SafeGuard Enterprise 6

SafeGuard Enterprise 6
Komplette Sicherheit von Sophos
Security everywhere
Protecting every part of your business
Endpoint
Web
Network
Email
Mobile
Data
Wer ist Sophos?
350
300
250
 100.000 Kunden, mehr als 150 Millionen User
 Skalierbare Lösungen für Endpoint,
Verschlüsselung, Gateway und Mobile
 1.800+ Mitarbeiter, davon 500 in DACH
 Direktes Supportmodell für Geschäftskunden
200
150
100
50
0
4
Sophos Support
•
24/7 Support direkt vom Hersteller ist Standard
•
Premium/Platin Support mit SLAs, persönlichem
Ansprechpartner und Reaktionszeiten bis 1 Stunde
•
Support von Sophos Mitarbeitern an Sophos-Standorten
•
Deutschsprachiger Support Mo.-Fr., 8-18 Uhr
Reporting aller Supportcenter weltweit in eine Support-Datenbank
•
Mitarbeiter werden auf
Produkte und Plattform
geschult
•
Keine Privatkunden,
alle Ressourcen
ausschließlich für
Geschäftskunden
SafeGuard Enterprise 6
SafeGuard Enterprise
How Sophos will help
SafeGuard Enterprise 6 protects your data everywhere
1. Full disk encryption
•
Lost and stolen laptops are still threat #1 of loosing data
2. Removable media encryption and port control
•
Lost memory sticks are the second biggest threat for large incidents
(i.e. >1 million records lost)
3. Encryption for file shares and cloud storages
•
Accidental incidents by insiders can cause the most harm
•
Administrators are under latent suspicion of being able to leak confidential
information
8
Quelle: Simon Travaglia (Autor) / Peter Abrams (Illustrator), Plan Nine Publishing
Discover your sensitive data!
Where is your data vulnerable?
IT has access to all corporate
data
Backups are in plain
No PCI compliance
Network traffic can be sniffed
Files on servers:
• Salary and other personal data
• Staff evaluations
What
is the price of a
• Financial data
leak?
• Analyses
- •Reputation,
Correspondencebrand and
•image
Customer data
Business plans
- •Informing
persons (incl.
•finding
Researchout
and project
data
whom
to
• etc.
Customer Impact
inform)
- Fines and lawsuits
- Knowhow made public
Files on PCs, laptops, removable
IT can access local data, too
Devices and data can be lost
How
do you monitor and
media:
network
admin
•control
Local (offline)
copies of
server data
•access
Temporary
to files
sensitive
data?
SafeGuard Enterprise
SafeGuard Management Center
Zentralisierte Verwaltung für alle Funktionsmodule
• Bereitstellung von Sicherheitsrichtlinien für
– Verschlüsselung, Authentifizierung, Berechtigungen
• Zentrales Schlüsselmanagement und
Recovery
• Anbindung an Active Directory
• Zentrale Protokollierung und Logging
• Rollenbasierte Benutzerverwaltung
• 4-Augen Prinzip
SafeGuard Management Center
SafeGuard Management Center
SafeGuard Enterprise
Mobile workers = data on the move
• More workers are mobile, businesses are buying more laptops
• They’re easy lose and attractive to thieves
• Physical security isn’t always a priority
86%
Source: Ponemon Institute
of IT practitioners say someone in
their organization has had a laptop
lost or stolen
Device Encryption
• Encrypts laptops, desktops and self encrypting drives
• Secures all data on PCs
• Fast initial and on-going encryption
• Secure service accounts for administrators
• Single sign-on
• Central administration and automated deployment
• Flexible and centralized emergency data recovery
Device Encryption
Einfache und transparente Verschlüsselung von Festplatten
• Graphische Power On Authentication
• Single-Sign-On
• Mehrbenutzerfähigkeit in der Pre-Boot
Umgebung
• USB, Smart-Cards und Fingerprint
• OPAL Support
• Diverse Notfall Prozeduren
–
–
–
–
Challenge / Response
Local Self Help
WinPE Unterstützung.
Service und Pre-Boot Accounts
Device Encryption – Challenge / Response
SafeGuard Enterprise
Is your data being moved to devices?
•
•
•
•
They take data everywhere
If they’re lost can you be sure they’re secure?
You probably can’t ban removable media
People will plug them in anywhere
Data Exchange
• Encrypts removable devices without impacting users
• Share data inside/ outside organization
– Restricts data sharing to specific teams
– Portable application for use anywhere
• Mix encrypted and non-encrypted data
• File Tracking
• White/blacklisting of devices
SafeGuard Portable
Ver- und Entschlüsselung auf externen Rechnern
SafeGuard Data Exchange
Transparente Ver- und Entschlüsselung mit installiertem SafeGuard Client
SGN DX improvements
• File Tracking
– Logging of file access
events on removable
media
– Dedicated SO role to
audit such events
with “File Tracking
Viewer”
• Don’t ask again for
media that shall stay
in plain
SafeGuard Enterprise
So many ways to connect
• What devices are being attached to computers?
