comodo my dlp_techpresentation_060615_v3
TRANSCRIPT
dlp.comodo.com
www.mydlp.com
twitter.com/mydlp
Comodo MyDLP Technical Presentation
2014
Ant Karaduman
History Started operations in 1998
Started offering SSL Certificates in 2002
Over 3 millions of digital certificates up to date
Leadership
One of the two world's largest and most secure SSL certificate authorities
Leader in security and identity management (87 patents)
Founding member of CA-B Forum, a leader in web browser technologies
Leader in secure online trade with Home SSL standard
Have severals labs and R&D Centers on digital security, cryptography and anti-malware analysis all over the world
Clients
Over 300.000 enteprise customers in 100 countries
Financial, assurance and medical institutions
Hunderds of universities and public sector entities
Thousands of online trading businesses
Over 35 million PCs
More than 7,000 business partners
Facts %60 gross income increase between 2007-2010
More than 1000 worlwide employees.
About US
Perform content inspection of data and execute responses, ranging from simple notification to active blocking based on policy settings
Many holes and exit points are available for data leakage
Data Loss Prevention (DLP)
Comodo MyDLP Background
How data is marked and identified
Predefined policies and data typesSocial security numbers, National Identification Numbers etc.
Prescribed in PCI, HIPAA, SOX, GLBA, etc. (Bank account numbers, Credit card numbers)All can be used as it is or customized for client needs.
Information DiscoveryDeals with information, not file or data stream
Using another file type or storing in a compressed archive does not effect information.Context – aware.
Browses through several resources and trains itself.Can train itself using SQL servers and storages.
Matches structured (SSN, CC etc.) and unstructured data (source code, user defined documents etc.) (Fingerprints data by using one-way hash methods)
Three levels of DLP security
Data in Motion
Web Rule: Data transfers over HTTP, HTTPS by Comodo MyDLP ICAP
server and inspected.
Mail Rule: All mails are inspected using Comodo MyDLP as a content filter.
API Rule: You can use Comodo MyDLP API to integrate with your in-house
applications.
Three levels of DLP security
Data at Rest
Endpoint Discovery Rule: Data which resides at workstations, notebooks and host computers etc. are
traced and inspected.
Remote Storage Discovery Rule: Data which resides at file servers, network storages, MS Windows shares, web
servers etc. are traced and inspected.
10
Three levels of DLP security
Data at Endpoints
Removable Storage Rule: Data transferred from endpoints are intercepted and inspected.
Printer Rule: If a user tries to print out a document, printout process is intercepted and document will be
inspected.
Screenshot Rule: Screenshot attempts for sensitive applications will be controlled.
Removable Storage Encryption Rule: Enables you to automatically encrypt devices and use them transparently.
11
Three levels of DLP security
Data at Endpoints
USB Plugin / Plugout Detection : Detect and/or block when users plugin or out USB devices even if it is allowed to work or not.
Removable Storage Inbound Rules: Detect when users copy files FROM an USB flash drive (even if the drive is allowed to be used), create a copy of the file if needed.
CD / DVD Rules : Detect even USB installed CD/DVD drives, make them read only or block them entirely
Floppy Rules : Detect even USB installed floppy drives, make them read only or block them entirely.
Comodo myDLP Licensing
Fully fledged data leakage prevention solution
Requires no extra licenses such as, Oracle Windows Server etc.
Physical and Virtual Options Available
– Windows Clients Supported
– XP, Vista, 7, 8, Server 2003, Server 2008, Server 2012
– Mac and Linux support coming soon. Licensing
– 1 Year, 2 Year, 3 Year Licensing
– All Features Included
– Updates Included
Integration and Network Protection
Should be integrated with mail server to protect SMTP traffic.
Supports all popular mail servers.
Should be integrated with directory server to use directory users & groups in policies .
Does not require any agent installation.
Should intercept Web traffic to protect it.
Can be integrated with your proxy server using ICAP protocol OR built-in Squid 3.x can be used.
