Published on March 10, 2014
Innovations in cyber security technologies Arturs Filatovs Business Development Manager March 2014 Arrow ECS RoadShow Baltics Symantec Encryption – Building A Digital Fortress
Arturs Filatovs business card More then 5 years experience in delivering Innovative IT Security Solutions to Baltic states Knowledge of more then 25 different IT Security Solutions Specialization - Mobile IT Security
Lets move our hands – who is here today? CISO Director, Desktop Ops Director, Network Ops Helpdesk Manager
Todays To do list “Data Security Solutions” role in Baltics Technology vs. Time Encryption’s role in security Don't be scared – Encrypt everything Build Digital fortress with Symantec Tech
“Data Security Solutions” business card Specialization – IT Security IT Security services (consulting, audit, pen-testing, market analysis, system testing and integration, training and technical support) Solutions and experience portfolio with more than 20 different technologies – cyber-security global market leaders from more than 10 countries Trusted services provider for banks, insurance companies, government and private companies (critical infrastructure etc.)
Role of DSS in Cyber-security Development in Baltics Cyber-Security Awareness Raising Technology and knowledge transfer Most Innovative Portfolio Trusted Advisor to its Customers
Cybersecurity Awareness Raising Own organized conference “DSS ITSEC” 5th annual event this year More than 400 visitors and more than 250 online live streaming watchers from LV, EE, LT 4 parallel sessions with more than 40 international speakers, including Microsoft, Oracle, Symantec, IBM, Samsung and many more – everything free of charge Participation in other events & sponsorship CERT & ISACA conferences RIGA COMM exhibition & conferences Roadshows and events in Latvia / Lithuania / Estonia (f.i. Vilnius Innovation Forum, Devcon, ITSEC HeadLight, SFK, business associations) Participation in cyber security discussions, preparations, seminaries, publications etc. strategy
Innovations – technology & knowledge transfer Innovative Technology Transfer Number of unique projects done with different technology global leadership vendors Knowledge transfer (own employees, customers – both from private & public, other IT companies) Areas include: Endpoint Security Network Security Security Management Application Security Mobile Security Data Security Cyber-security Security Intelligence
Our portfolio is most innovative in Baltics!
Some just basic ideas
Time line PAST NOW
Technology is everywhere AND NOW SERIOUSLY
PC era to MOBILE era PC era Mobile era
Consolidation of IT in 21st Century We are at point where functionality of desktop collides with mobility of mobile device. Mobile IT
Technology development over time
IT Must Evolve To Meet New Demands InformationCentric System-Centric • Collaborative Apps and Social Media • Transactional Apps • Unstructured data • Structured Data • Distributed information • Centralized information • People are the new perimeter • Perimeter-based security • Virtual Infrastructure and Cloud • On-premise infrastructure
Endpoints: The Borderless Enterprise Field Data Center Headquarters Field Offices Point of Sale Point of Sale $262 Million: Estimated cost of the Heartland Payment Systems breach1 1Based Global Internet Security Threat Report, Trends for 2008 Customer email stored on mobile phone 12,000 Laptops lost in United States airports every week2 Trojans, malware, unauthorized 1 in 10 people have lost a laptop, smart software phone, or USB drive with corporate information on it3 on 130,000,000 records lost (Datalossdb.org) and $202 per record (Ponemon Institute) 3Symantec Corporate data copied onto USB drive 2http://www.darkreading.com/security/encryption/showArticle.jhtml?articleID=211201139
Cloud is taking us much higher…
Choose the right cloud smart way..
When we have to change our password...
Some questions? Who from you are using encryption? What will happen if data will be lost/stolen? Who will be responsible? When you are sending confidential data via post, how do you secure it?
Encryption beginnings – Sparta/ Greeks/ Rome Greek generals used Scytel to encrypt and decrypt messages (Symmetric encryption)
In what our organizations believe today SSL/ TLS/ VPN/ HTTPS – this is only data in motion using x.509
What we use for document security E-Signatures – Limited functionality for document encryption data at rest/ data in motion Not User friendly (smart cards, Card readers, USB tokens … )
Separate solutions less security
NSA did “great work…” Hmmm....NSA?
Cyber criminals don't sleep
Encryption threats by Ponemon Institute Our Users are our weakest link
Mobility - Potential For Data Loss 47% of corporate data resides on mobile devices 43% of employees lost a device with company data 32% of employees didn’t report the loss or theft in a timely fashion
Our users weakest link 1 in 10 people have lost a laptop, smart phone, or USB drive with corporate information on it* 32% of employees didn’t report the loss or theft in a timely fashion* *Symantec Global Internet Security Threat Report
Data protection priorities Ponemon
Concerns from customer side Hardware-based encryption is faster and it’s an option on Dell and other PCs. Why do I need encryption if I have DLP or Endpoint monitoring? We are going to wait for our Windows 7 rollout in our environment and use Bit locker How to recover encrypted info? Master key is security risk for us.
