Anda di halaman 1dari 28

McAfee Data Protection

Total Protection Suite for Data (ToPS Data)


McAfee Data Loss Prevention
You need
To prevent users from accidentally or maliciously
Data Loss Device
Prevention Control
leaking sensitive data
Full visibility and control over usage & movement of
confidential data
To enable your infrastructure and data to protect itself

Endpoint
Encryption
Encrypted McAfee offers
USB
Protection against accidental leakage via everyday
user tasks
Printer Complete spectrum of actionable responses upon
detecting loss of confidential data such as
Detailed logging & forensic evidence gathering
Real-time prevention & blocking
User and administrator notification
Monitor Quarantine of confidential data
Usage
Print USB
Screen Copy

2
McAfee Data Loss Prevention
Classify confidential Build content-based, reaction
data rules

Monitor sensitive data transfer


By location
Prevent confidential data from
leaving the enterprise
By content
Notify administrator and end users

By file-type
Quarantine confidential data

Enforce encryption

3
McAfee Device Control
You need
To monitor and allow only authorized devices to
Data Loss Device connect to endpoint
Prevention Control Restriction and blocking capabilities of the use of
unauthorized devices such as iPods
Enforcement control over what data can be copied onto
authorized devices
Endpoint Encrypted
Encryption USB McAfee offers
Fine-grained control of data and devices
Only allow company-authorized devices
Enforce control over what data can be copied to devices

Policies per user, group or department, i.e. allow CEO
FireWire
to connect any device while other employees can only
connect sub-set of devices
Detailed user and device-level logging for auditing and
compliance needs

4
McAfee Device Control

Based on McAfee Data Loss ePO


Prevention (DLP) technology Management
Console
Complete content-aware, and Device and
Policies
context-aware device-blocking Data Events
capability
Regulate how users copy data to
external devices Serial/Parallel Other

Increase productivity and the ability


to safely use any USB devices as
CD/DVD WI/IRDA
part of daily work activities
Ensure control of all external
FireWire Bluetooth
devices
USB

5
McAfee Endpoint Encryption EEPCv.6.X

You need
Encryption for laptops, desktops, and mobile devices
with the flexibility to choose full-disk or file/folder
Data Loss Device
Prevention Control
encryption
Confidence in integrity of sensitive data when a device
is lost or stolen
Safe Harbor protection (i.e. Loss of encrypted data =
non-event and does not require public disclosure)
Endpoint Encrypted
Encryption USB
McAfee offers
Broad support for laptops, desktops, and mobile
devices
Full audit-trails for compliance & auditing needs
Support for multiple strong authentication methods
Certifications: FIPS 140-2, Common Criteria Level 4
(highest level for software products), BITS, CSIA, etc.

6
McAfee Endpoint Encryption
File and Folder Encryption

Full Windows Explorer integration


1
Automatic encryption and decryption with no
2
performance loss, transparent enforcement
Corporate
of information security policies to end-users Directory
Administrator
No end-user managed data security
3
Protect files and folders on desktops,
laptops, and servers
4
A minimum of user interaction Client Client
Client
Computer Computer
Computer
Effortless strong encryption of sensitive
information
No security at the end-users own discretion 5
File
Server Terminal
Easy sharing of encrypted documents Server
among authorized users

7
File & Folder Encryption Features

Policy controlled, user transparent encryption of:


Local documents and folders
File server documents and folders
Removable media
Encrypted e-mail attachments (user initiated)
Internal (Recipients with client)
External (Recipients without client)
True on-the-fly encryption & decryption when accessing and saving
protected documents
Flexible policy assignments and management
Encryption keys and encryption settings managed from McAfee
Encryption Manager
Amount of end-user options subject to policy control
Policies cannot be circumvented by end-users

8
Key Differentiators - Summary

Persistent Encryption Central Management


Encryption travels with the document No user decisions. Policy enforcement

All action on client side Management Centre


No software or payload on file servers One powerful admin console for all products

Encrypt at all levels Document location and/or type


Individual files or entire folders, or both Encryption based on location and/or file type

Sharing of encrypted documents Client side activity monitor


Transparent sharing between auth. users Allow the user to see how a policy is enforced

Automatic pagefile encryption One client for multiple purposes


No information leakage in virtual memory One-stop-shopping for file encryption

9
McAfee Endpoint Encryption
Mobile Device Encryption

Removable Media

External/Removable Media Encryption


Ensures that data stored on removable cards can only be accessed from
the device from which it came
Removable Media Options
Allow encrypted media only
Allow full access to encrypted media and read-only access to
un-encrypted media
Block all access to all media
Deny access to un-encrypted cards

10
What is McAfee Endpoint Encryption for PC v.6?

Full Disk Encryption (FDE)


.DOC .XLS .APPS

Files/APPS
1 Software to encrypt every
sector of internal hard disks

Lorem ipsum dolor sit amet


Guarantees data is encrypted
while at rest on the disk
Lorem ipsum dolor sit amet

Operating
2 System
This assurance is used to
claim safe harbor from most
data protection regulations
Encryption
3 Driver Average cost of a lost laptop is $49,246. If you can prove it
was encrypted, the cost is reduced by at least $20,000.
#$$%%#%%&&

Average cost of a single lost record is $204.


#$$%%#%%&&

Average total cost of a data breach in 2009 was $6.75 million.


Hard Disk
4 Source: 2009 Ponemon Institute Cost of a Data Breach
Report commissioned by Intel.

