gtb dlp suite presentation
TRANSCRIPT
Enterprise Data Loss Prevention Content-Aware Reverse Firewall
Apple, Inc. 60,000 users
American Greetings 8,000 users
Bureau of Indian Affairs (US
Government DOI) 7,500 users
Citgo Oil Company 4,500 users
ESL Federal Credit Union 1,200 users
SAFE Credit Union 750 users
San Mateo Credit Union 650 users
Sample Customers
GTB DLP Suite-Confidential Slide 2
What the analysts say:
Copyright 2010 GTB DLP Suite-Confidential Slide 3
GTB Patent Pending
Copyright 2010 GTB DLP Suite-Confidential Slide 4
1. DLP and DLD for inspecting all outbound content and
comparing it to stored data
2. DLP and DLD for inspecting all outbound content using
search index of confidential data
3. DLP and DLD for inspecting all outbound content
using multiple fingerprints of confidential data
GTB Inspector Reverse Firewall
• Scans all outbound traffic
• Highest accuracy
• Able to block without a proxy server
• File format agnostic
GTB Endpoint DLP
Device Control
• Discovers devices
• Protects devices
• Audits devices
• Controls devices
• Content-Aware
eDiscovery
Search & Classification
• Scan Desktops
• Scans file shares
• Reports on vulnerable files
• Enforces IRM
• Automatic batch
• Monitors shares and PC’s
The GTB DLP Components
Cloud Enabled – Any VM
Centralized policy, reporting and workflow
Supports all languages
Copyright 2010 GTB DLP Suite-Confidential Slide 5
In the Development Pipeline
Copyright 2010 GTB DLP Suite-Confidential Slide 6
• Protection for sites such as: https://use.cloudshare.com
• Mobile devices DLP
• Network traffic analysis/protection
• Network Recorder
• Detection of additional encrypted content and protocols
• IPv6 support
• IDS/IPS + Virus, SPAM and Malware protection
2. Who is sending my data?
• Insiders
• Intruders
• Spyware/Viruses
3. What data is being sent?
• PII
• PHI
• Source Code
• IP
4. Who is receiving my data?
• IP address
• Email destination
• Geographic location
1. Where is my data?
• Desktops
• Laptops
• File shares
• SharePoint
DLP answers 4 questions:
Copyright 2010 Slide 7 GTB DLP Suite-Confidential
1. Control a broken business process
•Who is sending, what data and to whom?
2. Demonstrate Compliance
•I have no way of enforcing data loss compliance regulation
3. Automate Email Encryption
•How do I automate encrypting emails which require it?
5. Severity Blocking
•Some breaches are so severe that I prefer to altogether block them!
6. Visibility to SSL
•I have no visibility to SSL in general and HTTPS in particular!
7. Detect/Block TCP from non-trusted users
•How do I detect transmissions from non-trusted users (Malware/Viruses/Trojans)
The 8 use-cases for Network DLP
Copyright 2010 Slide 8
4. Detect or Block encrypted content
•Should I allow encrypted data to leave without content inspection?
•My employees are not complying with the Written Information Security Policy (WISP)
8. Employees’ Education
GTB DLP Suite-Confidential
What data must be protected?
Personal identifiable information (PII)
• Credit card number
• Social security number
• Customer name
• Address
• Telephone number
• Account number/Member number
• PIN or password
• Username & password
• Drivers license number
• Date of birth
Copyright 2010 GTB DLP Suite-Confidential Slide 9
Enterprise class DLP
Copyright 2010 GTB DLP Suite-Confidential Slide 10
Scans all TCP channels on all 65,535 ports
Enforcement Actions
Network DLP configuration - OOL
Copyright 2010 GTB DLP Suite-Confidential Slide 11
Mirror/SPAN port
•Log
•Encrypt
•Quarantine
•Severity Block
•Redact
The GTB Inspector is an appliance that can be deployed in Bridge / Out of Line through a SPAN/Mirror port and is available as a VM image as well.
Secure mail integration
Copyright 2010 GTB DLP Suite-Confidential Slide 12
HTTPS visibility
Multiple Choices
Copyright 2010 GTB DLP Suite-Confidential Slide 13
Choices: 1. Connect 443 port through
any ICAP Client 2. Connect Directly to the
GTB SSL Proxy
GTB advanced fingerprinting technology – Structured data
Copyright 2010 GTB DLP Suite-Confidential Slide 14
Fingerprint Detection Engine –Structured Data
The most accurate detection engine in the DLP space
Feature Benefit
Can fingerprint any database Highest flexibility
Multi-field detection No false positives
Automatic fingerprints refresh Easy maintenance and operation
Options for time-based sensitive content Automatically deletes fingerprints that are no longer
sensitive
Supports user-defined fields Protects your direct business data
Fingerprints 1 million fields in 10 minutes Very high performance
Copyright 2010 GTB DLP Suite-Confidential Slide 15
GTB advanced fingerprinting technology - Files
Fingerprint Detection Engine – Unstructured Data
The most accurate detection engine in the DLP space
Feature Benefit
Multiple data stream fingerprints using proprietary algorithm
Allows for partial file match
Options for binary or text detection Detects images inside files
Options for excluded content Detects sensitive data only
Options for time-based sensitive content Automatically deletes fingerprints that are no longer
sensitive
User defined sensitivity (in bytes) Highest possible control on what is detected
Virtual zero false positive rate Highest accuracy
Multi-language support Files in any language can be protected
Copyright 2010 GTB DLP Suite-Confidential Slide 17
Data Patterns Detection
Copyright 2010 GTB DLP Suite-Confidential Slide 18
• Extended REGEX templates out of the box
• Patterns defined through REGEX in PHP
• Lexicons support
• User defined severity level per pattern rule
• Multi field weights and occurrences
• Support for all languages
Deployment requirements
Inspector
• 40 GB HD
• VMware Server
• 4GB RAM
Endpoint
• Windows Server
• Runs on any windows OS
eDiscovery
• Runs on any windows OS
The GTB Inspector is also available as an appliance
www.gttb.com
Copyright 2010 GTB DLP Suite-Confidential Slide 19