SafeGuard Enterprise 6
Transcription
SafeGuard Enterprise 6
SafeGuard Enterprise 6 Komplette Sicherheit von Sophos Security everywhere Protecting every part of your business Endpoint Web Network Email Mobile Data Wer ist Sophos? 350 300 250 100.000 Kunden, mehr als 150 Millionen User Skalierbare Lösungen für Endpoint, Verschlüsselung, Gateway und Mobile 1.800+ Mitarbeiter, davon 500 in DACH Direktes Supportmodell für Geschäftskunden 200 150 100 50 0 4 Sophos Support • 24/7 Support direkt vom Hersteller ist Standard • Premium/Platin Support mit SLAs, persönlichem Ansprechpartner und Reaktionszeiten bis 1 Stunde • Support von Sophos Mitarbeitern an Sophos-Standorten • Deutschsprachiger Support Mo.-Fr., 8-18 Uhr Reporting aller Supportcenter weltweit in eine Support-Datenbank • Mitarbeiter werden auf Produkte und Plattform geschult • Keine Privatkunden, alle Ressourcen ausschließlich für Geschäftskunden SafeGuard Enterprise 6 SafeGuard Enterprise How Sophos will help SafeGuard Enterprise 6 protects your data everywhere 1. Full disk encryption • Lost and stolen laptops are still threat #1 of loosing data 2. Removable media encryption and port control • Lost memory sticks are the second biggest threat for large incidents (i.e. >1 million records lost) 3. Encryption for file shares and cloud storages • Accidental incidents by insiders can cause the most harm • Administrators are under latent suspicion of being able to leak confidential information 8 Quelle: Simon Travaglia (Autor) / Peter Abrams (Illustrator), Plan Nine Publishing Discover your sensitive data! Where is your data vulnerable? IT has access to all corporate data Backups are in plain No PCI compliance Network traffic can be sniffed Files on servers: • Salary and other personal data • Staff evaluations What is the price of a • Financial data leak? • Analyses - •Reputation, Correspondencebrand and •image Customer data Business plans - •Informing persons (incl. •finding Researchout and project data whom to • etc. Customer Impact inform) - Fines and lawsuits - Knowhow made public Files on PCs, laptops, removable IT can access local data, too Devices and data can be lost How do you monitor and media: network admin •control Local (offline) copies of server data •access Temporary to files sensitive data? SafeGuard Enterprise SafeGuard Management Center Zentralisierte Verwaltung für alle Funktionsmodule • Bereitstellung von Sicherheitsrichtlinien für – Verschlüsselung, Authentifizierung, Berechtigungen • Zentrales Schlüsselmanagement und Recovery • Anbindung an Active Directory • Zentrale Protokollierung und Logging • Rollenbasierte Benutzerverwaltung • 4-Augen Prinzip SafeGuard Management Center SafeGuard Management Center SafeGuard Enterprise Mobile workers = data on the move • More workers are mobile, businesses are buying more laptops • They’re easy lose and attractive to thieves • Physical security isn’t always a priority 86% Source: Ponemon Institute of IT practitioners say someone in their organization has had a laptop lost or stolen Device Encryption • Encrypts laptops, desktops and self encrypting drives • Secures all data on PCs • Fast initial and on-going encryption • Secure service accounts for administrators • Single sign-on • Central administration and automated deployment • Flexible and centralized emergency data recovery Device Encryption Einfache und transparente Verschlüsselung von Festplatten • Graphische Power On Authentication • Single-Sign-On • Mehrbenutzerfähigkeit in der Pre-Boot Umgebung • USB, Smart-Cards und Fingerprint • OPAL Support • Diverse Notfall Prozeduren – – – – Challenge / Response Local Self Help WinPE Unterstützung. Service und Pre-Boot Accounts Device Encryption – Challenge / Response SafeGuard Enterprise Is your data being moved to devices? • • • • They take data everywhere If they’re lost can you be sure they’re secure? You probably can’t ban removable media People will plug them in anywhere Data Exchange • Encrypts removable devices without impacting users • Share data inside/ outside organization – Restricts data sharing to specific teams – Portable application for use anywhere • Mix encrypted and non-encrypted data • File Tracking • White/blacklisting of devices SafeGuard Portable Ver- und Entschlüsselung auf externen Rechnern SafeGuard Data Exchange Transparente Ver- und Entschlüsselung mit installiertem SafeGuard Client SGN DX improvements • File Tracking – Logging of file access events on removable media – Dedicated SO role to audit such events with “File Tracking Viewer” • Don’t ask again for media that shall stay in plain SafeGuard Enterprise So many ways to connect • What devices are being attached to computers? • Data can often be synced to personal mobile devices • Do you know which devices are “good” ones? Configuration Protection • Vermeidung von Datenlecks • Kontrolle über alle vorhanden Schnittstellen – USB, FireWire, SD, PCMCIA, WiFi, Bluetooth,IrDA,etc. • Reglementierung