This document discusses Enterprise Data Loss Prevention solutions from GTB. It provides examples of sample customers ranging from large companies like Apple with 60,000 users to smaller credit unions. The core components of GTB's DLP solution include a content-aware reverse firewall, endpoint device control and eDiscovery tools. Deployment options include an out-of-line "Inspector" appliance or virtual machine image that can integrate with mail servers and scan all network traffic including HTTPS using various techniques.
2. Sample Customers
Apple, Inc. 60,000 users
American Greetings 8,000 users
Bureau of Indian Affairs (US
7,500 users
Government DOI)
Citgo Oil Company 4,500 users
ESL Federal Credit Union 1,200 users
SAFE Credit Union 750 users
San Mateo Credit Union 650 users
GTB DLP Suite-Confidential Slide 2
3. What the analysts say:
Copyright 2010 GTB DLP Suite-Confidential Slide 3
4. GTB Patent Pending
1. DLP and DLD for inspecting all outbound content and
comparing it to stored data
2. DLP and DLD for inspecting all outbound content using
search index of confidential data
3. DLP and DLD for inspecting all outbound content
using multiple fingerprints of confidential data
Copyright 2010 GTB DLP Suite-Confidential Slide 4
5. The GTB DLP Components
Cloud Enabled – Any VM
GTB Inspector GTB Endpoint DLP eDiscovery
Reverse Firewall Device Control Search & Classification
• Scans all outbound • Discovers devices • Scan Desktops
traffic • Protects devices • Scans file shares
• Highest accuracy • Audits devices • Reports on
• Able to block • Controls devices vulnerable files
without a proxy • Content-Aware • Enforces IRM
server • Automatic batch
• File format • Monitors shares
agnostic and PC’s
Supports all languages
Centralized policy, reporting and workflow
Copyright 2010 GTB DLP Suite-Confidential Slide 5
6. In the Development Pipeline
• Protection for sites such as: https://use.cloudshare.com
• Mobile devices DLP
• Network traffic analysis/protection
• Network Recorder
• Detection of additional encrypted content and protocols
• IPv6 support
• IDS/IPS + Virus, SPAM and Malware protection
Copyright 2010 GTB DLP Suite-Confidential Slide 6
7. DLP answers 4 questions:
1. Where is my 2. Who is sending 3. What data is 4. Who is receiving
data? my data? being sent? my data?
• Desktops • Insiders • PII • IP address
• Laptops • Intruders • PHI • Email destination
• File shares • Spyware/Viruses • Source Code • Geographic
• SharePoint • IP location
Copyright 2010 GTB DLP Suite-Confidential Slide 7
8. The 8 use-cases for Network DLP
1. Control a broken 2. Demonstrate 3. Automate Email 4. Detect or Block
business process Compliance Encryption encrypted content
•Who is sending, what •I have no way of •How do I automate •Should I allow
data and to whom? enforcing data loss encrypting emails encrypted data to
compliance regulation which require it? leave without
content inspection?
7. Detect/Block TCP 8. Employees’
5. Severity Blocking 6. Visibility to SSL
from non-trusted users Education
•Some breaches are so •I have no visibility to •How do I detect •My employees are
severe that I prefer to SSL in general and transmissions from not complying with
altogether block HTTPS in particular! non-trusted users the Written
them! (Malware/Viruses/Troj Information Security
ans) Policy (WISP)
Copyright 2010 GTB DLP Suite-Confidential Slide 8
9. What data must be protected?
Personal identifiable information (PII)
• Credit card number
• Social security number
• Customer name
• Address
• Telephone number
• Account number/Member number
• PIN or password
• Username & password
• Drivers license number
• Date of birth
Copyright 2010 GTB DLP Suite-Confidential Slide 9
11. Network DLP configuration - OOL
•Log
Enforcement •Encrypt
Actions •Quarantine
•Severity Block
•Redact
Mirror/SPAN port
The GTB Inspector is an
appliance that can be deployed
in Bridge / Out of Line through
a SPAN/Mirror port and is
available as a VM image as well.
Scans all TCP channels on all 65,535 ports
Copyright 2010 GTB DLP Suite-Confidential Slide 11
15. Fingerprint Detection Engine –Structured Data
The most accurate detection engine in the DLP space
Feature Benefit
Can fingerprint any database Highest flexibility
Multi-field detection No false positives
Automatic fingerprints refresh Easy maintenance and operation
Automatically deletes fingerprints that are no longer
Options for time-based sensitive content
sensitive
Supports user-defined fields Protects your direct business data
Fingerprints 1 million fields in 10 minutes Very high performance
Copyright 2010 GTB DLP Suite-Confidential Slide 15
17. Fingerprint Detection Engine – Unstructured Data
The most accurate detection engine in the DLP space
Feature Benefit
Multiple data stream fingerprints using
Allows for partial file match
proprietary algorithm
Options for binary or text detection Detects images inside files
Options for excluded content Detects sensitive data only
Automatically deletes fingerprints that are no longer
Options for time-based sensitive content
sensitive
User defined sensitivity (in bytes) Highest possible control on what is detected
Virtual zero false positive rate Highest accuracy
Multi-language support Files in any language can be protected
Copyright 2010 GTB DLP Suite-Confidential Slide 17
18. Data Patterns Detection
• Extended REGEX templates out of the box
• Patterns defined through REGEX in PHP
• Lexicons support
• User defined severity level per pattern rule
• Multi field weights and occurrences
• Support for all languages
Copyright 2010 GTB DLP Suite-Confidential Slide 18
19. Deployment requirements
Inspector Endpoint eDiscovery
• 40 GB HD • Windows Server • Runs on any
• VMware Server • Runs on any windows OS
• 4GB RAM windows OS
The GTB Inspector is also available as an appliance
www.gttb.com
Copyright 2010 GTB DLP Suite-Confidential Slide 19