DIGITAL GUARDIAN 6. The Foundation of Enterprise Information Protection

Transcription

1 SUSTAINABLE PROGRAM Forensics Case Management, Chain of Custody, ediscovery, Tamper Proof Automated Controls Alert, Prompt, Block, Encrypt DIGITAL GUARDIAN 6 Data Classification Tagging, Context, Content, User, Persistence, Inheritance The Foundation of Enterprise Information Protection Risk Visibility & Discovery Location, Sensitivity, Usage, Threat IMPLEMENTATION COMPANIES SERIOUS ABOUT INFORMATION PROTECTION CHOOSE VERDASYS

2 The Enterprise Information Protection Challenge The most cost-effective data protection solution is to instrument the operating environment so that data does not move without that movement being observed by the instrumentation. The transition from data-atrest to data-in-motion always involves the operating environment, and does so in a way that is directly subject to instrumentation. Only when this type of mechanism is in place can enterprises realize and then focus on another enterprise artifact: human behavioral issues and their policies governing data handling. Dan Geer Global businesses today must adapt and grow in highly-competitive markets that rapidly evolve with changes in technological and economic conditions. These challenges have amplified the importance of facilitating the access to, and sharing of, knowledge. At the same time, IT Departments are being forced to reduce costs and enable greater productivity. This has led to a natural migration towards more mobile, virtual, and cloudbased user environments that require data to be accessed and shared outside traditional corporate infrastructure. Information security sits at the intersection of business and IT operations as the bulwark against threats to productivity and competitiveness. Security managers must implement data protection measures to support business strategies that frequently leverage the bleeding edge of IT technology. This often means building an information security program that enables: Secure operations in high-risk geographies Migration of IT infrastructure to virtual and cloud environments Employee use of personal laptops, tablets, and smart phones on the corporate network (i.e. consumerization ) Secure data storage and collaboration inside or outside the network Traditional drivers for data security like compliance and privacy laws are being reprioritized by a growing urgency to neutralize threats that can cause material harm to businesses if left unmanaged. Each new data loss incident at the hands of a privileged insider or targeted cyber attack further exposes the inadequacy of security technologies designed to check boxes for regulatory audits, but do little to protect data when it s most at risk. Assuring the compliant and secure uses of critical information at all times without impacting business processes requires a data-centric security model: Global visibility into data risk by user, location, content sensitivity, and activity Classification meta-tagging that permanently reside with a sensitive file or Centralized policy management for endpoint, mobile device, and network-level data monitoring and controls Risk-appropriate policy enforcement that drives end user accountability and productivity Actionable alerting and reporting that proactively prevents data loss incidents Contextual and user-attributable event forensics with integrated case management As business strategy becomes more dependent on the increased mobility and availability of sensitive information, traditional IT infrastructure becomes a less relevant waypoint to monitor and control data. Addressing today s risks requires more adaptable security solutions that offer predictable protection to data in the face of unpredictable threats.

3 The Verdasys Digital Guardian Platform Verdasys Digital Guardian is a proven data-centric solution for enterprise information protection (EIP) that continuously monitors and intelligently manages your critical data throughout its lifecycle. The Digital Guardian technology platform is used across millions of users in businesses and government agencies worldwide to provide unmatched data risk insight, control, and audit to support a wide range of business needs. DIGITAL GUARDIAN S CORE STRENGTHS: Continuously monitors, manages, and Operates independently of other network enforces sensitive data storage, access, and and system rights, allowing real time usage policies by user role and privilege detection and mitigation of high risk behavior by privileged users Assesses each data transaction in its complete risk context, and applies the Scalable architecture supports hundreds most appropriate control to support the of thousands of users as a standalone business need deployment or hosted managed service solution Offers a continuum of policy enforcement options that reinforce end user awareness and self-compliance Recognizes any sensitive data type without infrastructure dependencies whether the user is on or offline, and enforces policies equally in physical or virtual environments VERDASYS ENTERPRISE INFORMATION PROTECTION (EIP) Improves: Data containment Risk management Data governance Regulatory compliance Policy awareness & training Reduces: Collaboration risks Management complexity and costs Insider threats Cyber attack exposure Reporting Policy Definition Configuration Alert Management Data Usage and Alerts Content and Control Policies Virtualization Infrastructure (Citrix, VMware) BES or EAS Server Agent ediscovery Agent Desktop/Laptop Agents Server Agents Network Agents VDI Agents Mobile Users Remote Scanning File Shares SharePoint

