Title: DeviceLock 7.0 Endpoint DLP Full Introduction for Partners
1DeviceLock 7.0 Endpoint DLP Full Introduction
for Partners
2Agenda
- Company Brief
- The Data Leakage Problem
- DeviceLock Solution
- Content Filtering
- Network Communications Control
- DeviceLock 7.0 The Basic Component
- Pre-7.0 Fundamentals
- New Capabilities
- Licensing
- Product Positioning Value for Partners
- Messaging for Customers
3devicelock, Inc.
4Company Facts
- DeviceLock, Inc. established as SmartLine in 1996
- Develops and markets DeviceLock software
- Endpoint device control and data leak prevention
solution - Leader of Device/Port Control niche
- 60,000 corporate customers worldwide
- 4M computers protected by DeviceLock
- Offices in Russia (HQs, RD), USA, UK, Germany,
Italy - About 60 full-time employees including 30 in RD
- Privately owned, self-funded, dynamically growing
5DeviceLock Customers
- Historically, due to higher data security
concerns, most customers came from Financial,
Government, Defense, Defense Contractor, Health
Care, Bio-Tech, High-Tech Manufacturing,
Education, and Gambling Resorts Casinos
verticals - Recently, various organizations regardless of
vertical industry, size, network topology,
geography - One of the worlds largest mutual fund groups (in
US), City of London Police, SAIC, Societe
Generale, BAE Systems, Central Bank of Russia,
Lukoil, Savings Bank of Russia, VTB24 Bank, - See case studies at DeviceLock web-site
- Major production installation 70,000 seats (in
US)
6devicelock 7.0 endpoint dlp suite
7Costs of Data Breaches Are Rising
- Average total cost of a data breach for a U.S.
organization has reached more than 6.7M
- Average per-record cost of a data breach in the
U.S. raised up to 204
Source 2009 Annual Study U.S. Cost of a Data
Breach, Ponemon Institute, January 2010
8Cost of a Data Breach Global Statistics
- On a global scale, the average total cost of a
data breach is estimated as 3.43M
- Global average per-record cost of a data breach
is 142
Source 2009 Annual Study Global Cost of a Data
Breach, Ponemon Institute, April 2010
9SMBs Hit by Data Breaches
- Symantec 2010 SMB Information Protection Survey
(June 2010) - 2,152 respondents from 28 countries
- 42 have lost proprietary or confidential
information in the past - Data loss is the highest risk for SMB
organizations - Average annual cost of cyber attacks for an SMB
is 188,242
Source Symantec 2010 SMB Information Protection
Survey Global June 2010
10More Stringent Data Protection Laws
- Forty six states in the US have already enacted
data breach notification laws - In the UK, since of April 2010 the Information
Commissioners Office can fine organizations up
to 500,000 as a penalty for breaches of the Data
Protection Act - In EU, data breach notifications will become
obligatory for a wide range of businesses - In January 2010, European Commission announced
the start of data protection law improvement
process
11Local Leaks Prevail
- Most methods leaving employees used for taking
away corporate data relate to local ports and
peripheral devices of endpoint computers - Number of local leak cases far outweighs other
ways of stealing data
Source Data Loss Risks During Downsizing,
Ponemon Institute, February 2009
12Endpoint Data Leak Mechanics
Corporate Network
13Are All Data Channels Really Dangerous?
