Upload
dearbytes
View
183
Download
0
Embed Size (px)
Citation preview
2
GoToWebinar
§ Vragen?
– Mondeling: Raise Hand
– Schriftelijk: Questions
6/21/16 OPENBAAR
3
Business Case
Encryptie voorkomt negatieve publiciteit
6/21/16 OPENBAAR
4
Meldplicht datadinges voor bestuurders
6/21/16 OPENBAAR
Pag 11:
Enz, enz, enz….
Pag 34:
Bron: https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/beleidsregels_meldplicht_datalekken.pdf
5
Nog duidelijker: management summary
6/21/16 OPENBAAR
6
Restrisico?
6/21/16 OPENBAAR
7
Zo versleutelen wij
Disk & File Encryptie
6/21/16 OPENBAAR
8
Oplossingen§ Classificatie
– Location based à FRP zelf– Policy based (bijv extensie) à DLP + FRP
§ File / Folder Encryptie– McAfee File & Removable Media Protection– Windows & Mac OS X
§ Drive Encryptie– McAfee Drive Encryption OF:– McAfee Management for Native Encryption
§ ePolicy Orchestrator– Policy enforcement altijd overal
6/21/16 OPENBAAR
9
Use Case Klant Data“Hoe beveiligen jullie onze data in jullie netwerk?”
§ Mappen structuur:– \\server\share\Protected Data\ (klanten map)
§ Usergroup in Domein:– “Access to Protected Data”
§ McAfee File & Removable Media Protection:– Key per klant– Assigned aan teamleden– Auto encrypt data met juiste key in juiste klanten map
6/21/16 OPENBAAR
10
Netwerk Encryptie
6/21/16 OPENBAAR
.
Intel Security Confidential11
Shadow ITProtecting Data Moving To/From the Cloud
Uploading Downloading
12
Cloud Encryptie
6/21/16 OPENBAAR
13
Disk Encryptie
§ Native Encryption:– Apple FileVault / Microsoft
BitLocker– Managed from ePO– Compliance
§ McAfee Drive Encryption:– Microsoft Windows– Intel AES-NI– Security
6/21/16 OPENBAAR
.
Use Drive Encryption for Enterprise-Grade Encryption for Highest Level of Protection and Security Policy Enforcement • Near Native Performance makes encryption
nearly imperceptible to End Users• Certified to FIPS 140-2, Common Criteria EAL2+,
Intel AES-NI• Best Reporting Dashboard proof of encryption,
compliance reporting• Failure Prevention with drive health inspections,
ongoing health monitoring and alerting• Accelerates Existing System Build Processes • Single Console, highly integrated, with enterprise
grade scalability, managed by ePO• Automatic Protection monitors environment,
encrypts new systems as they come online to enforce security policies
Endpoint Assistant App
ePO Deep Command
File & Removable Media Protection
Management of Native Encryption
Drive Encryption
DLP Endpoint & Device ControlWindows
Drive Encryption Use Case:“I need the most security and have specific policies to enforce.”
Management of Native Encryption Use Case: “I just want basic, simple encryption for compliancy.”
14
Use MNE to manage Microsoft BitLocker & Apple FileVault Encryption for Compliance List Check Off and BYOD Deployment• Manage Microsoft BitLocker for Windows• Manage Apple FileVault for Macs• Easy Deployment of MNE from ePO • BYOD Mode for just monitoring encryption status• Full Management Mode to not only monitor status, but
manage keys, develop workflows, implement security policies, etc.
• For Windows Systems: no need for Microsoft BitLocker Administration and Management (MBAM) Server and Software. ePO can manage all your security software and policies. MNE is simpler and reduces TCO
WindowsMacs
Applicable Suites: CDA, CDB, CDE, CEBOPENBAAR
.
Management of Native Encryption (MNE) Great Administrative Experience
ON/OFF type Security Policy
in one click
showing you everything you need at a glance
DB
used wherever possible
“FileVault”“BitLocker”
OPENBAAR
.
Microsoft BitLocker Management Made Simple
McAfee Management of Native Encryption enables IT admins to manage the native encryption solution of Windows using BitLocker, directly from McAfee ePO software.
OPENBAAR
17
Endpoint Assistant
1. Password recovery method tbv Drive Encryption
2. Secure Access cloudstorage (Box, Dropbox, Google Drive, OneDrive)
6/21/16 OPENBAAR
.
Reference Guide: Complete Data Protection & Encryption
McAfee Complete Data Protection – Advanced
(CDA)
McAfee Complete Data Protection
(CDB)
McAfee Complete Data Protection – Essential
(CDE)
Data Loss Prevention Data Loss Prevention Endpoint ü
Device Control ü
Full Disk EncryptionDrive Encryption – for Windows ü ü
Management of Native Encryption – for FileVault & BitLocker ü ü ü
File, Folder & Removable MediaFile & Removable Media Protection - for Windows ü ü ü
Management and Intel vPro SupportePO Deep Command – for Intel vPro and Intel AMT ü ü
ePolicy Orchestrator – deployed on ePO Server only ü ü ü
End User Password Recovery AppEndpoint Assistant App* – for iOS and Android ü ü ü
* Endpoint Assistant App available Q4 ’15 for CDE
The McAfee Complete Data Protection – Essential Suite provides basic native encryption management for data-at-rest by managing BitLocker, supplied with Microsoft Windows and management of FileVault, native encryption of Mac OS X. Both solutions are certified for FIPS 140-2 and Common Criteria EAL4+. The suite includes encryption for files/folders & removable media. The suite thus helps you establish and enforce a data protection policy for PCs, Macs, File and Folders, CDs, DVDs and removable FLASH drives, centralizing data security management using McAfee ePolicy Orchestrator (ePO) software, providing a key component to help meet compliancy.
19
Meer resources (FRP)§ Intel Security Community:
– Google: “McAfee FRP expert center”– https://community.mcafee.com/community/business/expertcenter/products
/frp
§ Videos:– How to encrypt USB removable media?
https://www.youtube.com/watch?v=FEISVZVtrF0
– How to use FRP to encrypt files sent to the cloud? https://www.youtube.com/watch?v=jZq8aqaNIdE
– How to use FRP to encrypt files over the network? https://www.youtube.com/watch?v=1xas9S-YWBY
6/21/16 OPENBAAR
20
Encryptie:
Zo doen wij het21 juni 2016Erik Remmelzwaal, CEO
6/21/16
OPENBAAR