Innovations in cyber security technologies Arturs Filatovs Business Development Manager March 2014 Arrow ECS RoadShow Baltics Symantec Encryption – Building A Digital Fortress
Jan 19, 2015
Innovations in cyber security technologies
Arturs Filatovs Business Development
Manager
March 2014
Arrow ECS RoadShow Baltics
Symantec Encryption –
Building A
Digital Fortress
Arturs Filatovs business card
More then 5 years experience in delivering Innovative
IT Security Solutions to Baltic states
Knowledge of more then 25 different IT Security
Solutions
Specialization - Mobile IT Security
Helpdesk Manager
CISO
Director, Desktop Ops
Director, Network Ops
Lets move our hands – who is here today?
“Data Security Solutions” role in Baltics
Technology vs. Time
Encryption’s role in security
Don't be scared – Encrypt everything
Build Digital fortress with Symantec Tech
Todays To do list
“Data Security Solutions” business card
Specialization – IT Security
IT Security services (consulting,
audit, pen-testing, market analysis,
system testing and integration,
training and technical support)
Solutions and experience portfolio
with more than 20 different
technologies – cyber-security global
market leaders from more than 10
countries
Trusted services provider for
banks, insurance companies,
government and private companies
(critical infrastructure etc.)
Role of DSS in Cyber-security
Development in Baltics
Cyber-Security Awareness Raising
Technology and knowledge transfer
Most Innovative Portfolio
Trusted Advisor to its Customers
Cybersecurity Awareness Raising
Own organized conference “DSS ITSEC”
5th annual event this year
More than 400 visitors and more than 250 online
live streaming watchers from LV, EE, LT
4 parallel sessions with more than 40
international speakers, including Microsoft, Oracle,
Symantec, IBM, Samsung and many more –
everything free of charge
Participation in other events & sponsorship
CERT & ISACA conferences
RIGA COMM exhibition & conferences
Roadshows and events in Latvia / Lithuania /
Estonia (f.i. Vilnius Innovation Forum, Devcon,
ITSEC HeadLight, SFK, business associations)
Participation in cyber security discussions, strategy
preparations, seminaries, publications etc.
Innovations – technology & knowledge transfer
Innovative Technology Transfer Number of unique projects done with
different technology global leadership
vendors
Knowledge transfer (own employees,
customers – both from private & public,
other IT companies)
Areas include:
Endpoint Security
Network Security
Security Management
Application Security
Mobile Security
Data Security
Cyber-security
Security Intelligence
Our portfolio is most innovative in Baltics!
Some just basic ideas
Lets Start
NOW
PAST
Time line
AND NOW SERIOUSLY
Technology is everywhere
PC era Mobile era
PC era to MOBILE era
Mobile IT
We are at point where functionality of desktop collides with mobility of mobile device.
Consolidation of IT in 21st Century
Technology development over time
IT Must Evolve To Meet New Demands
• Transactional Apps
• Structured Data
• Centralized information
• Perimeter-based security
• On-premise infrastructure
• Collaborative Apps and Social Media
• Unstructured data
• Distributed information
• People are the new perimeter
• Virtual Infrastructure and Cloud
Information-
Centric
System-Centric
Endpoints: The Borderless Enterprise
1Based on 130,000,000 records lost (Datalossdb.org) and $202 per record (Ponemon Institute) 2http://www.darkreading.com/security/encryption/showArticle.jhtml?articleID=211201139
3Symantec Global Internet Security Threat Report, Trends for 2008
Field
Data Center Headquarters
Field Offices
Point of Sale
Point of Sale
Corporate data copied onto USB drive
$262 Million: Estimated cost of the Heartland Payment Systems
breach1
1 in 10 people have lost a laptop, smart phone, or USB drive with corporate
information on it3
Trojans, malware, unauthorized software
12,000 Laptops lost in United States airports every week2
Customer email stored on mobile phone
Cloud is taking us much higher…
Choose the right cloud smart way..
Passwords?
When we have to change our password...
Who from you are using encryption?
What will happen if data will be lost/stolen?
Who will be responsible?
When you are sending confidential data via post, how
do you secure it?
Some questions?
Greek generals used Scytel to encrypt and decrypt
messages (Symmetric encryption)
Encryption beginnings – Sparta/ Greeks/ Rome
In what our organizations believe today
SSL/ TLS/ VPN/ HTTPS – this is only
data in motion using x.509
What we use for document security
E-Signatures – Limited functionality for
document encryption data at rest/ data in motion
Not User friendly (smart cards, Card readers,
USB tokens … )
Separate solutions less security
NSA did “great work…”
Hmmm....NSA?
Cyber criminals don't sleep
Encryption threats by Ponemon Institute
Our Users are our weakest link
Mobility - Potential For Data Loss
47% of corporate data resides on mobile devices
43% of employees lost a device with company data
32% of employees didn’t report the loss or theft in a timely fashion
Our users weakest link
*Symantec Global Internet Security Threat Report
1 in 10 people have lost a laptop,
smart phone, or USB drive with corporate information on it*
32% of employees didn’t report the
loss or theft in a timely fashion*
Data protection priorities Ponemon
Concerns from customer side
Hardware-based encryption is
faster and it’s an option on Dell
and other PCs.
Why do I need encryption if I
have DLP or Endpoint
monitoring?
We are going to wait for our
Windows 7 rollout in our
environment and use Bit locker
How to recover encrypted
info?
Master key is security risk for
us.
