Embed Size (px)
Citation preview
Enterprise Data Loss Prevention
Content-Aware Reverse Firewall
Apple, Inc. 60,000 users
American Greetings 18,000 users
Bureau of Indian Affairs (US Government DOI) 7,500 users
Citgo Oil Company 4,500 users
ESL Federal Credit Union 1,200 users
SAFE Credit Union 750 users
San Mateo Credit Union 650 users
Sample Customers
GTB DLP Suite-Confidential Slide 2
What the analysts say:
Frost & Sullivan believes that GTB is on track to becoming the dominant provider of DLP/ILP solutions in the financial market. World dlp research September 2008
When using fingerprinted data, the catch rate is 100%. If you have sensitive data on your enterprise you need this device… you will sleep much better knowing your data is protected. SC Magazine 2007
Copyright 2010 GTB DLP Suite-Confidential Slide 3
GTB Inspector Reverse Firewall
• Scans all outbound traffic
• Highest accuracy
• Able to block without a proxy server
• File format agnostic
GTB Endpoint DLP
• Discover devices• Protect devices• Audit devices• Control devices• Content-Aware
eDiscovery
• Scan Desktops• Scans file shares• Reports on
vulnerable files• Automatic batch• Monitors shares
and PC’s
The GTB DLP ComponentsCloud Enabled – Any VM
Centralized policy, reporting and workflow
Supports all languages
Copyright 2010 GTB DLP Suite-Confidential Slide 4
In the Development Pipeline
Copyright 2010 GTB DLP Suite-Confidential Slide 5
• Protection for sites such as: https://use.cloudshare.com
• Mobile devices DLP
• Network traffic analysis/protection
• Network Recorder
• Detection of additional encrypted content and protocols
• IDS/IPS + Virus, SPAM and Malware protection
1. Who is sending my data?
• Insiders• Intruders• Spyware/Viruses
2. What data is being sent?
• PII• PHI• Source Code• IP
3. Who is receiving my data?
• IP address• Email destination• Geographic
location
DLP answers three questions:
Copyright 2010 GTB DLP Suite-Confidential Slide 6
1. Control a broken business process
•Who is sending, what data and to whom?
2. Demonstrate Compliance
•I have no way of enforcing data loss compliance regulation
3. Automate Email Encryption
•How do I automate encrypting emails which require it?
5. Severity Blocking
•Some breaches are so severe that I prefer to altogether block them!
6. Visibility to SSL
•I have no visibility to SSL in general and HTTPS in particular!
7. Detect/Block TCP from non-trusted users
•How do I detect transmissions from non-trusted users (Malware/Viruses/Trojans)
The 8 use-cases for Network DLP
Copyright 2010 Slide 7
4. Detect or Block encrypted content
•Should I allow encrypted data to leave without content inspection?
•My employees are not complying with the Written Information Security Policy (WISP)
8. Employees’ Education
GTB DLP Suite-Confidential
What data must be protected?Personal identifiable information (PII)
• Credit card number• Social security number• Customer name• Address• Telephone number• Account number/Member number• PIN or password• Username & password • Drivers license number• Date of birth
Copyright 2010 GTB DLP Suite-Confidential Slide 8
Enterprise class DLP
Copyright 2010 GTB DLP Suite-Confidential Slide 9
Scans all TCP channels on all 65,535 ports
Enforcement Actions
Network DLP configuration - OOL
Copyright 2010 GTB DLP Suite-Confidential Slide 10
Mirror port switch
•Log
•Encrypt
•Quarantine
•Severity Block
•Redact
The GTB Inspector is an appliance that can be deployed in Bridge / Out of Line through a SPAN/Mirror port and is available as a VM image as well.
Secure mail integration
Copyright 2010 GTB DLP Suite-Confidential Slide 11
HTTPS visibilityMultiple Choices
Port 443
Copyright 2010 GTB DLP Suite-Confidential Slide 12
1. Connect 443 port through any ICAP Client
2. Connect Directly to the GTB SSL Proxy
ICAP Client
ICAP Server
GTB advanced fingerprinting technology – Structured data
Copyright 2010 GTB DLP Suite-Confidential Slide 13
Fingerprint Detection Engine –Structured DataThe most accurate detection engine in the DLP
space
Feature Benefit
Can fingerprint any database Highest flexibility
Multi-field detection No false positives
Automatic fingerprints refresh Easy maintenance and operation
Options for time-based sensitive contentAutomatically deletes fingerprints that are no longer sensitive
Supports user-defined fields Protects your direct business data
Fingerprints 1 million fields in 10 minutes Very high performance
Copyright 2010 GTB DLP Suite-Confidential Slide 14
GTB advanced fingerprinting technology - Files
Fingerprint Detection Engine – Unstructured DataThe most accurate detection engine in the DLP
space
Feature Benefit
Multiple data stream fingerprints using proprietary algorithm
Allows for partial file match
Options for binary or text detection Detects images inside files
Options for excluded content Detects sensitive data only
Options for time-based sensitive contentAutomatically deletes fingerprints that are no longer sensitive
User defined sensitivity (in bytes) Highest possible control on what is detected
Virtual zero false positive rate Highest accuracy
Multi-language support Files in any language can be protected
Copyright 2010 GTB DLP Suite-Confidential Slide 16
Data Patterns Detection
Copyright 2010 GTB DLP Suite-Confidential Slide 17
• Extended REGEX templates out of the box
• Patterns defined through REGEX in PHP
• Lexicons support
• User defined severity level per pattern rule
• Multi field weights and occurrences
• Support for all languages
Deployment requirements
Inspector
• 40 GB HD• VMware Server• 4GB RAM
Endpoint
• Windows Server• Runs on any
windows OS
eDiscovery
• Runs on any windows OS
The GTB Inspector is also available as an appliance
www.gttb.com
Copyright 2010 GTB DLP Suite-Confidential Slide 18