Corporate Network
14devicelock 7.0 endpoint dlp suite
15What is DeviceLock 7.0 Endpoint DLP Suite
- Content-Aware Endpoint DLP platform
- Modular architecture of complementary functional
components licensed separately - DeviceLock complete device/port control
central management and administration - NetworkLock in-depth network communications
control - ContentLock essential content monitoring and
filtering - DeviceLock Search Server full-text searching in
shadow and event logs
- For organizations of any size and budget
- Best fit to current security requirements and
incremental functionality growth
16Agent 7.0 DLP Functional Profile
Unified DLP Policy (Logical Mix of Content
Filtering and Context Controls)
Advanced RegExp for Data Shadowing only
Advanced RegExp for Data Shadowing only
Content Filtering
Advanced RegExp
Advanced RegExp
Removable Storage / PnP
Printing Channel
Local Syncs
Network Channel
Data Type Filtering
PCL PostScript Formats
Sync Protocol Object Types
File Types
File Data Types
DLP Control Layers
Channel-Specific Device, Protocol, Application
Control
Printer Types / Print Spooler
Smartphone Types / Local Sync Apps
Device Types/Classes
Network Protocols Applications
Port/Interface Control
Local Ports
Local Ports
Local Ports
Local Ports Used by IP Networking
Endpoint Data Leakage Channels
Confidential
17devicelock 7.0 endpoint dlp suite
18Content Filtering Where and What
- Controlled data channels
- Removable media (ContentLock)
- Other PnP storage devices (ContentLock)
- Network channel (ContentLock NetworkLock)
- Data and file format agnostic textual content
extraction - 80 file formats
- Emails (messages and attachments)
- Webmails and web-forms
- Instant messages
- Social network exchanges
- Telnet data
19Content Filtering How
- Advanced Regular Expression patterns with
numerical conditions - Boolean combination of matching criteria
- (regexp("\b(?ltpatientgt\w)\s(\kltpatientgt)\b") gt
10 OR (regexp()gtN) AND - Pre-built RegExp templates for commonly used
sensitive data types - SSN, credit card, bank account, address,
passport, drivers license, etc. - Industry-specific keyword dictionaries
- White List based policy
- Allow/Block/Log/Shadow actions
- Identity-based content filtering
20Content-Aware Data Shadowing
- For all endpoint data channels
- Removable and PnP storage devices
- Network communications
- Local synchronizations with smartphones
- Document printing
- Clipboard copy/paste operations
- Content-filtered
- All 80 supported file formats and data objects
- PCL and Postscript printouts
- Tremendously reduces
- Storage space requirements and
- Network bandwidth consumption
21devicelock 7.0 endpoint dlp suite
- Network Communications Control
-
22Network Communications Control
- Functions
- Port-independent application/protocol detection
and filtering - Message/session reconstruction with
file/data/parameter extraction - Content filtering (NetworkLock ContentLock)
- Event/audit logging data shadowing
- Network-related parameters controlled
- IP address, range, subnet, masking
- Network ports, ranges, more/less than criteria
- Protocols and network application types
- Identity-based parameters controlled
- User IDs and groups, email and IP addresses,
Instant Messaging ID, URI/URL, etc.
23Network Traffic Content Filtering
- NetworkLock ContentLock
- Plain and SSL-tunneled SMTP emails
- Messages and attachments separately
- HTTP/HTTPS-based web access, popular webmail
social networking applications - Gmail, Yahoo! Mail, Windows Live Mail
- Facebook, Twitter, LiveJournal, LinkedIn,
MySpace, Odnoklassniki, Vkontakte - Instant Messaging
- ICQ/AOL, MSN Messenger, Jabber, IRC, Yahoo
Messenger, Mail.ru Agent - File transfer via FTP and FTP-SSL
- Telnet sessions
24devicelock 7.0 endpoint dlp suite
- DeviceLock 7.0 The Basic Component
-
25Comprehensive Port/Device Control
- Lightweight software solution for device/port
access control - Enforcement agents run on endpoint computers
- Transparently for end users and applications
- Protection against local data leaks and malware
infiltration resulting from insider threats - Scalable central management
- Native integration with Microsoft Active
Directory - Multiple options of central management consoles
- DeviceLock 7.0 can be used separately or as a
platform for other Suites components
26devicelock 7.0
27Integration with BitLocker To Go
- DeviceLock controls user access to BL2G-protected
drives on Windows 7 powered endpoints - Integrated solution is a functional analog of a
built-in Removable Media Encryption for
DeviceLock - Windows native encryption
- DeviceLock and BL2G are centrally natively
managed from the same Active Directory platform - DeviceLock heals BL2G limitations
- User/Group/Time-based Encrypted permissions
make BL2Gs per-computer enforcement far more
granular and flexible - Read, Read/Format, Read/Write/Format Encrypted
operations instead of BL2Gs full access only
option - DeviceLock reinforces BL2G security
- Being logically chained with BL2Gs enforcement,
DeviceLock prevents unauthorized data copying to
unencrypted removable drives when local sysadmins
