2. - Proprietary & Confidential - Agenda Who is Safend? Endpoint Security An imperative for all organizations Regaining Control of Endpoints and Data: Data Protection and Leakage Prevention with Safend Data Protection Suite Safend Auditor Safend Discoverer Safend Inspector Safend Encyptor Safend Protector Safend Reporter Summary Securing your Endpoints
3. Company Timeline 1200 Customers Hardware Encryption Management; Persistent Encryption; Network 2010+ Protector 3.3 Safend Reporter Safend Encryptor: Full Hard Disk Encryption 2009 FISMA Compliance 2008 Protector 3.1 Anti-Network Bridging, PS/2 Keylogger Protection Safend Data Protection Suite Transparent SSO for Encryption Safend Discoverer Safend Inspector 2007 2006 Protector 3.2 File Type Control, Media & Content Monitoring and Tracking Offline File Transfers 1800 Customers First release of Safend Protector 2005 2004 Safend Protector available through resellers internationally 2003 700 Customers Company founded
4. - Proprietary & Confidential - Why Safend? Advanced Technology Control all your data protection measures with a single management server, single management console and a single lightweight agent Partnership with leading hardware encrypted device vendors Operational friendly deployment and management Best of breed port and device control Hard disk encryption is completely transparent and does not change end userexperience and common IT procedures Comprehensive and enforceable removable media encryption Full control over sensitive data both inside and outside organizational network Track file transfers from encrypted devices even on non-corporate computers
12. Recipient of the Info Security Products Guide’s Tomorrow’s Technology Today Award - Proprietary & Confidential -
13. - Proprietary & Confidential - Company Mission “To become the market leader for endpoint Data Protection and Leakage Prevention solutions for enterprise protection and regulatory compliance.” Gil Sever, CEO “Industry analysts report that up to 70% of a company’s confidential data resides on corporate endpoints. Protecting that data is a prime concern for our customers. Safend’s endpoint ILP solutions provide the tools our customers need to protect their corporate assets without sacrificing their productivity” - Steve Petracca, VP and General Manager for Lenovo’s Software & Peripherals Business Unit
14. - Proprietary & Confidential - Did You Know … 52% of N.A. large enterprises had lost confidential data through removable media such as USB Drives in the past 2 years (Forrester) Over 70% of security breaches originate from within (Vista Research) Over 60% of confidential data resides at the Endpoint (IDC) Business travelers in the U.S., Europe and United Arab Emirates lose or misplace more than 16,000 laptops per week.(Ponemon Institute). The average cost per data breach was $6.6M and the cost per record was $202 in 2008 (Ponemon Institute). Information breaches trigger an average 5% drop in company share prices. Recovery takes nearly a year.(EMA Research)
15. Security SurveyHow many devices are people using? Usage of USB sticks: 96% Usage of Memory Cards: 69% More than one device: 72% Average number of devices in use: 7 Source: Utimaco Removable Media SurveyWorldwide, March 2007, Total number of respondents: 1.117 - Proprietary & Confidential -
16. - Proprietary & Confidential - Security SurveyData Protected? At a Glance 55% of data is not protected 19% is protected 18% partially protected But … 4% don’t think it’s necessary 89% see a need to protect this data Source: Utimaco Removable Media SurveyWorldwide, March 2007, Total number of respondents: 1.117
17. Cost of Data BreachesRecovery Cost Averages Average Incident Cost: $6.75 million Average Incident Costper compromised record: $204 Customer Costs Incremental Costs Unbudgeted legal, audit and accounting fees Notification to customers Free or discounted service to customers Call center expenses Public and investor relations Internal investigations Brand damage Loss of existingcustomers Recruiting newcustomers 30% 54% 16% Among the incidents reported, the most expensive data breach cost nearly $31 million to resolve, and the least expensive cost $750,000. Productivity Costs Lost employee productivity Source: 5th annual "Cost of a Data Breach" study by the Ponemon Institute - Proprietary & Confidential -
18. - Proprietary & Confidential - Extending Security to the Endpoints With increased mobility, connectivity and productivity comes increased vulnerability and risk… USB, WiFi, FireWire, Bluetooth and other protocols make it easy to connect unauthorized external devices, leaving endpoints wide open to: Data Leakage & Theft Enterprise Penetration Introduction of Malware Removable media with sensitive information can also easilybe lost or misplaced by company employees, exposing organizations to irreparable data loss and tight legal scrutiny The loss and theft of laptop is a common occurrence.