MyDLP Endpoint Protection
MyDLP Printer Protection
MyDLP EndpointDiscovery
MyDLP Management Console
MyDLP Network Protection
MyDLP Information Discovery
Comodo MyDLP - Enterprise Edition
Comodo MyDLP - Web Integration Options
On Client
Manual proxy configuration to port 3128 of Comodo MyDLP.
Active Directory proxy enforcement
On Network
Using ICAP protocol if there's a proxy in place or if the firewall supports ICAP.
via the built-in proxy.
*Note that Comodo MyDLP needs to be on the traffic path to be able to intercept HTTP/HTTPS traffic. *Comodo MyDLP SSL certificates needs to be installed in all clients so that the intercepted traffic is trusted by the client
16
Information Discovery
MyDLP can crawl through your data stores, file servers, web servers and MySQL servers to learn your sensitive data from them. Saves your time and keeps itself always up-to-
date.
If a sensitive information appears is in a place where it shouldn’t be, MyDLP finds out, remediates and reports.
17
Endpoint and Printer Protection
MyDLP will protect all kind of removable storage devices connected to your computers through USB (1.0, 1.1, 2.0, 3.0), Firewire (400, 800, 1600, 3200 and S types) and more.
MyDLP can whitelist your removable storage devices so that only the devices you approve can be used in your network.
MyDLP can encrypt all files copied to your removable devices so data on them can be accesible only in your network
MyDLP support all printer models and all connection ports.
Does not require print server or any other agent installation.
If a sensitive information appears is in a place where it shouldn’t be, MyDLP finds out, remediates and reports. on endpoints too…
Management Console
Predefined and customizable ready to use policies
User roles with hierarchical authority scopes
Automatically revisions policies. You can turn back to any state at any time.
Advanced incident log searching including full text searches.
who moves
which information
in which way
from which source
to which
destination
who can
access
confidential
information
MyDLP
automatically
detects
confidential
information
during
data
transfer
…
…and prevents data leakage.
Community
Thousands of users all around the world.
MyDLP has thousands of Enterprise Edition and Community Edition users all around the
world.
Market presence on almost all sectors with MyDLP Enterprise Edition
including Finance, Defense Industry, Government, Engineering, Military,
Health and Education.
Q: How can I intercept web traffic (gmail etc.) in my network? A: For HTTP/HTTPS (web) traffic, you need to forward the traffic to MyDLP. Thus, you can
either configure a proxy on the client machines or use the ICAP to forward the traffic from another proxy/firewall or use the built-in proxy in MyDLP and forward the traffic from a firewall directly (even by PBR)
Q: How can I intercept SMTP traffic?
A: You should forward the SMTP traffic from your email server to MyDLP. This is done by using "Send Connectors". Look at the installation guide for a detailed instruction.
Q: I'm unsure about how to forward the traffic in my network, can you help me? A: Our system engineers have extensive experience on such deployments. They will support you
through your tests and tailor a deployment scenario for your network based on your topology. Contact your Comodo representative for getting in contact with your system engineer.
FAQ
Q:I've installed the endpoint client by web rules do not work A: Web rules are not enforced via endpoint client, they are enforced by forwarding your traffic to
MyDLP from the network (see the first question) Q: I've a feature request, who sould I contact?
A: Reach your system engineer, he/she will forward the request to the developer teams and keep you informed. Every feature request is evaluated and responded within days, not weeks.
Q: MyDLP is running very slow, what should I do? A: Remember that the instructions on installation guide about the hardware requirements are
minimums. Depending on your specific usage, hardware requirements may vary as well. For example, if you intent to use the "Quarantine,Archive" actions a lot, than you should remember that a shadow copy of files is going to be kept at MyDLP, which will greatly increase the HDD sizes needed. Check the underlying Linux' RAM&CPU usages and upgrade as necessary. If this didn't solve your needs, consult with your system engineer.
FAQ cont...