DeviceLock 7.0 Endpoint DLP Full Introduction for Partners - PowerPoint PPT Presentation

Loading...

PPT – DeviceLock 7.0 Endpoint DLP Full Introduction for Partners PowerPoint presentation | free to download - id: 5d3581-ZGVmN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

DeviceLock 7.0 Endpoint DLP Full Introduction for Partners

Description:

... The Basic Component Pre-7.0 Fundamentals New Capabilities Licensing Product Positioning & Value for ... From familiar Microsoft Active Directory Group ... – PowerPoint PPT presentation

Number of Views:454
Avg rating:3.0/5.0
Slides: 50
Provided by: AlexeiL1
Learn more at: http://www.devicelock.com
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: DeviceLock 7.0 Endpoint DLP Full Introduction for Partners


1
DeviceLock 7.0 Endpoint DLP Full Introduction
for Partners
2
Agenda
  • Company Brief
  • The Data Leakage Problem
  • DeviceLock Solution
  • Content Filtering
  • Network Communications Control
  • DeviceLock 7.0 The Basic Component
  • Pre-7.0 Fundamentals
  • New Capabilities
  • Licensing
  • Product Positioning Value for Partners
  • Messaging for Customers

3
devicelock, Inc.
  • Company Brief

4
Company Facts
  • DeviceLock, Inc. established as SmartLine in 1996
  • Develops and markets DeviceLock software
  • Endpoint device control and data leak prevention
    solution
  • Leader of Device/Port Control niche
  • 60,000 corporate customers worldwide
  • 4M computers protected by DeviceLock
  • Offices in Russia (HQs, RD), USA, UK, Germany,
    Italy
  • About 60 full-time employees including 30 in RD
  • Privately owned, self-funded, dynamically growing

5
DeviceLock Customers
  • Historically, due to higher data security
    concerns, most customers came from Financial,
    Government, Defense, Defense Contractor, Health
    Care, Bio-Tech, High-Tech Manufacturing,
    Education, and Gambling Resorts Casinos
    verticals
  • Recently, various organizations regardless of
    vertical industry, size, network topology,
    geography
  • One of the worlds largest mutual fund groups (in
    US), City of London Police, SAIC, Societe
    Generale, BAE Systems, Central Bank of Russia,
    Lukoil, Savings Bank of Russia, VTB24 Bank,
  • See case studies at DeviceLock web-site
  • Major production installation 70,000 seats (in
    US)

6
devicelock 7.0 endpoint dlp suite
  • The Data Leakage Problem

7
Costs of Data Breaches Are Rising
  • Average total cost of a data breach for a U.S.
    organization has reached more than 6.7M
  • Average per-record cost of a data breach in the
    U.S. raised up to 204

Source 2009 Annual Study U.S. Cost of a Data
Breach, Ponemon Institute, January 2010
8
Cost of a Data Breach Global Statistics
  • On a global scale, the average total cost of a
    data breach is estimated as 3.43M
  • Global average per-record cost of a data breach
    is 142

Source 2009 Annual Study Global Cost of a Data
Breach, Ponemon Institute, April 2010
9
SMBs Hit by Data Breaches
  • Symantec 2010 SMB Information Protection Survey
    (June 2010)
  • 2,152 respondents from 28 countries
  • 42 have lost proprietary or confidential
    information in the past
  • Data loss is the highest risk for SMB
    organizations
  • Average annual cost of cyber attacks for an SMB
    is 188,242

Source Symantec 2010 SMB Information Protection
Survey Global June 2010
10
More Stringent Data Protection Laws
  • Forty six states in the US have already enacted
    data breach notification laws
  • In the UK, since of April 2010 the Information
    Commissioners Office can fine organizations up
    to 500,000 as a penalty for breaches of the Data
    Protection Act
  • In EU, data breach notifications will become
    obligatory for a wide range of businesses
  • In January 2010, European Commission announced
    the start of data protection law improvement
    process

11
Local Leaks Prevail
  • Most methods leaving employees used for taking
    away corporate data relate to local ports and
    peripheral devices of endpoint computers
  • Number of local leak cases far outweighs other
    ways of stealing data

