1 / 84

TTEC GO: Tivoli Endpoint Manager for Core Protection

TTEC GO: Tivoli Endpoint Manager for Core Protection. Agenda. Main audiences for GO web seminars are Support, Services, GRT, SWAT, Tech Sales and Business Partners

keziah
Download Presentation

TTEC GO: Tivoli Endpoint Manager for Core Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TTEC GO: Tivoli Endpoint Managerfor Core Protection

  2. Agenda • Main audiences for GO web seminars are Support, Services, GRT, SWAT, Tech Sales and Business Partners Note: (TTEC-GO training is recorded for replay by IBM employees and select business partners who have been cleared for access to IBM Confidential material.) • Introducing v10.6 • Scan Cache • Clean Type • Self Protection • WRS supporting HTTPS • Data Protection • Device Control

  3. Disclaimer This training is developed and delivered prior to the completion of the product. There may be changes in the GM version that will not be reflected in this training.

  4. Introduction

  5. Introduction

  6. Feature Overview

  7. Main Themes • Deliver Data Protection solution with minimal management overhead • Introduce Device Control feature • Lean and Light - client performance enhancement • L10N release to support more languages

  8. Feature List • Data Protection and Channel Leakage Control (File Attribute, Regular Expression and Keyword) • Device Control • On-demand Scan Performance Enhancement • Integrate DCE 6.5 to Enhance Rootkit and FakeAV Cleanup Ability • Windows 2008 Server Core Support • Web Reputation Https Support

  9. TEM-CP 10.6 L10N Release • L10N release in 60-90 days after EN release • German (DE) • French (FR) • Spanish (ES)

  10. TEM-CP Architecture TEM Server TEM Agent Digit Access Control Anti-Malware Web Reputation Device Control Firewall

  11. Scan Cache

  12. Scan Cache - Introduce • Purpose:Reducing the scan time if a large number of files are excluded from the scan. • Available:Only at On-Demand scan • Two types:GCL Cache: auto-generate a scan cache by GCL(good company list) pattern from Aegis team when there is no GCL cache or it’s expiredOn-Demand Scan Cache(ODSC): auto-generate a scan cache when TEM-CP doing a On-Demand scan

  13. Scan Cache - UI

  14. Scan Cache - Configuration • Note:GCLCacheRebuildDays, OdscCriteriaDays, and OdscMaxExpiredDays are not configurable via console by customer request.

  15. Scan Cache - Registry

  16. Scan Cache - Troubleshooting • Settings:Check both configuration and registry settings are the values as expected. • Cache Files:GCL: <OSCE_FOLDER>\Cache\CommonScanCache.dbODSC: <ODSC_FOLDER>\Cache\X_ FileCache.bin, X is the HD drive • Debug log Keyword:GCL: [tmntScanDir-GCL] skip <FILE_PATH>ODSC: [tmntScanDir-ODS] skip <FILE_PATH>

  17. Clean Type

  18. Clean Type - Introduce • Purpose:The enhancement of Damage Cleanup Services(DCS) to protect endpoint from FakeAV • Two types:Standard: the original DCS mode, DCS will detect and remove Trojans then repairing the system file if modified.Advanced: DCS will also try to detect and stop Fake AV. • New option:Run cleanup when probable virus/malware is detected: do the action of one of the cleanup types when detecting probable virus/malware.

  19. Clean Type - UI • On-Demand scan wizard  Scan Action: • Real-Time scan wizard  Scan Action: • Note:The advanced cleanup is only available at On-Demand scan by following OSCE design decision

  20. Clean Type - Configuration

  21. Clean Type - Registry

  22. Self-Protection

  23. Self-Protection - Introduce • Purpose:Protect TEM-CP from the malicious attack via changing registry, stopping services, or modifying related binaries. • Note:The UI and registry settings are the same as TEM-CP 10.5.The configuration section is changed which will cause the tasks generated by the TEM-CP 10.5 “Client Self-Protection Wizard” won’t work or fail.

  24. Self-Protection - Configuration • Note:The original section on TEM-CP 10.5 is “Global Setting”.

  25. Self-Protection - Troubleshooting • Tasks:Check the customer used tasks are apply the self-protection settings to INI_CRITICAL_SECTION. • Others:Refer to TEM-CP 10.5 self-protection troubleshooting.