anhand von: – Gerätetyp, Gerätemodell, Seriennummer • Temporäre Deaktivierung per Challenge/Response • Überwachung des Datenstroms in Echtzeit • Freigabe über Whitelisting • Unterscheidung von Lese- oder Schreibzugriffen • Dateitypen-Kontrolle SafeGuard Enterprise Discover your sensitive data! Where is your data vulnerable? IT has access to all corporate data Backups are in plain No PCI compliance Network traffic can be sniffed Files on servers: • Salary and other personal data • Staff evaluations What is the price of a • Financial data leak? • Analyses - •Reputation, Correspondencebrand and •image Customer data Business plans - •Informing persons (incl. •finding Researchout and project data whom to • etc. Customer Impact inform) - Fines and lawsuits - Knowhow made public Files on PCs, laptops, removable IT can access local data, too Devices and data can be lost How do you monitor and media: network admin •control Local (offline) copies of server data •access Temporary to files sensitive data? Business scenarios Who has access to your sensitive data System Admins • In addition to maintaining the network, system administrators have access to all the files and folders External/ Outsourced IT • IT has access to everything. You don’t want external staff to have access to your company confidential documents Consultants • You have consultants working on projects and you do not want to give them access to your sensitive data Encryption for File Shares • Protects documents on network file shares • Encrypts network file shares for user groups – – – – Unnoticed by users Intelligent persistent encryption Central key and policy management Recovery • Protection against administrators 34 Encryption for network shares Use file and folder encryption to protect important company data How we do it • Central key and policy management • Transparent filter driver encrypts LAN traffic and data at rest Better • Unnoticed by users • Persistent encryption • AES-NI performance SafeGuard Management Customer Value Ensure compliance and protect your brand by avoiding data breaches, fines and loss of customers Controlled access with the ability to share sensitive information online securely 35 SafeGuard Enterprise Access your data anywhere How cloud computing changed our habits Good: Better: Dropbox has more than 45 million users saving one billion files every 3 days. [Dropbox press release, November 18th, 2011] Whom to target Distributed firms • Collaboration is the key for increasing productivity • Cloud is the key for improving collaboration • Example firms: multi-nationals, creative agencies Mobile workforce • Need access to data on the go • Use multiple devices – laptops, smart phones, tablets • Examples: sales, employees working from home Consulting firms • Centralized access to data from customer sites • Example firms: Accenture, IBM, McKinsey Cloudy approach to data protection • • • • • Cloud storage means access from anywhere A useful tool to help users be productive How do you know if your business data is in the cloud? The cloud is everywhere and nowhere, so where’s your data? The danger of cloud services eternal beta Using cloud storage in enterprises Where is your data vulnerable? Cloud providers have access to documents Cloud is location-less Cross border, potentially stored on another continent Cloud providers legally can be forced to disclose No PCI compliance Typical use cases: • Data exchange (avoid memory stick): between home and What is the price of a leak?work, between laptop and PC - Reputation, brand and image • Have data available - Damage reparation costs online on mobile devices out - Informing persons (incl. finding • FTP replacement Customer Impact whom to inform) - Fines and lawsuits - Knowhow made public Makes documents mobile How are you protecting your data that being stored in the cloud today? Cloud is already in place, but typically not under control What happens if a cloud provider has a data breach? Encryption for Cloud Storage • Protects documents stored in the cloud • Encrypts cloud folders transparently • Central key and policy management • Protects documents that leave your perimeter • Share data inside/outside organization • Portable application for use anywhere • Work at home with your data, too • Exchange your data with mobile devices Encryption for the cloud Compliance for your data in the cloud How we do it • Central key and policy management • Transparent filter driver encrypts sync folders and cloud Better • You stay in control – Keys – Recovery • Exchange your data with mobile devices Customer Value Regain control of your data, which otherwise leaks in existing infrastructures to the cloud – while keeping users productive and allowing Tell password: them to use modern tools ***** Enable secure mobile workforce SafeGuard Management 45 SafeGuard Enterprise Fragen? Vielen Dank für Ihre Aufmerksamkeit!