Transcription
DATASHEETwww.zecurion.com
Zecurion DLP2
DatasheetPURPOSE OF DLPData is the currency of business. The intellectual property,financial data, strategic information, and sensitive personalinformation on customers and employees are the most valuableassets your company has — and that data is at risk. Companiesof all sizes and across all industries lose data every day. It mayresult from intentional theft or accidental exposure, and theperpetrator could be an external attacker or a trusted employee.The purpose of data loss prevention — or DLP — is to providea solution to protect your intellectual property, trade secrets, andother sensitive data. It helps you achieve and maintain compliancewith regulations like HIPAA, PCI DSS, and GDPR, and gives youthe tools you need to prevent internal fraud and conduct internalaudits and forensic investigations.THE ADVANTAGE OFZECURION DLPYour data is crucial, and it demands the very best protection.That’s why you should choose Zecurion DLP. Zecurion has beenranked on the Gartner Enterprise DLP Magic Quadrant since2014. Zecurion was also listed as a top 7 DLC vendor by IDCin 2018 and was featured by Forrester in the 2019 DLP NowTech Report.Zecurion DLP is a cost-effective solution, streamlined andcomprehensive. Zecurion DLP provides fast integration withenterprise infrastructure — 4 times faster than the averageenterprise DLP deployment. Once deployed, it archives allevents, files and documents and provides user behavior analyticsto proactively detect threats. Zecurion DLP also reducesthe workload for the security team and simplifies day-to-daymanagement with interactive reports, graphs, and charts thatprovide an at-a-glance assessment of your data protectionposture.Don’t just take ourword for it, though.Listen to whatZecurion customershave to say:VP, Global Operations &Professional Service, ServicesIndustry:«Overall experience withZecurion was excellent includingattentive pre-sales and postsales support in greater NewYork area.»Head of Department, Energyand Utilities Industry:«We can be sure that ZecurionDLP successfully protects theinformation from leaks.»CSO,Finance Industry:«We use products that areleaders in their segments.Therefore, we chose Zecurion.»Zecurion DLP is a currently in use around the world acrossorganizations with more than 100,000 users. Zecurion customershave won more than 40 lawsuits with the help of evidencegathered for litigation against malicious insiders.3
Zecurion DLPZECURION DLP ARCHITECTUREConsoleSensor: Mail GatewayDLP ServerArchiveInternetDeployment ServerSensor: Network GatewaySensor: Endpoint AgentSensors: intercept data transfer channels,collect intercepted data, enforce DLP policiesDLP server: stores settings and policies,pushes them to sensors, monitors sensorsArchive: stores all intercepted data, enablesincident response and investigation,retrospective analysis i.e. apply the new policyto the historical data (MS SQL or PostgreSQL)Deployment server: deploys sensorsand endpoint agents4Console: flexible web-based managementof policies and reports
DatasheetDEPLOYMENT OPTIONSEvery customer environment is a unique mix of network segments,endpoint types and operating systems, and different platformsand applications. Organizations need to be able to protect dataacross the entire ecosystem with minimal impact to performanceand productivity. At the same time, comprehensive visibilityand effective data loss prevention rely on being able to monitorand analyze every activity. Zecurion provides a diverse rangeof deployment options to ensure your data is monitored andprotected no matter what your network infrastructure looks like.DEPLOYMENT OPTIONCONTROLLED CHANNELSACTIONSPAN port mirroringSMTP, IMAP, POP3, HTTP, FTPDetectICAP serverTMG serverHTTP/HTTPSDetect and blockTraffic Control Agent (endpoint)HTTP/HTTPSDetect and blockSMTP, IMAP, POP3, FTP,messengersDetectHTTP/HTTPSDetect and blockFTPDetectMS Exchange pluginemail (including internal)Detect and blockSMTP proxyEmail (SMTP)Detect and blockSMTP journalTechnical mailbox (POP3, IMAP,Exchange HTTPS)emailDetectDevice Control Agent (endpoint)USBPrintingRemovable drivesDetect and blockCD/DVDRDP disks, tect / RecordDiscovery Agent (endpoint)Local drive scanLocal drive real-timeDetectDiscovery ServerNetwork Shared folderMS SharePointMS ExchangeAny DatabaseDetectZecurion SWG5
Zecurion DLPKEY FEATURESOF ZECURION DLPZecurion DLP delivers everything you need to control data leakchannels, monitor employee handling of data, and prevent databreaches.Comprehensive controlof data leak channels.Control all possible data leakchannels to minimize the riskof a data breach and ensurecompliance with regulatoryrequirements.Single console. ZecurionDLP provides web-basedconsoles for all modules anda customizable dashboardfor centralized remoteadministration that is simpleand streamlined.Flexible policies andrules. Configure on policyfor several — or all — datatransfer channels and use avariety of content detectiontechniques and dataconditions to foresee andprevent any possible databreach scenario.Archive files and messages.All intercepted data — files,messages, incidents, events,and more — are stored ina database so you haveeverything you need togenerate detailed reports,conduct comprehensiveforensic investigation, andgather evidence for legalactions.File content extraction.With automatic file detectionfor over 500 file formatsbased on internal structurerather than the file extension,and an ability to recognizeencrypted files and unpackarchived files — includingnested archives — no data willescape the network withoutanalysis.6Smart catalog ofemployees. Collect andindex all employee emailaddresses, social networkand instant messengeraccounts to ensure allcommunication is attributedto a specific user.