Encryption is not a rocket science
Encryption is easy
Centralized key administration is solution
Products Tasks Objectives Don't be scared – Encrypt everything Keep data secure Meet compliance objectives Protect data at rest Protect the business Control costs and liabilities Protect data in motion Protect data in use Endpoint Data Protection File and Server Protection Email Protection • PGP Whole Disk Encryption • PGP NetShare • PGP Desktop Email • PGP Command Line • PGP Gateway Email • SEE FDE • SEE RSE • PGP PDF Messenger • PGP Portable • PGP Support Package for BlackBerry • SEE Device Control • PGP Mobile Management • PGP Universal Server • PGP Key Management Server
Oh Boy do we got solution for you!
Build Digital fortress with Symantec Full Disk Encryption (FDE) • PGP® Whole Disk Encryption • Symantec Endpoint Encryption (EE) FDE Device and Media Encryption • PGP Portable • SEE Removable Storage Edition (RSE) • SEE Device Control FTP/Batch and Backups • PGP® Command Line Management Central Management of Encryption Applications PGP® Universal ™ Server File/Folder/Shared Server Encryption • PGP® NetShare Gateway Email Encryption • PGP® Gateway Email End-End Email and IM Encryption Key Management PGP® Key Management Server (KMS) • PGP® Desktop Email Smartphone Solutions • PGP® Mobile • PGP® Support Package for BlackBerry® 42
Full Disk Encryption Full disk encryption for desktops, laptops, and Windows® servers. Supports Windows®, Mac OS® X, and Linux® platforms • Encrypts desktops, laptops, and USB-attached drives • Protects against personal computer loss, theft, compromise and improper disposal • Reduces risk of loss of PII (Personally Identifiable Information) and other sensitive data • Supports Windows, Mac OS X, and Linux PGP Whole Disk Encryption; SEE Full Disk Encryption 43
Removable Media Protection Removable Storage Encryption • Secure portable data at rest – Enforce mandatory removable storage encryption policies – Access and re-encrypt data from any PC or Mac Centralized – Integrated Management Console Policies Auditing • Granular file- and folder-based encryption – Allow encrypted and unencrypted data on user devices – Enforce policy-controlled exemptions by file type and device SEE Removable Storage Encryption Removable Media Encryption
PGP® Email Protection PGP® Desktop Email PGP Universal™ Gateway Email PGP®®PDF Messenger PGP Viewer for iOS PGP® Support Package for BlackBerry® Desktop-based Email Encryption • Automatic end-to-end email encryption Gateway-based Email Encryption • Clientless email encryption Encrypted Email Viewer App for iOS • Decrypts and views messages • Verifies digital signatures Encryption for BlackBerry Email • Native client access to encrypted email Encryption for Windows Mobile Devices PGP® Mobile Symantec Encryption - Confidential • Encrypted Email • Encrypted Files and Folders 45
File/Folder Encryption Distributed file protection Shared file protection User file protection Protect individual files and folders Protect shared files and folders Protect transferred files and folders PGP NetShare, PGP Command Line 46
PGP® File and Server Protection PGP® NetShare PGP® Command Line Shared File Protection • Protect data exchanged between users via shared network folders Scriptable Encryption • Integrate encryption into data transfer, data distribution and data backup processes
PGP or Symantec Endpoint Encryption? Products Exceptions Customer Need Default Play Existing SEE/GE Customer DAR U.S. Fed SmartBuy Active Directory + MSFT Stack PGP Whole Disk Encryption PGP Portable SEE Removable Storage Encryption SEE Device Control Endpoint Encryption SEE Full Disk Encryption SEE Device Control PGP Desktop Email Email Encryption PGP Gateway Email PGP Mobile PGP Support Package for BlackBerry Server / File Encryption Management PGP NetShare PGP Command Line PGP Universal Server and PGP Key Management Server (KMS) • Symantec’s strategic direction for Endpoint Encryption is to “converge” the solutions into a single offering. • In the interim, Symantec will provide full support for both Endpoint Encryption technologies. Selling Symantec Encryption Products 48
Defense-In-Depth: Encryption + DLP Network DLP / Gateway Encryption • Automatically encrypt emails containing sensitive data • Notify employees in real time/context about encryption policies and tools Storage DLP / File-Based Encryption • Discover where confidential data files are stored and automatically apply encryption • Ease the burden to IT staff with near transparence to users Endpoint DLP / Removable Storage Encryption • Target high risk users by discovering what laptops contain sensitive data • Protect AND enable the business by targeting encryption efforts to sensitive data moving to USB devices
DLP + PGP Universal Gateway Email 5 Email encrypted and sent 1 Receive email MTA or Proxy PGP Universal Server 4 Violation detected - re-route to encryption server 2 Check email content for encryption policy violations 3 No violation - email sent Key Benefits: • Automate gateway encryption; ease burden on end users • Enforce and report on encryption policies
Complete Encryption Platform
Takeaway Technology lifecycle from 3-6 year to 6-12 months Encryption will help you sleep tight Don’t be scared to encrypt all type of data Centralized key management is important One encryption solution for different type of date Select DSS as your trusted security advisor – we work with Symantec (PGP) more than 5 years already!!
Think security first www.dss.lv email@example.com +371 27194080 / +371 29162784
Think security first