Source Data Loss Risks During Downsizing,
Ponemon Institute, February 2009
12
Endpoint Data Leak Mechanics
Corporate Network
13
Are All Data Channels Really Dangerous?
Corporate Network
14
devicelock 7.0 endpoint dlp suite
  • DeviceLock Solution

15
What is DeviceLock 7.0 Endpoint DLP Suite
  • Content-Aware Endpoint DLP platform
  • Modular architecture of complementary functional
    components licensed separately
  • DeviceLock complete device/port control
    central management and administration
  • NetworkLock in-depth network communications
    control
  • ContentLock essential content monitoring and
    filtering
  • DeviceLock Search Server full-text searching in
    shadow and event logs
  • For organizations of any size and budget
  • Best fit to current security requirements and
    incremental functionality growth

16
Agent 7.0 DLP Functional Profile
Unified DLP Policy (Logical Mix of Content
Filtering and Context Controls)
Advanced RegExp for Data Shadowing only
Advanced RegExp for Data Shadowing only
Content Filtering
Advanced RegExp
Advanced RegExp
Removable Storage / PnP
Printing Channel
Local Syncs
Network Channel
Data Type Filtering
PCL PostScript Formats
Sync Protocol Object Types
File Types
File Data Types
DLP Control Layers
Channel-Specific Device, Protocol, Application
Control
Printer Types / Print Spooler
Smartphone Types / Local Sync Apps
Device Types/Classes
Network Protocols Applications
Port/Interface Control
Local Ports
Local Ports
Local Ports
Local Ports Used by IP Networking
Endpoint Data Leakage Channels
Confidential
17
devicelock 7.0 endpoint dlp suite
  • Content Filtering

18
Content Filtering Where and What
  • Controlled data channels
  • Removable media (ContentLock)
  • Other PnP storage devices (ContentLock)
  • Network channel (ContentLock NetworkLock)
  • Data and file format agnostic textual content
    extraction
  • 80 file formats
  • Emails (messages and attachments)
  • Webmails and web-forms
  • Instant messages
  • Social network exchanges
  • Telnet data

19
Content Filtering How
  • Advanced Regular Expression patterns with
    numerical conditions
  • Boolean combination of matching criteria
  • (regexp("\b(?ltpatientgt\w)\s(\kltpatientgt)\b") gt
    10 OR (regexp()gtN) AND
  • Pre-built RegExp templates for commonly used
    sensitive data types
  • SSN, credit card, bank account, address,
    passport, drivers license, etc.
  • Industry-specific keyword dictionaries
  • White List based policy
  • Allow/Block/Log/Shadow actions
  • Identity-based content filtering

20
Content-Aware Data Shadowing
  • For all endpoint data channels
  • Removable and PnP storage devices
  • Network communications
  • Local synchronizations with smartphones
  • Document printing
  • Clipboard copy/paste operations
  • Content-filtered
  • All 80 supported file formats and data objects
  • PCL and Postscript printouts
  • Tremendously reduces
  • Storage space requirements and
  • Network bandwidth consumption

21
devicelock 7.0 endpoint dlp suite
  • Network Communications Control

22
Network Communications Control
  • Functions
  • Port-independent application/protocol detection
    and filtering
  • Message/session reconstruction with
    file/data/parameter extraction
  • Content filtering (NetworkLock ContentLock)
  • Event/audit logging data shadowing
  • Network-related parameters controlled
  • IP address, range, subnet, masking
  • Network ports, ranges, more/less than criteria
  • Protocols and network application types
  • Identity-based parameters controlled
  • User IDs and groups, email and IP addresses,
    Instant Messaging ID, URI/URL, etc.

