In March 2014 "Data Security Solutions" participated in ITSEC VAD "Arrow ECS" RoadShow Baltics - Riga, Tallinn and Vilnius! Presentation about importance of encryption in 21st Century. "Building a digital fortress!" by Arturs Filatovs.
1. Innovations in cyber security technologies
Arturs Filatovs
Business Development
Manager
March 2014
Arrow ECS RoadShow Baltics
Symantec Encryption –
Building A
Digital Fortress
2. Arturs Filatovs business card
More then 5 years experience in delivering Innovative
IT Security Solutions to Baltic states
Knowledge of more then 25 different IT Security
Solutions
Specialization - Mobile IT Security
3. Lets move our hands – who is here today?
CISO
Director, Desktop Ops
Director, Network Ops
Helpdesk Manager
4. Todays To do list
“Data Security Solutions” role in Baltics
Technology vs. Time
Encryption’s role in security
Don't be scared – Encrypt everything
Build Digital fortress with Symantec Tech
5. “Data Security Solutions” business card
Specialization – IT Security
IT Security services (consulting,
audit, pen-testing, market analysis,
system testing and integration,
training and technical support)
Solutions and experience portfolio
with more than 20 different
technologies – cyber-security global
market leaders from more than 10
countries
Trusted services provider for
banks,
insurance
companies,
government and private companies
(critical infrastructure etc.)
6. Role of DSS in Cyber-security
Development in Baltics
Cyber-Security Awareness Raising
Technology and knowledge transfer
Most Innovative Portfolio
Trusted Advisor to its Customers
7. Cybersecurity Awareness Raising
Own organized conference “DSS ITSEC”
5th annual event this year
More than 400 visitors and more than 250 online
live streaming watchers from LV, EE, LT
4 parallel sessions with more than 40
international speakers, including Microsoft, Oracle,
Symantec, IBM, Samsung and many more –
everything free of charge
Participation in other events & sponsorship
CERT & ISACA conferences
RIGA COMM exhibition & conferences
Roadshows and events in Latvia / Lithuania /
Estonia (f.i. Vilnius Innovation Forum, Devcon,
ITSEC HeadLight, SFK, business associations)
Participation in cyber security discussions,
preparations, seminaries, publications etc.
strategy
8. Innovations – technology & knowledge transfer
Innovative Technology Transfer
Number of unique projects done with
different technology global leadership
vendors
Knowledge transfer (own employees,
customers – both from private & public,
other IT companies)
Areas include:
Endpoint Security
Network Security
Security Management
Application Security
Mobile Security
Data Security
Cyber-security
Security Intelligence
19. IT Must Evolve To Meet New Demands
InformationCentric
System-Centric
• Collaborative Apps and Social
Media
• Transactional Apps
• Unstructured data
• Structured Data
• Distributed information
• Centralized information
• People are the new perimeter
• Perimeter-based security
• Virtual Infrastructure and Cloud
• On-premise infrastructure
20. Endpoints: The Borderless Enterprise
Field
Data Center
Headquarters
Field Offices
Point
of Sale
Point
of Sale
$262 Million: Estimated cost of
the Heartland Payment Systems
breach1
1Based
Global Internet Security Threat Report, Trends for 2008
Customer email
stored on mobile
phone
12,000 Laptops lost
in United States
airports every week2
Trojans, malware, unauthorized 1 in 10 people have lost a laptop, smart
software
phone, or USB drive with corporate
information on it3
on 130,000,000 records lost (Datalossdb.org) and $202 per record (Ponemon Institute)
3Symantec
Corporate data
copied onto USB
drive
2http://www.darkreading.com/security/encryption/showArticle.jhtml?articleID=211201139
25. Some questions?
Who from you are using encryption?
What will happen if data will be lost/stolen?
Who will be responsible?
When you are sending confidential data via post, how
do you secure it?
26. Encryption beginnings – Sparta/ Greeks/ Rome
Greek generals used Scytel to encrypt and decrypt
messages (Symmetric encryption)
27. In what our organizations believe today
SSL/ TLS/ VPN/ HTTPS – this is only
data in motion using x.509
28. What we use for document security
E-Signatures – Limited functionality for
document encryption data at rest/ data in motion
Not User friendly (smart cards, Card readers,
USB tokens … )
33. Mobility - Potential For Data Loss
47% of corporate
data resides on
mobile devices
43% of employees
lost a device with
company data
32% of employees didn’t report the loss or theft in a timely fashion
34. Our users weakest link
1 in 10
people have lost a laptop,
smart phone, or USB drive with
corporate information on it*
32%
of employees didn’t report the
loss or theft in a timely fashion*
*Symantec Global Internet Security Threat Report
36. Concerns from customer side
Hardware-based encryption is
faster and it’s an option on Dell
and other PCs.
Why do I need encryption if I
have
DLP
or
Endpoint
monitoring?
We are going to wait for our
Windows 7 rollout in our
environment and use Bit locker
How to recover encrypted
info?
Master key is security risk for
us.
