Preview only show first 10 pages with watermark. For full document please download

Ibm® Data Security Services For Enterprise Content Protection

   EMBED


Share

Transcript

Helping prevent loss of sensitive data IBM® Data Security Services for enterprise content protection ‑ network data loss prevention solution Driving business value in an ever-changing business landscape Information is the lifeblood of an organisation. Day-to-day operations revolve around effective information flow, as do innovations, such as collaboration technologies, that drive business growth. As both the value of information and requirements for greater accessibility to data increase, the risks associated with data loss also increase. Loss of business-critical information can result in large financial and competitive losses. In addition, customer trust may be negatively affected by the loss of sensitive data that an organisation is entrusted to manage and protect, Highlights causing further lost business. Data access that is readily available to Facilitate rapid and effective collaborative flow of information customers, partners, and employees, protection against data loss to drive innovation and business yet controlled by policy is required. across your entire network growth Reduce financial and competitive Align a network data loss Most organisations invest in technologies to protect systems from risk associated with data loss prevention solution to your key threats, such as viruses and other incidents requirements and speed time malware. While such system protections to value by leveraging IBM’s are needed, it is equally important to market-leading network data employ protections to deter threats to loss prevention technologies, information, a limitation of traditional services expertise and proven information security strategy and methodologies to deploy and technologies. These threats can be support a complete integrated malicious, such as stolen information security solution taken by a disgruntled contractor, or Consistently enforce required corporate and regulatory security policies Create a secure, policy-driven environment that encourages unintentional in nature, such as data inappropriately emailed to a personal account by a well meaning employee or posted unknowingly on a blog or social networking site. Reducing risk efficiently through network a breach or discovers critical data that IBM designs network data loss data loss prevention is currently unprotected against loss or prevention solutions with your needs in An organisation must protect its data. mishandling, speed to implementation mind to: You need to protect data in every becomes crucial. stage of its lifecycle—from creation and modification to distribution and archiving. And you have to secure data no matter what form it takes or where it is stored. Network data loss prevention offers an efficient means to deploy a solution to protect this data. Certain types of network behaviour, such as peer-to-peer networking, expose organisations to unnecessary security risks. Consequently, IBM services are designed to spot use of these “dangerous” protocols and control them by blocking the traffic, throttling the bandwidth that these applications consume or alerting administrators IBM offers a network data loss prevention solution to help you protect your data and adhere to compliance requirements while enabling information to flow, resulting in uninterrupted day-today business activities and encouraged innovation. Delivering end-to-end integrated data security solutions for enterprise content protection Data generates new value when it is used. Although usage creates risk, appropriate manipulation increases the value contribution of an organisation’s most valuable asset—data. • Establish an enterprise data loss prevention framework for your organisation • Deploy market-leading technology using a proven implementation methodology • Translate and enforce corporate data classification and management policies • Monitor data usage, configure application controls and block unauthorised behaviour • Define and deliver reliable management and support services IBM Data Security Services address the challenges associated with about them, so that they can take IBM can create a security framework to deploying a comprehensive solution appropriate actions. help secure your information throughout by managing cost and scope, the extended enterprise. IBM also accelerating implementation, leveraging provides application integration for IBM information security expertise ease-of-compliance reporting and policy and reducing the need for additional administration. The resulting solution headcount. The IBM network data loss prevention solution can be deployed rapidly, enabling a wide span of coverage across your entire network. An appliance form factor allows for implementation only at determined network control points. And with a network solution all network traffic can be inspected, regardless of endpoint origination, without requiring deployment on each endpoint device or causing the associated impact to end users. If your organisation suffers ensures that you can collaborate while mitigating risk associated with data transfer and usage. Enabling network data loss prevention as Leveraging network technology to address Stopping data loss before it occurs part of a holistic solution a broad set of information security risks IBM offers proven technologies and The IBM approach to data security The IBM network data loss prevention methodologies designed to help you is to disperse control across three solution is designed to protect sensitive plan, implement and manage an main areas of the IT environment. data while drawing on the benefits integrated network data loss prevention By dispersing encryption, content of a network-based approach. The solution. Our professional consultants inspection, user monitoring and access IBM network data security process is leverage the Fidelis Extrusion Prevention control management functionalities designed to: System® (Fidelis XPS™) to deliver an throughout the infrastructure, IBM can help identify risks and deploy mitigating controls for greater data protection across the extended enterprise at a lower total cost. IBM data security solutions, including network data loss prevention, are designed to help you achieve your company goals while protecting against both malicious threats to data within the enterprise and threats that are caused by human fallibility, such as inadvertent mistakes or lack of awareness of policy. • Monitor and/or prevent the loss of sensitive data (e.g., identity information, intellectual property, etc) integrated solution. Designed to handle the most demanding network environments, • Provide safeguards to prevent or monitor use of vulnerable applications (e.g., instant messaging, peer to peer) IBM network data loss prevention • Speed deployment, resulting in lower costs, and reducing risk sooner on gigabit-speed networks. • Enable collaborative activities to occur with reduced risk, thus promoting greater productivity and innovation • Reduce risk of data loss, resulting in brand protection and reduced costs, such as legal fees associated with data breaches Figure 1: IBM Data Security Model to protect data inside the network. solutions help prevent data loss across all network channels across all ports, including direct-to-internet traffic, even IBM helps you