19. - Proprietary & Confidential - Compliance Requirements States that currently have data protection laws States that do not currently have data protection laws
20. - Proprietary & Confidential - safendauditor Safend Data Protection Suite safendprotector safendencryptor safendinspector safendreporter
21. Safend Data Protection Suite Safend's Data Protection Suite protects enterprises against endpoint data loss, misuse and theft through its single server, single console, single agent architecture. Its modular components can transparently encrypt internal hard drives (Encryptor), granularly control ports and devices and encrypt external media (Protector), Inspect, classify and block leakage of sensitive content through email, IM, Web, external storage, printers (Inspector), Map, classify and locate data stored on organizational endpoints and network shares (Discoverer), Generate detailed graphical reports for compliance assessment (Reporter) and quickly and non intrusively audit an endpoint for past and present connected devices and Wi-Fi networks.(Auditor). - Proprietary & Confidential -
22. Safend Data Protection Suite complete visibility, control, and protection of enterprise endpoints. Safend’s comprehensive solution has a single agent, single server and single management console for all data protection needs. The award winning suite includes: Safend Auditor Shows who’s connecting which devices and wireless networks to every enterprise endpoint Safend Discoverer Controls the use of wireless ports and removable devices by file/device type Encrypts removable media and CD/DVD Safend Inspector Prevents sensitive data leakage through e-mail, web, removable storage, and additional data transfer channels Safend Encryptor Enforces hard disk encryption of all data stored on laptops and PCs Easy recovery of machine and files Safend Protector Controls the use of wireless ports and removable devices by file/device type Encrypts removable media and CD/DVD Safend Reporter Provides graphical security reports and analysis of your safend protected environment - Proprietary & Confidential -
23. Safend Data Protection Suite Safend Data Protection Suite features and benefits: Transparent Encryption Internal hard disk encryption External storage encryption for removable storage devices, CD/DVD and external hard drives Robust port and device control Wireless control Hardware keylogger protection Enterprise grade management, providing full visibility and control over organization security status All functionality is provided by a single management server, single management console and a single, lightweight agent Certifications Common Criteria EAL2 certified FIPS 140-2 Validated protector encryptor reporter inspector
24.
25. Agent Includes Multi-tiered Anti-tampering Capabilities
59. Safend Data Protection Suite Enterprise Grade Management Tamper Resistant The agent includes multi-tiered anti-tampering capabilities to guarantee permanent control over enterprise endpoints Automatic directory integration Active Directory & Novell eDirectory Apply policies to the appropriate organizational units, down to a specific machine Role based management By administrative action or by Organizational Unit Scalable architecture A single management server can manage more than 75,000 endpoints Built-in support for N+1 server clustering
61. Safend Data Protection Suite Full Audit Trail protector Provides full visibility into: Device connection and data transfer events Organizational encryption status Administrative actions performed Graphical and non-graphical reports Real Time Alerts Sent by email Windows event logs / Syslog SNMP systems Custom alert destination encryptor reporter inspector
62. - Proprietary & Confidential - auditor Safend Auditor protector Key Features Find out who’s connecting what devices and WiFi networks to every endpoint Identify and manage endpoint vulnerabilities Identifies all USB, FireWire, PCMCIA devices and WiFi network ports Views results in minutes via simple and powerful reporting Compatible with existing network management or admin tools Intuitive, clientless and easy to use encryptor reporter inspector
63. Step 1: Select Ports and Computers to Audit Computers to Audit Audit Filters by Port Type - Proprietary & Confidential -
64. Step 1a: Optionally Refine your Search Devices to detect - Proprietary & Confidential -
65. Step 2: Run Scan to Generate Report Connection Summary Detailed Device Report - Proprietary & Confidential -
66. Step 3: Detailed Audit report By User: Historic & Real-time “ White list ” - Proprietary & Confidential -
67. Safend Protector Key Features Prevents data leakage and penetration via endpoints Detects and restricts any devices Enforces granular policies over physical, wireless and removable storage devices via real-time analysis of low-level port traffic Tamper-resistant Centrally managed & seamlessly integrates with Active Directory Ensures regulatory complianceEasy to use and scalable safendprotector encryptor inspector reporter - Proprietary & Confidential -
68. Safend ProtectorSecurity Features Port, Device & Storage Control Allow, block or restrict the usage of any and all computer ports Granular identification and approval of devices Removable Media Encryption Transparently encrypts data copied to removable devices, external hard drives, & CD/DVD. Automatically encrypts data when transferred to devices by authorized users Offline access utility for authorized users Granular WiFi Control By MAC address, SSID, or the security level of the network Block Hybrid Network Bridging Allows admins to control/prevent simultaneous use of various networking protocols U3 & Autorun Control Turns U3 USB drives into regular USB drives while attached to endpoints Block Hardware Keyloggers Renders USB & PS/2 hardware keylogger devices useless - Proprietary & Confidential -
