#drivelock #endpointprotection #applicationcontrol #websecurity #devicecontrol #datalossprevention #mssp #ITforensics #ITreporting #ArbpWorldwide
For any queries contact us on http://www.arbpworldwide.com/Our_partners/DriveLock
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Drivelock modern approach of it security & amp; encryption solution -whitepaper
1. FINDING THE RIGHT BALANCE
A modern approach to IT security
with DriveLock
www.drivelock.de
DRIVELOCK WHITEPAPER DECEMBER 2016
Trends like digitalisation and the Internet of Things challenge IT security managers to
protect company data fully yet cost-effectively. Developed in Germany, DriveLock
security software is a solution without any back doors that complies with Germany’s
stringent data protection regulations and safeguards data and devices with a multi-layer
security concept. Many solutions are too complex and inefficient, generating
unnecessary costs and hampering productivity. With a security concept tailored to the
exact requirements of each company, DriveLock provides extensive protection – from
both internal and external threats – without affecting the efficiency of work processes. In
this way, companies can align their strategic goals with their security goals and drive
their business forward.
2. DRIVELOCK WHITEPAPER DECEMBER 2016 2
Contents
IT security – the status quo………………………………………………………………………………………………………………… 3
Four reasons for a new IT security approach…………………………………………………………………………………… 4
Next-generation security solutions…………………………………………………………………………………………………… 8
The DriveLock Security Engine ………………………………………………………………………………………………………… 8
DriveLock Security Engine in practice –
how it works with Ransomware………………………………………………………………………………………………………… 9
3. DRIVELOCK WHITEPAPER DECEMBER 2016 3
IT security – the status quo
Attacks on IT cause a huge amount of damage to business today. As security incidents multiply,
companies try to block attacks with conventional security approaches, which are mainly based on
concept like firewalls and virus protection. However, the fact that more and more firms are transferring
their data to cloud architectures means that their data is no longer hidden away safely in their data
centre and protected from the outside world. Instead, it is located in the cloud to enable staff, business
partners and customers to access it wherever they are.
IT security is a challenge across all industries, including finance, healthcare, public authorities and
manufacturing. This challenge will become even greater once the EU’s basic regulation for data
protection comes into effect in May 2018. It means that international law will also be implemented on a
national level and organisations will need to be more stringent about security than before.
IT SECURITY THE STATUS QUO
23.834
The average number
of stolen data sets per
security incident is
143€
The loss of one
data set costs
on average.
3,4
A single security
incident costs on average
MILLION EURO
Graphic: 2016 Cost of Data Breach Study: Global Analysis – Ponemon Institute
IT security incidents cause a massive
economic damage
It takes up to 201 days until a security incident is detected!
It takes another 70 days until it gets solved.
4. DRIVELOCK WHITEPAPER DECEMBER 2016 4
Risk from internal perpetrators
Danger does not always come from outside the company. Although only 38 per cent of security
incidents are caused by external threats, more than 60 per cent of companies only protect themselves
against these active external threats while neglecting protection against internal security vulnerabilities
and the risk of data loss.*
Alongside technical
shortcomings, the recklessness
of individual employees poses a
major security risk. As many as
25 per cent of all IT security
attacks are successful, because
employees can be careless –
such as by unwittingly giving
hackers passwords or installing
malware despite warnings.
Internal perpetrators, who
deliberately copy data or install
malware, are also a big
problem. In these cases,
conventional approaches to
security soon come up against
their limits.
But staff carelessness is not the
only security risk. The threat
landscape has changed and
demands new solutions. Many
companies simply patch up system security vulnerabilities in a piecemeal way or try a workaround to
remove them. To ensure that security measures are effective, companies need innovative and
comprehensive security concepts that are tailored to the requirements of their data environment.
IT SECURITY THE STATUS QUO
Quelle: 2016 Cost of Data Breach Study: Global Analysis – Ponemon Institute
119
96
89
70
36
22
18
Active external
attacks
Security gaps and
data loss risks
Unintentional misconduct by an employee
Attacks over 0-Day Exploits
Not applied patches
Misconfiguration of the system
Social Engineering
Obwohl Sicherheitsvorfälle sich nur zu 38% auf
externe Bedrohungen zurückführen lassen, …
IT security incidents in German companies
Safety defects in the
supply chain of a product
Wilful misconduct of an employee
More than 60%
of the companies
protect themselves
only against 38%
of the risks!