40. Products
Tasks Objectives
Don't be scared – Encrypt everything
Keep data secure
Meet compliance objectives
Protect data at rest
Protect the business
Control costs and liabilities
Protect data in motion
Protect data in use
Endpoint Data
Protection
File and Server
Protection
Email
Protection
• PGP Whole Disk
Encryption
• PGP NetShare
• PGP Desktop Email
• PGP Command Line
• PGP Gateway Email
• SEE FDE
• SEE RSE
• PGP PDF Messenger
• PGP Portable
• PGP Support Package
for BlackBerry
• SEE Device Control
• PGP Mobile
Management
• PGP Universal Server
• PGP Key Management
Server
42. Build Digital fortress with Symantec
Full Disk Encryption (FDE)
• PGP® Whole Disk Encryption
• Symantec Endpoint Encryption (EE) FDE
Device and Media Encryption
• PGP Portable
• SEE Removable Storage Edition (RSE)
• SEE Device Control
FTP/Batch and Backups
• PGP® Command Line
Management
Central Management of
Encryption Applications
PGP® Universal ™ Server
File/Folder/Shared Server Encryption
• PGP® NetShare
Gateway Email Encryption
• PGP® Gateway Email
End-End Email and IM Encryption
Key Management
PGP® Key Management
Server (KMS)
• PGP® Desktop Email
Smartphone Solutions
• PGP® Mobile
• PGP® Support Package for BlackBerry®
42
43. Full Disk Encryption
Full disk encryption for desktops, laptops, and
Windows® servers. Supports Windows®, Mac
OS® X, and Linux® platforms
• Encrypts desktops, laptops, and USB-attached drives
• Protects against personal computer loss,
theft, compromise and improper disposal
• Reduces risk of loss of
PII (Personally Identifiable Information)
and other sensitive data
• Supports Windows, Mac OS X, and Linux
PGP Whole Disk Encryption; SEE Full Disk
Encryption
43
44. Removable Media Protection
Removable Storage Encryption
• Secure portable data at rest
– Enforce mandatory removable
storage encryption policies
– Access and re-encrypt data from any
PC or Mac
Centralized – Integrated
Management Console
Policies
Auditing
• Granular file- and folder-based
encryption
– Allow encrypted and unencrypted
data on user devices
– Enforce policy-controlled exemptions
by file type and device
SEE Removable Storage Encryption
Removable
Media
Encryption
45. PGP® Email Protection
PGP® Desktop Email
PGP Universal™
Gateway Email
PGP®®PDF Messenger
PGP Viewer for iOS
PGP® Support Package
for BlackBerry®
Desktop-based Email Encryption
• Automatic end-to-end email encryption
Gateway-based Email Encryption
• Clientless email encryption
Encrypted Email Viewer App for iOS
• Decrypts and views messages
• Verifies digital signatures
Encryption for BlackBerry Email
• Native client access to encrypted email
Encryption for Windows Mobile Devices
PGP®
Mobile
Symantec Encryption - Confidential
• Encrypted Email
• Encrypted Files and Folders
45
46. File/Folder Encryption
Distributed file protection
Shared file protection
User file protection
Protect individual files and folders
Protect shared files and folders
Protect transferred files and folders
PGP NetShare, PGP Command Line
46
47. PGP® File and Server Protection
PGP® NetShare
PGP® Command
Line
Shared File Protection
• Protect data exchanged between users via shared
network folders
Scriptable Encryption
• Integrate encryption into data transfer, data
distribution and data backup processes
48. PGP or Symantec Endpoint Encryption?
Products
Exceptions
Customer Need
Default Play
Existing
SEE/GE
Customer
DAR U.S.
Fed
SmartBuy
Active Directory +
MSFT Stack
PGP Whole Disk Encryption
PGP Portable
SEE Removable Storage Encryption
SEE Device Control
Endpoint Encryption
SEE Full Disk Encryption
SEE Device Control
PGP Desktop Email
Email Encryption
PGP Gateway Email
PGP Mobile
PGP Support Package for BlackBerry
Server / File Encryption
Management
PGP NetShare
PGP Command Line
PGP Universal Server and PGP Key Management Server (KMS)
• Symantec’s strategic direction for Endpoint Encryption is to “converge” the solutions into a single offering.
• In the interim, Symantec will provide full support for both Endpoint Encryption technologies.
Selling Symantec Encryption Products
48
49. Defense-In-Depth: Encryption + DLP
Network DLP / Gateway Encryption
• Automatically encrypt emails containing sensitive data
• Notify employees in real time/context about encryption policies and tools
Storage DLP / File-Based Encryption
• Discover where confidential data files are stored and automatically apply
encryption
• Ease the burden to IT staff with near transparence to users
Endpoint DLP / Removable Storage Encryption
• Target high risk users by discovering what laptops contain sensitive data
• Protect AND enable the business by targeting encryption efforts to
sensitive data moving to USB devices
50. DLP + PGP Universal Gateway Email
5 Email encrypted and sent
1 Receive email
MTA or Proxy
PGP Universal Server
4 Violation detected - re-route
to encryption server
2 Check email content
for encryption policy
violations
3 No violation - email sent
Key Benefits:
• Automate gateway encryption; ease burden on end users
• Enforce and report on encryption policies
52. Takeaway
Technology lifecycle from 3-6 year to 6-12 months
Encryption will help you sleep tight
Don’t be scared to encrypt all type of data
Centralized key management is important
One encryption solution for different type of date
Select DSS as your trusted security advisor – we
work with Symantec (PGP) more than 5 years already!!