safend general presentation 2010

Data Leakage Prevention

- Proprietary & Confidential -

Agenda

Who is Safend?Endpoint Security

An imperative for all organizationsRegaining Control of Endpoints and Data:

Data Protection and Leakage Prevention with Safend Data Protection Suite

Safend AuditorSafend DiscovererSafend InspectorSafend EncyptorSafend ProtectorSafend Reporter

SummarySecuring your Endpoints

2003Company founded

2004

First release of Safend Protector

2005Safend Protector available through resellers internationally

Safend Data Protection Suite Transparent SSO for EncryptionSafend DiscovererSafend Inspector

2008

Protector 3.3Safend ReporterSafend Encryptor: Full Hard Disk Encryption

2006

Protector 3.1 Anti-Network Bridging,PS/2 Keylogger Protection

2007Protector 3.2File Type Control, Media & Content Monitoring and Tracking Offline File Transfers

2010+ Hardware Encryption Management;Persistent Encryption;Network

700 Customers

1800 Customers

1200 Customers

2009 FISMA Compliance

Company Timeline


Why Safend ?

Advanced Technology Control all your data protection measures with a single management server, single management console and a single lightweight agent

Partnership with leading hardware encrypted device vendors

Operational friendly deployment and management

Best of breed port and device control

Hard disk encryption is completely transparent and does not change end user experience and common IT procedures

Comprehensive and enforceable removable media encryption

Full control over sensitive data both inside and outside organizational network

Track file transfers from encrypted devices even on non-corporate computers


Why Safend ?

Strong partnershipsEnterprise Resellers

Partnership with leading hardware encrypted device vendors

Complementing Enterprise DLP Vendors• Fidelis Security

Major Partnerships• Lenovo

• Utimaco

• Credant

• Fujitsu

• Websense

• Workshare

http://www.cisco.com/en/US/hmpgs/index.html

http://www.sandisk.com/

http://www.intel.com/intel/vision/index.htm

http://www.blockmastersecurity.com/

- Proprietary & Confidential - - Proprietary & Confidential -

Why Safend?

Advanced technology

World class leadership team

Strong partnerships

Analysts endorsements

Industry recognitionIn 2009 alone – • Received five stars and Best Buy in

SC Magazine’s 2009 Group Test• Recipient of the Frost and Sullivan

Technology Innovation Award• Recipient of the Info Security

Products Guide’s Tomorrow’s Technology Today Award

http://www.tropsoft.com/images/pcmag4star.gif






http://www.deloitte.com/dtt/article/0,1002,cid=232022,00.html




“To become the market leader for endpoint Data Protection and Leakage Prevention solutions for enterprise protection and regulatory compliance.”

Gil Sever, CEO

“To become the market leader for endpoint Data Protection and Leakage Prevention solutions for enterprise protection and regulatory compliance.”

Gil Sever, CEO

Company Mission

“Industry analysts report that up to 70% of a company’s confidential data resides on corporate endpoints. Protecting that data is a prime concern for our customers. Safend’s endpoint ILP solutions provide the tools our customers need to protect their corporate assets without sacrificing their productivity” - Steve Petracca, VP and General Manager for Lenovo’s Software & Peripherals Business Unit


Did You Know …

52% of N.A. large enterprises had lost confidential data through removable media such as USB Drives in the past 2 years (Forrester)

Over 70% of security breaches originate from within (Vista Research)

Over 60% of confidential data resides at the Endpoint (IDC)

The average cost per data breach was $6.6M and the cost per record was $202 in 2008 (Ponemon Institute).

Information breaches trigger an average 5% drop in company share prices. Recovery takes nearly a year. (EMA Research)

Business travelers in the U.S., Europe and United Arab Emirates lose or misplace more than 16,000 laptops per week.(Ponemon Institute).


Security SurveyHow many devices are people using?

Usage of USB sticks: 96%

Usage of Memory Cards: 69%

More than one device: 72%

Average number of devices in use: 7

Source: Utimaco Removable Media SurveyWorldwide, March 2007, Total number of respondents: 1.117


Security SurveyData Protected?