Encryption is not a rocket science
Encryption is easy
Centralized key administration is solution
Endpoint Data
Protection
• PGP Whole Disk
Encryption
• SEE FDE
• SEE RSE
• PGP Portable
• SEE Device Control
Pro
du
cts
O
bje
cti
ves
Tasks
File and Server
Protection
• PGP NetShare
• PGP Command Line
Protection
• PGP Desktop Email
• PGP Gateway Email
• PGP PDF Messenger
• PGP Support Package
for BlackBerry
• PGP Mobile
Management
• PGP Universal Server
• PGP Key Management
Server
Keep data secure
Meet compliance objectives
Protect the business
Control costs and liabilities
Protect data at rest Protect data in motion Protect data in use
Don't be scared – Encrypt everything
Oh Boy do we
got solution for you!
Build Digital fortress with Symantec
42
Smartphone Solutions • PGP® Mobile
• PGP® Support Package for BlackBerry®
Full Disk Encryption (FDE) • PGP® Whole Disk Encryption
• Symantec Endpoint Encryption (EE) FDE
File/Folder/Shared Server Encryption • PGP® NetShare
End-End Email and IM Encryption • PGP® Desktop Email
Gateway Email Encryption • PGP® Gateway Email
Management
Central Management of
Encryption Applications
PGP® Universal ™ Server
Key Management
PGP® Key Management
Server (KMS)
Device and Media Encryption • PGP Portable
• SEE Removable Storage Edition (RSE)
• SEE Device Control
FTP/Batch and Backups • PGP® Command Line
Full Disk Encryption
Full disk encryption for desktops, laptops, and Windows® servers. Supports Windows®, Mac OS® X, and Linux® platforms • Encrypts desktops, laptops, and USB-attached drives
• Protects against personal computer loss, theft, compromise and improper disposal
• Reduces risk of loss of PII (Personally Identifiable Information) and other sensitive data
• Supports Windows, Mac OS X, and Linux
43
PGP Whole Disk Encryption; SEE Full Disk Encryption
Removable Media Protection
Removable Storage Encryption
• Secure portable data at rest
– Enforce mandatory removable storage encryption policies
– Access and re-encrypt data from any PC or Mac
• Granular file- and folder-based encryption
– Allow encrypted and unencrypted data on user devices
– Enforce policy-controlled exemptions by file type and device
Centralized – Integrated Management Console
Policies Auditing
Removable Media
Encryption
SEE Removable Storage Encryption
PGP® Email Protection
Symantec Encryption - Confidential 45
PGP® Desktop Email Desktop-based Email Encryption • Automatic end-to-end email encryption
PGP® PDF Messenger
PGP Universal™
Gateway Email Gateway-based Email Encryption
• Clientless email encryption
PGP® Support Package
for BlackBerry® Encryption for BlackBerry Email
• Native client access to encrypted email
PGP® Mobile Encryption for Windows Mobile Devices
• Encrypted Email
• Encrypted Files and Folders
PGP® Viewer for iOS Encrypted Email Viewer App for iOS
• Decrypts and views messages
• Verifies digital signatures
File/Folder Encryption
46
User file protection
Shared file protection
Distributed file protection
Protect shared files and folders
Protect transferred files and folders
Protect individual files and folders
PGP NetShare, PGP Command Line
PGP® File and Server Protection
PGP® NetShare Shared File Protection
• Protect data exchanged between users via shared network folders
PGP® Command
Line
Scriptable Encryption • Integrate encryption into data transfer, data
distribution and data backup processes
PGP or Symantec Endpoint Encryption?
Selling Symantec Encryption Products 48
• Symantec’s strategic direction for Endpoint Encryption is to “converge” the solutions into a single offering.
• In the interim, Symantec will provide full support for both Endpoint Encryption technologies.
Products
Customer Need Default Play
Exceptions
Existing SEE/GE
Customer
DAR U.S. Fed
SmartBuy
Active Directory + MSFT Stack
Endpoint Encryption
PGP Whole Disk Encryption SEE Full Disk Encryption
PGP Portable SEE Removable Storage Encryption
SEE Device Control SEE Device Control
Email Encryption
PGP Desktop Email
PGP Gateway Email
PGP Mobile
PGP Support Package for BlackBerry
Server / File Encryption PGP NetShare
PGP Command Line
Management PGP Universal Server and PGP Key Management Server (KMS)
Defense-In-Depth: Encryption + DLP
Network DLP / Gateway Encryption • Automatically encrypt emails containing sensitive data
• Notify employees in real time/context about encryption policies and tools
Storage DLP / File-Based Encryption • Discover where confidential data files are stored and automatically apply
encryption
• Ease the burden to IT staff with near transparence to users
Endpoint DLP / Removable Storage Encryption • Target high risk users by discovering what laptops contain sensitive data
• Protect AND enable the business by targeting encryption efforts to sensitive data moving to USB devices
MTA or Proxy
DLP + PGP Universal Gateway Email
Receive email 1
2 Check email content for encryption policy violations
3 No violation - email sent
4 Violation detected - re-route to encryption server
5 Email encrypted and sent
PGP Universal Server
Key Benefits: • Automate gateway encryption; ease burden on end users
• Enforce and report on encryption policies
Complete Encryption Platform
Technology lifecycle from 3-6 year to 6-12 months
Encryption will help you sleep tight
Don’t be scared to encrypt all type of data
Centralized key management is important
One encryption solution for different type of date
Select DSS as your trusted security advisor – we
work with Symantec (PGP) more than 5 years already!!
Takeaway
Think security first