DatasheetAdvanced FeaturesMicrophoneRecordingTurn any PC or laptop into anaudio surveillance system byrecording from the microphoneof any computer at any time.User behavior analysis.Calculate behavior profiles forall users to enable detectionof anomalous activity.Proactive threat detectionalerts the security team andprovides early data breachprevention.User connection map.Zecurion DLP developsclickable diagram ofuser connections andcommunication channels todetect hidden connectionsand allow you to analyzesuspicious communicationsthat might suggest internalfraud or a data breach.Powerful reports. Morethan 20 preset reports andoptions to customize providea powerful tool for securityauditing and investigation.You can easily generate andanalyze reports, and quicklydrill down to a specific incidentin a few clicks.Active Directory integration.Users, Groups, and computerhost names are synced fromActive Directory to providebetter integration with yourIT infrastructure and enableZecurion DLP to identifyusers by name in incidentsand reports to simplifyadministration.REST API. Mostadministration and monitoringtasks are available throughREST API HTTP requests toenable security automationand integration with othertools and platforms in yourIT infrastructure.Screenshotand KeyboardRecordingYou can record all keystrokesof designated users or groupsand save screenshots from anycomputer at defined intervalsso you always know what youremployees are doing and youcan enforce internal securityand data handling policies todetect and prevent potentialdata breaches.ApplicationControlEliminate the risk of employeesusing potentially dangerousapplications (TOR andtorrent clients, anonymizers,games). You can restrict whatapplications are allowed to beused by creating a whitelistor blacklist of applications fordesignated users or groups.Events logging.Automatically log all internalevents and administratoractions for easy maintenanceand quick traceability of anyissues that arise.7
Zecurion DLPCONTENT DETECTIONTECHNIQUESZecurion DLP utilizes a variety of content detection techniquesto provide comprehensive data loss prevention. Regardlessof whether data is intentionally stolen or compromised,or inadvertently shared or exposed, one of these contentdetection techniques will flag it:Keywords anddictionariesThis techniquelooks for exact matches ofdesignated words. An ITadministrator or securityofficer can create adictionary for any subject orcategory, such as healthcaredocuments, financialdocuments, job searches,etc. and populate it withwords that should be flagged.There are 30 predefineddictionaries included in thesystem by default.Templatesand regularexpressionsSome sensitive data followsa predefined structure orformat that can be used toidentify and detect it. Creditcard numbers, Social Securitynumbers, IBAN accounts,URLs, email addresses andother similar data can bedetected using templates andregular expressions.Digital fingerprintsBy collectinga number ofdocuments of a specific typeor category and providingthem as input, Zecurion DLPcreates a digital fingerprintthat can detect exact8documents or their parts.Once the digital fingerprint iscreated, Zecurion DLP canidentify any document fromthe collection, or any part, orcombination of parts from thedocument collection. Newdocuments can be added tothe collection and ZecurionDLP will automatically updatethe digital fingerprints.Machine learningAnother techniquesimilar to digitalfingerprints is the use ofmachine learning. The initialsetup is similar — providinga collection of files forZecurion DLP to analyze.Where digital fingerprintsdetect exact matches ofcontent, though, machinelearning can be used todetect documents that aresimilar to the submittedcollection based on keywordsand/or semantic indicators.Image templatesImage templatesare effectivefor detecting things likesignatures, stamps,letterhead, or documentswith a defined structure likepassports or driver’s licenses.This method is also similar todigital fingerprints, but ratherthan detecting specific text,it detects image patterns.Like digital fingerprints andmachine learning, the initialsetup requires providinga collection of files thatZecurion DLP can analyzeto develop the recognitionnecessary to detect it later.OCR (OpticalCharacterRecognition)This technique is valuablefor identifying sensitive orconfidential data that hasbeen somehow scanned orphotographed in an attemptto bypass other detectionmethods. Zecurion DLPleverages third-party opticalcharacter recognition enginesto extract text from scanneddocuments. Zecurion DLPintegrates with the ABBYYFineReader and GoogleTesseract to be able to extractand identify text from animage.