• Data can often be synced to personal mobile devices
• Do you know which devices are “good” ones?
Configuration Protection
• Vermeidung von Datenlecks
• Kontrolle über alle vorhanden Schnittstellen
– USB, FireWire, SD, PCMCIA, WiFi, Bluetooth,IrDA,etc.
• Reglementierung anhand von:
– Gerätetyp, Gerätemodell, Seriennummer
• Temporäre Deaktivierung per Challenge/Response
• Überwachung des Datenstroms in Echtzeit
• Freigabe über Whitelisting
• Unterscheidung von Lese- oder Schreibzugriffen
• Dateitypen-Kontrolle
SafeGuard Enterprise
Discover your sensitive data!
Where is your data vulnerable?
IT has access to all corporate
data
Backups are in plain
No PCI compliance
Network traffic can be sniffed
Files on servers:
• Salary and other personal data
• Staff evaluations
What
is the price of a
• Financial data
leak?
• Analyses
- •Reputation,
Correspondencebrand and
•image
Customer data
Business plans
- •Informing
persons (incl.
•finding
Researchout
and project
data
whom
to
• etc.
Customer Impact
inform)
- Fines and lawsuits
- Knowhow made public
Files on PCs, laptops, removable
IT can access local data, too
Devices and data can be lost
How
do you monitor and
media:
network
admin
•control
Local (offline)
copies of
server data
•access
Temporary
to files
sensitive
data?
Business scenarios
Who has access to your sensitive data
System
Admins
• In addition to maintaining the network,
system administrators have access to
all the files and folders
External/
Outsourced IT
• IT has access to everything. You don’t
want external staff to have access to
your company confidential documents
Consultants
• You have consultants working on
projects and you do not want to give
them access to your sensitive data
Encryption for File Shares
• Protects documents on network file shares
• Encrypts network file shares for user groups
–
–
–
–
Unnoticed by users
Intelligent persistent encryption
Central key and policy management
Recovery
• Protection against administrators
34
Encryption for network shares
Use file and folder encryption to protect important company data
How we do it
• Central key and policy
management
• Transparent filter driver
encrypts LAN traffic and
data at rest
Better
• Unnoticed by users
• Persistent encryption
• AES-NI performance
SafeGuard
Management
Customer Value
Ensure compliance and protect your
brand by avoiding data breaches, fines
and loss of customers
Controlled access with the ability to
share sensitive information online
securely
35
SafeGuard Enterprise
Access your data anywhere
How cloud computing changed our habits
Good:
Better:
Dropbox has more than 45
million users saving one
billion files every 3 days.
[Dropbox press release, November 18th, 2011]
Whom to target
Distributed
firms
• Collaboration is the key for increasing productivity
• Cloud is the key for improving collaboration
• Example firms: multi-nationals, creative agencies
Mobile
workforce
• Need access to data on the go
• Use multiple devices – laptops, smart phones, tablets
• Examples: sales, employees working from home
Consulting
firms
• Centralized access to data from customer sites
• Example firms: Accenture, IBM, McKinsey
Cloudy approach to data protection
•
•
•
•
•
Cloud storage means access from anywhere
A useful tool to help users be productive
How do you know if your business data is in the cloud?
The cloud is everywhere and nowhere, so where’s your data?
The danger of cloud services eternal beta
Using cloud storage in enterprises
Where is your data vulnerable?
Cloud providers have access to
documents
Cloud is location-less
Cross border, potentially stored
on another continent
Cloud providers legally can be
forced to disclose
No PCI compliance
Typical use cases:
• Data exchange (avoid
memory stick):
between home and
What is the price of a leak?work, between laptop
and PC
- Reputation, brand and image
• Have data available
- Damage reparation costs online on mobile
devices out
- Informing persons (incl. finding
• FTP replacement
Customer Impact
whom to inform)
- Fines and lawsuits
- Knowhow made public
Makes documents mobile
How are you protecting your data that
being stored in the cloud today?
Cloud is already in place, but
typically not under control
What happens if a cloud provider has a
data breach?
Encryption for Cloud Storage
• Protects documents stored in the cloud
• Encrypts cloud folders transparently
• Central key and policy management
• Protects documents that leave your perimeter
• Share data inside/outside organization
• Portable application for use anywhere
• Work at home with your data, too
• Exchange your data with mobile devices
Encryption for the cloud
Compliance for your data in the cloud
How we do it
• Central key and policy
management
• Transparent filter driver
encrypts sync folders and
cloud
Better
• You stay in control
– Keys
– Recovery
• Exchange your data with
mobile devices
Customer Value
Regain control of your data, which
otherwise leaks in existing
infrastructures to the cloud – while
keeping users productive and allowing
Tell password:
them to use
modern
tools
*****
Enable secure mobile workforce
SafeGuard
Management
45
SafeGuard Enterprise
Fragen?
Vielen Dank für Ihre Aufmerksamkeit!