Technology Innovation Award• Recipient of the Info Security
Products Guide’s Tomorrow’s Technology Today Award
- Proprietary & Confidential -
“To become the market leader for endpoint Data Protection and Leakage Prevention solutions for enterprise protection and regulatory compliance.”
Gil Sever, CEO
“To become the market leader for endpoint Data Protection and Leakage Prevention solutions for enterprise protection and regulatory compliance.”
Gil Sever, CEO
Company Mission
“Industry analysts report that up to 70% of a company’s confidential data resides on corporate endpoints. Protecting that data is a prime concern for our customers. Safend’s endpoint ILP solutions provide the tools our customers need to protect their corporate assets without sacrificing their productivity” - Steve Petracca, VP and General Manager for Lenovo’s Software & Peripherals Business Unit
- Proprietary & Confidential -
Did You Know …
52% of N.A. large enterprises had lost confidential data through removable media such as USB Drives in the past 2 years (Forrester)
Over 70% of security breaches originate from within (Vista Research)
Over 60% of confidential data resides at the Endpoint (IDC)
The average cost per data breach was $6.6M and the cost per record was $202 in 2008 (Ponemon Institute).
Information breaches trigger an average 5% drop in company share prices. Recovery takes nearly a year. (EMA Research)
Business travelers in the U.S., Europe and United Arab Emirates lose or misplace more than 16,000 laptops per week.(Ponemon Institute).
- Proprietary & Confidential -
Security SurveyHow many devices are people using?
Usage of USB sticks: 96%
Usage of Memory Cards: 69%
More than one device: 72%
Average number of devices in use: 7
Source: Utimaco Removable Media SurveyWorldwide, March 2007, Total number of respondents: 1.117
- Proprietary & Confidential -
Security SurveyData Protected?
At a Glance55% of data is not protected
19% is protected
18% partially protected
But …4% don’t think it’s necessary
89% see a need to protect this data
Source: Utimaco Removable Media SurveyWorldwide, March 2007, Total number of respondents: 1.117
- Proprietary & Confidential -
Cost of Data BreachesRecovery Cost Averages
Source: 5th annual "Cost of a Data Breach" study by the Ponemon Institute
Customer Costs
Brand damage
Loss of existingcustomers
Recruiting newcustomers
Unbudgeted legal, audit and accounting fees
Notification to customers
Free or discounted service to customers
Call center expenses
Public and investor relations
Internal investigations
Incremental Costs
Lost employee productivity
Productivity Costs
54%
30%
16%
Among the incidents reported, the most expensive data breach cost nearly $31 million to resolve, and the
least expensive cost $750,000 .
Average Incident Costper compromised record:
$204
Average Incident Cost:
$6.75 million
- Proprietary & Confidential -
Extending Security to the Endpoints With increased mobility, connectivity and productivity comes increased vulnerability and risk…
USB, WiFi, FireWire, Bluetooth and other protocols make it easy to connect unauthorized external devices, leaving endpoints wide open to:
• Data Leakage & Theft• Enterprise Penetration• Introduction of Malware
Removable media with sensitive information can also easilybe lost or misplaced by company employees, exposing organizations to irreparable data loss and tight legal scrutiny
The loss and theft of laptop is a common occurrence.
- Proprietary & Confidential -
Compliance Requirements
States that currently have data protection laws
States that do not currently have data protection laws
- Proprietary & Confidential -
Safend Data Protection Suite
safendprotector safendencryptor
safendinspector safendreportersafendauditor
- Proprietary & Confidential -
Safend Data Protection SuiteSafend's Data Protection Suite protects enterprises against endpoint data loss, misuse and theft through its single server, single console, single agent architecture. Its modular components can transparently encrypt internal hard drives (Encryptor), granularly control ports and devices and encrypt external media (Protector), Inspect, classify and block leakage of sensitive content through email, IM, Web, external storage, printers (Inspector), Map, classify and locate data stored on organizational endpoints and network shares (Discoverer), Generate detailed graphical reports for compliance assessment (Reporter) and quickly and non intrusively audit an endpoint for past and present connected devices and Wi-Fi networks.(Auditor).
