Read our Blog!
Twitter Us!

Lumension Security - Patch Management Software | Application and Device Control | Endpoint Security Solutions.Lumension Data Protection

Prevent Data Loss and Theft by Enforcing Removable Device Usage and Data Encryption Policies

Lumension Data Protection

Overview:

In today’s global 24x7 business environment, organizations need real-time access to information - balancing this with the associated risks is key to ensuring data is not lost or stolen and business productivity is not diminished. Lumension Data Protection automates the enforcement of data and device usage policies across the entire network and enforces encryption policies for sensitive data being copied to removable devices.

Lumension Data Protection
OnDemand Demo (Pop-up Window will open)

Data Protection Business Drivers and Challenges

Data breaches resulting in the loss/theft of sensitive data remain a major concern. In fact, more than 85% of companies surveyed had at least one reportable breach and 63% experienced multiple (between 6 and 20) reportable breaches.* It is expensive to recover from a data breach; not only the hard costs (e.g., notification, free credit checks, etc.), but also in terms of lost customer trust and brand equity resulting in lost business. In fact, recent statistics put the average total cost of a corporate data breach at $6.6 million, with lost business accounting for 69% of breach costs.**

This concern over data loss/theft has spawned a myriad of regulations, including pan-national (e.g., EU directive 45/2001), national (e.g., SOX, GLBA and HIPAA), state (e.g., CA SB 1361) and even industry-specific standards (e.g., PCI DSS), which apply to almost all public and private organizations no matter where they operate. For instance, in 2010 Massachusetts will require businesses that collect information about that state’s residents to follow comprehensive information security requirements; these apply to both in-state and out-of-state companies with operations or customers in Massachusetts.

Ensuring compliance with all of these regulations adds another layer of risk to your organization. Failure to comply can result in very real economic damage, both directly in terms of cost and indirectly in terms of lost customers and business.

Put an End to Lost Data and Business with Lumension Data Protection

As an IT professional charged with protecting your organization’s vital information, you are well aware of the issues:

  • Borderless enterprise - The growth of “borderless enterprises” means data is less centralized than ever before: disaggregated supply chains, outsourcing, and a mobile workforce all contribute to increased collaboration and productivity, but also opens the door to data loss or theft.
  • Increased insider risks - Innocent mistakes, malicious intent and increased opportunity all lead to an increased internal threat. Some studies suggest that well over half of all serious data breach incidents are sparked by insiders*** and almost 60% of insiders admitted they have taken company data when they leave their employer.****
  • Organized external threats - Gone are the days of pranksters and script kiddies. Today, the attacks are highly targeted, launched by increasingly sophisticated criminals who exploit online forums to buy and sell tools, services and stolen data. These organized cyber criminals supply a black market recently estimated at $276M.
  • Consumerization of IT - Users are increasingly defining the IT environment by bringing their productivity tools, both hardware (like USB flash drives) and software (like IM), into work. This too facilitates collaboration and productivity, but also exposes the organization to malware (e.g., Trojans).

How Lumension Data Protection Works

When developing your data protection strategy in this increasingly difficult environment, it is important to balance the rewards of accessible data (and the collaboration / productivity it enables) with the risks (and costs) of losing your data. Lumension Data Protection enables you to effectively balance that risk/reward to enable productivity without putting sensitive information at risk.

1. Discover: Survey your entire network to collect information on all devices that are now or have ever been connected to your endpoints, all without disrupting business until you have developed your comprehensive data protection policy.

2. Assess: Use a “whitelisting” approach to define what is allowed instead of trying to keep up with the ever changing list of what is bad; for instance, control all “plug and play” devices by class, group, model and/or unique device ID.

3. Implement: After getting buy-in from all constituents, roll out your new data protection policy enforcement tool; for instance, impose file copy limitations, file type filtering and forced encryption policies for data moved onto removable devices.

4. Monitor: Monitor the effectiveness of device and data management policies in real time, and adapt as business needs dictate; for instance, examine all policy changes, administrator activities and file transfers to ensure continuous policy enforcement.

5. Report: Generate a complete audit trail that documents how your device and data management policies prevent unauthorized users and devices from compromising critical business information.

Take Control of Your Vital Information

Ensure your data is protected.

