Data Loss Prevention Security
A breach of sensitive or confidential data can result in financial losses, compliance failures and damage to your reputation and competitive advantage.Data Loss Prevention (DLP) is a computer network security term referring to systems that identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage).
Range of solutions in place that will help keep an eye on your organisation's confidential data:
- Endpoint, network, data in transit and at rest loss prevention
- Servers, laptops, mobile devices
- Storage: network storage appliances, desktops and mobile device (phone, laptop, tablets…) storage, USB / removable storage devices
- Email systems: with the advanced content filtering and encryption capabilities
- Endpoint device control: block the use of removable storage, optical media drives and wireless networking protocols.
- Application control: to block applications that could be used to leak data like P2P file-sharing software.
- Network Access Control: to ensure all managed machines are properly patched and configured, and all rogue machines are blocked.
Data Loss Prevention (DLP) for
Data in Use | Data in Motion | Data at Rest
> Understand where data exists: Organisations can’t protect sensitive data unless they know where it resides and how it’s related across the enterprise.
> Discover, secure and monitor your critical information.
> Understand where sensitive data exists: in non-production and test environments – not just production systems.
> Consumer / Private Data Sync & Share Platforms
Monitor and prevent users from syncing sensitive work files from their desktop to their personal cloud storage solutions.
> Find information quickly - whether it resides on email, enterprise storage, IM, social media, shared drives , SharePoint, web repositories and more.
> Monitor the movement of sensitive data, such as credit card numbers, PII, bank account details, social security numbers or any data or document flagged as confidential.
> Secure and continuously monitor access to the data: who is or has access to sensitive data.
> Reduce the risk of data being accidentally saved to removable storage devices or sent out of the organisation as plain text email, without disrupting users.
> Notify users with an on-screen, pop-up window message or block specific actions when a policy violation is detected.
> Mobile monitoring and protect outbound network communications sent from the native mail client, browser and other apps (e.g., Dropbox, Facebook) on iPads and iPhones.
> Network monitoring detects confidential data sent over high-risk network protocols without sampling or dropping packets: SMTP, HTTP, FTP, IM, NNTP, custom port-specific protocols, and now Internet Protocol Version 6 (IPv6) networks.
> Real-Time: Track sensitive data and the associated users in real-time to prevent any significant damage from occurring.
| > Automatically discover, inventory and classify sensitive data across
your infrastructure. > Discover and protect data across cloud and on-premise servers (physical and virtual), desktops and mobile devices. > Search and continually monitor databases, directory servers, or other structured data files. |
> Finger print data. > Hundred of file types supports. > Windows, Linux, AIX, and Solaris servers; Lotus Notes and SQL databases; and Microsoft Exchange and SharePoint servers. > Windows 7, Windows 8,Windows 8.1, and Mac OS X machines. |
> Monitor confidential data that is being downloaded, copied, or transmitted to or from laptops and desktops.
This includes
Cloud Storage: Box, Dropbox, Google Drive, Microsoft, OneDrive
Email: Outlook, Lotus Notes
Network Protocols: HTTP/HTTPS, FTP, SMTP, IM,NNTP, custom port-specific protocols, and Internet Protocol Version 6 (IPv6)
Removable Storage: USB, MTP, CF and SD cards, eSATA, FireWire
Virtual Desktops: Citrix, Microsoft Hyper-V, VMware
- Mask data in databases, warehouses and big data environments
- Mask data in both production and non-production environments
- Mask data on demand in applications or business reports to support real-time decision making
- Mask data on demand in the cloud
- Mask data in data movement tools such as ETL or data unload utilities
> Encrypt emails automatically and transparently
> Encrypted mail in their preferred email client - online, offline, desktop or mobile
> Full-disk
> Central Encryption Management
> Policy enforce and audit for encryption across Windows (built-in BitLocker ), Mac (FileVault 2 encryption for OS X), smartphones, tablets and cloud data storage platforms like DropBox, Box, Google, OneDrive.
> Inspect SSL Encrypted Traffic
> Decrypts the traffic with the sender’s public key, inspects and protects, then re-encrypts.
> Smartphones and tablets
> White-listing. Authorise the use of specific devices for transfer of sensitive data. For example, permit copying only to a corporate-approved encrypted USB drive.
> Monitor and/or prevent transfer of sensitive data to a broad range of targets such as local and network printers, USB devices and CD/DvDs.
> Spyware prevention
> Application whitelisting
> Host IPS and Firewall (intrusion prevention)
> Protects and controls user and application access to server data.
> Cloud Prevent for Microsoft Office 365 detects confidential data in cloud email sent from Microsoft Exchange Online.
> Network & Mobile Email Monitoring detects confidential email downloaded by users to iPads, iPhones, and now Android devices over the Microsoft Exchange ActiveSync protocol.
Notifies users of policy violations; and blocks or routes email to encryption gateways for secure delivery. It supports integration with any SMTP-compliant Mail Transfer Agent (MTA) and cloud services such as Microsoft Exchange Online and Email cloud providers.
> Web detects confidential data sent over HTTP and HTTPS; notifies users of policy violations; and blocks or conditionally removes data from web posts. It supports integration with any ICAP-compliant Web proxies and cloud services.
> Collaboration / communication systems: Email, webmail, IM, P2P, FTP, Skype, Windows File Share, ActiveSync, and more.
- Encrypt and digitally sign your sensitive email - automatically and transparently. Message bodies and attachments are automatically scanned for sensitive data and you can easily establish policies that determine if those emails are blocked or encrypted.
- Outlook plugin
- Clients:- online, offline, desktop or mobile
- Spam Filter: protects against emails with potentially dangerous code, attachments that might envoke a user to accidentally download a malicious program/software (malware/spyware/keystroke logger/rootkit/virus) that might extract data without the users knowledge. Or evoke the user to click on a link to a malicious website, often referred to as phishing tactics or sites, where users are duped into submitting personal information (usernames, passwords, bank account details, credit card numbers and pins).
> File monitoring technology that analyses file access and usage patterns on network-attached storage (NAS) filers, Windows servers, and SharePoint. It identifies true data owners; calculates folder risk for prioritised remediation; correlates data owners with storage incidents; and alerts you to anomalous activity and users.
> Scanning of file servers and shares, databases, and document repositories including Microsoft SharePoint and SharePoint Online, Documentum and LiveLink.
> Backup Data
Data Loss Prevention integrates with back up systems to enable scanning of backup images for confidential data.
Compliance regulations that call on organisations to address data loss prevent: PCI, DSS, EU Data Protection Directive, FRCP, SOX, California SB 24, Massachusetts CMR 17, PIPEDA, GLBA, HIPAA, HITECH, FERPA, FACTA, and FINRA, among others).
Receive alerts for activity regarding privilege escalations, confidential file access / modifications and unauthorised configuration changes.
+44(0)7714 209927
+44(0)1273 329753
| 
info@securenetconsulting.co.uk
|