23
Network Traffic Content Filtering
  • NetworkLock ContentLock
  • Plain and SSL-tunneled SMTP emails
  • Messages and attachments separately
  • HTTP/HTTPS-based web access, popular webmail
    social networking applications
  • Gmail, Yahoo! Mail, Windows Live Mail
  • Facebook, Twitter, LiveJournal, LinkedIn,
    MySpace, Odnoklassniki, Vkontakte
  • Instant Messaging
  • ICQ/AOL, MSN Messenger, Jabber, IRC, Yahoo
    Messenger, Mail.ru Agent
  • File transfer via FTP and FTP-SSL
  • Telnet sessions

24
devicelock 7.0 endpoint dlp suite
  • DeviceLock 7.0 The Basic Component

25
Comprehensive Port/Device Control
  • Lightweight software solution for device/port
    access control
  • Enforcement agents run on endpoint computers
  • Transparently for end users and applications
  • Protection against local data leaks and malware
    infiltration resulting from insider threats
  • Scalable central management
  • Native integration with Microsoft Active
    Directory
  • Multiple options of central management consoles
  • DeviceLock 7.0 can be used separately or as a
    platform for other Suites components

26
devicelock 7.0
  • New Capabilities

27
Integration with BitLocker To Go
  • DeviceLock controls user access to BL2G-protected
    drives on Windows 7 powered endpoints
  • Integrated solution is a functional analog of a
    built-in Removable Media Encryption for
    DeviceLock
  • Windows native encryption
  • DeviceLock and BL2G are centrally natively
    managed from the same Active Directory platform
  • DeviceLock heals BL2G limitations
  • User/Group/Time-based Encrypted permissions
    make BL2Gs per-computer enforcement far more
    granular and flexible
  • Read, Read/Format, Read/Write/Format Encrypted
    operations instead of BL2Gs full access only
    option
  • DeviceLock reinforces BL2G security
  • Being logically chained with BL2Gs enforcement,
    DeviceLock prevents unauthorized data copying to
    unencrypted removable drives when local sysadmins
    turn BL2G off

28
Clipboard Operations Control
  • Clipboard copy/paste operations
  • Prevents unauthorized data transfers between
    applications
  • Controlled data types
  • Text
  • Images
  • Audio (e.g. audio recordings captured by Windows
    Sound Recorder)
  • File types (4K)
  • Screenshots (PrintScreen 3rd party screenshot
    applications)
  • Unidentified

29
Improved Context Controls
  • Incoming data shadowing
  • Shadowing of data copied/transmitted to the
    computer
  • New parameters controlled for file operations
  • File size, date of modification, process
    initiated the operation
  • Text-in-picture detection control
  • In intercepted graphical files and pictures
    embedded in documents (e.g. MS Office)
  • Block, shadow-copy, and log the file
    transfer/storage/access operation

30
devicelock 7.0
  • Pre-7.0 Fundamentals

31
Security Functions
  • Highly-granular control over end user access to
    local ports, peripheral devices, and data
    input/output channels on endpoint computers
  • Detailed event logging and data shadowing
  • Event Log automatic collection, centralized
    storage and auditing support
  • Data Shadowing hidden copying, centralized
    collection, storage, searching and reviewing of
    data uploaded through local ports interfaces
  • Central database Microsoft SQL or any
    ODBC-compliant
  • Built-in full-text search server, Audit Log and
    Shadow Log Viewers
  • Integration with 3rd party removable device
    encryption solutions
  • Software PGP WDE, DriveCrypt from SecurStar,
    TrueCrypt, SafeDisk,
  • USB drives with hardware encryption BlockMaster
    (SafeStick 4.0), Lexar, IronKey
  • Blocking USB and PS/2 hardware keyloggers
  • Tamper-proof operations
  • No chance to disable or remove DeviceLock agent
    for end users and local system administrators

32
Access Log Policy Granularity (1)
  • Who
  • User, user group, Windows system user
    types/groups, Group Objects from Microsoft Active
    Directory
  • Where From Where To
  • Any type of standard Windows local
    ports/interfaces and peripherals
  • USB devices by type/vendor/model, unique device
  • Windows Mobile, iPhone/iPad/iPod,
    BlackBerry, Palm devices
  • Printers (local, network, virtual)
  • Encrypted removable storage
  • Computers, computer groups, computers in
    organizational unit
  • Computers inside or outside of corporate network