- Proprietary & Confidential -
Safend Data Protection Suitecomplete visibility, control, and protection of enterprise endpoints. Safend’s comprehensive solution has a single agent, single server and single management console for all data protection needs. The award winning suite includes:
Safend Auditor Shows who’s connecting which devices and wireless networks to every enterprise endpoint
Safend DiscovererControls the use of wireless ports and removable devices by file/device type
Encrypts removable media and CD/DVD
Safend InspectorPrevents sensitive data leakage through e-mail, web, removable storage, and additional data transfer channels
Safend Encryptor
Enforces hard disk encryption of all data
stored
on laptops and PCs
Easy recovery of machine and files
Safend ProtectorControls the use of wireless ports and removable devices by file/device type
Encrypts removable media and CD/DVD
Safend ReporterProvides graphical security reports and analysis of your safend protected environment
Safend Data Protection SuiteSafend Data Protection Suite features and benefits:
Transparent Encryption
Internal hard disk encryption
External storage encryption for removable storage devices, CD/DVD and external hard drives
Robust port and device control
Wireless control
Hardware keylogger protection
Enterprise grade management, providing full visibility and control over organization security status
All functionality is provided by a single management server, single management console and a single, lightweight agent
CertificationsCommon Criteria EAL2 certified FIPS 140-2 Validated
protector encryptor
reporterinspector
- Proprietary & Confidential -
Port & Device Control • Detachable Storage Control• Removable Storage
Encryption• CD/DVD Encryption• Wireless Control• Hardware Keylogger
Protection
Hard Disk Encryption• Centrally Managed and
Enforced• Transparent SSO• Seamless
authentication support• Easy Recovery• Strong Security and
Tamper Resistant
Content Based DLP• Data Classification
• Data Content and Origin• Data Fingerprinting
• Data Leakage Prevention Through:
• Email, IM and Web• External Storage • Printers
Safendreporter – Security and Compliance Analysis
Safendauditor – Endpoint security status audit
Safenddiscoverer - Sensitive Data Location and Mapping
• Single Lightweight Agent• Agent Includes Multi-tiered Anti-tampering Capabilities• Simple and Reliable Installation Process
- Proprietary & Confidential -
Port & Device Control • Detachable Storage Control• Removable Storage
Encryption• CD/DVD Encryption• Wireless Control• Hardware Keylogger
Protection
Hard Disk Encryption• Centrally Managed and
Enforced• Transparent SSO• Seamless
authentication support• Easy Recovery• Strong Security and
Tamper Resistant
Content Based DLP• Data Classification
• Data Content and Origin• Data Fingerprinting
• Data Leakage Prevention Through:
• Email, IM and Web• External Storage • Printers
Safendreporter – Endpoint security reports
Safendauditor – Port and device audit
Safenddiscoverer - Data discovery and Mapping
• Single Lightweight Agent• Agent Includes Multi-tiered Anti-tampering Capabilities• Simple and Reliable Installation Process
Safend Data Protection SuiteSingle Management Server & Single Management Console
Safend Data Protection Suite Enterprise Grade Management
Tamper Resistant
The agent includes multi-tiered anti-tampering capabilities to guarantee permanent control over enterprise endpoints
Automatic directory integration
Active Directory & Novell eDirectory
Apply policies to the appropriate organizational units, down to a specific machine
Role based management
By administrative action or by Organizational Unit
Scalable architecture
A single management server can manage more than 75,000 endpoints
Built-in support for N+1 server clustering
Directory Service(Active Directory / eDirectory)
ImportUsers &
Computers (LDAP)
ManagementServer
Safend Data Protection Suite Architecture
- Proprietary & Confidential -
Safend Data Protection Suite Full Audit Trail
Provides full visibility into:
Device connection and data transfer events
Organizational encryption status
Administrative actions performed
Graphical and non-graphical reports
Real Time Alerts
Sent by email
Windows event logs / Syslog
SNMP systems
Custom alert destination
protector encryptor
reporterinspector
- Proprietary & Confidential -
Key Features
Find out who’s connecting what devices and WiFi networks to every endpoint
Identify and manage endpoint vulnerabilities
Identifies all USB, FireWire, PCMCIA devices and WiFi network ports
Views results in minutes via simple and powerful reporting
Compatible with existing network management or admin tools
Intuitive, clientless and easy to use
Safend Auditor
protector encryptor
reporterinspector
auditor
- Proprietary & Confidential -
Step 1: Select Ports and Computers to Audit
Computers to Audit
Audit Filters by Port Type
- Proprietary & Confidential -
Devices to detect
Step 1a: Optionally Refine your Search
- Proprietary & Confidential -
Connection Summary
Detailed Device Report
Step 2: Run Scan to Generate Report
- Proprietary & Confidential -
“White list”
Step 3: Detailed Audit report By User: Historic & Real-time
- Proprietary & Confidential -
Safend Protector
Key Features
