Slide 1

2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Check Point DLP Technical Presentation

Slide 2

2 22010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Check Point DLP Makes data loss prevention work Agenda 1 DLP and its Key Challenges 2 Introducing Check Point DLP 3 How Does Check Point DLP Work? 4 Summary

Slide 3

3 32010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Data Loss Prevention Prevent Loss of Sensitive Data Consequences of Data Loss Bad media and brand damage Company secrets and intellectual property Financial data, forward-looking earnings Confidential customer data Regulatory penalties Liability and lawsuits Why Data Loss Prevention?

Slide 4

4 42010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Data Breaches John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 E-mail sent to the wrong recipient, intentionally or by mistake. Data Breaches Have Happened to All of Us Company document uploaded to an external website. 80 to 90% of Data Breaches are Unintentional

Slide 5

5 52010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals DLP Challenges DLP Has Not Yet Been Solved Technology Challenge Computers can not reliably understand human content and context IT Staff Challenge Burden of incident handling Exposure to sensitive data

Slide 6

6 62010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals John.Stevens@yahoo.com Corporate Strategy John, Lets review the corporate strategy in our morning meeting. Green World Strategy Plan 2010 John John.Stevens@yahoo.com Confidential data sent to the wrong recipient! Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send, Discard, or Review Issue User prompted to take action User remediates Check Point Makes DLP Work Introducing Check Point Data Loss Prevention

Slide 7

7 72010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals John, Lets review the corporate strategy in our morning meeting. Green World Strategy Plan 2010 John.Stevens@yahoo.com Corporate Strategy Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send, Discard, or Review Issue Introducing Check Point Data Loss Prevention Educate Users on corporate data policies Educate Users on corporate data policies Enforce Data loss business processes Enforce Data loss business processes Prevent Move from detection to prevention Prevent Move from detection to prevention Check Point Combines Technology and Processes to Make DLP Work NEW!

Slide 8

8 82010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Introducing Check Point DLP At-A-Glance Features Scaling from hundreds to thousands of users Supporting HTTP, SMTP and FTP protocols Inline network-based Software Blade running on any existing Check Point gateway Alert notification using either a thin agent, an email to the user or web browser popup Proactively block intentional and unintentional data loss

Slide 9

9 92010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals MultiSpect Detection Engine UserCheck Ease of Deployment How Does Check Point DLP Work?

Slide 10

10 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send, Discard, or Review Issue 2. User alert 1. Mail sent or document uploaded by HTTP or FTP 3. User remediation UserCheck Non-disruptive Real-time Educational UserCheck Provides User Remediation by Alerting User

Slide 11

11 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals UserCheck Scenarios Block Web upload of proprietary information Ask user to confirm and remediate potential breach Filter communications of confidential information based on policy exception Scenario 1: Prevent Scenario 3: Alert, Ask and Educate Scenario 3: Alert, Ask and Educate Scenario 2: Enforce Scenario 2: Enforce

Slide 12

12 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | UserCheck Scenario1 http://mywebuploads.com Jenn@gmail.com jsimmons@dlpdemo.com Code subroutine to work on from home Software Developer Developer uploads source code to file share to work on from home Rights to files posted to web file shares transfer to host site Check Point DLP blocks upload and notifies user UserCheck Preemptively Prevents Data Breaches src.c src2.c src3.c src4.c src5.c src.c c:\src.c http://mywebuploads.com

Slide 13

13 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Corporate VP sends M&A contract to attorney UserCheck Scenario 2 2.UserCheck Allows Filtering Based on Corporate Data Policies Corporate Development VP jcraicg@mylawyer.com M&A letter of intent for review ProjectAtlantisLoI.pdf Hi James, We have revised the terms of the acquisition. Attached is the Letter of Intent for your review. Thanks, David Alert notifies user of data policy