DatasheetDEVICE CONTROLDevices like external hard drives or USB thumb drives can posea significant risk when it comes to data loss. Technology hasevolved to the point where even microSD cards can store 1TBof data. A disgruntled employee could steal gigabytes or terabytesof data in their pocket. Data on portable devices poses a riskeven with loyal employees, because the devices are easily lostor stolen.In many cases, though, portable storage and other devices canbe a crucial part of working effectively and efficiently. Simplyblocking all USB thumb drives or access to USB ports is too strictor draconian and can negatively impact productivity.Zecurion DLP gives you the following very granular device controlso you can limit access and protect your data without hinderinglegitimate use of devices:Flexible and granular access controls for peripheral devicesYou can enable only company issued or approved devices orenable only the devices that are deemed necessary for businesswith policy controls that can grant or deny access based onthe type, class, vendor, model, or serial number of the device.Policies can be applied to groups or individuals, and separatepolicies can be applied depending on whether the endpointis connected to the network, connected remotely over VPN,or disconnected.Company-wide device catalogDevice descriptions are stored in a company-wide catalog,and policy can be created based off of the descriptions in thecatalog, enabling policy creation even when a device itself is notaccessible.9
Zecurion DLPControlled devices: DevicesUSBNetwork(WiFi, Bluetooth)LPT/COM PortFDDDVD/CDPCMCIAIrDAModemPrinterHDDOther removable drivesTape drivesFireWire Screen Clipboard Keyboard Microphone RDP Disk Smart card PortShadow copiesZecurion Device Control can save a copy of every file thatis written to an external device or printed — enabling you tomonitor activity even when there is no violation of security policy,and giving you the tools you need to conduct comprehensiveretrospective analyses, audits, and forensic investigations.Content-based policies with the use of content analysisalgorithmsYou can allow the general use of printers and portable storagedevices, while blocking the ability to save or print files that containsensitive or confidential data. Policy based on content analysisalgorithms can proactively identify and protect sensitive data.Preventive content analysisZecurion’s patented preventive content analysis ensures thatconfidential and sensitive data is never written to external mediain the first place. Files are analyzed and sensitive files are blockedfrom being written. Competing products write the file first, thenperform an analysis and delete the content if it violates policy.EncryptionThe encryption capabilities of Zecurion Device Control provideflexibility and protection. You can automatically encrypt fileswritten to external media based on the content and securitypolicies. You can configure encryption so that encrypted contentcan only be accessed by authorized users from endpointsconnected to the corporate network.Centralized deployment and managementZecurion Device Control gives you the framework for centralizeddeployment and management of your DLP protection. Endpointagents can be deployed through a dedicated deployment serveror using Active Directory Group Policy. A web console enables anAdmin to connect to any endpoint for diagnostics, and provide theability to manage hundreds of thousands of endpoints remotelythrough a single pane of glass.Device access requestTo minimize the potential impact to productivity, a remoteemployee can request access to use a specific device. An Admincan grant the request on a one-time basis, or create a policy thatpermanently allows the use of the device.Protection from tampering with endpoint agentTo ensure the integrity of your data protection, Zecurion DeviceControl will alert the Admin in the event of any sort of tamperingor attempts to remove or change settings on the endpoint.10
DatasheetTRAFFIC CONTROLThe internet is the backbone of business today — but it alsoexposes data to significant risk. If employees or customerscan connect to company resources and access sensitive orconfidential data, then attackers may also be able to compromise,expose, or steal that data.A malicious attack is only possible threat, though. As userscommunicate with one another via email or messaging platformsthey may inadvertently reveal sensitive data. Some users mayleverage unauthorized cloud storage platforms to store or transferdata — putting it at greater risk of compromise.It’s crucial for organizations to monitor traffic and control the flowof data across internet channels to minimize the risk of intentionalor inadvertent data loss. Zecurion Traffic Control provides a rangeof features and capabilities designed to give you the control andvisibility you need:Total control off internet channelsZecurion DLP gives you full control of outgoing data over internetconnected channels, including email, web-based email, socialnetworks, messaging platforms, and more. You can intercept andanalyze network communications across most protocols.Analysis of encrypted trafficEncrypted traffic may allow sensitive data to escape the networkundetected. Zecurion Traffic Control decrypts SSL connectionsusing a man-in-the-middle (MitM) approach, providing full controlof outgoing data even when using HTTPS.Email quarantineZecurion Traffic Control can be configured to isolate suspiciousemails for manual inspection. Enabling manual inspection of themessages reduces false positives and negatives and allows forbetter accuracy with identifying messages that require furtheraction.Two deployment mode optionsZecurion Traffic Control can function as either an active filter orit can just analyze mirrored traffic. The active filter monitors trafficand blocks dangerous transactions in real time. Organizationscan also take a phased approach — starting out with a mirroredsetup to allow for policies to be tested and tuned for maximumeffectiveness and efficiency, and then transitioning over to activefiltering.11