99% 98%
94% 94% 93%
49% 39% 31% 20% 18%
AntiVirus
Firewall
Password
authentication
Databackup
AntiSpam
Forensic&
Reporting
Encryption
Interfacecontrol
FullDiscencryption
Emailencryption
Active external
attacks
Security gaps and
data loss risks
… schützen sich Unternehmen meist nur gegen aktive
externe Angriffe, vernachlässigen aber den Schutz vor
internen Sicherheitslücken und Datenverlustrisiken
Security solutions used by German companies
* Reference: 2016 Cost of Data Breach Study: Global Analysis – Ponemon Institute;
Graphic left: ACS – Cyber Security Survey n = 220; Graphic right: BSI
5. 99% of all IT security incidents
can be traced back to known vulnerabilities
Because it’s easier to use known vulnerabilities
instead of discovering new ones.
Because it’s easier for hackers to adopt
malware instead of creating new one.
DRIVELOCK WHITEPAPER DECEMBER 2016 5
Four reasons for a new security approach
1. The Cloud – data is no longer hidden safely away in a company’s data centre and protected from
the outside world. Instead, it flows between the company, its business partners, customers and staff,
who can all access it from anywhere in the world.
2. Mobile device – in the internet era, companies of all types are virtually reliant on providing access
to relevant data at any time. Employees often work outside the office and access company data while
away at a conference or in cafés.
3. Darknet – in a similar way to companies transferring their services to the cloud, hackers also offer
their services on underground marketplaces.
4. Digitalisation – networking machines, sensors and various devices also has the effect of digitalising
a company’s core processes.
However, 99 per cent of all IT security incidents can be traced back to known vulnerabilities and could
therefore be avoided. Some companies do not install patches and updates regularly, so they offer
cyber-criminals an easy target. That makes hackers’ methods more predictable. Many organisations
have already recognised that they must adapt their security policy to their company goals, risks,
dangers and compliance guidelines.
Vier Gründe für das exponentielle Wachstum
von IT-Sicherheitsvorfällen
21
43
Increasing number
of data in the cloud
Availability
and access to
malware via darknet
More smart devices
Digitalization of
core processes
IT SECURITY FOUR REASONS FOR A NEW SECURITY APPROACH
Don‘t be a low-
hanging fruit
Do the simple
things first!
Reference: Gartner Security Summit
6. DRIVELOCK WHITEPAPER DECEMBER 2016 6
IT SECURITY NEXT-GENERATION SECURITY SOLUTIONS
Next-generation security solutions
Data security in companies is in danger on various levels. It is no longer sufficient to limit protection to
the network or the devices, because the data itself needs to be protected too. A modern solution
addresses all aspects of the challenge and permanently closes all gaps in security without
compromising business processes. New security approaches are based on two fundamental questions:
Where is our data located? – Data Centric Security (DCS)
Who has access to our data? – People Centric Security (PCS)
Combining Data Centric Security (DCS) and People Centric Security (PCS) produces a security model
that provides a high level of protection, even in a digitalised world. Three factors play an important role
here:
1. Policies – companies and their staff are able to develop policies that are perfectly tailored to their
needs and deal with data on an individual basis, depending on its type and purpose. In principle, the
possibilities inherent in this approach are endless: for example, a policy could stipulate that a PDF
containing an electronic signature requires better protection than a simple draft in Word. Another
policy could require that any file with the word “contract” in its name is given the highest level of
protection.
2. Persistent encryption – this is the only way to ensure that data really stays encrypted in every
phase. Many providers promise encryption, but only use it in the cloud, so data remains unprotected
when it is stored on a company server.
3. Comprehensive monitoring – companies can always use comprehensive monitoring to check
who is accessing which data and when. It has benefits that go beyond security and compliance, in that
employees are given more responsibility for their data but are also responsible for the consequences of
their actions. This makes restrictive security controls and enforced policies superfluous, while increasing
productivity.