Slide 14

14 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | UserCheck Scenario 3 UserCheck Alerts, Asks and Educates Users Chief Financial Officer Greg.Smith@ernstyoung.com Preliminary Financial Statement Preliminary_financials.pdf Greg, Sending you the Q1 preliminary financials for audit. Thanks, Matt Gerhart Chief Financial Officer ACME Corp. mattg@acmecorp.com Company CFO sends preliminary financial statement to external auditor Check Point Data Loss Prevention Reconsider sending this email (Prelimi Fri 4/2/2010 3:45 PM Rachel Greene PCI Audit Status Fri 4/2/2010 1:23 PM Tom Peters Sales Planning Meeting Thu 3/2/2010 9:45 AM mattg@dlpdemo.com Reconsider sending this email (Preli Preliminary Financial Statement The attached message, sent by you, is addressed to an external email address. The Check Point Data Loss Prevention System determined that it may contain confidential information. Emails attachment Preliminary_financials.pdf appears to contain financial records. The message is being held until further action. Send, Discard, or Review Issue Preliminary Financial Statement mattg@acmecorp.com Hi, This information is OK to send to our outside auditor. Thanks, Matt User provides an explanation of his request to send User receives an email alert asking owner of sensitive data to confirm communication

Slide 15

15 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | UserCheck Scenario 3 UserCheck Alerts, Asks and Educates Users Chief Financial Officer Greg.Smith@ernstyoung.com Preliminary Financial Statement Preliminary_financials.pdf Greg, Sending you the Q1 preliminary financials for audit. Thanks, Matt Gerhart Chief Financial Officer ACME Corp. mattg@acmecorp.com Company CFO sends preliminary financial statement to external auditor Check Point Data Loss Prevention Reconsider sending this email (Prelimi Fri 4/2/2010 3:45 PM Rachel Greene PCI Audit Status Fri 4/2/2010 1:23 PM Tom Peters Sales Planning Meeting Thu 3/2/2010 9:45 AM mattg@dlpdemo.com Reconsider sending this email (Preli Preliminary Financial Statement The attached message, sent by you, is addressed to an external email address. The Check Point Data Loss Prevention System determined that it may contain confidential information. Emails attachment Preliminary_financials.pdf appears to contain financial records. The message is being held until further action. Send, Discard, or Review Issue Preliminary Financial Statement mattg@acmecorp.com Hi, This information is OK to send to our outside auditor. Thanks, Matt User provides an explanation of his request to send User receives an email alert asking owner of sensitive data to confirm communication

Slide 16

16 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Employee sends file attachment to personal email to work from home UserCheckHow it Works Company confidential spreadsheet containing customer data Check Point DLP

Slide 17

17 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Check Point DLP SMTP Envelope Sender: employee2@company.com employee2@company.com Recipients: me@gmail.com me@gmail.com Subject: Some homework Body: Doc to work on Message intercepted by Check Point DLP Message decomposed into its constituent parts by DLP engine Check Point DLP UserCheckHow it Works

Slide 18

18 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | SMTP Envelope Sender: employee2@company.com employee2@company.com Recipients: me@gmail.com me@gmail.com Subject: Some homework Body: Doc to work on Apply DLP Policy per message part Check Point DLP UserCheckHow it Works

Slide 19

19 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Sensitive file detected Check Point DLP UserCheckHow it Works User alerted policy enforced

Slide 20

20 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | MultiSpect Detection Engine UserCheck Ease of Deployment How Does Check Point DLP Work?

Slide 21

21 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Item No. NameSocial Security Number Job TitleGross Pay 1John Smith987-65-4320CEO$200,000 2Kevin Brian987-65-4221VP R&D$150,000 3Margret White 769-65-7522VP Marketing $153,000 4Bob Johns342-62-3323CFO$140,000 5Mike Riddle777-43-4324COO$180,000 Correlates data from multiple sources using open language New MultiSpect Technology MultiSpect Detection Engine Detects more than 600 file formats 600+ File Formats 250+ Data Types Over 250 pre-defined content data types Detect and recognize proprietary forms and templates

Slide 22

22 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals MultiSpect: Self-Learning Technology Self-Learning Technology Improves Accuracy User alerted User remediated Doc Sent 1. First occurrence System has learned Doc Sent No further action 2. Additional occurrences No Burden on User!

Slide 23

23 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Open Scripting Language Example: Use Open scripting language to create Australian Business Number data type Upload the script to DLP engine using Data Type wizard Create completely new data types Enhance existing data types Unmatched flexibility in customizing DLP Create completely new data types Enhance existing data types Unmatched flexibility in customizing DLP MultiSpect

Slide 24

24 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals MultiSpect Detection Engine UserCheck Ease of Deployment How Does Check Point DLP Work?