Zecurion DLPControlled channelsand gersICQMSNMail.ru AgentMS LyncSkypeViberXMPP (Jabber)CloudOneDriveDropBoxGoogle DriveYandex diskMail.ru FilesSocial aceTwitter12Analysis of internal email trafficTraffic Control lets you monitor and track confidential data insideyour network. A Microsoft Exchange plugin gives you advancedcontrol and allows you to analyze internal email traffic.Message modificationYou can protect your data without impeding productivity byselectively removing sensitive or confidential information. TrafficControl provides a more flexible and less intrusive method ofleak prevention by enabling you to modify messages to removeconfidential files while leaving other files intact and still allowingthe message to be delivered.Notification about incidentWhen a security event or incident occurs, Traffic Control cannotify the end user and IT security for a quicker reaction and fasterincident response.Diverse deployment optionsOne of the primary strengths of Zecurion Traffic Control is thediversity of deployment options. There are passive mode optionslike SPAN port mirroring, and active mode options such asendpoint agents, SMTP relay, Microsoft Exchange plugin, andmore. No matter what size your organization is or what your ITinfrastructure looks like, Zecurion Traffic Control offers a fast andsimple deployment capability.
DatasheetDISCOVERYOne of the biggest challenges facing companies when it comes todata security and data loss prevention is knowing where sensitivedata is stored in the first place and enforcing policies to ensuresensitive and confidential data is properly labeled and stored.As companies move to the cloud and embrace hybrid or multicloud environments that span local data centers plus one or moreprivate or public cloud platforms, the opportunity for data sprawlincreases exponentially. The more data is spread to the darkreaches of your network and stored in places it should not be,the more inevitable a data breach becomes.Zecurion DLP Discovery gives you the tools you need to findimproperly stored sensitive files proactively to take action beforeyour data is lost or stolen.Scan of all possible data storage locationsZecurion Discovery offers complete coverage off all possiblefile storage locations throughout your organization, includingan endpoint agent to ensure that all data stored on endpointsis identified.Flexible scan parametersConfigure Discovery scans as often or infrequent as you like andcustomize a schedule that is convenient for your organization.You can configure scans daily, weekly, or monthly and designatespecific organizational units or endpoints to be scanned.Real-time discoveryIn addition to scheduled scans, Zecurion Discovery can alsoanalyze files immediately as they are copied or saved to provideimmediate, real-time detection of policy violations.Supported storage: Local drives Shared folders MS SharePoint MS Exchange Any database using ODBCCreate detection rules as DLP policiesUsing all available content detection techniques and context rules,you can create universal DLP policies to make administrationsimple and straightforward.Microsoft Exchange scan can detect sophisticated threatsZecurion DLP Discovery can help detect scenarios that maycircumvent Traffic Control detection. If a malicious user creates anemail with confidential information and saves it to the Drafts folder,then downloads the message from the Outlook web client anddeletes it, it is never actually “sent”. Discovery can ensure you stillidentify this activity.Alert users and security administratorsZecurion Discovery can send alerts directly to users and ITadministrators when policy violations occur to ensure a fastreaction and quick incident response.13
Zecurion DLPCONFIDENCEAND PEACE OF MINDZecurion DLP provides everything you need from a dataloss prevention solution: an affordable platform that deliversstreamlined deployment, comprehensive breach prevention andcompliance, and detailed archiving and reporting. Zecurion DLPis the most technologically advanced DLP system available, and ithas everything you need to prevent, detect, and investigate databreaches.ABOUT ZECURION Zecurion is a world-class vendor of IT security solutions helpingcompanies to protect against insider threats Founded in 2001 Headquartered in New York and Moscow Recognized by “Big 3”: Gartner, Forrester, IDC More than 150 partners and over 10,000 customers worldwidewww.zecurion.comsales@zecuiron.com 1 866 581 09 9914
Datasheet15
Zecurion DLPwww.zecurion.com16
That's why you should choose Zecurion DLP. Zecurion has been ranked on the Gartner Enterprise DLP Magic Quadrant since 2014. Zecurion was also listed as a top 7 DLC vendor by IDC in 2018 and was featured by Forrester in the 2019 DLP Now Tech Report. Zecurion DLP is a cost-effective solution, streamlined and comprehensive.
