DeviceLock 7.0 Endpoint DLP Full Introduction for Partners

1
DeviceLock 7.0 Endpoint DLP Full Introduction
for Partners
2
Agenda

• Company Brief
• The Data Leakage Problem
• DeviceLock Solution
• Content Filtering
• Network Communications Control
• DeviceLock 7.0 The Basic Component
• Pre-7.0 Fundamentals
• New Capabilities
• Licensing
• Product Positioning Value for Partners
• Messaging for Customers

3
devicelock, Inc.

• Company Brief

4
Company Facts

• DeviceLock, Inc. established as SmartLine in 1996
• Develops and markets DeviceLock software
• Endpoint device control and data leak prevention
  solution
• Leader of Device/Port Control niche
• 60,000 corporate customers worldwide
• 4M computers protected by DeviceLock
• Offices in Russia (HQs, RD), USA, UK, Germany,
  Italy
• About 60 full-time employees including 30 in RD
• Privately owned, self-funded, dynamically growing

5
DeviceLock Customers

• Historically, due to higher data security
  concerns, most customers came from Financial,
  Government, Defense, Defense Contractor, Health
  Care, Bio-Tech, High-Tech Manufacturing,
  Education, and Gambling Resorts Casinos
  verticals
• Recently, various organizations regardless of
  vertical industry, size, network topology,
  geography
• One of the worlds largest mutual fund groups (in
  US), City of London Police, SAIC, Societe
  Generale, BAE Systems, Central Bank of Russia,
  Lukoil, Savings Bank of Russia, VTB24 Bank,
• See case studies at DeviceLock web-site
• Major production installation 70,000 seats (in
  US)

6
devicelock 7.0 endpoint dlp suite

• The Data Leakage Problem

7
Costs of Data Breaches Are Rising

• Average total cost of a data breach for a U.S.
  organization has reached more than 6.7M

• Average per-record cost of a data breach in the
  U.S. raised up to 204

Source 2009 Annual Study U.S. Cost of a Data
Breach, Ponemon Institute, January 2010
8
Cost of a Data Breach Global Statistics

• On a global scale, the average total cost of a
  data breach is estimated as 3.43M

• Global average per-record cost of a data breach
  is 142

Source 2009 Annual Study Global Cost of a Data
Breach, Ponemon Institute, April 2010
9
SMBs Hit by Data Breaches

• Symantec 2010 SMB Information Protection Survey
  (June 2010)
• 2,152 respondents from 28 countries
• 42 have lost proprietary or confidential
  information in the past
• Data loss is the highest risk for SMB
  organizations
• Average annual cost of cyber attacks for an SMB
  is 188,242

Source Symantec 2010 SMB Information Protection
Survey Global June 2010
10
More Stringent Data Protection Laws

• Forty six states in the US have already enacted
  data breach notification laws
• In the UK, since of April 2010 the Information
  Commissioners Office can fine organizations up
  to 500,000 as a penalty for breaches of the Data
  Protection Act
• In EU, data breach notifications will become
  obligatory for a wide range of businesses
• In January 2010, European Commission announced
  the start of data protection law improvement
  process

11
Local Leaks Prevail

• Most methods leaving employees used for taking
  away corporate data relate to local ports and
  peripheral devices of endpoint computers
• Number of local leak cases far outweighs other
  ways of stealing data

Source Data Loss Risks During Downsizing,
Ponemon Institute, February 2009
12
Endpoint Data Leak Mechanics
Corporate Network
13
Are All Data Channels Really Dangerous?
Corporate Network
14
devicelock 7.0 endpoint dlp suite

• DeviceLock Solution

15
What is DeviceLock 7.0 Endpoint DLP Suite

• Content-Aware Endpoint DLP platform
• Modular architecture of complementary functional
  components licensed separately
• DeviceLock complete device/port control
  central management and administration
• NetworkLock in-depth network communications
  control
• ContentLock essential content monitoring and
  filtering
• DeviceLock Search Server full-text searching in
  shadow and event logs

• For organizations of any size and budget
• Best fit to current security requirements and
  incremental functionality growth

16
Agent 7.0 DLP Functional Profile
Unified DLP Policy (Logical Mix of Content
Filtering and Context Controls)
Advanced RegExp for Data Shadowing only
Advanced RegExp for Data Shadowing only
Content Filtering
Advanced RegExp
Advanced RegExp
Removable Storage / PnP
Printing Channel
Local Syncs
Network Channel
Data Type Filtering
PCL PostScript Formats
Sync Protocol Object Types
File Types
File Data Types
DLP Control Layers
Channel-Specific Device, Protocol, Application
Control
Printer Types / Print Spooler
Smartphone Types / Local Sync Apps
Device Types/Classes
Network Protocols Applications
Port/Interface Control
Local Ports
Local Ports
Local Ports
Local Ports Used by IP Networking
Endpoint Data Leakage Channels
Confidential
17
devicelock 7.0 endpoint dlp suite

