Awareness Technologies
AWARENESS T E C H N O L O G I E S Complete internal threat solution on the endpoint delivered as a service A Whitepaper By Ron Penna
About Awareness Technologies, Inc Awareness Technologies, Inc (ATI) is a Los Angeles, California company founded in 2002 who has over 200,000 total users and 10,000 corporate customers using ATI’s patented Software as a Service (SaaS) all-in-one endpoint security solution to protect organizations from their greatest threat, the insider. Awareness Technologies was honored with the distinction of “Technology Fast 500” by Deloitte in 2008. Leading and marquee organizations in government, financial, health care, education and many Fortune 5000 companies use Awareness Technologies to mitigate the threats posed by insiders.
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service A Whitepaper By Ron Penna The primary focus of security professionals over the last 10 years has been External Security – keeping the unknown bad guy out. However, there is now recognition that Insiders are by far the greatest risk to a company, as they know where critical and confidential data already resides. Insiders can be an employee, contractor, telecommuter, traveler, or anyone that has privileged access to systems. Breaches caused by insiders can include negligence, pretexting, and carelessness, as well as a wide range of malicious behavior. Even most breaches by external individuals were made possible by insiders whether deliberate or not. Insiders are a growing problem and yet the technology solutions available to mitigate the insider threat are far fewer in number, and far less utilized than solutions that claim to prevent compromise by outsiders. The dedicated focus on external threats has created a very large gap in most organizations information security programs that companies are just now realizing they must address. Like the slow boil of a frog in water, as a society we have acclimated ourselves to a very unhealthy balance between external and internal threats. It is important that we understand why so we can reverse this trend.
Information Security Evolution Over the past decade, information security has gone through a series of evolutionary steps. Originally there were single, individual threats from the outside. These were individually mitigated through separate solutions. Viruses were stopped by anti-virus solutions; hackers blocked by firewalls; SPAM filtered by anti-SPAM solutions, and so forth.
Security 2000-2009
Hackers
An ti-M alw are
am Sp tiAn
Spam
Company Network
l wal Fire
Ant i-Vir us
Viruses
Malware
The number of threats and paired solutions grew to the point where technology providers began offering solutions that included several mitigation techniques within a single device. These devices are commonly referred to as unified threat management (UTM) devices. Most organizations today don’t just have a firewall but rather an all-in-one device that that includes firewall, intrusion detection and prevention, gateway anti-virus, web content filtering, SPAM filtering and more. These UTM devices attempt to give you all the protection you need from Internet based threats.
PAGE 1
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service
A Whitepaper By Ron Penna
The threat landscape has changed over the past few years to be more focused on internal threats. This includes attackers directly compromising internal systems as well as increased risks from insiders themselves. Confidential data loss, laptop theft and loss, employee productivity and liability issues, regulatory compliance, incident forensics and data monitoring and recording are all issues the modern day information security professional, compliance officer, and IT administrator must address.
Security 2010 and Beyond DLP
Hackers l wal Fire
Ant i-Vir us
Viruses
Confidential Data
Laptop Theft/Loss
An ti-M alw are
Employee Productivity
Web Filtering
Laptop Recovery
Company Network
am Sp tiAn
Employee Errors & Regulatory Failures
Employee Monitoring
Spam
Malware
Again we see the same pattern but this time it revolves around insider threats. Individual internal threats spawn a myriad of individual point solutions . Software conflicts, management difficulty, and interoperability will naturally lead to the next evolution of insider threat mitigation solutions. What emerges is an all-in-one solution that has a complete set of security solutions to protect organizations from their greatest threat, the insider. In addition to the trend toward a unified threat solution, there are two other key themes that have now become core to IT security. The first is Software as a Service or SaaS. The need for simplicity has emerged as a critical element that allows companies to adopt a multitude of security technologies in a rapid and efficient manner.