69. - Proprietary & Confidential - Safend ProtectorFile Type Control Prevents Data Leakage (Write) Virus/Malware (Read) Inappropriate Content (Read) File header based classification Not by extension (Tamper resistant) Over 250 file extensions in 14 categories Policy Flexible White/Black List Separate for Read/Write Log/Alert per file type
70. - Proprietary & Confidential - Safend ProtectorFile Type Control
71. - Proprietary & Confidential - Safend ProtectorTrack offline usage of Removable Storage Extends visibility beyond the organization boundaries Track file transfers from/to Encrypted devices on non-corporate computers (offline) Audit user actions for legitimate use of corporate date Policy Global setting - Read/Write Logs Collected the next time the device connects to the network Available in “File Logs”
72. Safend ProtectorCD/DVD Media White Lists Allows white-listing of CD/DVD Software Installation CD’s Approved content CD’s scanned to be virus-free Unique fingerprint of CD/DVD Media Identifies the data on each medium Any change to the data revokes fingerprint Media Scanner Utility Policy Extends the “Distinct Devices” white lists Automatically exempt from File Type Control - Proprietary & Confidential -
73. - Proprietary & Confidential - Safend Protector in Action
74. - Proprietary & Confidential - Safend Protector in Action
75. - Proprietary & Confidential - Safend Protector in Action
76. - Proprietary & Confidential - Safend Protector in Action
77. - Proprietary & Confidential - Safend Protector in Action
78. A permitted device connected to the endpoint A non-permitted device connected to the endpoint Safend Protector In Action The device must be encrypted before it is used - Proprietary & Confidential -
79. - Proprietary & Confidential - Safend Reporter Key Features Report on Security incidents by Users by Organizational Units Report on Security Incident Types Reports on the deployment status Device Inventory Report Export Reports Recurrence Reports protector encryptor inspector safendreporter
80. - Proprietary & Confidential - Safend Reporter What it is Why is it Valuable Graphical high-level view of the protected organizational status Advance tool for identifying Security Vulnerabilities Reports on irregular or Suspicious behavior Facilitates Regulatory Compliance Reporting Requirements Provides overview of system status Platform for developing Security Analytics and Dashboard Views Report Scheduler and enables reports to be viewed in multiple formats Customizable to meet current and future Security Reporting needs
81. - Proprietary & Confidential - Safend Reporter Displays Security incidents in a clean, easy-to-use dashboard format Allows Customization of incident types to report on Allows Admins to slice, dice, drill across information
82. Safend Encryptor: Key Features Encrypts all data on laptops and desktops – Total Data Encryption True SSO (Single Sign On) technology Transparent to end users & help-desk personnel Centrally managed and enforced Full visibility of organization’s Encryption status Stable and fault tolerant encryption Total Data Encryption, maintains performance and minimizes the risk of OS failure safendencryptor protector reporter inspector
83. Total Data Encryption: Advantages Completely Transparent Encryption Endpoint Performance Maintained Easy to Manage Deploy and Use Highly Stable and Fault Tolerant Simple and Reliable Recovery Mechanism
84. Safend Encryptor: Completely Transparent safendencryptor True SSO Technology: to end users to help-desk / support to user authentication to patch management to software distribution systems Transparent protector Transparent reporter inspector Transparent Transparent Transparent - Proprietary & Confidential -
85. Safend Encryptor: Highly Secure protector Total Data Encryption - Encrypts all data on endpoints Including all data files, page file and windows password store (SAM and domain cache) Strong encryption algorithm Each file is encrypted using a different random key for increased security (AES-256) Tamper Resistant The agent includes multi-tiered anti-tampering capabilities to guarantee permanent control over enterprise endpoints Certifications: Common Criteria EAL2 certified FIPS 140-2 certified encryptor reporter inspector Enrolling Beta Customers
86. Safend Encryptor: Centrally Enforced protector Encryption enforced by policy Zero end user interaction Encryption process does not interfere with ongoing user activities End users cannot interfere with the encryption process encryptor reporter inspector
87. Safend Encryptor: Full Audit Trail Detailed Client & Server Log Records Clients status displayed in the Clients World: Client Logs displayed in the Logs World: Server Logs displayed in the Logs World:
88. - Proprietary & Confidential - Safend Encryptor Full Audit TrailDetailed Server Log Records Examples of Encryptor specific server logs
89. - Proprietary & Confidential - Safend Encryptor: Full Audit TrailEncryption Status Report Displays endpoint “encryption complete on” time and date Can be set to display only “active” endpoints drill-down reports display specific endpoints
