DeviceLock 7.0 Endpoint DLP Full Introduction for Partners - PowerPoint PPT Presentation

About This Presentation

DeviceLock 7.0 Endpoint DLP Full Introduction for Partners


... The Basic Component Pre-7.0 Fundamentals New Capabilities Licensing Product Positioning & Value for ... From familiar Microsoft Active Directory Group ... – PowerPoint PPT presentation

Number of Views:567
Avg rating:3.0/5.0
Slides: 50
Provided by: AlexeiL1


Transcript and Presenter's Notes

Title: DeviceLock 7.0 Endpoint DLP Full Introduction for Partners

DeviceLock 7.0 Endpoint DLP Full Introduction
for Partners
  • Company Brief
  • The Data Leakage Problem
  • DeviceLock Solution
  • Content Filtering
  • Network Communications Control
  • DeviceLock 7.0 The Basic Component
  • Pre-7.0 Fundamentals
  • New Capabilities
  • Licensing
  • Product Positioning Value for Partners
  • Messaging for Customers

devicelock, Inc.
  • Company Brief

Company Facts
  • DeviceLock, Inc. established as SmartLine in 1996
  • Develops and markets DeviceLock software
  • Endpoint device control and data leak prevention
  • Leader of Device/Port Control niche
  • 60,000 corporate customers worldwide
  • 4M computers protected by DeviceLock
  • Offices in Russia (HQs, RD), USA, UK, Germany,
  • About 60 full-time employees including 30 in RD
  • Privately owned, self-funded, dynamically growing

DeviceLock Customers
  • Historically, due to higher data security
    concerns, most customers came from Financial,
    Government, Defense, Defense Contractor, Health
    Care, Bio-Tech, High-Tech Manufacturing,
    Education, and Gambling Resorts Casinos
  • Recently, various organizations regardless of
    vertical industry, size, network topology,
  • One of the worlds largest mutual fund groups (in
    US), City of London Police, SAIC, Societe
    Generale, BAE Systems, Central Bank of Russia,
    Lukoil, Savings Bank of Russia, VTB24 Bank,
  • See case studies at DeviceLock web-site
  • Major production installation 70,000 seats (in

devicelock 7.0 endpoint dlp suite
  • The Data Leakage Problem

Costs of Data Breaches Are Rising
  • Average total cost of a data breach for a U.S.
    organization has reached more than 6.7M
  • Average per-record cost of a data breach in the
    U.S. raised up to 204

Source 2009 Annual Study U.S. Cost of a Data
Breach, Ponemon Institute, January 2010
Cost of a Data Breach Global Statistics
  • On a global scale, the average total cost of a
    data breach is estimated as 3.43M
  • Global average per-record cost of a data breach
    is 142

Source 2009 Annual Study Global Cost of a Data
Breach, Ponemon Institute, April 2010
SMBs Hit by Data Breaches
  • Symantec 2010 SMB Information Protection Survey
    (June 2010)
  • 2,152 respondents from 28 countries
  • 42 have lost proprietary or confidential
    information in the past
  • Data loss is the highest risk for SMB
  • Average annual cost of cyber attacks for an SMB
    is 188,242

Source Symantec 2010 SMB Information Protection
Survey Global June 2010
More Stringent Data Protection Laws
  • Forty six states in the US have already enacted
    data breach notification laws
  • In the UK, since of April 2010 the Information
    Commissioners Office can fine organizations up
    to 500,000 as a penalty for breaches of the Data
    Protection Act
  • In EU, data breach notifications will become
    obligatory for a wide range of businesses
  • In January 2010, European Commission announced
    the start of data protection law improvement

Local Leaks Prevail
  • Most methods leaving employees used for taking
    away corporate data relate to local ports and
    peripheral devices of endpoint computers
  • Number of local leak cases far outweighs other
    ways of stealing data

Source Data Loss Risks During Downsizing,
Ponemon Institute, February 2009
Endpoint Data Leak Mechanics
Corporate Network
Are All Data Channels Really Dangerous?
Corporate Network
devicelock 7.0 endpoint dlp suite
  • DeviceLock Solution

What is DeviceLock 7.0 Endpoint DLP Suite
  • Content-Aware Endpoint DLP platform
  • Modular architecture of complementary functional
    components licensed separately
  • DeviceLock complete device/port control
    central management and administration
  • NetworkLock in-depth network communications
  • ContentLock essential content monitoring and
  • DeviceLock Search Server full-text searching in
    shadow and event logs
  • For organizations of any size and budget
  • Best fit to current security requirements and
    incremental functionality growth