Prevents data leakage and penetration via endpoints
Detects and restricts any devices Enforces granular policies over physical, wireless and removable storage devices via real-time analysis of low-level port traffic Tamper-resistant Centrally managed & seamlessly integrates with Active DirectoryEnsures regulatory complianceEasy to use and scalable
encryptor
inspector reporter
safendprotector
- Proprietary & Confidential -
Safend ProtectorSecurity Features
Port, Device & Storage ControlAllow, block or restrict the usage of any and all computer portsGranular identification and approval of devices
Removable Media EncryptionTransparently encrypts data copied to removable devices, external hard drives, & CD/DVD. Automatically encrypts data when transferred to devices by authorized usersOffline access utility for authorized users
Granular WiFi ControlBy MAC address, SSID, or the security level of the network
Block Hybrid Network BridgingAllows admins to control/prevent simultaneous use of various networking protocols
U3 & Autorun ControlTurns U3 USB drives into regular USB drives while attached to endpoints
Block Hardware KeyloggersRenders USB & PS/2 hardware keylogger devices useless
- Proprietary & Confidential -
Safend ProtectorFile Type Control
PreventsData Leakage (Write)Virus/Malware (Read)Inappropriate Content (Read)
File header based classificationNot by extension (Tamper resistant)
Over 250 file extensions in 14 categoriesPolicy
Flexible White/Black ListSeparate for Read/Write
Log/Alert per file type
Category Sample Extensions
Published Documents PDF, PS
Images JPG, JPES,GIF,BMP
Web Pages HTML, HTM,MHT,HLP,CHM
Microsoft Office DOC, DOCX, PPT, PPTX, XLS
Text & Program Code TXT, CPP, C, H, GCC, JAVA
Multimedia WAV, WMA, MP3, MPG, AVI
Compressed Archives ZIP, ARJ, RAR, GZIP, JAR, CAB
CD/DVD Image Files ISO, NRG
Executables EXE, DLL, COM, OCX, SYS
PGP Encryption PGPComputer Aided Design (CAD) DWG, DXF
Microsoft Outlook PST, DBXDatabases MDB, ACCDBFrameMaker MIF, BOOK, FM
- Proprietary & Confidential -
Safend ProtectorFile Type Control
- Proprietary & Confidential -
Safend ProtectorTrack offline usage of Removable Storage
Extends visibility beyond the organization boundaries
Track file transfers from/to Encrypted devices on non-corporate computers (offline)
Audit user actions for legitimate use of corporate date
Policy Global setting - Read/Write
Logs Collected the next time the device connects to the network
Available in “File Logs”
- Proprietary & Confidential -
Safend ProtectorCD/DVD Media White Lists
Allows white-listing of CD/DVDSoftware Installation CD’sApproved contentCD’s scanned to be virus-free
Unique fingerprint of CD/DVD MediaIdentifies the data on each mediumAny change to the data revokes fingerprint
Media Scanner Utility Policy
Extends the “Distinct Devices” white listsAutomatically exempt from File Type Control
- Proprietary & Confidential -
Safend Protector in Action
- Proprietary & Confidential -
Safend Protector in Action
- Proprietary & Confidential -
Safend Protector in Action
- Proprietary & Confidential -
Safend Protector in Action
- Proprietary & Confidential -
Safend Protector in Action
- Proprietary & Confidential -
A permitted device connected to the endpoint
A non-permitted device connected to the endpoint
Safend Protector In Action
The device must be encrypted before it is used
- Proprietary & Confidential -
Key Features
Report on Security incidents by Users
by Organizational Units
Report on Security Incident Types
Reports on the deployment status
Device Inventory Report
Export Reports
Recurrence Reports
Safend Reporter
encryptor
inspectorsafendreporter
protector
- Proprietary & Confidential -
Safend Reporter
Graphical high-level view of the protected organizational status
Reports on irregular or Suspicious behavior
Provides overview of system status
Report Scheduler and enables reportsto be viewed in multiple formats
Advance tool for identifying Security Vulnerabilities
Facilitates Regulatory Compliance Reporting Requirements
Platform for developing Security Analytics and Dashboard Views
Customizable to meet current and futureSecurity Reporting needs
What it is Why is it Valuable
- Proprietary & Confidential -
Displays Security incidents in a clean, easy-to-use dashboard format
Allows Customization of incident types to report on
Allows Admins to slice, dice, drill across information
Safend Reporter
Safend Encryptor:
Key Features
Encrypts all data on laptops and desktops – Total Data Encryption
True SSO (Single Sign On) technology Transparent to end users & help-desk personnel
Centrally managed and enforced
Full visibility of organization’s Encryption status
Stable and fault tolerant encryption Total Data Encryption, maintains performance and minimizes the risk of OS failure
safendencryptor
reporterinspector
protector
Total Data Encryption: Advantages
Endpoint Performance Maintained
Easy to Manage Deploy and Use
Highly Stable and Fault Tolerant
Simple and Reliable Recovery Mechanism
Completely Transparent Encryption
- Proprietary & Confidential -
Safend Encryptor: Completely Transparent
True SSO Technology:
Transparent
Transparent
Transparent
Transparent
to end users
to help-desk / support
to user authentication
to patch management
to software distribution systemsTransparent