90. Safend Encryptor: in Action Security administrator sets an encryption policy End user authenticates using native Windows logon Encryption process takes place transparently in background Detailed endpoint status is displayed in the Clients World - Proprietary & Confidential -
91. - Proprietary & Confidential - Safend Inspector protector encryptor Key Features Controls sensitive data transferred via approved data transfer channels Data Classification Content and meta-data Data fingerprinting Controlled Channels Email, web External storage, CD/DVD Local and network printers Application (custom) channels reporter inspector
92. - Proprietary & Confidential - discoverer Inspector-EP (Endpoint) protector encryptor Key Features Data Leakage Prevention Through: USB, Firewire Storage Local & Network Printer CD/DVD Network Shares Copy/Paste Application Data Access Control reporter inspector
93. - Proprietary & Confidential - Safend Inspector protector encryptor Data Classification Data Content and Origin Data Fingerprinting Data Leakage Prevention Through: Email, IM and Web External Storage Printers Out of the box predefined classifications and Policies Interactive Message Center for user education inspector reporter
94. - Proprietary & Confidential - Predefined Classifications and Policies protector encryptor PHI - HIPAA & UK Health PCI (CC#) PII (SSN, NINO, 15 other countries) Acceptable Use (racial, sexual, violence - English) Software IP Schematics IP US Export Regulations SOX – sensitive financial data Preclassified data and metadata inspector reporter
95. - Proprietary & Confidential - Inspector-NW (Network) protector encryptor Data Leakage Prevention Through: Email – Outlook Plugin, SMTP Web – IE Plugin, HTTP, HTTPS Application Data Access Control Limit access of any application to sensitive data File transfer through Skype Encryption of sensitive data with unauthorized package inspector reporter
96. - Proprietary & Confidential - Classification methods protector encryptor Data Content Regular Expressions Mathematical verifiers Heuristic Verifiers Predefined classifications - reusable Data Fingerprinting Map set of files as sensitive without pointing to specific text – using originating application Use partial match to file as indication of sensitivity inspector reporter
97. - Proprietary & Confidential - discoverer Safend Discoverer protector encryptor Endpoint Discovery On all endpoints with installed agent Network Share Discovery As a professional service reporter inspector
101. Our Future Plans Safend intends to further extend the leadership of its Data Protection Suite in the coming years. Some highlights of functionality considered in our future plans include: Data at Rest content discovery, mapping and control.This product, planned for 2009 will allow an organization to map all its sensitive data, and in future releases automate measures taken to protect the detected data. Persistent Encryption.This extension of Safend Inspector and Safend Encryptor to selectively encrypt only sensitive content and keep it encrypted even when it goes off the corporate machines further improves the security of data, while remaining transparent to the end user. Extensive key management for software encryption and for internal and external hardware encrypted storage.Safend provides a comprehensive software encryption platform for both hard disks and removable storage, but some organizations may require or already have hardware encrypted devices. Safend aims to manage those devices as part of the Data Protection Suite and be able to provision them, recover passwords for them, and be able to remotely kill them
102. Contact us for more information or a demo (703) 815-8828 x101 sales@e-convergencesolutions.com - Proprietary & Confidential -
Notes de l'éditeur
Please note: This is an animated slide, next slide is exactly the same but without animation.
I’d now like to review the Safend Protection Suite Architecture.Safend Data Protection Suite consists of Clients, a Management Console and a Management Server.The Clients are installed on the enterprise endpoints and they enforce the security policies locally on their hosts. The Management Server provides the services needed for configuring and monitoring Clients. Clients periodically communicate with the Management Server to renew their security policies, submit their logs and to initialize their suspension (one-time) passwords (OTPs). All communication between clients and the server is implemented as Web Service calls over SSL.Security Admins use the Management Console to interact with the Management Server.The Management Console is a Windows applications used by Admins to interact with the Management Server. Once logged in to the console, a user can manage and assign security policies, view client properties, view logs, and perform various administration operations such as change domain user credentials.Security Admins can explicitly request Clients to immediately renew their policy, submit logs or initialize their OTPs. To facilitate the management of clients in large deployments, the Management Server interacts with external Directory Services such as Active Directory (default) and Novell’s eDirectory.The Management Server utilizes either mySQL or MS SQL Server database to store its configuration, domain information, policies and logs.
Total Data Encryption - Advantages Completely Transparent Encryption Endpoint Performance Maintained Easy Deployment Highly Stable and Fault Tolerant Simple and Reliable Recovery Mechanism Technician Mode