Sources:

*1. Deloitte & Touche and Ponemon Institute, Enterprise@Risk: 2007 Privacy & Data Protection Survey, December 2007
**Ponemon Institute, 2008 Annual Study: Cost of a Data Breach, February 2009
***Data Monitor, Mitigating the Risks of Data Loss, August 2007
****Ponemon Institute, Data Loss Risks During Downsizing, February 2009

Key Features:

 

Endpoint and Device Discovery: Identify all endpoints on the network, all devices ever connected to these endpoints (servers, desktops, laptops, etc.), and support both active device scanners for unmanaged endpoints as well as continuous discovery of device connections via managed endpoints. Ensures Security and Regulation Compliance
  • Allows the organization to identify all endpoints (managed and unmanaged) as well as all devices that are currently or have ever been connected to these endpoints.
  • Understand the breadth of endpoints and devices being used across the organization.
  • Gain insight into the use of removable devices / media and data usage.
  • Lay the foundation for the development of a comprehensive Data Protection posture in compliance with internal security policy and external regulations / standards.
Data Loss Mitigation: Assess device and data usage, including what device, on what machine, by which user, and when; ability to explore by: unique device, device type, device vendor, users and user groups, machines, hours of operation, and more. Secures Data from Data Leakage/Theft
  • Provides the organization with information on usage of all removable devices (e.g., USB memory drives) and media (e.g., CDs/DVDs) by user, machine and time.
  • Prevent malicious and/or unintentional data transfer to removable devices / media.
  • Ensure data is encrypted and secure when on removable devices / media.
Data Protection Security Policy: Define security policy with global and user- and/or machine-specific rules based on specific organizational needs using a “whitelist” approach. Increases Data Security
  • Organizations can implement global data protection policies with the flexibility to make exceptions as needed by defining what devices and media may connect to the network and what users (or user groups) may do with them.
  • Create a whitelist of allowable devices at any level of granularity: at device class (e.g., all UFDs), device group, device model and/or even specific ID levels.
  • Define forced encryption policy for data flows onto removable devices / media.
  • Define data transfer policy elements, including: copy limits, scheduling per user or user group, and file type.
Security Policy Enforcement: Automated enforcement of your data and device usage policies across your entire network, and of your encryption policy for sensitive data flowing onto removable devices / media. Increases Security Compliance
  • Permits organizations to automate the enforcement of their data protection security policy at any level of granularity needed
  • Flexible enforcement by user (or user group), machine (or group), device / media, file type, time of day, and more.
  • Control of data transfers to removable devices / media (inbound / outbound), including port access.
  • Flexible encryption options, using AES-256 standard ciphering.
  • Policies can be updated and enforced whether endpoint is on- or off-line.
Audit and Compliance: Automatic logging of all network events related to your Data Protection policy, including endpoint status, device connection, user activity (such as data transfers), and file tracking (including full content shadowing), providing visibility into policy compliance and violations. All log information is compliant with Syslog protocols. Ensures Audit Readiness
  • Organizations can monitor and report on all relevant network events, and be prepared for compliance audits and/or forensics using standard and customizable reports.
  • Monitor all user activity such as device usage and data transfers.
  • Report on all device / media and data security policy compliance and violations.
  • Use patented bi-directional file shadowing to track all transferred files (or even file content).
  • Easy access to all information needed for compliance audits and forensics.
  • Show potential impact presented by unauthorized devices.
  • Enables integrated event management to lower administrative costs and provide more alerting and reporting options.
Flexible / Scalable / Secure Design: Provide organization-wide control and enforcement using scalable client-server architecture with a central database which facilitates load balancing and distributed control. Install tamper-proof agents on every endpoint on the network, and protect against unauthorized removal. Fully support both Windows Active Directory and Novell eDirectory / NDS structure. Adapts to Your Growing Business
  • Supports any sized organization, from small, local startups to large, global corporations, from hundreds of endpoints to hundreds of thousand endpoints; fast growing organizations can scale installation as needs dictate.
  • Protects endpoints from unintentional and/or malicious tampering; maintains endpoint security posture even in dire events.
  • Leverages existing directory information when enforcing policies; reduces admin workload; reduces setup / startup / ramp up time.
  • Optimized database reduces footprint, increases query speeds and improves maintenance for lower administration costs.
  • Supports virtualized server configurations for server-side cost reduction and “green” initiatives.

Documentation:


Download the Lumension Data Protection Datasheet (PDF).

 

Home | Products | View Cart | Shipping | Return Policy | Terms & Conditions | Privacy Policy | Contact Us

PatchManage.com is a division of Virtual Graffiti Inc, an authorized Gold Lumension reseller.
Copyright © 2010 Lumension Security™. All rights reserved.