At a Glance55% of data is not protected

19% is protected

18% partially protected

But …4% don’t think it’s necessary

89% see a need to protect this data

Source: Utimaco Removable Media SurveyWorldwide, March 2007, Total number of respondents: 1.117


Cost of Data BreachesRecovery Cost Averages

Source: 5th annual "Cost of a Data Breach" study by the Ponemon Institute

Customer Costs

Brand damage

Loss of existingcustomers

Recruiting newcustomers

Unbudgeted legal, audit and accounting fees

Notification to customers

Free or discounted service to customers

Call center expenses

Public and investor relations

Internal investigations

Incremental Costs

Lost employee productivity

Productivity Costs

54%

30%

16%

Among the incidents reported, the most expensive data breach cost nearly $31 million to resolve, and the

least expensive cost $750,000 .

Average Incident Costper compromised record:

$204

Average Incident Cost:

$6.75 million


Extending Security to the Endpoints With increased mobility, connectivity and productivity comes increased vulnerability and risk…

USB, WiFi, FireWire, Bluetooth and other protocols make it easy to connect unauthorized external devices, leaving endpoints wide open to:

• Data Leakage & Theft• Enterprise Penetration• Introduction of Malware

Removable media with sensitive information can also easilybe lost or misplaced by company employees, exposing organizations to irreparable data loss and tight legal scrutiny

The loss and theft of laptop is a common occurrence.


Compliance Requirements

States that currently have data protection laws

States that do not currently have data protection laws


Safend Data Protection Suite

safendprotector safendencryptor

safendinspector safendreportersafendauditor


Safend Data Protection SuiteSafend's Data Protection Suite protects enterprises against endpoint data loss, misuse and theft through its single server, single console, single agent architecture. Its modular components can transparently encrypt internal hard drives (Encryptor), granularly control ports and devices and encrypt external media (Protector), Inspect, classify and block leakage of sensitive content through email, IM, Web, external storage, printers (Inspector), Map, classify and locate data stored on organizational endpoints and network shares (Discoverer), Generate detailed graphical reports for compliance assessment (Reporter) and quickly and non intrusively audit an endpoint for past and present connected devices and Wi-Fi networks.(Auditor).


Safend Data Protection Suitecomplete visibility, control, and protection of enterprise endpoints. Safend’s comprehensive solution has a single agent, single server and single management console for all data protection needs. The award winning suite includes:

Safend Auditor Shows who’s connecting which devices and wireless networks to every enterprise endpoint

Safend DiscovererControls the use of wireless ports and removable devices by file/device type

Encrypts removable media and CD/DVD

Safend InspectorPrevents sensitive data leakage through e-mail, web, removable storage, and additional data transfer channels

Safend Encryptor

Enforces hard disk encryption of all data

stored

on laptops and PCs

Easy recovery of machine and files

Safend ProtectorControls the use of wireless ports and removable devices by file/device type

Encrypts removable media and CD/DVD

Safend ReporterProvides graphical security reports and analysis of your safend protected environment

Safend Data Protection SuiteSafend Data Protection Suite features and benefits:

Transparent Encryption

Internal hard disk encryption

External storage encryption for removable storage devices, CD/DVD and external hard drives

Robust port and device control

Wireless control

Hardware keylogger protection

Enterprise grade management, providing full visibility and control over organization security status

All functionality is provided by a single management server, single management console and a single, lightweight agent

CertificationsCommon Criteria EAL2 certified FIPS 140-2 Validated

protector encryptor

reporterinspector


Port & Device Control • Detachable Storage Control• Removable Storage

Encryption• CD/DVD Encryption• Wireless Control• Hardware Keylogger

Protection

Hard Disk Encryption• Centrally Managed and

Enforced• Transparent SSO• Seamless

authentication support• Easy Recovery• Strong Security and

Tamper Resistant

Content Based DLP• Data Classification

• Data Content and Origin• Data Fingerprinting

• Data Leakage Prevention Through:

• Email, IM and Web• External Storage • Printers

Safendreporter – Security and Compliance Analysis

Safendauditor – Endpoint security status audit

Safenddiscoverer - Sensitive Data Location and Mapping

• Single Lightweight Agent• Agent Includes Multi-tiered Anti-tampering Capabilities• Simple and Reliable Installation Process


Port & Device Control • Detachable Storage Control• Removable Storage

Encryption• CD/DVD Encryption• Wireless Control• Hardware Keylogger

Protection

Hard Disk Encryption• Centrally Managed and

Enforced• Transparent SSO• Seamless

authentication support• Easy Recovery• Strong Security and

Tamper Resistant

Content Based DLP• Data Classification

• Data Content and Origin• Data Fingerprinting

• Data Leakage Prevention Through:

• Email, IM and Web• External Storage • Printers

Safendreporter – Endpoint security reports

Safendauditor – Port and device audit

Safenddiscoverer - Data discovery and Mapping

• Single Lightweight Agent• Agent Includes Multi-tiered Anti-tampering Capabilities• Simple and Reliable Installation Process

Safend Data Protection SuiteSingle Management Server & Single Management Console

Safend Data Protection Suite Enterprise Grade Management

Tamper Resistant

The agent includes multi-tiered anti-tampering capabilities to guarantee permanent control over enterprise endpoints

Automatic directory integration

Active Directory & Novell eDirectory

Apply policies to the appropriate organizational units, down to a specific machine

Role based management

By administrative action or by Organizational Unit

Scalable architecture

A single management server can manage more than 75,000 endpoints

Built-in support for N+1 server clustering

Directory Service(Active Directory / eDirectory)

ImportUsers &

Computers (LDAP)

ManagementServer

Safend Data Protection Suite Architecture


Safend Data Protection Suite Full Audit Trail

Provides full visibility into:

Device connection and data transfer events

Organizational encryption status

Administrative actions performed

Graphical and non-graphical reports

Real Time Alerts

Sent by email

Windows event logs / Syslog

SNMP systems

Custom alert destination

protector encryptor

reporterinspector


Key Features

Find out who’s connecting what devices and WiFi networks to every endpoint

Identify and manage endpoint vulnerabilities

Identifies all USB, FireWire, PCMCIA devices and WiFi network ports

Views results in minutes via simple and powerful reporting

Compatible with existing network management or admin tools

Intuitive, clientless and easy to use

Safend Auditor

protector encryptor

reporterinspector

auditor


Step 1: Select Ports and Computers to Audit

Computers to Audit

Audit Filters by Port Type


Devices to detect

Step 1a: Optionally Refine your Search


Connection Summary

Detailed Device Report

Step 2: Run Scan to Generate Report


“White list”

Step 3: Detailed Audit report By User: Historic & Real-time


Safend Protector

Key Features

Prevents data leakage and penetration via endpoints

Detects and restricts any devices Enforces granular policies over physical, wireless and removable storage devices via real-time analysis of low-level port traffic Tamper-resistant Centrally managed & seamlessly integrates with Active DirectoryEnsures regulatory complianceEasy to use and scalable

encryptor

inspector reporter

safendprotector


Safend ProtectorSecurity Features

Port, Device & Storage ControlAllow, block or restrict the usage of any and all computer portsGranular identification and approval of devices

Removable Media EncryptionTransparently encrypts data copied to removable devices, external hard drives, & CD/DVD. Automatically encrypts data when transferred to devices by authorized usersOffline access utility for authorized users

Granular WiFi ControlBy MAC address, SSID, or the security level of the network

Block Hybrid Network BridgingAllows admins to control/prevent simultaneous use of various networking protocols

U3 & Autorun ControlTurns U3 USB drives into regular USB drives while attached to endpoints

Block Hardware KeyloggersRenders USB & PS/2 hardware keylogger devices useless


Safend ProtectorFile Type Control

PreventsData Leakage (Write)Virus/Malware (Read)Inappropriate Content (Read)