Proliferation of single point solutions for external threats
2000
2005
Emergence of SaaS for external threats
Proliferation of single point solutions for external threats
2007
Emergence of UTM to consolidate external threats
2008
Emergence of UTM for Internal Threats
2009
2010
Proliferation of single point solution for internal threats
FUTURE
Emergence of SaaS for Internal Threats
PAGE 2
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service
A Whitepaper By Ron Penna
The second is the shift away from network-based security technologies to the endpoint, as recognition of the clear benefits from controlling the problem at their source – the endpoint.
Summary of 4 core evolutionary themes in IT Security
Old
New
External threats
Internal Threats
Multi-point solutions
Unified Threat Solution
Complex/costly
SaaS (simple/lowcost)
Network-based
Endpoint-based
The Solution in Concept With the above in mind, Awareness Technologies has created Interguard -- a complete, unified solution focused on insider threats through a single vendor that offers easy deployment and centralized management though a SaaS delivery model which sits on the endpoint providing complete visibility and control.
1. Unified Internal Threat Solution There is no shortage of technologies that mitigate specific threats. With the number of new threats compounding each year, more and more technologies are needed. These single point solutions have become a plague for IT administrators due to the overwhelming administrative and management requirements that accompany having so many different technologies, each with their own management and monitoring interface. Information security professionals need to have an all-in-one, multi-threat prevention platform that creates layered security protection for all insider threats including loss of critical data (both intentional and accidental) as well as employee productivity and malfeasance. Accordingly, a complete insider threat solution would include all elements necessary to control all insider actions including: Data Loss Prevention Web Filtering Laptop Recovery Employee Monitoring
2. End-Point Security Solution With the exception of desktop anti-virus, nearly everything organizations use to protect their networks and systems is applied on the network level. Firewalls, intrusion detection systems, proxies, filters, and scores of other technologies have been used at the “edge” of the network to keep the bad guys out. This approach is sensible to keep bad guys out; However, the situation is different with insiders as their damage is done from within the network or the endpoint. Accordingly, it is nothing more than common (or uncommon) sense that insider threat protection occur on the endpoint. In addition, with the advent of the mobile workforce, endpoint security has become that much more necessary as network based solutions do not adequately account for off-network staff. What information security professionals need is a next generation end-point solution that focuses on the insider that works everywhere and sees everything. No excuses or exceptions for telecommuters, travelers, and other remote employees. No security gaps missed by lack of visibility across all end-points, regardless of location.
PAGE 3
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service
A Whitepaper By Ron Penna
3. Software as a Service For years IT administrators and information security personnel have struggled with the difficulty of traditional client/server applications. Each new threat has a corresponding solution that must be tested, deployed and managed. Most require hardware for centralized data collection, reporting, management, configuration and monitoring. Procuring hardware for each new solution is both timely and costly. Setup and configuration of a system are often times so complex, it is nearly impossible to try solutions before you buy them. What information security professionals need is a method to easily and quickly download, try and buy solutions that don’t require any hardware whatsoever. This is what SaaS promises, however few technology providers have been able to step up and address the needs of organizations in this way.
Internet Offsite Employee Data Center
Reporting
Employee on the road
Organization
Data Protection and Employee Productivity Redefined In order to understand the solution, we need to agree on the problem. From a very high level, insiders can do two things to cause damage to a business. The first is leak or lose critical data, while the second is use company resources for unproductive purposes. Most of us believe that DLP and Webfiltering are sufficient to solve these issues. But are they? Let’s start with the first – leak or lose of data. Again, the common view is that DLP is the answer to prevent data leaks. However, let’s examine the realities. In DLP, we set up policies to prevent confidential data from leaving the organization, either through email or removable media. So the first step is to set up policies, and then let the machine do the rest. Standard DLP is ideal for what it does, but let’s examine it in the real world by looking at some what if scenarios:
1. DLP is only as good as the policies you set up. What if you don’t set up all the policies you need? What if there are gaps? How would you even know if sensitive data was leaking out?