  26. WR with HTTPS

  27. WR with HTTPS - Introduce • Purpose:Enhance the WR functionality to support HTTPS websites. • Principle:Installing a plug-in to browser. • Flow:1. The plug-in intercepts the HTTPS URL and sends it to TmProxy.2. TmProxy reputes the HTTPS URL as HTTP URL then returns the result to the plug-in.3. The plug-in blocks or passes the URL by the result. • Depends:WR should be enabled

  28. WR with HTTPS - Tasks • Note:The “Web Reputation - Enable/Disable HTTP Web Reputation Scanning” tasks are the “Web Reputation - Enable/Disable” tasks on TEM-CP 10.5 and older version

  29. WR with HTTPS - Supported Browser • Note:Check the plug-in from browser  tools  Option  Programs  Manage add-onsFor Win server, some IE configuration should be changed1. Third-party browser extensions should be enabled 2. Internet Explorer Enhanced Security Configuration (IE SEC) should be turned off or removed

  30. WR with HTTPS - Registry

  31. WR with HTTPS - Troubleshooting • Dependence:Check whether WR is enabled. • Settings:Check corresponding registry keys are the values as expected. • Plug-in:Check the plug-in is installed on browser

  32. Q & A

  33. Agenda • Data Protection • Digital Asset Control • Feature Overview • Digital Asset Control Wizard • Reports • Troubleshooting

  34. Data Protection (1/2) • Help organization protect sensitive information from accidental disclosure and intentional theft • Features • Digital Asset Control • Prevents unauthorized transmission of digital assets • Device Control • Regulates access to external devices • A separated new site - Trend Micro Data Protection

  35. Data Protection (2/2) • Installation / Un-installation • Tasks: Core Protection Module > Deployment • Only supports IPv4 and x32 platforms • Endpoints with Trend Micro Data Loss Prevention installed must uninstall the program before installing Data Protection • Data Protection Service • Device Control or Digital Asset Control is enabled => Started • Both Device Control and Digital Asset Control are disabled => Stopped

  36. Digital Asset Control • Safeguard an organization’s sensitive data – referred to as digital assets – against leakage • Identify the digital assets to protect • Create policies that limit or prevent the transmission of digital assets through common transmission channels • Enforce compliance to established privacy standards

  37. Digital Asset Control - Overview • Digital Asset Control Policy Structure Channels, Actions, Exceptions, …… Digital Asset Policy Compliance Template Compliance Template Compliance Template Expressions File Attributes Keywords

  38. Digital Asset Control - Overview (cont.) Define Digital Assets • Work Flow Step 1 • Create Expressions • Create Keywords • Select File Attributes Create Compliance Template Step 2 • Define Rules from Digital Assets • Ex. [Asset1] AND [Asset2] Create Policy Step 3 • Select Templates • Select Channels • Specify Actions Enforce Policy Monitor Step 4 Step 5 • Create Policy Task and deploy the Task to endpoints • Logs (Analyses, Upload logs) • Reports (Violation Report, Protection Status Report)

  39. Digital Assets Wizard • Navigate to Endpoint Protection > Configuration > Data Protection > Digital Assets Setting Wizard

  40. Digital Assets Wizard- Policy Management • Navigate to Endpoint Protection > Configuration > Data Protection > Digital Assets Setting Wizard > Policy Management

  41. Digital Assets Wizard- Template Management • Navigate to Endpoint Protection > Configuration > Data Protection > Digital Assets Setting Wizard > Template Management

  42. Digital Assets Wizard- Definition Management • Navigate to Endpoint Protection > Configuration > Data Protection > Digital Assets Setting Wizard > Definition Management

  43. Step 1: Define Digital Assets Channels, Actions, Exceptions, …… Digital Asset Policy Compliance Template Compliance Template Compliance Template Template Expressions File Attributes Keywords Email Documents C/C++ code

  44. Step 1: Define Digital Assets- Expression

  45. Step 1: Define Digital Assets- File Attribute

  46. Step 1: Define Digital Assets- Keyword

  47. Step 2: Create Compliance Template Channels, Actions, Exceptions, …… Digital Asset Policy Compliance Template Compliance Template Compliance Template Template Expressions File Attributes Keywords Email Documents C/C++ code

  48. Step 2: Create Compliance Template

  49. Step 3: Create Policy Channels, Exceptions, Actions, …… Digital Asset Policy Compliance Template Compliance Template Compliance Template Template Expressions File Attributes Keywords Email Documents C/C++ code

  50. Step 3: Create Policy – Choose Template

More Related