File header based classificationNot by extension (Tamper resistant)

Over 250 file extensions in 14 categoriesPolicy

Flexible White/Black ListSeparate for Read/Write

Log/Alert per file type

Category Sample Extensions

Published Documents PDF, PS

Images JPG, JPES,GIF,BMP

Web Pages HTML, HTM,MHT,HLP,CHM

Microsoft Office DOC, DOCX, PPT, PPTX, XLS

Text & Program Code TXT, CPP, C, H, GCC, JAVA

Multimedia WAV, WMA, MP3, MPG, AVI

Compressed Archives ZIP, ARJ, RAR, GZIP, JAR, CAB

CD/DVD Image Files ISO, NRG

Executables EXE, DLL, COM, OCX, SYS

PGP Encryption PGPComputer Aided Design (CAD) DWG, DXF

Microsoft Outlook PST, DBXDatabases MDB, ACCDBFrameMaker MIF, BOOK, FM


Safend ProtectorFile Type Control


Safend ProtectorTrack offline usage of Removable Storage

Extends visibility beyond the organization boundaries

Track file transfers from/to Encrypted devices on non-corporate computers (offline)

Audit user actions for legitimate use of corporate date

Policy Global setting - Read/Write

Logs Collected the next time the device connects to the network

Available in “File Logs”


Safend ProtectorCD/DVD Media White Lists

Allows white-listing of CD/DVDSoftware Installation CD’sApproved contentCD’s scanned to be virus-free

Unique fingerprint of CD/DVD MediaIdentifies the data on each mediumAny change to the data revokes fingerprint

Media Scanner Utility Policy

Extends the “Distinct Devices” white listsAutomatically exempt from File Type Control


Safend Protector in Action


A permitted device connected to the endpoint

A non-permitted device connected to the endpoint

Safend Protector In Action

The device must be encrypted before it is used


Key Features

Report on Security incidents by Users

by Organizational Units

Report on Security Incident Types

Reports on the deployment status

Device Inventory Report

Export Reports

Recurrence Reports

Safend Reporter

encryptor

inspectorsafendreporter

protector


Safend Reporter

Graphical high-level view of the protected organizational status

Reports on irregular or Suspicious behavior

Provides overview of system status

Report Scheduler and enables reportsto be viewed in multiple formats

Advance tool for identifying Security Vulnerabilities

Facilitates Regulatory Compliance Reporting Requirements

Platform for developing Security Analytics and Dashboard Views

Customizable to meet current and futureSecurity Reporting needs

What it is Why is it Valuable


Displays Security incidents in a clean, easy-to-use dashboard format

Allows Customization of incident types to report on

Allows Admins to slice, dice, drill across information

Safend Reporter

Safend Encryptor:

Key Features

Encrypts all data on laptops and desktops – Total Data Encryption

True SSO (Single Sign On) technology Transparent to end users & help-desk personnel

Centrally managed and enforced

Full visibility of organization’s Encryption status

Stable and fault tolerant encryption Total Data Encryption, maintains performance and minimizes the risk of OS failure

safendencryptor

reporterinspector

protector

Total Data Encryption: Advantages

Endpoint Performance Maintained

Easy to Manage Deploy and Use

Highly Stable and Fault Tolerant

Simple and Reliable Recovery Mechanism

Completely Transparent Encryption


Safend Encryptor: Completely Transparent

True SSO Technology:

Transparent

Transparent

Transparent

Transparent

to end users

to help-desk / support

to user authentication

to patch management

to software distribution systemsTransparent

safendencryptor

reporterinspector

protector

Safend Encryptor: Highly Secure

Total Data Encryption - Encrypts all data on endpoints Including all data files, page file and windows password store (SAM and domain cache)

Strong encryption algorithm Each file is encrypted using a different random key for increased security (AES-256)

Tamper Resistant The agent includes multi-tiered anti-tampering capabilities to guarantee permanent control over enterprise endpoints