2. As most DLP solutions are network based, what if you have remote or travelling staff? What if personal webmail (hotmail) is used to send out data?
3. What about data that is sensitive but required for business, such as a salesperson needing client data including all contact information, expiration date and amount of contracts? Since we can’t prevent them from having this data, how do we control this threat if they leave to go to a competitor?
4. What about data that is saved to a laptop that walks out the door every day or from time-to-time? How does standard DLP address lost or stolen laptops?
PAGE 4
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service
A Whitepaper By Ron Penna
For this reason, we believe that DLP is a necessary but insufficient solution for protecting data. In order to complete the picture, organizations need to be able to both record and store all computer activity as well as have the ability to retrieve/disable the asset or delete the information stored on laptops. By recording all computer activity data, Information security specialists can now review the realities of what data is leaving the organization and thus fine-tune policies. In addition, a complete forensic record exists on demand should an issue arise. With respect to laptops, most data breaches today occur as a result of lost or stolen laptops. These have also represented the most public and damaging cases. Thus, the ability to geolocate and/or disable a laptop or delete sensitive information remotely is a critical element of complete data protection. As such, Awareness Technologies Data Protection suite includes complete data protection through:
1.
DLP Screen all email (both work and personal) including attachments for sensitive data and block if needed. Detect and block non-public personal information (NPPI) from leaving your network or organization. Stop the use of removable media. Block files based on their content from being copied to portable media. Protect and enforce policies governing each employee’s computer use, including those that never connect to a network…including laptops! Easy intuitive policy creation.
2.
Stolen Laptop Protection Remotely retrieve important files invisibly, using any Internet connection. Monitor everything the thief does including all of the files they attempt to access, etc. Prevent the thief from being able to access to any desired programs (Excel, Word, etc.) Remotely delete files or an entire hard drive. Secure and confirm deletion to the highest government standard of unrecoverability. Geo-locate the stolen laptop, in real-time over any Internet connection, often with greater accuracy than GPS.
3.
Employee Monitoring Trigger words allow for proactive alerts without the need to log in to the admin view. Works invisibly and undetectable at each desktop, without impacting central network computer resources. Records all employee communications including email, webmail, and instant messaging. Blocks or limits applications like peer to peer, webmail and instant messaging. Records and analyzes all keystroke activity, regardless of the application used. Formats all data into easy-to-read reports, making it easy to find and evaluate critical security lapses. Screenshots taken whenever an alert word is typed or read on a webpage. Ability to search all stored data based on alert words as well as sender or recipient. Full individualized reporting on an employee’s computer activity. PAGE 5
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service
A Whitepaper By Ron Penna
Now let’s turn to Employee Productivity. Again, it is commonly believed that standard network-based webfiltering fully addresses this issue. But let’s ask a few what ifs:
1. What if the employee is remote or travelling? In today’s business climate, few organizations don’t have a growing remote employee base. Once of the network, there is no way to enforce policy.
2. Are there other unproductive activities beyond simple url blocking, such as IM, personal email, peer-to-peer, games? 3. What can you really tell about an employee’s day from a list of urls visited? Can you really tell what is being googled? For this reason, we believe that standard network-based webfiltering is insufficient. The first problem is addressed by a solution that works both on and off network. Endpoint solutions accomplish are the only way to address this scenario. The second problem is addressed through a solution that goes beyond webfiltering by recording all computer activity and can block any application such as webmail, IM, games and peer-to-peer. In this way, an employer can be assured that company assets can only be used for work purposes as can see a full picture of the employees day in context. That is, how much time is spent on work email, vs personal email vs. websurfing vs IM vs. Excel or Word or Powerpoint.
Day in the life of an employee:
Games
Business Email
Media Player
Microsoft Office
File Sharing
IM/Chat
Personal Email
Web Browsing
As such, Awareness Technologies Employee Productivity suite includes:
1.
