of 24/24
Come proteggersi dalla fuga e dalla perdita delle informazioni aziendali nelle comunicazioni e nello scambio dei dati Marco Di Martino Sales Engineer SOPHOS ITALIA marco.dimartino@sophos.it Mobile: 3348879773

Sophos - Sicurezza dei Dati

  • View
    350

  • Download
    3

Embed Size (px)

DESCRIPTION

Comunicare e collaborare per competereM.Ela International in collaborazione con Sophos, AVAYA e IBM

Text of Sophos - Sicurezza dei Dati

  • Come proteggersi dalla fuga e dalla perdita delle informazioni aziendali nelle comunicazioni e nello scambio dei datiMarco Di MartinoSales EngineerSOPHOS ITALIA marco.dimart[email protected]: 3348879773

    Sophos Confidential (C) 2009

  • Dove sono i dati aziendali?

    Sophos Confidential (C) 2009

  • Dove sono i dati aziendali ?Qual la probabilit che un device contenga dati confidenziali?Ponemon Institute U.S. Survey: Confidential Data at Risk

    Sophos Confidential (C) 2009

  • 4 aziende su 5 hanno perso dati confidenziali quando hanno perso un portatile Ponemon Institute LLC and Symantec end-user survey, August 2009

    Il 10% di tutti i notebook vengono persi o rubati ogni anno Web & Collaboration Strategies 2008

    1 device USB su 2 contiene informazioni confidenzali Forrester Research, Inc. and Symantec Corp. survey, February 2008.

    Il 70% di tutti i dati aziendali ridondato sugli Endpoint (notebook, chiavette USB) non solo sui server Ponemon Institute, U.S. Survey: Confidential Data at Risk, August 2008

    Computer persi/rubati la prima causa di perdita di informazioni aziendali Ponemon Institute, 2009, Annual Study: Costs of Security Breaches Perdita dei dati aziendali

    Sophos Confidential (C) 2009

  • Perdita dei dati aziendali12.000 laptop vengono persi/rubati settimanalmente negli aeroporti USA*

    *Luglio 2008, www.vnunet.com/vnunet/news/2223012/eu-travellers-losing-laptops-airports

    Sophos Confidential (C) 2009

  • Le soluzioni Sophos

    Sophos Confidential (C) 2009

  • Soluzioni per la protezione completa

    Sophos Confidential (C) 2009

  • Sophos e la protezione del dato*

    Sophos Confidential (C) 2009

  • Controllo del contenuto

    Controllo delle applicazioni

    Controllo dei device

    CifraturaSophos e la protezione del dato

    Sophos Confidential (C) 2009

  • Controllo del contenutoAree di preoccupazione:Storage devices: USB stick, CD, DVDAppicazioni Internet: IM, P2P, browserApproccio:Controlla il contenuto dei file spediti via applicazioni internet o periferiche di storage Distribuisce policy granulari Blocca, avvisa,o manda report quando un dato sensibile viene spedito o salvato

    Sophos Confidential (C) 2009

  • Numeri di carte di credito

    Indirizzi di posta

    Indirizzi email

    Codici di vari identificazione

    Personalizzati

    Controllo del contenuto

    Sophos Confidential (C) 2009

  • Aree di preoccupazione:Comuni: P2P; IM client; web browser; mobile syncSicurezza: proxy; security toolAmministrativi: remote management, virtualization toolWeb 2.0: Facebook, Google docApproccio:Administrative rights (Group Policy)Allow list permettere solo gli applicativi autorizzatiBlock list bloccare block specific categories of applications*Controllo delle applicazioni

    Sophos Confidential (C) 2009

  • Application Control PolicyControllo delle applicazioni

    Sophos Confidential (C) 2009

  • Aree di preoccupazione:Storage removibili (USB key, drive removibili)Dispositivi ottici (CD/DVD)Disk driveDispositivi mobiliModemApproccio:Eccezioni per particolari device o tipi di devicePermette lutilizzo di media cifrati ma blocca media non cifratiPermette la lettura da dispositivi mobili ma controlla la scrittura (read only)

    *Controllo dei device

    Sophos Confidential (C) 2009

  • Controllo dei device

    Sophos Confidential (C) 2009

  • Aree di preoccupazione:Perdita di device e computerComunicazione non protettaApproccio:Full disk encryptionCifratura di dispositivi USB, CD e dispositivi mobiliCifratura della posta via policy centraliGestione centrale delle chiavi di cifraturaBackup centrale delle chiavi di cifraturaPossibilit di centralizzare i report sullo stato di cifratura*Cifratura