• Content Filtering

18
Content Filtering Where and What

• Controlled data channels
• Removable media (ContentLock)
• Other PnP storage devices (ContentLock)
• Network channel (ContentLock NetworkLock)
• Data and file format agnostic textual content
  extraction
• 80 file formats
• Emails (messages and attachments)
• Webmails and web-forms
• Instant messages
• Social network exchanges
• Telnet data

19
Content Filtering How

• Advanced Regular Expression patterns with
  numerical conditions
• Boolean combination of matching criteria
• (regexp("\b(?ltpatientgt\w)\s(\kltpatientgt)\b") gt
  10 OR (regexp()gtN) AND
• Pre-built RegExp templates for commonly used
  sensitive data types
• SSN, credit card, bank account, address,
  passport, drivers license, etc.
• Industry-specific keyword dictionaries
• White List based policy
• Allow/Block/Log/Shadow actions
• Identity-based content filtering

20
Content-Aware Data Shadowing

• For all endpoint data channels
• Removable and PnP storage devices
• Network communications
• Local synchronizations with smartphones
• Document printing
• Clipboard copy/paste operations
• Content-filtered
• All 80 supported file formats and data objects
• PCL and Postscript printouts
• Tremendously reduces
• Storage space requirements and
• Network bandwidth consumption

21
devicelock 7.0 endpoint dlp suite

• Network Communications Control

22
Network Communications Control

• Functions
• Port-independent application/protocol detection
  and filtering
• Message/session reconstruction with
  file/data/parameter extraction
• Content filtering (NetworkLock ContentLock)
• Event/audit logging data shadowing
• Network-related parameters controlled
• IP address, range, subnet, masking
• Network ports, ranges, more/less than criteria
• Protocols and network application types
• Identity-based parameters controlled
• User IDs and groups, email and IP addresses,
  Instant Messaging ID, URI/URL, etc.

23
Network Traffic Content Filtering

• NetworkLock ContentLock
• Plain and SSL-tunneled SMTP emails
• Messages and attachments separately
• HTTP/HTTPS-based web access, popular webmail
  social networking applications
• Gmail, Yahoo! Mail, Windows Live Mail
• Facebook, Twitter, LiveJournal, LinkedIn,
  MySpace, Odnoklassniki, Vkontakte
• Instant Messaging
• ICQ/AOL, MSN Messenger, Jabber, IRC, Yahoo
  Messenger, Mail.ru Agent
• File transfer via FTP and FTP-SSL
• Telnet sessions

24
devicelock 7.0 endpoint dlp suite

• DeviceLock 7.0 The Basic Component

25
Comprehensive Port/Device Control

• Lightweight software solution for device/port
  access control
• Enforcement agents run on endpoint computers
• Transparently for end users and applications
• Protection against local data leaks and malware
  infiltration resulting from insider threats
• Scalable central management
• Native integration with Microsoft Active
  Directory
• Multiple options of central management consoles
• DeviceLock 7.0 can be used separately or as a
  platform for other Suites components

26
devicelock 7.0

• New Capabilities

27
Integration with BitLocker To Go

• DeviceLock controls user access to BL2G-protected
  drives on Windows 7 powered endpoints
• Integrated solution is a functional analog of a
  built-in Removable Media Encryption for
  DeviceLock
• Windows native encryption
• DeviceLock and BL2G are centrally natively
  managed from the same Active Directory platform
• DeviceLock heals BL2G limitations
• User/Group/Time-based Encrypted permissions
  make BL2Gs per-computer enforcement far more
  granular and flexible
• Read, Read/Format, Read/Write/Format Encrypted
  operations instead of BL2Gs full access only
  option
• DeviceLock reinforces BL2G security
• Being logically chained with BL2Gs enforcement,
  DeviceLock prevents unauthorized data copying to
  unencrypted removable drives when local sysadmins
  turn BL2G off

28
Clipboard Operations Control

• Clipboard copy/paste operations
• Prevents unauthorized data transfers between
  applications
• Controlled data types
• Text
• Images
• Audio (e.g. audio recordings captured by Windows
  Sound Recorder)
• File types (4K)
• Screenshots (PrintScreen 3rd party screenshot
  applications)
• Unidentified

29
Improved Context Controls

• Incoming data shadowing
• Shadowing of data copied/transmitted to the
  computer
• New parameters controlled for file operations
• File size, date of modification, process
  initiated the operation
• Text-in-picture detection control
• In intercepted graphical files and pictures
  embedded in documents (e.g. MS Office)
• Block, shadow-copy, and log the file
  transfer/storage/access operation