Agent 7.0 DLP Functional Profile
Unified DLP Policy (Logical Mix of Content
Filtering and Context Controls)
Advanced RegExp for Data Shadowing only
Advanced RegExp for Data Shadowing only
Content Filtering
Advanced RegExp
Advanced RegExp
Removable Storage / PnP
Printing Channel
Local Syncs
Network Channel
Data Type Filtering
PCL PostScript Formats
Sync Protocol Object Types
File Types
File Data Types
DLP Control Layers
Channel-Specific Device, Protocol, Application
Printer Types / Print Spooler
Smartphone Types / Local Sync Apps
Device Types/Classes
Network Protocols Applications
Port/Interface Control
Local Ports
Local Ports
Local Ports
Local Ports Used by IP Networking
Endpoint Data Leakage Channels
devicelock 7.0 endpoint dlp suite
  • Content Filtering

Content Filtering Where and What
  • Controlled data channels
  • Removable media (ContentLock)
  • Other PnP storage devices (ContentLock)
  • Network channel (ContentLock NetworkLock)
  • Data and file format agnostic textual content
  • 80 file formats
  • Emails (messages and attachments)
  • Webmails and web-forms
  • Instant messages
  • Social network exchanges
  • Telnet data

Content Filtering How
  • Advanced Regular Expression patterns with
    numerical conditions
  • Boolean combination of matching criteria
  • (regexp("\b(?ltpatientgt\w)\s(\kltpatientgt)\b") gt
    10 OR (regexp()gtN) AND
  • Pre-built RegExp templates for commonly used
    sensitive data types
  • SSN, credit card, bank account, address,
    passport, drivers license, etc.
  • Industry-specific keyword dictionaries
  • White List based policy
  • Allow/Block/Log/Shadow actions
  • Identity-based content filtering

Content-Aware Data Shadowing
  • For all endpoint data channels
  • Removable and PnP storage devices
  • Network communications
  • Local synchronizations with smartphones
  • Document printing
  • Clipboard copy/paste operations
  • Content-filtered
  • All 80 supported file formats and data objects
  • PCL and Postscript printouts
  • Tremendously reduces
  • Storage space requirements and
  • Network bandwidth consumption

devicelock 7.0 endpoint dlp suite
  • Network Communications Control

Network Communications Control
  • Functions
  • Port-independent application/protocol detection
    and filtering
  • Message/session reconstruction with
    file/data/parameter extraction
  • Content filtering (NetworkLock ContentLock)
  • Event/audit logging data shadowing
  • Network-related parameters controlled
  • IP address, range, subnet, masking
  • Network ports, ranges, more/less than criteria
  • Protocols and network application types
  • Identity-based parameters controlled
  • User IDs and groups, email and IP addresses,
    Instant Messaging ID, URI/URL, etc.

Network Traffic Content Filtering
  • NetworkLock ContentLock
  • Plain and SSL-tunneled SMTP emails
  • Messages and attachments separately
  • HTTP/HTTPS-based web access, popular webmail
    social networking applications
  • Gmail, Yahoo! Mail, Windows Live Mail
  • Facebook, Twitter, LiveJournal, LinkedIn,
    MySpace, Odnoklassniki, Vkontakte
  • Instant Messaging
  • ICQ/AOL, MSN Messenger, Jabber, IRC, Yahoo
    Messenger, Agent
  • File transfer via FTP and FTP-SSL
  • Telnet sessions

devicelock 7.0 endpoint dlp suite
  • DeviceLock 7.0 The Basic Component

Comprehensive Port/Device Control
  • Lightweight software solution for device/port
    access control
  • Enforcement agents run on endpoint computers
  • Transparently for end users and applications
  • Protection against local data leaks and malware
    infiltration resulting from insider threats
  • Scalable central management
  • Native integration with Microsoft Active
  • Multiple options of central management consoles
  • DeviceLock 7.0 can be used separately or as a
    platform for other Suites components

devicelock 7.0
  • New Capabilities

Integration with BitLocker To Go
  • DeviceLock controls user access to BL2G-protected
    drives on Windows 7 powered endpoints
  • Integrated solution is a functional analog of a
    built-in Removable Media Encryption for
  • Windows native encryption
  • DeviceLock and BL2G are centrally natively
    managed from the same Active Directory platform
  • DeviceLock heals BL2G limitations
  • User/Group/Time-based Encrypted permissions
    make BL2Gs per-computer enforcement far more
    granular and flexible
  • Read, Read/Format, Read/Write/Format Encrypted
    operations instead of BL2Gs full access only
  • DeviceLock reinforces BL2G security
  • Being logically chained with BL2Gs enforcement,
    DeviceLock prevents unauthorized data copying to
    unencrypted removable drives when local sysadmins
    turn BL2G off

Clipboard Operations Control
  • Clipboard copy/paste operations
  • Prevents unauthorized data transfers between
  • Controlled data types
  • Text
  • Images
  • Audio (e.g. audio recordings captured by Windows
    Sound Recorder)
  • File types (4K)
  • Screenshots (PrintScreen 3rd party screenshot
  • Unidentified