turn BL2G off
28Clipboard Operations Control
- Clipboard copy/paste operations
- Prevents unauthorized data transfers between
applications - Controlled data types
- Text
- Images
- Audio (e.g. audio recordings captured by Windows
Sound Recorder) - File types (4K)
- Screenshots (PrintScreen 3rd party screenshot
applications) - Unidentified
29Improved Context Controls
- Incoming data shadowing
- Shadowing of data copied/transmitted to the
computer - New parameters controlled for file operations
- File size, date of modification, process
initiated the operation - Text-in-picture detection control
- In intercepted graphical files and pictures
embedded in documents (e.g. MS Office) - Block, shadow-copy, and log the file
transfer/storage/access operation
30devicelock 7.0
31Security Functions
- Highly-granular control over end user access to
local ports, peripheral devices, and data
input/output channels on endpoint computers - Detailed event logging and data shadowing
- Event Log automatic collection, centralized
storage and auditing support - Data Shadowing hidden copying, centralized
collection, storage, searching and reviewing of
data uploaded through local ports interfaces - Central database Microsoft SQL or any
ODBC-compliant - Built-in full-text search server, Audit Log and
Shadow Log Viewers - Integration with 3rd party removable device
encryption solutions - Software PGP WDE, DriveCrypt from SecurStar,
TrueCrypt, SafeDisk, - USB drives with hardware encryption BlockMaster
(SafeStick 4.0), Lexar, IronKey - Blocking USB and PS/2 hardware keyloggers
- Tamper-proof operations
- No chance to disable or remove DeviceLock agent
for end users and local system administrators
32Access Log Policy Granularity (1)
- Who
- User, user group, Windows system user
types/groups, Group Objects from Microsoft Active
Directory - Where From Where To
- Any type of standard Windows local
ports/interfaces and peripherals - USB devices by type/vendor/model, unique device
- Windows Mobile, iPhone/iPad/iPod,
BlackBerry, Palm devices - Printers (local, network, virtual)
- Encrypted removable storage
- Computers, computer groups, computers in
organizational unit - Computers inside or outside of corporate network
33Access Log Policy Granularity (2)
- When
- Time date intervals, weekly schedule
- Per user request (Temporary White List)
- What
- Input/output and device control operations
- Operations with generic and encrypted storage
- Data channels (removable storage, printing
spooler, local synchronizations with smartphones
and PDAs) - Data flow directions
- Data types (file types, data objects of local
sync protocols) - Specific media content (CDs/DVDs)
- All the above in a flexible mix
34True File Type Control
- File transfer operation control based on its true
type - For any File System operations with peripheral
devices - NOT limited to Windows Explorer operations
- Binary signature-based file type detection
algorithm - Based on data type analysis of the entire file
content - NOT vulnerable to encapsulation concealment
techniques - 4,000 formats supported out-of-the-box
- Extensible architecture for adding new file types
- File type-based data shadowing policy
- Increased control flexibility
- Reduced memory consumption
35Local Sync Control
- Patent-pending access and data type control for
locally connected mobile devices - Windows Mobile, Palm OS, iPhone/iPod/iPad,
BlackBerry - Local Sync protocol filtering
- Microsoft ActiveSync, Windows Mobile Device
Center, HotSync, iTunes - Control granularity protocol object types
- Files, emails, contacts, tasks, notes, calendars,
Web bookmarks, email accounts, media types
(music, photos, podcasts, movies,) - Data flow direction control (read, write)
- Time-based permissions
- Device presence detection and white-listing
- Regardless of connection interface
- Device vendor/model/unique ID (for USB
connections) - Detailed centralized event logging and data
shadowing
36DeviceLock Printing Security
- Printing channel control technology
- Print Spooler operations intercepted filtered
- User access control to local, network, and
virtual printers - Printer connections detected regardless of the
connection interface - USB control granularity vendor ID, model ID,
unique printer - Time-based permissions
- Centralized event logging and data shadowing
- Built-in printout viewer
- Full-text search in PCL and PostScript printouts
37Event Logging Data Shadowing
- Centralized automatic log and shadow data
collection - Scalable multi-server architecture for load
sharing - Agent-based server connection quality detection
algorithm - Traffic shaping data compression for
event/shadow log delivery to central server - Central data storage in MS SQL database
- Full-text search server in Data Shadowing / Audit
Log Database - Facilitates compliance auditing, incident
investigations, forensic analysis - 80 file formats and PCL/PostScript printouts
- Built-in tools for Audit and Shadow Log viewing,
filtering, and graphical report generation
38Management Administration
- Management consoles with same look-n-feel GUI to