Webfiltering Monitors and filters Internet use on and off the network (even on laptops). Blocks or limits applications like peer-to-peer and instant messaging. Screenshots taken whenever an alert word is typed or read on a webpage. All search terms captured. Works whether the system is connected to the network or not.
PAGE 6
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service 2.
A Whitepaper By Ron Penna
Employee Monitoring Works invisibly and undetectable at each desktop, without impacting central network computer resources. Records all employee communications including email, webmail, and instant messaging. Blocks or limits applications like peer to peer, webmail and instant messaging. Records and analyzes all keystroke activity, regardless of the application used. Formats all data into easy-to-read reports, making it easy to find and evaluate critical security lapses. Screenshots taken whenever an alert word is typed or read on a webpage. Ability to search all stored data based on alert words as well as sender or recipient. Full individualized reporting on an employee’s computer activity.
Employers today recognize that employees represent their greatest competitive asset, and thus their greatest potential threat. With a business climate today that demands maximum employee productivity and recognizes that employees have access and knowledge of critical data. a greater portion of the IT security budget will begin to be spent on solutions that mitigate the greatest threat to organizations, the insider. While this fundamental shift will not happen overnight, it will literally redefine information security over the next decade. As such, we urge organizations to consider the entirety of the problem and to not take the same piecemeal approach initially used in addressing external threats.
Organizations should consider lessons learned from the evolution of external security and consider solutions that solve the problem. In summary, these are:
1.
Complete – one solution and one interface for all insider threats.
2.
SaaS – removes obstacle to adoption through simplicity of installation and management.
3.
Endpoint – control the problem at the source for complete visibility and control.
Awareness Technologies The Awareness Technologies solution is the next evolution in insider risk mitigation technology designed for organizations of all sizes. With its easy to deploy, easy trial, and no hardware required, you can immediately enjoy the benefits of this next generation solution within minutes.
PAGE 7
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
About Awareness Technologies, Inc Awareness Technologies, Inc (ATI) is a Los Angeles, California company founded in 2002 who has over 200,000 total users and 10,000 corporate customers using ATI’s patented Software as a Service (SaaS) all-in-one endpoint security solution to protect organizations from their greatest threat, the insider. Awareness Technologies was honored with the distinction of “Technology Fast 500” by Deloitte in 2008. Leading and marquee organizations in government, financial, health care, education and many Fortune 5000 companies use Awareness Technologies to mitigate the threats posed by insiders.
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service A Whitepaper By Ron Penna The primary focus of security professionals over the last 10 years has been External Security – keeping the unknown bad guy out. However, there is now recognition that Insiders are by far the greatest risk to a company, as they know where critical and confidential data already resides. Insiders can be an employee, contractor, telecommuter, traveler, or anyone that has privileged access to systems. Breaches caused by insiders can include negligence, pretexting, and carelessness, as well as a wide range of malicious behavior. Even most breaches by external individuals were made possible by insiders whether deliberate or not. Insiders are a growing problem and yet the technology solutions available to mitigate the insider threat are far fewer in number, and far less utilized than solutions that claim to prevent compromise by outsiders. The dedicated focus on external threats has created a very large gap in most organizations information security programs that companies are just now realizing they must address. Like the slow boil of a frog in water, as a society we have acclimated ourselves to a very unhealthy balance between external and internal threats. It is important that we understand why so we can reverse this trend.
Information Security Evolution Over the past decade, information security has gone through a series of evolutionary steps. Originally there were single, individual threats from the outside. These were individually mitigated through separate solutions. Viruses were stopped by anti-virus solutions; hackers blocked by firewalls; SPAM filtered by anti-SPAM solutions, and so forth.
Security 2000-2009
Hackers
An ti-M alw are
am Sp tiAn
Spam
Company Network
l wal Fire
Ant i-Vir us
Viruses
Malware
The number of threats and paired solutions grew to the point where technology providers began offering solutions that included several mitigation techniques within a single device. These devices are commonly referred to as unified threat management (UTM) devices. Most organizations today don’t just have a firewall but rather an all-in-one device that that includes firewall, intrusion detection and prevention, gateway anti-virus, web content filtering, SPAM filtering and more. These UTM devices attempt to give you all the protection you need from Internet based threats.