Certifications:Common Criteria EAL2 certified FIPS 140-2 certified

protector encryptor

reporterinspectorEnrolling Beta Customers

Safend Encryptor: Centrally Enforced

Encryption enforced by policy

Zero end user interaction

Encryption process does not interfere with ongoing user activities

End users cannot interfere with the encryption process

protector encryptor

reporterinspector

Safend Encryptor: Full Audit Trail Detailed Client & Server Log Records

Client Logs displayed in the Logs World :

Server Logs displayed in the Logs World :

Clients status displayed in the Clients World :


Safend Encryptor Full Audit Trail Detailed Server Log Records

Examples of Encryptor specific server logs


Safend Encryptor: Full Audit TrailEncryption Status Report

drill-down reports display specific endpoints

Can be set to display only “active” endpoints

Displays endpoint “encryption complete on” time and date

Security administrator

sets an encryption policy

End user authenticates

using native Windows

logon

Encryption process

takes place transparently

in background

Detailed endpoint

status is displayed

in the Clients World


Safend Encryptor: in Action


Key Features

Controls sensitive data transferred

via approved data transfer channels

Data ClassificationContent and meta-data

Data fingerprinting

Controlled ChannelsEmail, web

External storage, CD/DVD

Local and network printers

Application (custom) channels

protector encryptor

reporter

Safend Inspector

inspector


Key Features

Data Leakage Prevention Through:

USB, Firewire Storage

Local & Network Printer

CD/DVD

Network Shares

Copy/Paste

Application Data Access Control

Inspector-EP (Endpoint)

protector encryptor

reporter

discoverer

inspector


Data ClassificationData Content and Origin

Data Fingerprinting


Email, IM and Web

External Storage

Printers

Out of the box predefined classifications and Policies

Interactive Message Center for user education

Safend Inspector

protector encryptor

reporter

inspector


PHI - HIPAA & UK Health

PCI (CC#)

PII (SSN, NINO, 15 other countries)

Acceptable Use (racial, sexual, violence - English)

Software IP

Schematics IP

US Export Regulations

SOX – sensitive financial data

Preclassified data and metadata

Predefined Classifications and Policies

protector encryptor

reporter

inspector



Email – Outlook Plugin, SMTP

Web – IE Plugin, HTTP, HTTPS

Application Data Access Control

Limit access of any application to sensitive data

File transfer through Skype

Encryption of sensitive data with unauthorized package

Inspector-NW (Network)

protector encryptor

reporter

inspector


Data ContentRegular Expressions

Mathematical verifiers

Heuristic Verifiers

Predefined classifications - reusable

Data FingerprintingMap set of files as sensitive without pointing to specific text – using originating application

Use partial match to file as indication of sensitivity

Classification methods

protector encryptor

reporter

inspector


Endpoint DiscoveryOn all endpoints with installed agent

Network Share DiscoveryAs a professional service

Safend Discoverer

protector encryptor

reporter

discoverer

inspector


Reports


End User Interaction Design


Policy Edit

Our Future Plans

Safend intends to further extend the leadership of its Data Protection Suite in the coming years. Some highlights of functionality considered in our future plans include:

Data at Rest content discovery, mapping and control.This product, planned for 2009 will allow an organization to map all its sensitive data, and in future releases automate measures taken to protect the detected data.

Persistent Encryption.This extension of Safend Inspector and Safend Encryptor to selectively encrypt only sensitive content and keep it encrypted even when it goes off the corporate machines further improves the security of data, while remaining transparent to the end user.

Extensive key management for software encryption and for internal and external hardware encrypted storage.

Safend provides a comprehensive software encryption platform for both hard disks and removable storage, but some organizations may require or already have hardware encrypted devices. Safend aims to manage those devices as part of the Data Protection Suite and be able to provision them, recover passwords for them, and be able to remotely kill them


Contact us for more information or a demo)703 (815-8828 x101

[email protected]

mailto:[email protected]

safend general presentation 2010

Documents

data protection measures

sensitive data

data leakage prevention

file type control

encrypted devices

single management console

single management server

advanced technology