to gain control of your Deploying Fidelis XPS network appliances techniques are used covering both network to: to support high speed networks Profiling and Registration categories, Fidelis XPS has a two-tiered architecture as well as some hybrid techniques. that consists of multiple policy Combining accuracy with speed, data sensors placed around the network loss analysis is executed in memory (not to detect and/or prevent data loss on disk) on traffic in motion so that data and a central management console, loss can be prevented in real-time, even CommandPost™, to distribute policies on gigabit-speed networks. • Control both proxied and direct-tointernet traffic • Inspect network traffic, including attachments and compressed files, for sensitive content • Identify different types of sensitive information—personally identifiable information, credit card data, source code, ePHI (electronic protected health information), classified information, and other types • Stop unauthorised traffic based on content, application, and/or protocol • Quarantine sensitive or unencrypted e-mails before they leave the network • Manage and monitor all channels including e-mail, web, Webmail, instant messaging, file transfers, telnet, and peer-to-peer • Monitor external traffic and/or on internal traffic segments to view all network traffic across an organisation and then collect and organise alerts. This solution analyses network traffic Fidelis XPS provides four different “on the wire” (in-band or out-of-band) types of sensors (Fidelis XPS Direct, and integrates with existing network- Fidelis XPS Internal, Fidelis XPS Mail, centric devices. Even sensitive and Fidelis XPS Proxy), with all sensors information that is passing through as an managed by the CommandPost™ attachment can be logged or prevented management console. All sessions from going outside your organisation, with policy violations are detected in accordance with your data security by the sensors and forwarded policy. As necessary, the technology to CommandPost for centralised can identify suspicious activity to your alert management, issue tracking, administrators, empowering them — and storage. In addition, all policy or IBM on your behalf — to take the management, user administration, and appropriate actions. system configuration are handled from CommandPost. A modular channel and content analysis system operates in real-time, allowing multiple content inspection techniques to be logically chained together to ensure low false negative and low false positive rates. At present, ten different IBM combines the use of refined methods and extensive skills to help you realise the full value of your technology investment. Our services are designed to help optimise productivity, manageability and cost-effectiveness within your IT organisation. Why IBM and Fidelis Security Systems? Together IBM and Fidelis Security Systems join their experience, Figure 3: Verdasys Digital Guardian Integrated Data Security Platform expertise and technology to deliver comprehensive network data loss prevention. With IBM’s global reach Deploying your network data loss prevention solution IBM understands data security at the enterprise level. Our consultants and specialists have experience with a wide range of industry solutions and IT architectures to help you quickly adopt a network data loss prevention solution. Our professional support services can help you: • Conduct a Requirements and Planning Workshop to help you define compliance requirements, identify sensitive data and determine potential use and misuse scenarios, using a high-level data classification model. This model determines data sensitivity and impact to business when such data is lost or exposed to unauthorised use, including applications which could pose risk to sensitive data and network data loss prevention services that might mitigate identified risk. • Leverage a Discovery Assessment to gain rapid awareness of data loss, risky application and protocol usage, and the number and types of policy violations identified. • Create your Policy Design by working with you to define data loss prevention policies that align with your business requirements. and scale, you can confidently deploy • Implement components of a solution in your environment successfully by providing the following Implementation Services: Fidelis best-in-class technology. IBM • Implementation planning and project management your information security through its - Solution architecture and design - Installation of primary components - Testing of primary components - Product roll-out of controls - Project documentation solutions, powered by Fidelis, provide you with an end-to-end network data loss prevention solution to manage entire lifecycle. IBM can help you deploy and manage the Fidelis network data loss prevention technology as part of a holistic data security framework, integrating policies with other data security technologies, such as endpoint data loss prevention. - Help desk deployment assistance - Technical training and transfer skills - Project close-out and hand-off • Provide a single point of contact for your support needs with a global Support Desk – which will provide support for all Fidelis Security Systems’ products licensed and deployed in the solution with escalation to Fidelis for break/fix or insolvable issues. IBM support desk will own and help manage, track and resolve problems related to the network data loss prevention solution. With IBM and Fidelis, knowledgeable practitioners, proven methodologies and innovative software and services help you rapidly implement and support a comprehensive solution to protect your market value at less risk than your internal staff and most other service providers. For more information To learn more about IBM Data © Copyright IBM Australia Limited 2009. ABN 79 000 024 733. Security Services for network data © Copyright IBM New Zealand Limited 2009. loss prevention, contact your IBM © Copyright IBM Corporation 2009. All rights reserved. representative, IBM Business Partner* or visit: ibm.com/services/au/ IBM Australia Limited Level 13 601 Pacific Highway St Leonards NSW 2065 Trademarks: IBM, the IBM logo and ibm. com are trademarks of IBM Corp registered in many jurisdictions worldwide. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. Other company, product and service names may be trademarks or service marks of others. Important Privacy Information: If you would like to request access to or correction of your details or if you or your organisation would prefer not to receive further information on IBM products, please advise us on: 132 426 (Australia) or 0800 801 800 (New Zealand). References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. The information in this document relating to Fidelis Security Systems products has been provided by Fidelis Security Systems. IBM is not in a position to verify the accuracy of the information or any claims made by third parties. Subject to any support desk services set out in this document which are offered by IBM, warranty, service and support of non-IBM products are provided directly to you by the manufacturer, supplier and publisher of the product. Subject to any rights which may not be excluded or limited, IBM makes no representations or warranties regarding nonIBM products or services. *Business Partner is used informally and does not imply a legal partnership. GL_10867