30
devicelock 7.0

• Pre-7.0 Fundamentals

31
Security Functions

• Highly-granular control over end user access to
  local ports, peripheral devices, and data
  input/output channels on endpoint computers
• Detailed event logging and data shadowing
• Event Log automatic collection, centralized
  storage and auditing support
• Data Shadowing hidden copying, centralized
  collection, storage, searching and reviewing of
  data uploaded through local ports interfaces
• Central database Microsoft SQL or any
  ODBC-compliant
• Built-in full-text search server, Audit Log and
  Shadow Log Viewers
• Integration with 3rd party removable device
  encryption solutions
• Software PGP WDE, DriveCrypt from SecurStar,
  TrueCrypt, SafeDisk,
• USB drives with hardware encryption BlockMaster
  (SafeStick 4.0), Lexar, IronKey
• Blocking USB and PS/2 hardware keyloggers
• Tamper-proof operations
• No chance to disable or remove DeviceLock agent
  for end users and local system administrators

32
Access Log Policy Granularity (1)

• Who
• User, user group, Windows system user
  types/groups, Group Objects from Microsoft Active
  Directory
• Where From Where To
• Any type of standard Windows local
  ports/interfaces and peripherals
• USB devices by type/vendor/model, unique device
• Windows Mobile, iPhone/iPad/iPod,
  BlackBerry, Palm devices
• Printers (local, network, virtual)
• Encrypted removable storage
• Computers, computer groups, computers in
  organizational unit
• Computers inside or outside of corporate network

33
Access Log Policy Granularity (2)

• When
• Time date intervals, weekly schedule
• Per user request (Temporary White List)
• What
• Input/output and device control operations
• Operations with generic and encrypted storage
• Data channels (removable storage, printing
  spooler, local synchronizations with smartphones
  and PDAs)
• Data flow directions
• Data types (file types, data objects of local
  sync protocols)
• Specific media content (CDs/DVDs)
• All the above in a flexible mix

34
True File Type Control

• File transfer operation control based on its true
  type
• For any File System operations with peripheral
  devices
• NOT limited to Windows Explorer operations
• Binary signature-based file type detection
  algorithm
• Based on data type analysis of the entire file
  content
• NOT vulnerable to encapsulation concealment
  techniques
• 4,000 formats supported out-of-the-box
• Extensible architecture for adding new file types
• File type-based data shadowing policy
• Increased control flexibility
• Reduced memory consumption

35
Local Sync Control

• Patent-pending access and data type control for
  locally connected mobile devices
• Windows Mobile, Palm OS, iPhone/iPod/iPad,
  BlackBerry
• Local Sync protocol filtering
• Microsoft ActiveSync, Windows Mobile Device
  Center, HotSync, iTunes
• Control granularity protocol object types
• Files, emails, contacts, tasks, notes, calendars,
  Web bookmarks, email accounts, media types
  (music, photos, podcasts, movies,)
• Data flow direction control (read, write)
• Time-based permissions
• Device presence detection and white-listing
• Regardless of connection interface
• Device vendor/model/unique ID (for USB
  connections)
• Detailed centralized event logging and data
  shadowing

36
DeviceLock Printing Security

• Printing channel control technology
• Print Spooler operations intercepted filtered
• User access control to local, network, and
  virtual printers
• Printer connections detected regardless of the
  connection interface
• USB control granularity vendor ID, model ID,
  unique printer
• Time-based permissions
• Centralized event logging and data shadowing
• Built-in printout viewer
• Full-text search in PCL and PostScript printouts

37
Event Logging Data Shadowing

• Centralized automatic log and shadow data
  collection
• Scalable multi-server architecture for load
  sharing
• Agent-based server connection quality detection
  algorithm
• Traffic shaping data compression for
  event/shadow log delivery to central server
• Central data storage in MS SQL database
• Full-text search server in Data Shadowing / Audit
  Log Database
• Facilitates compliance auditing, incident
  investigations, forensic analysis
• 80 file formats and PCL/PostScript printouts
• Built-in tools for Audit and Shadow Log viewing,
  filtering, and graphical report generation

38
Management Administration

• Management consoles with same look-n-feel GUI to
  fit any size customer
• DeviceLock Group Policy Manager
• Native full integration with GPO Editor in
  Microsoft Active Directory
• MMC snap-in for Group Policy Editor
• Full life-cycle management for DeviceLock agents
  from Microsoft AD domain
• DeviceLock Enterprise Manager
• Separate management server
• Full support of non-AD customers
• DeviceLock Management Console (MMC snap-in)
• Per-computer remote management for small
  organizations
• Real-time agent status and policy consistency
  monitoring/repair
• Agent installation, upgrade and removal in
  unattended centralized, interactive or local mode
  without system reboot
• Network-awareness with automatic policy mode
  switching

