Upload
ajilani2014
View
216
Download
1
Embed Size (px)
Citation preview
McAfee Endpoint Encryption
Presenter Name
Presentation Date
Agenda
1 2 3 4
Agenda
1
It’s All About the Data!
• SOX • HIPAA • PCI-DSS• GLBA • FISMA• ITAR• State data breach
(e.g., CA SB 1386) • U.K. Data Protection Act
Compliance
• Customer/prospect lists• Price/cost lists • Design docs• Source code• Formulas• Trade secrets• Process advantages• Pending patents• Company logo/artwork
Intellectual Property
• Board minutes• Financial reports• Merger/acquisitions• Product plans• Hiring/firing/layoff plans• Salary information• Acceptable use
High Business Impact(HBI) Information
The goal of all IT security effortsis to PROTECT DATA
Data At Risk, Even From Trusted Insiders
80% of CISOs see employees as the greatest data threat
73% of data breaches come from internal sources
77% unable to audit or quantify loss after a data breach
Survey: Dark Reading/InformationWeek (2009)Survey: MIS Training Institute at CISO Summit (2009)McAfee Datagate Report. Produced by DataMonitor (survey of 1400 IT professionals across UK, US, DR, DE, and Australia)Ponemon (2009)
68% plan to use former company’s confidential data in new job
SanDisk Endpoint Security Survey, April 2009
Types of Data At Risk: What’s Copied to USB Drives
SC Magazine
“Data Breaches Continue to BecomeMore Common and More Severe1”
“DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor…”
“Royal London Mutual Insurance Society loses eight laptops and the personal details of 2,135 people”
“The FSA has fined Nationwide £980,000 for a stolen laptop”
“Personal data of 600,000 on lost laptop”
“ChoicePoint to pay $15 million over data breach—Data broker sold info on 163,000 people”
1 Top Finding from Ponemon 2010 Annual Study: U.S. Enterprise Encryption Trends, November 2010
Consequences of a Breach
• Penalties• Fines• Costs of remediating a data breach• Brand damage• Customer churn• Loss of competitive edge• And more
Increasing Compliance Burden
9
• Key regulations driving encryption in the US are state privacy laws, PCI requirements & HIPAA1
• Find summaries of US & global data protection laws at mcafee.com/us/regulations/index.aspx
1 Top Finding from Ponemon 2010 Annual Study: U.S. Enterprise Encryption Trends, November 2010
Datenschutz (Germany)
GISRA (USA)
Data Protection Act (UK)
Government NetworkSecurity Act (USA)
California SB 1386 (USA)
US Senate Bill 1350 Proposed (USA)
HIPAA (USA)
Gramm-Leach-Bliley (USA)
Japan Personal Information Protection Act (PIPA)
US Government OMB Initiative (USA)
Directive on Protection of Personal Data (EU)
Sarbanes-Oxley (USA)
Payment Card Industry Data Security Standard
The Personal Information protection and Electronic Documents Act (Canada)
Federal Desktop Core Configuration (US Civilian)
GCSX Code of Connection (CoCo) (UK)
2004
2011
1996
Massachusetts 201 CMR 17.00
• Smartphones, netbooks, tablets, USB storage devices
• Used for work and personal
• Indispensible, highly mobile
• Workers using personal non-compliant devices and applications
• Gray area around corporate control of personal devices accessing company data
• Need to deliver corporate data when and where needed
• Devices store and access vast amounts of confidential data
10
Challenges Shaping Data Protection
Computing Cycles in Perspective
New and Increasing Types of Endpoints
1,000,000
100,000
10,000
1,000
100
10
1
1960 1980 2000 2020
Mobile Internet
Desktop Internet
PC
Minicomputer
Mainframe
10B+ Units??
1B+ Units/ Users100M
Units10M Units
1M Units
Increasing use of tablets, smartphones and USB drives equates to increasing risks for data loss
- IDC predicts the combined unit shipments of smartphones and tablets will eclipse total (consumer and corporate) PCs in 20121
- 2010 worldwide USB flash drive shipments are expected to be 275 million2
- Mobile internet connected devices gaining speed
Morgan Stanley
Agenda
2
Key Requirements for Securing Data
Protect data on a wide range of endpoints
Easy, consistent security management
Proof of protection
14
Desktop
McAfee Data Protection
Smartphones
Tablets
Enterprise Data Center
Databases AppsNetwork DLP
Laptop
Removable Media Storage
USB devices
Device ControlEndpoint Encryption for PCEndpoint Encryption for Mac
Host DLP
Endpoint Encryption for Files and Folders
Encrypted USB Devices
Enterprise MobilityManagement
McAfee ePO
Comprehensive ● Integrated ● Centrally Managed
McAfee: Proven Leader, Trusted Solutions
Leader Gartner Magic Quadrant for Mobile Data Protection 2011
Gartner Magic Quadrant for Content-Aware Data Loss Protection 2010
Abi
lity
to E
xecu
te
Completeness of Vision
Challengers Leaders
Niche Players Visionaries
SymantecWebsense RSA (EMC)
TrustwaveCA
Code Green NetworksFidelis Security
SystemsVerdasys
Palisade SystemsTrend Micro
GTB Technologies
McAfee
Magic Quadrant for Content-Aware Data Loss Prevention
Agenda
3
Data Protection Challenge
1 Ponemon2 Ponemon, 2009 Cost of a Data Breach3 HIPAA DHHS Guidance 20094 http://www.realtime-itcompliance.com/laws_regulations/2008/09/pii_encryption_required_by_new.htm
• Laptops lost or stolen in airports, taxis and hotels cost companies an average of $49,2461
• 36% of data breaches were due to lost or stolen laptop computers– Average cost is $6.75 million per breach2
• Staying out of the news• Best practices:
- “Ensure that portable data-bearing devices… are encrypted”2 - “Protected health information (PHI) is rendered unusable, unreadable,
or indecipherable to unauthorized individuals if encrypted or destroyed”3
- “Encryption in past laws have been directed to be considered based upon risk, but now they are more explicitly required in some laws.” Nevada’s SB347 and Massachusetts 201 CMR 17.00 are specifically discussed.4
How best to protect confidential corporate data especially on mobile devices from loss, theft, or exposure to unauthorized parties?