    Sophos Confidential (C) 2009

  • La tua chiave per proteggere i dati con lencryption(*) Future release. Functionality currently provided by SafeGuard LAN CryptCifratura: SafeGuard Enterprise

    Sophos Confidential (C) 2009

  • Gestire la sicurezza dei dati da una console centraleGestisce policy integrate user/computerCentralizza le policy per FDE, device removibili e controllo delle porteGestisce chiavi e certificati per consentire la condivisione ed il recovery dei datiAssegna regole ed autorizzazioni per security officer e utenti finaliRisponde in modo immediato a audit di compliancySafeGuard Management Center

    Sophos Confidential (C) 2009

  • Full disk encryption trasparente per i PCMette in sicurezza tutti I dati sui PCTotalmente trasparente per lutenteForza le policy di sicurezza con una pre-boot authentication semplice (multi-factor, multi-user)Assicura il sign-on su WindowsRecupera password e dati persi in modo semplice e veloce (local self help, challenge/response)Amministrato centralmenteDistribuzione automatizzata Pre-boot authentication

    Grafica personalizzabile e disclaimer legaliSafeGuard Device Encryption

    Sophos Confidential (C) 2009

  • Encryption trasparente sui device removibiliMette in sicurezza una lunga serie di device (USB, HDD portatili, CD/DVD)Trasparente per lutente finaleLimita la condivisione di dati tra specifici gruppi di lavoro o allaziendaConsente di condividere dati con clienti o partner attraverso la funzione portableRecupera password e dati persi in modo semplice e veloceSafeGuard Data Exchange

    Sophos Confidential (C) 2009

  • End-to-end Data Security per mettere in sicurezza il lavoro in teamCifratura di share di rete, di file e di cartelle localiRestringe laccesso ai dati ai soli membri del gruppo di lavoroGestione centrale completa:Assegnazioni chiavi e policyRecovery delle chiavi e dei datiIntegrazione con gli LDAP esistentiCompletamente trasparente per gli utentiSepara i ruoli di amministratore di sistema da quello della sicurezzaSafeGuard FileShare

    Sophos Confidential (C) 2009

  • Proof Points

    Sophos Confidential (C) 2009

  • Simply SecureLa sicurezza che ti rende libero di dedicarti al tuo businessLa cresciata pi rapida tra le quattro grandi aziende di endpoint securityEsperti di malware, information e security policy25 anni di esperienzaPi di 110 milioni di utenti protetti

    Sophos Confidential (C) 2009

  • Grazie per lattenzioneMarco Di MartinoSales EngineerSOPHOS ITALIA [email protected]: 3348879773

    Sophos Confidential (C) 2009

    Many kinds of users, both harmless and possibly malicious, interact with your critical enterprise data. The data is accessed through a variety of devices and applications including laptops, PCs, PDAs, removable media and email. This creates a very complex IT environment where ensuring the security of the data becomes important.

    According to analyst firm IDC, more than 70 percent of confidential data resides at the endpoint.

    Here are a few scenarios where users interact with your enterprise data:Different kinds of partners- technology, sales, financial, consulting, analysts, etc.Mobile users with personal or company laptopsUsing removable media to store and exchange data Using PDAs and smart phoneEmployees working from homeCustomers requiring access to confidential dataPartners requiring access to shared secretsInternal teams accessing network file sharesEmployees exchanging confidential emails, internal / external

    Each type of interaction requires different types of information with different levels of access / confidentiality*Utimaco Corporate Overview presentationOctober 2007*What is the probability that devices contain unprotected confidential data? A US survey on data risk revealed that 59% of laptops contain unprotected confidential data. You may well expect that, but surprisingly 55% of USB sticks also contain unprotected confidential data. How many of those have we all lost?In a survey to rate employees attitude towards mobile security, only 20% of respondents said their employees were good.http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1255391,00.htmlhttp://regmedia.co.uk/2007/06/15/security_responsibility.pdf

    Some statistics 4 out of 5 companies have lost confidential data when a laptop was lost 10% of all notebooks get stolen/lost annually 1 in 2 USB drives contains confidential information 70% of all company data are stored redundant on Endpoints (notebooks, USB sticks) not only on servers Top - reason for data breaches in Enterprises: 35% based on lost/stolen notebooks

    *IT practitioners report that off-network devices--such as laptops, PDAs and memory sticks are most vulnerableAs an example 12.000 laptops get lost weekly in US airportsApp. worldwide 7 million laptops lost/stolen in 2008*Sophos offers a comprehensive solution that controls malware, spam, data leakage prevention and which allows you to manage legitimate applications, configuration and user behavior.