33
Access Log Policy Granularity (2)
  • When
  • Time date intervals, weekly schedule
  • Per user request (Temporary White List)
  • What
  • Input/output and device control operations
  • Operations with generic and encrypted storage
  • Data channels (removable storage, printing
    spooler, local synchronizations with smartphones
    and PDAs)
  • Data flow directions
  • Data types (file types, data objects of local
    sync protocols)
  • Specific media content (CDs/DVDs)
  • All the above in a flexible mix

34
True File Type Control
  • File transfer operation control based on its true
    type
  • For any File System operations with peripheral
    devices
  • NOT limited to Windows Explorer operations
  • Binary signature-based file type detection
    algorithm
  • Based on data type analysis of the entire file
    content
  • NOT vulnerable to encapsulation concealment
    techniques
  • 4,000 formats supported out-of-the-box
  • Extensible architecture for adding new file types
  • File type-based data shadowing policy
  • Increased control flexibility
  • Reduced memory consumption

35
Local Sync Control
  • Patent-pending access and data type control for
    locally connected mobile devices
  • Windows Mobile, Palm OS, iPhone/iPod/iPad,
    BlackBerry
  • Local Sync protocol filtering
  • Microsoft ActiveSync, Windows Mobile Device
    Center, HotSync, iTunes
  • Control granularity protocol object types
  • Files, emails, contacts, tasks, notes, calendars,
    Web bookmarks, email accounts, media types
    (music, photos, podcasts, movies,)
  • Data flow direction control (read, write)
  • Time-based permissions
  • Device presence detection and white-listing
  • Regardless of connection interface
  • Device vendor/model/unique ID (for USB
    connections)
  • Detailed centralized event logging and data
    shadowing

36
DeviceLock Printing Security
  • Printing channel control technology
  • Print Spooler operations intercepted filtered
  • User access control to local, network, and
    virtual printers
  • Printer connections detected regardless of the
    connection interface
  • USB control granularity vendor ID, model ID,
    unique printer
  • Time-based permissions
  • Centralized event logging and data shadowing
  • Built-in printout viewer
  • Full-text search in PCL and PostScript printouts

37
Event Logging Data Shadowing
  • Centralized automatic log and shadow data
    collection
  • Scalable multi-server architecture for load
    sharing
  • Agent-based server connection quality detection
    algorithm
  • Traffic shaping data compression for
    event/shadow log delivery to central server
  • Central data storage in MS SQL database
  • Full-text search server in Data Shadowing / Audit
    Log Database
  • Facilitates compliance auditing, incident
    investigations, forensic analysis
  • 80 file formats and PCL/PostScript printouts
  • Built-in tools for Audit and Shadow Log viewing,
    filtering, and graphical report generation

38
Management Administration
  • Management consoles with same look-n-feel GUI to
    fit any size customer
  • DeviceLock Group Policy Manager
  • Native full integration with GPO Editor in
    Microsoft Active Directory
  • MMC snap-in for Group Policy Editor
  • Full life-cycle management for DeviceLock agents
    from Microsoft AD domain
  • DeviceLock Enterprise Manager
  • Separate management server
  • Full support of non-AD customers
  • DeviceLock Management Console (MMC snap-in)
  • Per-computer remote management for small
    organizations
  • Real-time agent status and policy consistency
    monitoring/repair
  • Agent installation, upgrade and removal in
    unattended centralized, interactive or local mode
    without system reboot
  • Network-awareness with automatic policy mode
    switching

39
Operating Platforms
  • DeviceLock Agents, Management Consoles,
    Enterprise Server, Enterprise Manager
  • Windows NT/2000
  • Windows XP/2003/Vista/2008 (32/64-bit)
  • Windows 7 (32/64-bit)
  • Directory integration
  • Microsoft AD (native), Novel eDirectory, any LDAP
  • Databases (optional)
  • Microsoft SQL, MSDE, any ODBC-compliant SQL