PAGE 1
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service
A Whitepaper By Ron Penna
The threat landscape has changed over the past few years to be more focused on internal threats. This includes attackers directly compromising internal systems as well as increased risks from insiders themselves. Confidential data loss, laptop theft and loss, employee productivity and liability issues, regulatory compliance, incident forensics and data monitoring and recording are all issues the modern day information security professional, compliance officer, and IT administrator must address.
Security 2010 and Beyond DLP
Hackers l wal Fire
Ant i-Vir us
Viruses
Confidential Data
Laptop Theft/Loss
An ti-M alw are
Employee Productivity
Web Filtering
Laptop Recovery
Company Network
am Sp tiAn
Employee Errors & Regulatory Failures
Employee Monitoring
Spam
Malware
Again we see the same pattern but this time it revolves around insider threats. Individual internal threats spawn a myriad of individual point solutions . Software conflicts, management difficulty, and interoperability will naturally lead to the next evolution of insider threat mitigation solutions. What emerges is an all-in-one solution that has a complete set of security solutions to protect organizations from their greatest threat, the insider. In addition to the trend toward a unified threat solution, there are two other key themes that have now become core to IT security. The first is Software as a Service or SaaS. The need for simplicity has emerged as a critical element that allows companies to adopt a multitude of security technologies in a rapid and efficient manner.
Proliferation of single point solutions for external threats
2000
2005
Emergence of SaaS for external threats
Proliferation of single point solutions for external threats
2007
Emergence of UTM to consolidate external threats
2008
Emergence of UTM for Internal Threats
2009
2010
Proliferation of single point solution for internal threats
FUTURE
Emergence of SaaS for Internal Threats
PAGE 2
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service
A Whitepaper By Ron Penna
The second is the shift away from network-based security technologies to the endpoint, as recognition of the clear benefits from controlling the problem at their source – the endpoint.
Summary of 4 core evolutionary themes in IT Security
Old
New
External threats
Internal Threats
Multi-point solutions
Unified Threat Solution
Complex/costly
SaaS (simple/lowcost)
Network-based
Endpoint-based
The Solution in Concept With the above in mind, Awareness Technologies has created Interguard -- a complete, unified solution focused on insider threats through a single vendor that offers easy deployment and centralized management though a SaaS delivery model which sits on the endpoint providing complete visibility and control.
1. Unified Internal Threat Solution There is no shortage of technologies that mitigate specific threats. With the number of new threats compounding each year, more and more technologies are needed. These single point solutions have become a plague for IT administrators due to the overwhelming administrative and management requirements that accompany having so many different technologies, each with their own management and monitoring interface. Information security professionals need to have an all-in-one, multi-threat prevention platform that creates layered security protection for all insider threats including loss of critical data (both intentional and accidental) as well as employee productivity and malfeasance. Accordingly, a complete insider threat solution would include all elements necessary to control all insider actions including: Data Loss Prevention Web Filtering Laptop Recovery Employee Monitoring
2. End-Point Security Solution With the exception of desktop anti-virus, nearly everything organizations use to protect their networks and systems is applied on the network level. Firewalls, intrusion detection systems, proxies, filters, and scores of other technologies have been used at the “edge” of the network to keep the bad guys out. This approach is sensible to keep bad guys out; However, the situation is different with insiders as their damage is done from within the network or the endpoint. Accordingly, it is nothing more than common (or uncommon) sense that insider threat protection occur on the endpoint. In addition, with the advent of the mobile workforce, endpoint security has become that much more necessary as network based solutions do not adequately account for off-network staff. What information security professionals need is a next generation end-point solution that focuses on the insider that works everywhere and sees everything. No excuses or exceptions for telecommuters, travelers, and other remote employees. No security gaps missed by lack of visibility across all end-points, regardless of location.