P E O P L E
P O L I C Y
CONTROL
P O L I C Y
M
O N I T O R I N
G
PEOPLE
7. DRIVELOCK WHITEPAPER DECEMBER 2016 7
IT SECURITY DRIVELOCK SECURITY ENGINE
DriveLock Security Engine
Demand for modern, integrated IT security solutions is increasing due to the new threat situation that
has arisen due to digitalisation, growth in the use of mobile devices and huge quantities of data in the
cloud. The DriveLock Security Engine is a fully-integrated security solution that protects data on devices
and in the cloud with a unique multi-layer security concept.
1. PREDICT – the DriveLock Heat Map highlights
vulnerabilities in good time and deprive attackers of
opportunities to cause damage.
2. PREVENT – vulnerabilities are secured by certified
encryption, application checks and Device Control and
protected against malicious attacks as well as self-inflicted
data losses.
3. DETECT – in the event that an incident does occur
despite this protection, the DriveLock Forensics function
provides detailed reporting in real time. Together with the
Avira Antivirus Engine, it discovers security incidents in
record time.
4. RESPOND – once it has been discovered, companies
can ring-fence the problem with flexible policy settings to
ensure that it cannot spread or be repeated.
DMC
Companies can use the DriveLock Security
Engine to easily align their strategic goals with
their security goals. The appropriate tools from
the DriveLock portfolio can be configured
individually to adapt them to the relevant
situation. This enables a level of protection that
cannot be achieved with single applications.
8. DRIVELOCK WHITEPAPER DECEMBER 2016 8
IT SECURITY DRIVELOCK SECURITY ENGINE IN PRACTICE
DriveLock Security Engine in practice –
how it works with ransomeware
Ransomware is becoming one of the most pressing IT threats in companies. More and more hackers
use social engineering to try and attack individual companies in a highly targeted way. Some other
attacks are more random. In each case, company staff trigger the encryption process by mistake or
even deliberately – with expensive consequences. Ransomware attacks follow a relatively predictable
plan. Throughout the kill chain, there are many opportunities to let the attack dissipate on its own. This
is where the DriveLock Security Engine starts working. An attack can already be blocked in the
exploratory phase (1). The key: well-trained staff who know which contact requests are likely to be
malicious. The DriveLock Education Module trains employees effectively so that they learn how to
respond confidently to a variety of threats.
Once the attackers have obtained an exploit (2) and start delivery (3) of the malware to the target
computer, the relevant components from the DriveLock Endpoint Security portfolio get to work. The
Antivirus, Web Security (URL filtering) and Device Control modules can block most ransomware attacks
in this phase. Even in the ransomware installation (4) phase, the solution can still implement
measures to counter the threat. The application verification function prevents unauthorised software
from being installed or executed on users’ devices. Many ransomware programs receive additional
instructions (Command & Control, 5) over the internet, such as to trigger the encryption process.
The DriveLock Web Security module acts by stopping communication with the target system.
Preparation
Purchasing an exploit over
darknet
Installation
Installation of the malware on
the target system
Exploration
Email addresses,
Social Engineering, etc.
Awareness
Device Control
Application Control
Web Security
Delivery
Delivering the bundle to the
target via email, web, USB …
Command & Control
Connection establishment to
manipulate the target system
externally
There are many possibilities, to let a ransomware fall on
stony ground.
9. CONCLUSION
The demands placed on today’s IT security solutions have increased significantly. Against the backdrop
of digitalisation, companies are placing a much greater focus on data protection and security. In par-
allel, demand is also growing for software solutions that enable firms to implement new regulations
and policies easily and effectively.
The DriveLock solution helps companies to protect their data while complying with legal require-
ments. The next-generation endpoint security software includes preventive measures to thwart attacks
and stop the system from becoming infected. DriveLock software evolves constantly in order to guar-
antee security for sensitive data.
DriveLock is a leading global specialist in IT and data security. It has been developing security software
exclusively in Germany since 1999, at its locations in Ludwigsburg and Munich. DriveLock solutions
provide the best “made in Germany” endpoint security without any back doors.
DriveLock means IT security – made in Germany: without back doors by guarantee!
We assess your security needs individually.
Arrange an appointment with your partner for data security today.
+971 4 514 3655 info@arbpworldwide.com www.drivelock.de
IT SECURITY CONCLUSION
DRIVELOCK WHITEPAPER DECEMBER 2016 9