39
Operating Platforms

• DeviceLock Agents, Management Consoles,
  Enterprise Server, Enterprise Manager
• Windows NT/2000
• Windows XP/2003/Vista/2008 (32/64-bit)
• Windows 7 (32/64-bit)
• Directory integration
• Microsoft AD (native), Novel eDirectory, any LDAP
• Databases (optional)
• Microsoft SQL, MSDE, any ODBC-compliant SQL

40
devicelock 7.0 Endpoint dlp suite

• Licensing

41
Licensing

• Perpetual with 1st year upgrades and support
  included
• Annually paid upgrades and support for the 2nd
  year and further on
• DeviceLock complete contextual controls over
  local devices/ports/channels
• Basic and mandatory Suites component
• Can be purchased independently
• ContentLock (CL) content filtering
  functionality
• Optional add-on with DeviceLock (2-license pack
  DLCL)
• Upgrade from DeviceLock (CL license)
• NetworkLock (NL) network communications control
  functionality
• Optional add-on with DeviceLock (2-license pack
  DLNL)
• Upgrade from DeviceLock (NL license)
• DeviceLock Endpoint DLP
• DeviceLock ContentLock NetworkLock (3-license
  pack)
• Upgrade from DLNL or DLCL
• DeviceLock Search Server (DLSS)
• Optional add-on for any other Suite
  configurations

42
devicelock 7.0 Endpoint dlp suite

• Product Positioning Value for Partners

43
Product Positioning Target Customers

• Best price/performance endpoint DLP solution
• with essential content filtering capabilities
  that makes DLP technologies
• practical for the mainstream corporate market,
  and
• affordable for organizations of any size and
  budget including SMBs
• Customers pragmatic organizations from the
  mainstream corporate market including SMBs
• Need a cost-effective, reliable, and scalable
  endpoint DLP solution with the potential to grow
  consistently with customer requirements
• Would like to deploy an endpoint DLP solution
  cost-effectively and safely, by gradually growing
  its capabilities from necessary to enhanced

44
Product Value for Partners (1)

• Partners can sell DeviceLock 7.0 Endpoint DLP as
  a mainstream revenue-generating product
• Product price/seat increased manifold vs earlier
  versions
• Aggregate margin/seat (in ) justifies dedicated
  sales efforts
• Product can generate significant Professional
  Services revenue while being deployed and in
  post-sales support phases
• DeviceLock DLP policy becomes much more complex
  and needs to be fine-tuned to comply with
  organizations data protection policy, state
  regulations, industry standards
• DeviceLock Endpoint DLP targets all market
  segments
• SMB where DLP penetration is still minimal
• Enterprise segment competing as the best
  price/performance endpoint DLP with
  well-balanced overall functionality

45
Product Value for Partners (2)

• Large customer/installed base lets go upsell
• DeviceLock product
• Trusted and widely used in ( sellable to)
• Financial, health-care, defense, military,
  government verticals across the globe
• Complementary to ( sellable with)
• Popular Anti-Virus solutions (ESET, Kaspersky,
  Panda)
• Network-based DLP solutions (Fidelis, Palisade)
• Easy to learn, deploy and support

46
devicelock 7.0 Endpoint dlp suite

• Messaging for Customers

47
DeviceLock Value for Customers (1)

• Best price/performance endpoint DLP solution
• with essential content filtering capabilities
  that makes DLP technologies
• practical and affordable for the mainstream
  corporate market
• Well-balanced set of endpoint DLP features
• Best-in-class context DLP controls with granular
  and flexible policy
• Essential content filtering functionality
  effective, highly configurable, reliable
• Control over all endpoint input/output channels
  with protection for all data leakage scenarios
• Comprehensive audit logging and data shadowing
  with built-in full-text searching
• Centrally managed removable media encryption at
  no additional cost through integration with
  BitLocker To Go

48
DeviceLock Value for Customers (2)

• Scalable from small to largest organizations
• With central management natively integrated in
  Microsoft Active Directory
• Affordable for any organizations including SMBs
• Competitive price and flexible function-based
  licensing
• Cost-effective deployment of required DLP
  functions
• Incrementally turn on new capabilities as
  requirements grow
• Easy to learn, deploy, use and maintain
• Familiar Windows native MMC interface ADs
  stylistics
• Transparent for end users
• Time-proven, trusted and widely deployed in data
  security sensitive organizations worldwide

49
THANK YOU!