PAGE 3
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service
A Whitepaper By Ron Penna
3. Software as a Service For years IT administrators and information security personnel have struggled with the difficulty of traditional client/server applications. Each new threat has a corresponding solution that must be tested, deployed and managed. Most require hardware for centralized data collection, reporting, management, configuration and monitoring. Procuring hardware for each new solution is both timely and costly. Setup and configuration of a system are often times so complex, it is nearly impossible to try solutions before you buy them. What information security professionals need is a method to easily and quickly download, try and buy solutions that don’t require any hardware whatsoever. This is what SaaS promises, however few technology providers have been able to step up and address the needs of organizations in this way.
Internet Offsite Employee Data Center
Reporting
Employee on the road
Organization
Data Protection and Employee Productivity Redefined In order to understand the solution, we need to agree on the problem. From a very high level, insiders can do two things to cause damage to a business. The first is leak or lose critical data, while the second is use company resources for unproductive purposes. Most of us believe that DLP and Webfiltering are sufficient to solve these issues. But are they? Let’s start with the first – leak or lose of data. Again, the common view is that DLP is the answer to prevent data leaks. However, let’s examine the realities. In DLP, we set up policies to prevent confidential data from leaving the organization, either through email or removable media. So the first step is to set up policies, and then let the machine do the rest. Standard DLP is ideal for what it does, but let’s examine it in the real world by looking at some what if scenarios:
1. DLP is only as good as the policies you set up. What if you don’t set up all the policies you need? What if there are gaps? How would you even know if sensitive data was leaking out?
2. As most DLP solutions are network based, what if you have remote or travelling staff? What if personal webmail (hotmail) is used to send out data?
3. What about data that is sensitive but required for business, such as a salesperson needing client data including all contact information, expiration date and amount of contracts? Since we can’t prevent them from having this data, how do we control this threat if they leave to go to a competitor?
4. What about data that is saved to a laptop that walks out the door every day or from time-to-time? How does standard DLP address lost or stolen laptops?
PAGE 4
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service
A Whitepaper By Ron Penna
For this reason, we believe that DLP is a necessary but insufficient solution for protecting data. In order to complete the picture, organizations need to be able to both record and store all computer activity as well as have the ability to retrieve/disable the asset or delete the information stored on laptops. By recording all computer activity data, Information security specialists can now review the realities of what data is leaving the organization and thus fine-tune policies. In addition, a complete forensic record exists on demand should an issue arise. With respect to laptops, most data breaches today occur as a result of lost or stolen laptops. These have also represented the most public and damaging cases. Thus, the ability to geolocate and/or disable a laptop or delete sensitive information remotely is a critical element of complete data protection. As such, Awareness Technologies Data Protection suite includes complete data protection through:
1.
DLP Screen all email (both work and personal) including attachments for sensitive data and block if needed. Detect and block non-public personal information (NPPI) from leaving your network or organization. Stop the use of removable media. Block files based on their content from being copied to portable media. Protect and enforce policies governing each employee’s computer use, including those that never connect to a network…including laptops! Easy intuitive policy creation.
2.
Stolen Laptop Protection Remotely retrieve important files invisibly, using any Internet connection. Monitor everything the thief does including all of the files they attempt to access, etc. Prevent the thief from being able to access to any desired programs (Excel, Word, etc.) Remotely delete files or an entire hard drive. Secure and confirm deletion to the highest government standard of unrecoverability. Geo-locate the stolen laptop, in real-time over any Internet connection, often with greater accuracy than GPS.
3.