fit any size customer - DeviceLock Group Policy Manager
- Native full integration with GPO Editor in
Microsoft Active Directory - MMC snap-in for Group Policy Editor
- Full life-cycle management for DeviceLock agents
from Microsoft AD domain - DeviceLock Enterprise Manager
- Separate management server
- Full support of non-AD customers
- DeviceLock Management Console (MMC snap-in)
- Per-computer remote management for small
organizations - Real-time agent status and policy consistency
monitoring/repair - Agent installation, upgrade and removal in
unattended centralized, interactive or local mode
without system reboot - Network-awareness with automatic policy mode
switching
39Operating Platforms
- DeviceLock Agents, Management Consoles,
Enterprise Server, Enterprise Manager - Windows NT/2000
- Windows XP/2003/Vista/2008 (32/64-bit)
- Windows 7 (32/64-bit)
- Directory integration
- Microsoft AD (native), Novel eDirectory, any LDAP
- Databases (optional)
- Microsoft SQL, MSDE, any ODBC-compliant SQL
40devicelock 7.0 Endpoint dlp suite
41Licensing
- Perpetual with 1st year upgrades and support
included - Annually paid upgrades and support for the 2nd
year and further on - DeviceLock complete contextual controls over
local devices/ports/channels - Basic and mandatory Suites component
- Can be purchased independently
- ContentLock (CL) content filtering
functionality - Optional add-on with DeviceLock (2-license pack
DLCL) - Upgrade from DeviceLock (CL license)
- NetworkLock (NL) network communications control
functionality - Optional add-on with DeviceLock (2-license pack
DLNL) - Upgrade from DeviceLock (NL license)
- DeviceLock Endpoint DLP
- DeviceLock ContentLock NetworkLock (3-license
pack) - Upgrade from DLNL or DLCL
- DeviceLock Search Server (DLSS)
- Optional add-on for any other Suite
configurations
42devicelock 7.0 Endpoint dlp suite
- Product Positioning Value for Partners
-
43Product Positioning Target Customers
- Best price/performance endpoint DLP solution
- with essential content filtering capabilities
that makes DLP technologies - practical for the mainstream corporate market,
and - affordable for organizations of any size and
budget including SMBs - Customers pragmatic organizations from the
mainstream corporate market including SMBs - Need a cost-effective, reliable, and scalable
endpoint DLP solution with the potential to grow
consistently with customer requirements - Would like to deploy an endpoint DLP solution
cost-effectively and safely, by gradually growing
its capabilities from necessary to enhanced
44Product Value for Partners (1)
- Partners can sell DeviceLock 7.0 Endpoint DLP as
a mainstream revenue-generating product - Product price/seat increased manifold vs earlier
versions - Aggregate margin/seat (in ) justifies dedicated
sales efforts - Product can generate significant Professional
Services revenue while being deployed and in
post-sales support phases - DeviceLock DLP policy becomes much more complex
and needs to be fine-tuned to comply with
organizations data protection policy, state
regulations, industry standards - DeviceLock Endpoint DLP targets all market
segments - SMB where DLP penetration is still minimal
- Enterprise segment competing as the best
price/performance endpoint DLP with
well-balanced overall functionality
45Product Value for Partners (2)
- Large customer/installed base lets go upsell
- DeviceLock product
- Trusted and widely used in ( sellable to)
- Financial, health-care, defense, military,
government verticals across the globe - Complementary to ( sellable with)
- Popular Anti-Virus solutions (ESET, Kaspersky,
Panda) - Network-based DLP solutions (Fidelis, Palisade)
- Easy to learn, deploy and support
46devicelock 7.0 Endpoint dlp suite
47DeviceLock Value for Customers (1)
- Best price/performance endpoint DLP solution
- with essential content filtering capabilities
that makes DLP technologies - practical and affordable for the mainstream
corporate market - Well-balanced set of endpoint DLP features
- Best-in-class context DLP controls with granular
and flexible policy - Essential content filtering functionality
effective, highly configurable, reliable - Control over all endpoint input/output channels
with protection for all data leakage scenarios - Comprehensive audit logging and data shadowing
with built-in full-text searching - Centrally managed removable media encryption at
no additional cost through integration with
BitLocker To Go
48DeviceLock Value for Customers (2)
- Scalable from small to largest organizations
- With central management natively integrated in
Microsoft Active Directory - Affordable for any organizations including SMBs
- Competitive price and flexible function-based
licensing - Cost-effective deployment of required DLP
functions - Incrementally turn on new capabilities as
requirements grow - Easy to learn, deploy, use and maintain
- Familiar Windows native MMC interface ADs
stylistics - Transparent for end users
- Time-proven, trusted and widely deployed in data
security sensitive organizations worldwide
49THANK YOU!