safendencryptor
reporterinspector
protector
Safend Encryptor: Highly Secure
Total Data Encryption - Encrypts all data on endpoints Including all data files, page file and windows password store (SAM and domain cache)
Strong encryption algorithm Each file is encrypted using a different random key for increased security (AES-256)
Tamper Resistant The agent includes multi-tiered anti-tampering capabilities to guarantee permanent control over enterprise endpoints
Certifications:Common Criteria EAL2 certified FIPS 140-2 certified
protector encryptor
reporterinspectorEnrolling Beta Customers
Safend Encryptor: Centrally Enforced
Encryption enforced by policy
Zero end user interaction
Encryption process does not interfere with ongoing user activities
End users cannot interfere with the encryption process
protector encryptor
reporterinspector
Safend Encryptor: Full Audit Trail Detailed Client & Server Log Records
Client Logs displayed in the Logs World :
Server Logs displayed in the Logs World :
Clients status displayed in the Clients World :
- Proprietary & Confidential -
Safend Encryptor Full Audit Trail Detailed Server Log Records
Examples of Encryptor specific server logs
- Proprietary & Confidential -
Safend Encryptor: Full Audit TrailEncryption Status Report
drill-down reports display specific endpoints
Can be set to display only “active” endpoints
Displays endpoint “encryption complete on” time and date
Security administrator
sets an encryption policy
End user authenticates
using native Windows
logon
Encryption process
takes place transparently
in background
Detailed endpoint
status is displayed
in the Clients World
- Proprietary & Confidential -
Safend Encryptor: in Action
- Proprietary & Confidential -
Key Features
Controls sensitive data transferred
via approved data transfer channels
Data ClassificationContent and meta-data
Data fingerprinting
Controlled ChannelsEmail, web
External storage, CD/DVD
Local and network printers
Application (custom) channels
protector encryptor
reporter
Safend Inspector
inspector
- Proprietary & Confidential -
Key Features
Data Leakage Prevention Through:
USB, Firewire Storage
Local & Network Printer
CD/DVD
Network Shares
Copy/Paste
Application Data Access Control
Inspector-EP (Endpoint)
protector encryptor
reporter
discoverer
inspector
- Proprietary & Confidential -
Data ClassificationData Content and Origin
Data Fingerprinting
Data Leakage Prevention Through:
Email, IM and Web
External Storage
Printers
Out of the box predefined classifications and Policies
Interactive Message Center for user education
Safend Inspector
protector encryptor
reporter
inspector
- Proprietary & Confidential -
PHI - HIPAA & UK Health
PCI (CC#)
PII (SSN, NINO, 15 other countries)
Acceptable Use (racial, sexual, violence - English)
Software IP
Schematics IP
US Export Regulations
SOX – sensitive financial data
Preclassified data and metadata
Predefined Classifications and Policies
protector encryptor
reporter
inspector
- Proprietary & Confidential -
Data Leakage Prevention Through:
Email – Outlook Plugin, SMTP
Web – IE Plugin, HTTP, HTTPS
Application Data Access Control
Limit access of any application to sensitive data
File transfer through Skype
Encryption of sensitive data with unauthorized package
Inspector-NW (Network)
protector encryptor
reporter
inspector
- Proprietary & Confidential -
Data ContentRegular Expressions
Mathematical verifiers
Heuristic Verifiers
Predefined classifications - reusable
Data FingerprintingMap set of files as sensitive without pointing to specific text – using originating application
Use partial match to file as indication of sensitivity
Classification methods
protector encryptor
reporter
inspector
- Proprietary & Confidential -
Endpoint DiscoveryOn all endpoints with installed agent
Network Share DiscoveryAs a professional service
Safend Discoverer
protector encryptor
reporter
discoverer
inspector
- Proprietary & Confidential -
Reports
- Proprietary & Confidential -
End User Interaction Design
- Proprietary & Confidential -
Policy Edit
Our Future Plans
Safend intends to further extend the leadership of its Data Protection Suite in the coming years. Some highlights of functionality considered in our future plans include:
Data at Rest content discovery, mapping and control.This product, planned for 2009 will allow an organization to map all its sensitive data, and in future releases automate measures taken to protect the detected data.
Persistent Encryption.This extension of Safend Inspector and Safend Encryptor to selectively encrypt only sensitive content and keep it encrypted even when it goes off the corporate machines further improves the security of data, while remaining transparent to the end user.
Extensive key management for software encryption and for internal and external hardware encrypted storage.
Safend provides a comprehensive software encryption platform for both hard disks and removable storage, but some organizations may require or already have hardware encrypted devices. Safend aims to manage those devices as part of the Data Protection Suite and be able to provision them, recover passwords for them, and be able to remotely kill them
- Proprietary & Confidential -
Contact us for more information or a demo)703 (815-8828 x101