Improved Context Controls
  • Incoming data shadowing
  • Shadowing of data copied/transmitted to the
  • New parameters controlled for file operations
  • File size, date of modification, process
    initiated the operation
  • Text-in-picture detection control
  • In intercepted graphical files and pictures
    embedded in documents (e.g. MS Office)
  • Block, shadow-copy, and log the file
    transfer/storage/access operation

devicelock 7.0
  • Pre-7.0 Fundamentals

Security Functions
  • Highly-granular control over end user access to
    local ports, peripheral devices, and data
    input/output channels on endpoint computers
  • Detailed event logging and data shadowing
  • Event Log automatic collection, centralized
    storage and auditing support
  • Data Shadowing hidden copying, centralized
    collection, storage, searching and reviewing of
    data uploaded through local ports interfaces
  • Central database Microsoft SQL or any
  • Built-in full-text search server, Audit Log and
    Shadow Log Viewers
  • Integration with 3rd party removable device
    encryption solutions
  • Software PGP WDE, DriveCrypt from SecurStar,
    TrueCrypt, SafeDisk,
  • USB drives with hardware encryption BlockMaster
    (SafeStick 4.0), Lexar, IronKey
  • Blocking USB and PS/2 hardware keyloggers
  • Tamper-proof operations
  • No chance to disable or remove DeviceLock agent
    for end users and local system administrators

Access Log Policy Granularity (1)
  • Who
  • User, user group, Windows system user
    types/groups, Group Objects from Microsoft Active
  • Where From Where To
  • Any type of standard Windows local
    ports/interfaces and peripherals
  • USB devices by type/vendor/model, unique device
  • Windows Mobile, iPhone/iPad/iPod,
    BlackBerry, Palm devices
  • Printers (local, network, virtual)
  • Encrypted removable storage
  • Computers, computer groups, computers in
    organizational unit
  • Computers inside or outside of corporate network

Access Log Policy Granularity (2)
  • When
  • Time date intervals, weekly schedule
  • Per user request (Temporary White List)
  • What
  • Input/output and device control operations
  • Operations with generic and encrypted storage
  • Data channels (removable storage, printing
    spooler, local synchronizations with smartphones
    and PDAs)
  • Data flow directions
  • Data types (file types, data objects of local
    sync protocols)
  • Specific media content (CDs/DVDs)
  • All the above in a flexible mix

True File Type Control
  • File transfer operation control based on its true
  • For any File System operations with peripheral
  • NOT limited to Windows Explorer operations
  • Binary signature-based file type detection
  • Based on data type analysis of the entire file
  • NOT vulnerable to encapsulation concealment
  • 4,000 formats supported out-of-the-box
  • Extensible architecture for adding new file types
  • File type-based data shadowing policy
  • Increased control flexibility
  • Reduced memory consumption

Local Sync Control
  • Patent-pending access and data type control for
    locally connected mobile devices
  • Windows Mobile, Palm OS, iPhone/iPod/iPad,
  • Local Sync protocol filtering
  • Microsoft ActiveSync, Windows Mobile Device
    Center, HotSync, iTunes
  • Control granularity protocol object types
  • Files, emails, contacts, tasks, notes, calendars,
    Web bookmarks, email accounts, media types
    (music, photos, podcasts, movies,)
  • Data flow direction control (read, write)
  • Time-based permissions
  • Device presence detection and white-listing
  • Regardless of connection interface
  • Device vendor/model/unique ID (for USB
  • Detailed centralized event logging and data

DeviceLock Printing Security
  • Printing channel control technology
  • Print Spooler operations intercepted filtered
  • User access control to local, network, and
    virtual printers
  • Printer connections detected regardless of the
    connection interface
  • USB control granularity vendor ID, model ID,
    unique printer
  • Time-based permissions
  • Centralized event logging and data shadowing
  • Built-in printout viewer
  • Full-text search in PCL and PostScript printouts

Event Logging Data Shadowing
  • Centralized automatic log and shadow data
  • Scalable multi-server architecture for load
  • Agent-based server connection quality detection
  • Traffic shaping data compression for
    event/shadow log delivery to central server
  • Central data storage in MS SQL database
  • Full-text search server in Data Shadowing / Audit
    Log Database
  • Facilitates compliance auditing, incident
    investigations, forensic analysis
  • 80 file formats and PCL/PostScript printouts
  • Built-in tools for Audit and Shadow Log viewing,
    filtering, and graphical report generation