    Our protection has four components:

    Endpoint protection. This includes anti-malware, firewall, application control and protection against any code, file or system processes that are acting suspiciously, and buffer overflow attacks (HIPS). Security and Control gets more powerful when it starts controlling which legitimate and potentially unwanted applications can run, which websites can be visited, and other user behaviors. Uniquely, Sophos integrates application control into its endpoint solution, giving control over use of unauthorized software like VoIP, IM, P2P and games from within the same standard policy setting capability as anti-malware.

    Information security. This includes functions such as Device Control, Data Leakage Prevention and Encryption. It makes sure that confidential data stays in the hands of those who need to see it and offers a second level of defence.

    Compliance and system management. This ensures that the physical and information assets an organization has are compliant with your security policies and with any regulatory requirements that apply to your business. Network Access Control ensures that you know who or what is accessing your network, and ensures that all managed and unmanaged computers whether in the office or not are compliant with your policy, and are quarantined, remediated or blocked until they are.

    Gateway security. This sits at the edge of your network and is based around your web and email use. It ensures that the things coming into and out of your network are legitimate.

    Sitting at the center is SophosLabs, our worldwide network of threat analysis centers, that provides regular updates and the latest pre-packaged intelligence to all of our hardware and software solutions, ensuring protection against fast-moving and zero-day threats. Well talk more about SophosLabs in greater detail in slide 11

    We also ensure you do not need to spend time interacting with or updating your security solution by including as much automation as possible. Where your interaction is required we take the shortest and simplest approach, making sure you get things done fast. We want you to spend time focusing your efforts on solving issues, rather than expending effort trying to find out what and where the issue might be. At-a-glance dashboards, remote monitoring and automation of day-to-day management tasks free you to tackle issues rather than maintain the system.

    This circle helps to illustrate how Sophos delivers integrated security and control at every vulnerable point to defeat today's and tomorrow's threats. Integrated agents, management and policies ensure that the endpoint, email gateway and web browsing are fully covered by far-reaching proactive protection, and negate the need for adding ever more point products.

    Getting endpoint protection , information security and compliance from one vendor simplifies your security strategy, support requirements, and will go a long way to ensuring you get more for the price of your AV budget.

    **Notes Master heading hereEnter Date hereEnter Footer text here*Implementing a DLP solution can be a complex and costly task for IT managers version 9 makes getting started simple.

    Version 9 will be the first fully integrated endpoint DLP solution on the market, with a single agent delivering both malware and data protection.

    Our new integrated data control functionality is designed to prevent accidental leakage of personally identifiable information (PII) to minimise an organisations risk of breaching data security compliance legislation.The agent monitors all the common ways users can move data off the network: removable storage devices, CD/DVD/Floppy drives and Internet enabled applications such as web browsers, email clients and even instant messaging

    SophosLabs remove the need for complex, time consuming creation of sensitive data lists by delivering an extensive library of global definitions which can be used out-of-the-box.These lists cover things like social security numbers, credit card numbers and postal addresses. All files transferred will be scanned and checked against the data control policy.

    In version 9, we delivered easy to deploy, granular device control providing greater flexibility. Device Control has its own dedicated policy. Admins can now set flexible rules to allow usage for only those that need it, such as blocking USB devices for everyone except the IT department. They can also allow specific devices - such as encrypted USB keys - to guarantee that any data saved on removable devices is secure. Alternatively, read-only access can be granted so employees can access information stored on USB keys or CDs but not write to them.

    As weve said Data Protection is important and demand is there now our approach is unique and is a game changer its is a compelling reason for someone to switch to Sophos for Endpoint Protection. Asking these kind of discovery questions and getting this kind of need on their minimum requirements will set you well on the way to securing the business.Notes Master heading hereEnter Date hereEnter Footer text here*First, select the type of information you want to protect. Now, we make this easy by providing a list of data types for you including credit card numbers, postal addresses, email addresses, and social security numbers or you can create your own. SophosLabs keeps this list up-to-date -- across regions so you dont have to.

    In this example, lets scan for credit cards numbers.