40
devicelock 7.0 Endpoint dlp suite
  • Licensing

41
Licensing
  • Perpetual with 1st year upgrades and support
    included
  • Annually paid upgrades and support for the 2nd
    year and further on
  • DeviceLock complete contextual controls over
    local devices/ports/channels
  • Basic and mandatory Suites component
  • Can be purchased independently
  • ContentLock (CL) content filtering
    functionality
  • Optional add-on with DeviceLock (2-license pack
    DLCL)
  • Upgrade from DeviceLock (CL license)
  • NetworkLock (NL) network communications control
    functionality
  • Optional add-on with DeviceLock (2-license pack
    DLNL)
  • Upgrade from DeviceLock (NL license)
  • DeviceLock Endpoint DLP
  • DeviceLock ContentLock NetworkLock (3-license
    pack)
  • Upgrade from DLNL or DLCL
  • DeviceLock Search Server (DLSS)
  • Optional add-on for any other Suite
    configurations

42
devicelock 7.0 Endpoint dlp suite
  • Product Positioning Value for Partners

43
Product Positioning Target Customers
  • Best price/performance endpoint DLP solution
  • with essential content filtering capabilities
    that makes DLP technologies
  • practical for the mainstream corporate market,
    and
  • affordable for organizations of any size and
    budget including SMBs
  • Customers pragmatic organizations from the
    mainstream corporate market including SMBs
  • Need a cost-effective, reliable, and scalable
    endpoint DLP solution with the potential to grow
    consistently with customer requirements
  • Would like to deploy an endpoint DLP solution
    cost-effectively and safely, by gradually growing
    its capabilities from necessary to enhanced

44
Product Value for Partners (1)
  • Partners can sell DeviceLock 7.0 Endpoint DLP as
    a mainstream revenue-generating product
  • Product price/seat increased manifold vs earlier
    versions
  • Aggregate margin/seat (in ) justifies dedicated
    sales efforts
  • Product can generate significant Professional
    Services revenue while being deployed and in
    post-sales support phases
  • DeviceLock DLP policy becomes much more complex
    and needs to be fine-tuned to comply with
    organizations data protection policy, state
    regulations, industry standards
  • DeviceLock Endpoint DLP targets all market
    segments
  • SMB where DLP penetration is still minimal
  • Enterprise segment competing as the best
    price/performance endpoint DLP with
    well-balanced overall functionality

45
Product Value for Partners (2)
  • Large customer/installed base lets go upsell
  • DeviceLock product
  • Trusted and widely used in ( sellable to)
  • Financial, health-care, defense, military,
    government verticals across the globe
  • Complementary to ( sellable with)
  • Popular Anti-Virus solutions (ESET, Kaspersky,
    Panda)
  • Network-based DLP solutions (Fidelis, Palisade)
  • Easy to learn, deploy and support

46
devicelock 7.0 Endpoint dlp suite
  • Messaging for Customers

47
DeviceLock Value for Customers (1)
  • Best price/performance endpoint DLP solution
  • with essential content filtering capabilities
    that makes DLP technologies
  • practical and affordable for the mainstream
    corporate market
  • Well-balanced set of endpoint DLP features
  • Best-in-class context DLP controls with granular
    and flexible policy
  • Essential content filtering functionality
    effective, highly configurable, reliable
  • Control over all endpoint input/output channels
    with protection for all data leakage scenarios
  • Comprehensive audit logging and data shadowing
    with built-in full-text searching
  • Centrally managed removable media encryption at
    no additional cost through integration with
    BitLocker To Go

48
DeviceLock Value for Customers (2)
  • Scalable from small to largest organizations
  • With central management natively integrated in
    Microsoft Active Directory
  • Affordable for any organizations including SMBs
  • Competitive price and flexible function-based
    licensing
  • Cost-effective deployment of required DLP
    functions
  • Incrementally turn on new capabilities as
    requirements grow
  • Easy to learn, deploy, use and maintain
  • Familiar Windows native MMC interface ADs
    stylistics
  • Transparent for end users
  • Time-proven, trusted and widely deployed in data
    security sensitive organizations worldwide

49
THANK YOU!
About PowerShow.com