11
Proactive Reporting in ePO The Difference

Prior to ePO, SafeBoot reporting was limited to SafeBoot installed machines


no information about the machines which are NOT secured
Reactive Reporting: check protection status of a laptop post theft; if
machine not listed in the report it means not secured

NEW integrated ePO reporting of Endpoint Encryption reports on the entire


ePO managed machine network
Proactive Reporting: embedded Endpoint Encryption reporting through
ePO presents machines which are not protected with Endpoint
Encryption. ePO can then deploy the client to these machines directly.

12
Proactive Reporting in ePO Discovery

Compliance reporting with other vendors is limited to installed


machine or an application running on the machine itself

With the proactive ePO reporting approach McAfee can go one


step further and find non-secured machines, although no agent
is running on the machine

Use the built-in ePO Rogue System detection option to


determine the machines in your organization not running the
McAfee Agent (MA)

13
Default Dashboard for Endpoint Encryption
for PC

This report shows the Installation Status Report


encryption technology Endpoint Encryption
installed with Endpoint Installed: Yes/No?
Encryption

14
New Endpoint Encryption Architecture in ePO

ePO provides central One Client Manager (MA McAfee Agent) handling
policies, key management multiple Endpoint Security products.
and central user
provisioning for Endpoint
Encryption products.
ePO Agent (MA) Framework

Endpoint Encryption

Endpoint Encryption
for Files and Folder
Host Compliance
Anti-Spyware

Remediation
McAfee

Desktop FW
Anti-Virus

Host DLP
Host IPS

for PC
ePO v4.5

NAC
Secure
Communication
Channel
User and
Machine
Import

Active Directory
&
LDAP

15
ePO Integration Goals

Objective reduce overall operational costs associated with an encryption


product and to make an Administrators life easier
Deployment
Reporting
Same tasks and policies regardless of operating
system or software/hardware encryption technology

Improved support for


Clustering
Scalability
Virtualization

16
Endpoint Encryption Policy in Catalog

The new Endpoint Encryption


Common Policy has two
categories (Product Settings,
User Based Policies)

17
Logon Settings per Platform

Endpoint Encryption Logon


Section with settings for the
PreBoot Logon

Windows specific Logon


Section

18
Full Disk Encryption Features for PC v.6

Management Features McAfee


System audit for proof of encryption
Secure key backup
Enterprise scalability
Role based access control
Centrally managed policies
Directory and PKI integration
Web based console
Management dashboards
Reports and custom reports
Administrator audit
Endpoint event audit (failed logon attempts, etc)

19
Full Disk Encryption Features for PC v.6
Agent Features McAfee
Transparent to end user
Cannot be removed or disabled by end user
Encryption keys stored securely
Pre-boot authentication
Active Directory integration & Single Sign On
Fault tolerant, can survive reboots during encryption
Multi-factor authentication
Windows 7 32bit & 64 bit support
v.6.0 - AES 256 bit encryption
Secure hibernation
Secure client to server communication
Agent can sync while off the network
End user access can be revoked on the fly by administrator

20
Why McAfee?
Sustained product leadership

#1 choice for enterprises

Over 8,000,000 nodes


encrypted worldwide
Mature product, original code
launched in 1992
Part of comprehensive data
protection product suite
McAfee Total Protection for
Data suite won over Gartner
with best-in-class execution,
integration and vision as
compared to other vendors in
the data protection industry.
21
Why McAfee?
Total Protection for Data Suite Function
Endpoint Encryption for PC Full Disk Encryption
Endpoint Encryption for Files & Folders Encrypt files and removable media
Endpoint Encryption for Mobile Encrypt smart phones
Device Control Block and manage devices
Host Data Loss Prevention Discover and protect data in use

Encrypt Block Discover and Monitor and Intelligent Audit


laptops unauthorized Classify Data secure all data and Forensics
devices routes

Phased approach to data protection


22
Users in version 6.0

Users are referenced not


created
Referenced from Active
Directory or LDAP
No local users
Quicker provisioning times
possible
Can be used with Auto-
Discovery of users functionality
ePO support
4.5: Active Directory only
4.5 Patch 2: Will include LDAP
support

23
Encryption Settings

Encryption Policy to encrypt:


- None
- All
- Boot Disk only
- All except Boot Disk

TCG Opal Drive


EEPC Software Encryption

Policy to define Encryption


Provider Priority. If you want
to manage various hardware
technologies via ePO you can
configure and order the
preferred provider here.

24
Trusted Computing Group
Opal Self Encrypting Drives

McAfee are an active contributor and voting member of the TCG


Storage Working Group and provide input to the Opal and Marble
specifications

EEPC Version 6.x products will support Self-Encrypting Drives that


adhere to the Opal (and Marble) specifications from TCG

McAfee is currently working in conjunction with various manufacturers


on incorporating their Opal Drives into EEPC V6.x

25
Client Supported Platforms and Languages

Management (ePO)
Japanese, French, Spanish, Chinese
(Traditional and Simplified), Russian,
German, Korean.
32-Bit Only 32 and 64-Bit
Fully localized and supported

Client
Same languages and support as
Management section
Additional client languages fully
localized and available by NOT
32 and 64-Bit 32-Bit Only supported at GA date
Portuguese, Brazilian Portuguese,
Italian, Dutch, Greek, Swedish,
Norwegian, Danish, Finnish, Polish,
Arabic, Estonian and Thai
Supported as of version 6.0.1
32 and 64-Bit

26
McAfee Encrypted USB

Deploy easily on an enterprise-wide


scale
Easily deploy and track devices
through a single console
Streamline workflow to save time and
money
Leverage Active Directory to match
users and devices
Encrypt data on-the-fly
Enable secure data portability

27
28