    *Notes Master heading hereEnter Date hereEnter Footer text here**With our simple interface you can select the applications you want to block and the ones you want to allow. First, select the application type maybe you want to block games, specific browsers with known vulnerabilities, or media players in this case Ive selected Voice Over IP applications. Pod slurping 100MB in 65 secs

    Thumb sucking

    Hardware key loggers can intercept and store passwords typed on keyboards

    Notes Master heading hereEnter Date hereEnter Footer text here*Dedicated device control policyPolicy exceptions for individual instance or model typesAbility to control modems as a device typeNetwork bridging preventionGranular control of:Storage devices:Removable storageUSB keys, removable hard disksOptical / disk drivesCD / DVD / HD-DVD / Blu-rayNetwork devicesWi-Fi / ModemsBluetoothInfra-red*Pre-boot authentication provides a greater level of security. After the hard disk is encrypted a green key appears next to it.

    Authorized employees can transparently save, exchange and read encrypted data.

    If the media is lost or stolen, it cannot be read.

    Notes Master heading hereEnter Date hereEnter Footer text here*SafeGuard Enterprise is a modular security data security solution that enforces policy-based encryption and data loss protection for PCs removable media and mobile devices across multiple platforms. SafeGuard Enterprise provides transparent encryption security to end users. SafeGuard Enterprise provides investment protection because you can add modules over time to build out your security solution and leverage your existing investment.

    SafeGuard Enterprise features advanced, user-transparent key management that operates behind the scenes to enable secure data sharing within teams, across the company or with business partners. Quick recovery of data or passwords by authorized users is facilitated by the same key management engine.

    SafeGuard Enterprise provides granular policy controls based on business roles for users and relevant to the specific mobile devices used.

    SafeGuard Enterprise provides deployment flexibility to support a mobile workforce ranging from standalone installs for remote users to centrally managed for HQ users, or a mix of options.

    Certifications:- SafeGuard Enterprise Device Encryption v5.30 is Common Criteria EAL3+ certified. - SafeGuard Enterprise is FIPS 140-2 certified.**The Management Center is the single central console for the SafeGuard Enterprise solution. From this central console security officers can manage data security across the entire organization. The modular design allows for addition security modules such as full disk encryption, removable media encryption, port control and partner connect to be added easily and quickly easily augmenting existing policies and processes.

    SGN helps security administrators to effectively enforce data security in mixed environments where data resides on different types of devices including laptops, desktops and various types of removable media.

    Regardless of the device type, SGN enables administrators to apply consistent security policies across the organization. This is very important from a compliance standpoint because data needs to be effectively protected everywhere. The entire policy application process is fully automated where the resulting policy is appropriate for every specific endpoint device. This feature puts SGN ahead of the competition. The granular policies can be based on groups, OUs or device types. Users and devices can hhierarchically inherits policies (RSOP)

    Key management is quickly becoming a critical issue for companies that are deploying encryption. In a mixed encryption environment, effective encryption key management becomes a big challenge. Excellent key management is critical for end-user productivity and their ability to access critical data when they need it and are authorized to do so. SGN provides true enterprise class key management that is transparent to end users while giving full control to administrators to backup and restore systems while facilitating the secure exchange of data between authorized users. The SafeGuard Enterprise has the revolutionary key ring feature that enables pre-defined groups of end users to transparently share confidential data and secure it from both internal and external threat. In emergencies, data can be quickly recovered aided by this flexible keyring technology.

    SGN allows security officer roles to be customized at a very granular level. E.g., a help desk officer could only be able to help users who have forgotten their passwords but would not be able to decrypt their devices. SGN also can enforce dual authorization for critical security admin actions. Based on polices, security features and access can be granted or revoked.

    It is important to prove that a particular device is encrypted, especially for forensic investigation or compliance purposes. SGN provides 300 types of logs that describe the device status. Administrators can select the types of logs on which they would be alerted. Logs can be exported or printed.

    SGN protects your investment in your existing enterprise infrastructure and lowers your deployment and administrator training costs. It receives information from Active Directory. It does not require any firewall changes for client/server communication. You can use your existing SQL server installations to store SGN information. *SafeGuard Device Encryption is a module of SafeGuard Enterprise. It provides PCs with transparent, centrally managed encryption. It is managed by the SGN Management Center from which it receive policies, provide audit log information, and to exchange keys.

