200 likes | 666 Views
Trend Micro Data-at-Rest Solution. SecureDoc Solution Presentation Derek Tsang Michael Desjardins Steven Pomerenk October 12, 2010. Agenda. Differentiate your State Vendors Evaluation Criteria Considered SecureDoc Overview Ready or Not – here comes new technology Questions & Answers.
E N D
Trend Micro Data-at-Rest Solution SecureDoc Solution Presentation Derek Tsang Michael Desjardins Steven Pomerenk October 12, 2010
Agenda • Differentiate your State Vendors • Evaluation Criteria Considered • SecureDoc Overview • Ready or Not – here comes new technology • Questions & Answers
Data Security – Be very careful • Security – best of breed is a must • One stop – all in one suite shopping has never worked • Security is not a haphazard adventure – get it right the first time • Antivirus vendor vs. FDE Vendor • Switching AV is easier than switching FDE • Be very careful of your vendors • M&A activity is very distracting for 2 years • FDE is the only thing we do • Multiple GSA schedules, BPA’s
Biggest differentiator • One integrated DAR solution • Configuration/deploy/manage of PC Mac Linux clients alike • Management and support of SEDs and normal drives • Encryption of removable media USB, cddvd thumb drives • Password recovery tools • Self help hint challenge • Enterprise class key management • The key is to manage your encryption keys • “keys”usecases:cd,dvd, external drive thumb drives • lost or stolen • Internal – productivity / security has been an inverse relationship • Do not sacrifice security internally
Biggest differentiator (cont’d) • Enabling your IT security governance policies • Password rules • Policies on USB usage • Data logs for auditing client, server (sync’d) (HIPAA, HITECH) • Deployments – we deploy more easily using your existing push tools (.msi and .exe) (other Gov't agencies 1500 in one week with no help desk calls • Reduced calls to help desk – total transparency to end user (totally seamless with SSO and custom PBA screen)
Gartner MQ Client Inquiries • Data Leakage • Stability and Performance • Encryption offered as a managed service • EPP Package Deals. • Government security certifications: • FIPS 140-2 is the current standard • CC certification is a true international moniker • Hardware sub systems: • TCG, TPM, Intel AT • Key management, storage and destruction methods
Gartner MQ on WinMagic Strengths • WinMagic invests heavily in R&D. For example a recent development involves enhanced integration with Intel AT that will help to process PC lock commands through the motherboard in real time to control boot access and to wipe storage drives. • WinMagic has the following FIPS and CC certifications: FIPS 140-2 Level 2 and CC EAL4. It was included in the GSA's SmartBuy award. • Platform support is provided for Windows 2000 through 64-bit Windows 7, Mac OSX and Linux. Embedded system support includes Seagate encrypting drives , TCG encrypting drives, TPM, and Intel AT.
Evaluation Criteria Enterprise Class Management Automatic, central policy management Consolidated management of Security information and Events Enterprise Key Management & Escrow, on demand key provisioning Seamless sharing of encrypted information Standards based Cryptography Multi-Platform support: Mac, PC, LINUX World Class Support North American support
Evaluation Criteria User Transparency • Secure pre-boot authentication with support for your current and future business process (HIPPA & HITECH BREACH LAW) • Tokens • Smartcards • Future: Biometrics, Proximity • Productivity • Single sign on • Self help password recovery • Support for Self Encrypting Hardware technology • Distribution and Management tools to work with Seagate and OPAL drives • Interoperability • Disk imaging tools • Works with Any Anti-virus software, disk utilities and data recovery tools
Certifications SecureDoc has been accredited by: • The National Security Agency (NSA) (SECRET level) • Federal Information Processing Standards (FIPS) • 140-2 Level 1 and Level 2 • Common Criteria EAL Level 4 • National Institute of Standards and Technology (NIST) • Certificate #1 • Canadian Communications Security Establishment • BITS • US Federal DARTT initiative – 2 BPAs
SecureDoc Architecture 3rd Party Management Applications API Interface SecureDoc Centralized Management API New CryptoDevices Corporate LAN, Internet, 3G FDE Data LeakProtection Authentication Passwords Peripherals RME Email Tokens OPAL FFE Call Home Smartcards Seagate FDE Biometrics PortControl Antivirus Self Encrypting Removable Drives PKI New Devices SecureDoc Client Software TPM Intel AT Windows Mac / EFI Linux
Technology Partnerships 80+ technology partners: greatest breadth and depth
Enterprise-Class Management • Automatic synchronization of user / group profiles with Active Directory or other LDAP services • Consistent, auditable enforcement of security policies and user access privileges • ‘Silent’ software deployment and initialization • Local and Remote Password recovery tools andself help capability • Unique key labeling so that keys encrypted archives can always be restored • Auditing capabilities • Accommodates millions of disk sectors, files and folders
Comprehensive Data Protection • Strong encryption for hard drives and removable media • Single or multi-factor user authentication at pre-boot • Password, USB token, PKI, smartcard, biometrics and/or TPM • Only DARTT-approved vendor to employ TPM at pre-boot • File and Folder Encryption - Manual and Automatic • Central configuration and management of user / group profiles • Central assignment of user access privileges • ‘Silent’ software deployment and initialization • Use “push” technologies like SMS • Supports .msi or .exe files • Management of multiple encryption schemas
New TechnologiesIntel® Anti Theft Technology • What is it? • Hardware based security building blocks to protect your PC when it is lost or stolen • How does it work? • PC is disabled via poison pill over the internet • Local intelligence on PC detects theft and triggers action • PC remains disabled even if OS is re-installed or BIOS is re-flashed • PC can be easily reactivated via a local password or server-generated code • Intel AT helps deter laptop theft and protect data
Key Benefits HW-based capabilities improve asset and data security and offer higher tamper-resistance As the PC becomes inoperable and access to encrypted data (with data encryption software) disabled, Intel AT-enabled solutions can be a deterrent for thieves When returned, the PC can be easily reactivated without any loss of data or damage to PC Use Cases System locks after excessive failed login attempts System locks after failure to check in with management server User reports loss or theft and IT sends remote disable “Poison Pill” SecureDoc management of Intel Anti-Theft Technology
New TechnologiesOPAL and Seagate Partnering to provide next-generation security and security management for portable data-at-risk ‘Raising the bar’ for data security, user transparency and ease-of-administration Supporting Opal drives from Hitachi, Fujitsu, Toshiba, Samsung
SecureDoc Clients SecureDoc is becoming the de-facto standard for security-conscious organizations around the world.
Questions and Answers Thank You !! Q & A