4 The Foundation of Enterprise Information Protection Data Awareness Data Visibility & Risk Context User Awareness Event Awareness Destination Awareness Automated Controls Risk Awareness & Mitigation DIGITAL GUARDIAN DATA-CENTRIC PROCESS FILE SENSITIVITY Context Aware Application Location File Type Content Aware Regular Expression Similarity Keyword FILE TAGGING User-Defined Manual Files & Auditable Automated Context & Content Persistent Inheritable User Type Administrator Executive Legal Subject Expert Contractor Partner Unknown Privileges User ID System ID Group Role Environment Network IP Address Machine Time Files Move Copy/Paste Burn/Print Upload/IM Attach Copy/Paste Compose/Send Application Data View Delete Modify Export Servers File Share Database Devices Mobile/BYOD Portable Media Networks Private/Public Applications Internal/Cloud Virtual Printers Local/Network Recipients Authorized Unknown POLICY DRIVEN Alert/Notify Incidents Trends Prompt Warn/Educate Justify Block Encrypt Files/ Automatic Password Mask Need to know Continuous Logging, Auditing Summary, Inventory, Trending & Forensic Reporting Digital Guardian s data-centric approach combines data, identity, event, source and destination awareness with user-based and automated data tagging. When aggregated, this information yields complete usage context from which to enforce risk-appropriate policy controls in real-time. Controls can alert managers to risks; notify and train end users; automatically encrypt files and s; or block the transaction. Digital Guardian enforces policies at the point of use, so end users are instantly aware of policy violations and steps to remediate whether on or off the network. PLATFORM SUPPORT Enterprise-wide visibility to data risk Hosts: Laptops, Desktops, Servers Networks & Gateways Legacy & Enterprise Applications Mobile Devices Citrix, VMware, & Hyper-V Virtual Cloud Computing Win/Linux/MAC Blackberry Enterprise Server & Exchange ActiveSync VISIBILITY & CONTROL Automated and risk-based data controls Data Discovery & Classification Automated and User-based Data Tagging Data Loss Prevention Data Rights Management Identity-based Policy Enforcement Removable Media Encryption File & Encryption Data Obfuscation Event Forensics & File Capture BUSINESS COVERAGE Across a broad set of Business Use Cases IP & Trade Secrets Protection Insider Threat Monitoring & Prevention Secure Application Management Unstructured Data Management Secure Data Sharing ITAR/Export Control Compliance APT & Cyber Espionage Protection Data Privacy & Compliance Service Center Data Management Secure Outsourcing APT & Cyber Espionage Protection Application Data Management HIPAA, PCI, GLB, Dodd-Frank

5 Digital Guardian provides continuous risk awareness and policy enforcement to protect your sensitive data from any threat Trade Secret Digital Guardian s datacentric security model provides continuous insight into where and how information is at risk with extraordinary precision. Cloud File Share DG Encrypts File Privileged User Event Logs Removable Media Digital Guardian securely records data activity by user, application, classification, and system operation; these parameters can then define risk-specific policy enforcement. Digital Guardian forensics capture the full context of data events so policy violations can be properly identified, analyzed, and attributed during investigations.