Management Administration
  • Management consoles with same look-n-feel GUI to
    fit any size customer
  • DeviceLock Group Policy Manager
  • Native full integration with GPO Editor in
    Microsoft Active Directory
  • MMC snap-in for Group Policy Editor
  • Full life-cycle management for DeviceLock agents
    from Microsoft AD domain
  • DeviceLock Enterprise Manager
  • Separate management server
  • Full support of non-AD customers
  • DeviceLock Management Console (MMC snap-in)
  • Per-computer remote management for small
  • Real-time agent status and policy consistency
  • Agent installation, upgrade and removal in
    unattended centralized, interactive or local mode
    without system reboot
  • Network-awareness with automatic policy mode

Operating Platforms
  • DeviceLock Agents, Management Consoles,
    Enterprise Server, Enterprise Manager
  • Windows NT/2000
  • Windows XP/2003/Vista/2008 (32/64-bit)
  • Windows 7 (32/64-bit)
  • Directory integration
  • Microsoft AD (native), Novel eDirectory, any LDAP
  • Databases (optional)
  • Microsoft SQL, MSDE, any ODBC-compliant SQL

devicelock 7.0 Endpoint dlp suite
  • Licensing

  • Perpetual with 1st year upgrades and support
  • Annually paid upgrades and support for the 2nd
    year and further on
  • DeviceLock complete contextual controls over
    local devices/ports/channels
  • Basic and mandatory Suites component
  • Can be purchased independently
  • ContentLock (CL) content filtering
  • Optional add-on with DeviceLock (2-license pack
  • Upgrade from DeviceLock (CL license)
  • NetworkLock (NL) network communications control
  • Optional add-on with DeviceLock (2-license pack
  • Upgrade from DeviceLock (NL license)
  • DeviceLock Endpoint DLP
  • DeviceLock ContentLock NetworkLock (3-license
  • Upgrade from DLNL or DLCL
  • DeviceLock Search Server (DLSS)
  • Optional add-on for any other Suite

devicelock 7.0 Endpoint dlp suite
  • Product Positioning Value for Partners

Product Positioning Target Customers
  • Best price/performance endpoint DLP solution
  • with essential content filtering capabilities
    that makes DLP technologies
  • practical for the mainstream corporate market,
  • affordable for organizations of any size and
    budget including SMBs
  • Customers pragmatic organizations from the
    mainstream corporate market including SMBs
  • Need a cost-effective, reliable, and scalable
    endpoint DLP solution with the potential to grow
    consistently with customer requirements
  • Would like to deploy an endpoint DLP solution
    cost-effectively and safely, by gradually growing
    its capabilities from necessary to enhanced

Product Value for Partners (1)
  • Partners can sell DeviceLock 7.0 Endpoint DLP as
    a mainstream revenue-generating product
  • Product price/seat increased manifold vs earlier
  • Aggregate margin/seat (in ) justifies dedicated
    sales efforts
  • Product can generate significant Professional
    Services revenue while being deployed and in
    post-sales support phases
  • DeviceLock DLP policy becomes much more complex
    and needs to be fine-tuned to comply with
    organizations data protection policy, state
    regulations, industry standards
  • DeviceLock Endpoint DLP targets all market
  • SMB where DLP penetration is still minimal
  • Enterprise segment competing as the best
    price/performance endpoint DLP with
    well-balanced overall functionality

Product Value for Partners (2)
  • Large customer/installed base lets go upsell
  • DeviceLock product
  • Trusted and widely used in ( sellable to)
  • Financial, health-care, defense, military,
    government verticals across the globe
  • Complementary to ( sellable with)
  • Popular Anti-Virus solutions (ESET, Kaspersky,
  • Network-based DLP solutions (Fidelis, Palisade)
  • Easy to learn, deploy and support

devicelock 7.0 Endpoint dlp suite
  • Messaging for Customers

DeviceLock Value for Customers (1)
  • Best price/performance endpoint DLP solution
  • with essential content filtering capabilities
    that makes DLP technologies
  • practical and affordable for the mainstream
    corporate market
  • Well-balanced set of endpoint DLP features
  • Best-in-class context DLP controls with granular
    and flexible policy
  • Essential content filtering functionality
    effective, highly configurable, reliable
  • Control over all endpoint input/output channels
    with protection for all data leakage scenarios
  • Comprehensive audit logging and data shadowing
    with built-in full-text searching
  • Centrally managed removable media encryption at
    no additional cost through integration with
    BitLocker To Go

DeviceLock Value for Customers (2)
  • Scalable from small to largest organizations
  • With central management natively integrated in
    Microsoft Active Directory
  • Affordable for any organizations including SMBs
  • Competitive price and flexible function-based
  • Cost-effective deployment of required DLP
  • Incrementally turn on new capabilities as
    requirements grow
  • Easy to learn, deploy, use and maintain
  • Familiar Windows native MMC interface ADs
  • Transparent for end users
  • Time-proven, trusted and widely deployed in data
    security sensitive organizations worldwide

Write a Comment
User Comments (0)