    SafeGuard Device Encryption secures all the data on PC with full disk encryption

    It is transparent to users with no productivity impactIt allows easy password recovery with user challenge/response.It can be configured for single sign-on to the operating system

    SafeGuard Device Encryption provides strong authentication with pre-boot authentication and multi-factor options such as tokens and smartcards. The Power on (or pre-boot) authentication option provides secure user authentication before the operating system is loaded.You have the option of customizing the graphics and messages in the dialog box as shown in the figure.Users can recover forgotten passwords via challenge/response with a company help-desk. Users can access this feature by simply clicking on the challenge button.

    Users can share PCs easily and securely through multiple user accounts with centralized policy-based access

    SafeGuard Device Encryption is compatible with data recovery, forensics, imaging, backup and patch management tools

    SafeGuard Device Encryption is easy to deploy. It can be installed by automated installation tools. Users can continue to work during initial encryption

    The central administration features include:Central backup of keys, certificatesLogs stored locally and centrallyAutomated, unattended installsWeb XML/SOAP communication requires no firewall changes

    *SafeGuard Data Exchange is a module of SafeGuard Enterprise that is installed on end-user PCs. It provides transparent encryption of most types of removable media. It is centrally managed by the SGN Management Center through security policies, audit log/reports, and cryptographic key management. SafeGuard Data Exchange encrypts USB memory sticks, external hard disks, memory cards, rewritable CDs, DVDs

    The use of removable media creates many user-work flow scenarios which SafeGuard Data Exchange secures. For example, you can choose to automatically encrypt all files on the media or enable encryption of only work-related files. The SafeGuard Portable option allows users to securely share confidential data with business partners or customers.

    This easy, secure sharing of confidential files among authorized users is made possible by SafeGuard Enterprises unique key ring technology that allows transparent collaboration between teams or across the company.

    The central administration features include:Central backup of keys, certificatesLogs stored locally and centrallyAutomated, unattended installsWeb XML/SOAP communication requires no firewall changes

    SafeGuard Data Exchange summarized benefits include:Encryption at all times with strong protection across the widest variety of removable mediaFlexible workflow support by allowing a mix of encrypted and plain files on the same mediaZero impact on employee productivity with full automation & user-transparencySecure data sharing and portability with customers and partners through the unique SafeGuard Key-ring, even with non-SafeGuard recipientsCompliance management with user audit logs and reportsInvestment protection with cross-platform support (Vista, XP)

    *SafeGuard FileShare is a module of SafeGuard Enterprise that is installed on end-user PCs. It provides security for Data Repositories used by individual users or shared by Project Teams. Because data can now be encrypted and secured at the file level, unauthorized insiders in the organization cannot access confidential data. When combined with Device Encryption, users can benefit from multi-layered security FileShare that is layered over full disk encryption.

    SafeGuard FileShare is centrally managed by the SGN Management Center through security policies, audit log/reports, and cryptographic key management.

    Highlighted benefits include:Secure productivity with Project teams can securely store and share encrypted dataFully user transparent with behind the scenes key managementCompliance benefits with consistent security policy framework that is centrally enforced on all users and devicesEase of administration with Access rights can be quickly assigned/revoked as team members join/leaveBroader security coverage with Local and network storage media are protectedStrict data confidentialityfor example, even system admins. cant view data without authorization.SafeGuard Enterprise has won several awards recently.

    Certifications:- SafeGuard Enterprise Device Encryption v5.30 is Common Criteria EAL3+ certified. - SafeGuard Enterprise is FIPS 140-2 certified.*This slide highlights how Sophos brings simplicity to IT security. We offer simplicity and manageability as a core differentiator. This is better for companies in terms of cost, effort, investment and better security. A simpler solution gives you more security since it offers less opportunities for creating security problems and issues. This is attractive to organizations of all sizes. Whatever the size of the organization, their security will be improved through greater simplicity and manageability.

    Security that frees you to focus on your business. Our security is simple and effective. It is an enabler to your business rather than a hindrance. Our solutions work seamlessly in the background, ensuring that your IT people concentrate on their core responsibilities of adding strategic value to the business and are not wasting time on the operations of your companys IT security.

    Fastest growing of the three largest security companies. We are the fastest growing among the market leaders in the security space. According to the reported financials of each company, our revenues are growing faster than Symantec and McAfee. (Note: this should always be checked for any changes to each companies financials before presentation is given. Correct at end of October 2008).

    Malware, information security and security policy experts. Sophos has been in the enterprise security industry for more than 20 years and is trusted by over 100 million users. In this time it has built a deep understanding of the security landscape and the needs of small, medium and large organizations. We are at the forefront of blocking todays fast moving threats with solutions that protect the gateway, endpoint and groupware and which ensure you have complete network access control.

    **