McAfee Endpoint Encryption for PCs,McAfee Endpoint Encryption for Mac
Full disk encryption for Windows PCs or Mac• Protects all data on desktop PCs1 and laptops transparently• No need to be concerned about workers deciding which files to encrypt or the
myriad of “hidden” temp files that applications create which contain your data
Easy to use• Encryption happens in the background & on the fly• High performance
Easy to manage• Via integrated McAfee ePolicy Orchestrator• Centralized deployment, management, policy administration, auditing,
reporting, and recovery via a single console• Demonstrate compliance & proof of consistent/persistent security
1 Only EEPC supports desktops
Endpoint Encryption for Files and Folders
Encryption where it’s needed– Local file and folder encryption– File and folder encryption on file servers– Removable media: file and folder encryption on USB
drives– User initiated encryption of e-mail attachments
Data protection made easy– Designed for sharing of encrypted data– Persistent encryption– On-the-fly, transparent data encryption and decryption
when writing to/reading from disk– Automatic policy enforcement beyond user control– Managed via McAfee ePolicy Orchestrator platform
McAfee Enterprise Mobility Management
April 28, 202320
Database
Files
Directory
Applications
Certificate Services
Messaging
Enterprise Environment
WindowsMobile
Symbian
Android
webOS
iPhone
iPad
EMM + ePO
• Makes it secure– Configures, enforces and manages
native device security settings– Enforces compliance to enterprise
policies– Securely connect to enterprise
services: VPN, Wi-Fi, messaging and LOB apps
• Makes it easy– Self-service provisioning– Personalizes devices to
optimize end-user productivity
• Makes it scalable– Integrates into the enterprise’s
existing environment and scales to 10s of 1000s of devices
21
EE for Files and Folders
Modular, Comprehensive Data Protection Solutions
EE for PCs
Endpoint Encryption
Host DLP
Device Control (feature of Host DLP)
DLP
+
McAfee ePOMcAfee ePolicy
Orchestrator
+
EE for Removable Media (feature of EEFF)
ToPS for Data Suite Individual Solutions
Encrypted USB (devices)
Enterprise Mobility Mgmt.
Network DLP
EE for PCs
EE for Files and Folders
EE for Removable Media (feature of EEFF)
Device Control(feature of Host DLP)
Host DLP
McAfee ePO
Agenda
4
McAfee ePO Foundation of Optimized Security
23
“ePO has historically been the standard for centralized administration consoles.”
Endpoint Protection Platform Magic Quadrant
World’s most scalable security and compliance mgmt platform
— Manages 60M+ endpoints — 35,000+ enterprises — Largest deployment
@ > 5M endpoints
Deploy, manage and report on— Endpoint security— Data Loss Prevention— Endpoint Encryption— Encrypted USB devices— Enterprise Mobility Manager— Web and messaging security— Network access control— Vulnerability management— Integration with network IPS — Threat alerts from Avert Labs
Security Management Challenges
April 28, 202324
INEFFECTIVE RISK
MANAGEMENT
LIMITED VISIBILITY
COMPLEX, GLOBAL
OPERATIONS
• Fragmented technologies
• No support for on-premise and SaaS
• No real time security monitoring
• Reactive programs and processes
• No integration with business systems
• Limited analytic capabilities
• Dynamic regulatory requirements
• Manual assessment and enforcement
• Increased stakeholder pressures
Loss of Revenue
Increased Risk Exposure
Increased operational costsX X X
An Upgrade to ”Enterprise”
April 28, 202325
SECURE THEDEVICE
SECURE THE INFORMATION
SECURE THE INFRASTRUCTURE
ENFORCEASSESS
ePolicy Orchestrator
MONITORRESPOND
McAfee ePO Benefits
April 28, 202326
Automate key security and compliance processes and controls
Complete visibility and transparency cross all systems and processes
Prioritize and proactively respond to critical risks before a loss occurs
COMPLETE VISIBILITY
PROACTIVE RISK ANALYTICS
REDUCED COSTS
€$
27
Single console endpoint deployment and management
1
Single consolidated source for incident response and reporting
2
Comprehensive incident views, case management and workflow
3
Integration of Endpoint Encryption and ePO Automation of monitoring, reporting, and auditing Reduces Costs!
McAfee Endpoint Encryption
McAfee Encrypted USB
McAfee DLP
28
Why McAfee Endpoint Encryption
1 Marketing leading, enterprise-class encryption
2 Comprehensive, customizable, extensible product offering includes full disk, file and folder, removable media, encrypted USB storage devices
3 Superior integration and robust management with McAfee ePO
4 Full featured compliance and audit reporting using McAfee ePO
5 Quick deployment and lowest operational cost
Summary