Employee Monitoring Trigger words allow for proactive alerts without the need to log in to the admin view. Works invisibly and undetectable at each desktop, without impacting central network computer resources. Records all employee communications including email, webmail, and instant messaging. Blocks or limits applications like peer to peer, webmail and instant messaging. Records and analyzes all keystroke activity, regardless of the application used. Formats all data into easy-to-read reports, making it easy to find and evaluate critical security lapses. Screenshots taken whenever an alert word is typed or read on a webpage. Ability to search all stored data based on alert words as well as sender or recipient. Full individualized reporting on an employee’s computer activity. PAGE 5
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service
A Whitepaper By Ron Penna
Now let’s turn to Employee Productivity. Again, it is commonly believed that standard network-based webfiltering fully addresses this issue. But let’s ask a few what ifs:
1. What if the employee is remote or travelling? In today’s business climate, few organizations don’t have a growing remote employee base. Once of the network, there is no way to enforce policy.
2. Are there other unproductive activities beyond simple url blocking, such as IM, personal email, peer-to-peer, games? 3. What can you really tell about an employee’s day from a list of urls visited? Can you really tell what is being googled? For this reason, we believe that standard network-based webfiltering is insufficient. The first problem is addressed by a solution that works both on and off network. Endpoint solutions accomplish are the only way to address this scenario. The second problem is addressed through a solution that goes beyond webfiltering by recording all computer activity and can block any application such as webmail, IM, games and peer-to-peer. In this way, an employer can be assured that company assets can only be used for work purposes as can see a full picture of the employees day in context. That is, how much time is spent on work email, vs personal email vs. websurfing vs IM vs. Excel or Word or Powerpoint.
Day in the life of an employee:
Games
Business Email
Media Player
Microsoft Office
File Sharing
IM/Chat
Personal Email
Web Browsing
As such, Awareness Technologies Employee Productivity suite includes:
1.
Webfiltering Monitors and filters Internet use on and off the network (even on laptops). Blocks or limits applications like peer-to-peer and instant messaging. Screenshots taken whenever an alert word is typed or read on a webpage. All search terms captured. Works whether the system is connected to the network or not.
PAGE 6
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
AWARENESS
T E C H N O L O G I E S
Awareness Technologies Complete internal threat solution on the endpoint delivered as a service 2.
A Whitepaper By Ron Penna
Employee Monitoring Works invisibly and undetectable at each desktop, without impacting central network computer resources. Records all employee communications including email, webmail, and instant messaging. Blocks or limits applications like peer to peer, webmail and instant messaging. Records and analyzes all keystroke activity, regardless of the application used. Formats all data into easy-to-read reports, making it easy to find and evaluate critical security lapses. Screenshots taken whenever an alert word is typed or read on a webpage. Ability to search all stored data based on alert words as well as sender or recipient. Full individualized reporting on an employee’s computer activity.
Employers today recognize that employees represent their greatest competitive asset, and thus their greatest potential threat. With a business climate today that demands maximum employee productivity and recognizes that employees have access and knowledge of critical data. a greater portion of the IT security budget will begin to be spent on solutions that mitigate the greatest threat to organizations, the insider. While this fundamental shift will not happen overnight, it will literally redefine information security over the next decade. As such, we urge organizations to consider the entirety of the problem and to not take the same piecemeal approach initially used in addressing external threats.
Organizations should consider lessons learned from the evolution of external security and consider solutions that solve the problem. In summary, these are:
1.
Complete – one solution and one interface for all insider threats.
2.
SaaS – removes obstacle to adoption through simplicity of installation and management.
3.
Endpoint – control the problem at the source for complete visibility and control.
Awareness Technologies The Awareness Technologies solution is the next evolution in insider risk mitigation technology designed for organizations of all sizes. With its easy to deploy, easy trial, and no hardware required, you can immediately enjoy the benefits of this next generation solution within minutes.
PAGE 7
Awareness Technologies, Inc. www.awarenesstechnologies.com
Corporate Headquarters | 4640 Admiralty Way | Suite 1010 | Los Angeles, CA 90292 | TOLL FREE: 1.888.224.1288 | LOCAL: 310.822.4557 ©2010 Awareness Technologies, Inc. The trademarks used herin are the trademarks of Awareness Technologies, Inc.