6 DIGITAL GUARDIAN The Digital Guardian architecture is comprised of hardened endpoint and network agents managed by a common infrastructure to provide continuous risk analysis, forensics, and reporting out of the box. It provides advanced policy management driven by risk-based and data-centric controls that ensure sensitive information is protected from compromise by privileged end users or anonymous threats across any business process. HIGH PERFORMANCE NETWORK AGENTS Digital Guardian Network Agents detect and prevent data breaches across all network ports and protocols with no transaction latency. Using a unique Deep Session Inspection technology, Network Agents deconstruct, analyze, and control the entire network session by policy in near real time. The Network Agent architecture consists of specialized sensors that log and manage data use for internal, SMTP, ICAP-enabled proxy, or inbound/outbound traffic, and are managed through the Digital Guardian Server. MULTI-FUNCTIONAL ENDPOINT AGENTS Digital Guardian is the only EIP solution that can deliver autonomous monitoring and controls on laptops/workstations, servers, and in virtual environments without network dependencies: Continuously monitors and manages all system, network, application, and file operations by user and policy Discovers and applies classification meta-tags to data by automated rules or end user input Applies a wide range of interactive controls according to risk type, including warnings, justification, and block prompts Records continuous user and machine-attributable event forensics including memory scanning, chain-of-custody, and file capturing Applies identity-based data access controls including automated file, , and removable media encryption Withstands direct attempts to disable and can be made invisible on host machines DIGITAL GUARDIAN MANAGEMENT SERVER The Digital Guardian Management Server is an integrated, Webbased command center for the entire Digital Guardian Platform: Manages and monitors all Digital Guardian endpoint and network agents Captures, aggregates, and stores user and data-related activities with full forensic context Offers a wizard-based interface for flexible and granular data classification and policy rules creation Manages and distributes data security policies to Digital Guardian Agents for online or offline monitoring and enforcement Triggers policy-based alerts and notifications for real time incident response Includes an advanced analytics engine and dashboard for executive-level, forensic, and custom report creation Provides integrated case management with evidentiary-sound event logging and file capture Integrates activity logs with SIEM s and other event aggregators Supports in-house and managed service models Command Center Digital Guardian Management Server Policy Management Configuration & Deployment Alerting, Incident and Case Management Reporting, Analytics, SIEM Integration Multi-Function Agents Context-Based Data Monitoring, Classification and Control (Windows, Linux, Mac OSX) Desktop, Laptop & VDI Agents Server Agents Citrix & Terminal Server Agents EAS / BES Server Agent Network Agents Data Discovery Agent (eda) Add-On Modules Encryption Classification Threat Detection Investigation ECM Integration Legacy App Protection File Encryption Removable Media Encryption Encryption Content Inspection User-driven (Office, , Documents) Advanced Persisent Threat Key Logging, Content & Screen Capture SharePoint Documentation Webtop Application Logging & Masking

7 The Power of Enterprise Information Protection Digital Guardian s integrated management server, multi-functional agents, and specialized modules deliver a complete data protection and risk management platform unmatched by point IT security or network-centric DLP tools alone. With millions of agents protecting high-value data worldwide, Digital Guardian is the industry s premiere Enterprise Information Protection solution for virtually any business need: Agent support for the most enterprise operating systems including Windows, Mac OS, and Linux; ios and Android devices; and Citrix, Hyper-V, and VMware VDI environments Integrated network DLP that can analyze and manage entire network sessions across all ports and protocols at multi-gigabit speeds. Continuous user-attributable activity logging, risk/compliance analysis, and usage trending online, offline, or in a virtual environment. Persistent and inheritable data tagging that requires no fingerprinting or network analysis to classify files by content, transaction context, or user input. Integrated and automated policy-based encryption for files, removable media, , and network shares Automated and flexible policy controls to educate, justify, encrypt, or block data transactions based on their acceptable business risk. Integrated case management with policybased investigative tools including event, keylogging, screen & file capture. Digital Guardian forensic information is preserved with evidentiary-soundness, and have been successfully used to prove intent and chainof-custody in multiple data theft cases in U.S. and E.U. jurisdictions. A powerful and customizable reporting engine that analyzes data locations and movements, policy alerts, usage trending, compliance, and anomaly detection on endpoints and the network at user, group, and enterprise scales. Verdasys Digital Guardian s EIP platform provides precise visibility and management of data risks by user and policy. Digital Guardian Agents are deployed across physical hosts, virtual environments, and the network to continuously record data events in a complete forensic context for realtime alerting, reporting, and incident response at any resolution.

8 ABOUT VERDASYS Verdasys provides Enterprise Information Protection (EIP) solutions that secure proprietary and sensitive data and the integrity of business processes essential for Global 2000 companies to successfully compete in today s highly collaborative and mobile environments. Digital Guardian, recognized as a Leader in Gartner s 2011 Magic Quadrant for Content-Aware Data Loss Prevention, is a proven technology platform that provides complete policy-based data lifecycle monitoring, classification, forensics, and control on endpoints and servers; virtual machines & enterprise applications; mobile devices; and cloud environments. Digital Guardian is offered as an in-house or managed service solution to protect IP and regulated data from compromise by privileged insiders, strategic partners, and targeted cyber attacks. Since 2003, millions of Digital Guardian agents have been deployed to protect critical data for global leaders in financial services, insurance, technology, manufacturing, and healthcare industries. Companies serious about information protection choose Verdasys. Corporate Headquarters 404 Wyman Street Waltham, MA USA info@verdasys.com Verdasys, Inc. All Rights Reserved. Verdasys, the Verdasys logo, Digital Guardian, and the Digital Guardian logo are trademarks of Verdasys, Inc. All other logos are the property of their respective owners. The content of this document is subject to change without notice. V