Slide 25

25 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals For Unified Control Across the Entire Security Infrastructure Centralized Management Quick scan of Data Loss Prevention incidents Ratio of incidents to data inspected Enforcing gateways data Quick links to priority data and actions to perform

Slide 26

26 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Controlling Your DLP Policy Enable rules and apply policy Install policy DLP policy rule base Compliance rules for PCI and HIPAA DLP Policy Created and Enabled

Slide 27

27 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Changing Policy Actions Action on rule now changed Quickly change action to be taken for a rule

Slide 28

28 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Exhaustive Out-of-the-Box Data Types Search results displayed immediately Easily find the data types you need With Powerful Search Functionality

Slide 29

29 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Managing Incidents with SmartEvent for DLP DLP Event Management Incident Details: Look up the user name and machine info

Slide 30

30 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals DLP Event Management Timeline Severity Map Powerful Tools to Manage DLP Incidents

Slide 31

31 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Bypass option Bridge mode (L2) support Bypass option Bridge mode (L2) support Dedicated Appliance Integrated into Gateway Manageability Lower TCO Lower carbon footprint Integrated into Gateway Manageability Lower TCO Lower carbon footprint Software Blade DLP Deployment DLP Solution Options

Slide 32

32 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals DLP-1 Appliance Specifications DLP-1 2571DLP-1 9571 Performance Number of Users 1,0005,000 Messages/Hour 70K350K Throughput 700 Mbps2.5 Gbps Specifications Storage 500 GB2 x 1 TB ( RAID 1 ) NICs 6 Copper 1GbE10 Copper 1GbE Optional Bypass Card 4 ports - 2 segments (pre-packaged appliance) 4 ports - 2 segments ( orderable as accessory) Price Price Year 1 Without bypass card - $14,990 With bypass card- $15,990 Without bypass card - $49,990 With bypass card - $54,985 Annual price Year 2+$7,000$12,000

Slide 33

33 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Check Point DLP Software Blade CPSB-DLP-500CPSB-DLP-1500CPSB-DLP-U Recommended Users (depending on configuration)* Up to 5005001,5001,500+ Messages/Hour 5,00015,00015,00050,000 50,000 250,000 Max Throughput 700 Mbps1.5 Gbps2.5 Gbps Annual Price $3,000$7,000$12,000

Slide 34

34 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Competitive pricing after 3 years 1000 users Year 1: DLP-1 2571 Year 2,3: 2x DLP blade Year 1: DLP-1 2571 Year 2,3: 2x DLP blade

Slide 35

35 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Competitive pricing after 3 years 5000 users Year 1: DLP-1 9571 Year 2,3: 2x DLP blade Year 1: DLP-1 9571 Year 2,3: 2x DLP blade

Slide 36

36 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals DLP-1 9571 AppliancesAccessories ModelPrice Field Replaceable 4-Port, Copper, Bypass Card (for DLP-1 9571, PWR-1 907x, IPS-1) $4,995 Check Point Replacement parts Kit including one Hard-Drive, one Power Supply, and one Fan (for DLP-1 9571) $3,900 Check Point Lights-Out-Management card (for DLP-1 9571, PWR-1 907x, IPS-1) $2,500

Slide 37

37 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Flexible Deployment Options Internet Mail Server Check Point Security Gateway Check Point DLP Software Blade Security Management and Logs AD/LDAP server Integrated Software Blade L2 bridge mode with fail-open option L3 routing Deployment Modes WWW Behind perimeter gateway L2 Dedicated Deployment Options Behind perimeter gateway Protect outgoing mail traffic Behind perimeter gateway Protect outgoing mail traffic Directly protect user subnet

Slide 38

38 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Activating DLP: Quickly set up DLP DLP Deployment Under Gateway General Properties, check Data Loss Prevention This starts the DLP Blade Wizard Under Gateway General Properties, check Data Loss Prevention This starts the DLP Blade Wizard Specify the FQDN which will be used for the DLP portal Configure a mail server for notification emails Basic DLP setup completed DLP Blade Wizard quickly gets DLP up and running

Slide 39

39 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Differentiate Check Point DLP Network Security Vendors Standalone DLP Vendors Enterprise DLP Vendors Check Point DLP Network-based DLP Data Classification Multi-Parameter Data Type Correlation In-line Prevention User Self-remediation Integrated into Security Gateway Data-type Customization User Education on Sensitive Data Ease of Administration Comprehensive Deployment Options

Slide 40

40 2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Summary Prevent Data Breaches Move from detection to prevention Enforce Data Policies Across the entire network Educate and Alert Users Without involving IT staff Check Point combines technology and processes to make DLP work

Slide 41

2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Thank You!