dlp.comodo.com

www.mydlp.com

mydlp@mydlp.com

twitter.com/mydlp

Comodo MyDLP Technical Presentation

2014

Ant Karaduman

History Started operations in 1998

Started offering SSL Certificates in 2002

Over 3 millions of digital certificates up to date

Leadership

One of the two world's largest and most secure SSL certificate authorities

Leader in security and identity management (87 patents)

Founding member of CA-B Forum, a leader in web browser technologies

Leader in secure online trade with Home SSL standard

Have severals labs and R&D Centers on digital security, cryptography and anti-malware analysis all over the world

Clients

Over 300.000 enteprise customers in 100 countries

Financial, assurance and medical institutions

Hunderds of universities and public sector entities

Thousands of online trading businesses

Over 35 million PCs

More than 7,000 business partners

Facts %60 gross income increase between 2007-2010

More than 1000 worlwide employees.

About US

Clients and Partners

Enterprise Security PartnersOnline Business Security

Perform content inspection of data and execute responses, ranging from simple notification to active blocking based on policy settings

Many holes and exit points are available for data leakage

Data Loss Prevention (DLP)

Risks of Data Loss

Cost of Data Loss

Comodo MyDLP Background

How data is marked and identified

Predefined policies and data typesSocial security numbers, National Identification Numbers etc.

Prescribed in PCI, HIPAA, SOX, GLBA, etc. (Bank account numbers, Credit card numbers)All can be used as it is or customized for client needs.

Information DiscoveryDeals with information, not file or data stream

Using another file type or storing in a compressed archive does not effect information.Context – aware.

Browses through several resources and trains itself.Can train itself using SQL servers and storages.

Matches structured (SSN, CC etc.) and unstructured data (source code, user defined documents etc.) (Fingerprints data by using one-way hash methods)

Three levels of DLP security

Data in Motion

Web Rule: Data transfers over HTTP, HTTPS by Comodo MyDLP ICAP

server and inspected.

Mail Rule: All mails are inspected using Comodo MyDLP as a content filter.

API Rule: You can use Comodo MyDLP API to integrate with your in-house

applications.

Three levels of DLP security

Data at Rest

Endpoint Discovery Rule: Data which resides at workstations, notebooks and host computers etc. are

traced and inspected.

Remote Storage Discovery Rule: Data which resides at file servers, network storages, MS Windows shares, web

servers etc. are traced and inspected.

10

Three levels of DLP security

Data at Endpoints

Removable Storage Rule: Data transferred from endpoints are intercepted and inspected.

Printer Rule: If a user tries to print out a document, printout process is intercepted and document will be

inspected.

Screenshot Rule: Screenshot attempts for sensitive applications will be controlled.

Removable Storage Encryption Rule: Enables you to automatically encrypt devices and use them transparently.

11

Three levels of DLP security

Data at Endpoints

USB Plugin / Plugout Detection : Detect and/or block when users plugin or out USB devices even if it is allowed to work or not.

Removable Storage Inbound Rules: Detect when users copy files FROM an USB flash drive (even if the drive is allowed to be used), create a copy of the file if needed.

CD / DVD Rules : Detect even USB installed CD/DVD drives, make them read only or block them entirely

Floppy Rules : Detect even USB installed floppy drives, make them read only or block them entirely.

Comodo myDLP Licensing

Fully fledged data leakage prevention solution

Requires no extra licenses such as, Oracle Windows Server etc.

Physical and Virtual Options Available

– Windows Clients Supported

– XP, Vista, 7, 8, Server 2003, Server 2008, Server 2012

– Mac and Linux support coming soon. Licensing

– 1 Year, 2 Year, 3 Year Licensing

– All Features Included

– Updates Included

Integration and Network Protection

Should be integrated with mail server to protect SMTP traffic.

Supports all popular mail servers.

Should be integrated with directory server to use directory users & groups in policies .

Does not require any agent installation.

Should intercept Web traffic to protect it.

Can be integrated with your proxy server using ICAP protocol OR built-in Squid 3.x can be used.

MyDLP Endpoint Protection

MyDLP Printer Protection

MyDLP EndpointDiscovery

MyDLP Management Console

MyDLP Network Protection

MyDLP Information Discovery

Comodo MyDLP - Enterprise Edition

Comodo MyDLP - Web Integration Options

On Client

Manual proxy configuration to port 3128 of Comodo MyDLP.

Active Directory proxy enforcement

On Network

Using ICAP protocol if there's a proxy in place or if the firewall supports ICAP.

via the built-in proxy.

*Note that Comodo MyDLP needs to be on the traffic path to be able to intercept HTTP/HTTPS traffic. *Comodo MyDLP SSL certificates needs to be installed in all clients so that the intercepted traffic is trusted by the client

16

Information Discovery

MyDLP can crawl through your data stores, file servers, web servers and MySQL servers to learn your sensitive data from them. Saves your time and keeps itself always up-to-

date.

If a sensitive information appears is in a place where it shouldn’t be, MyDLP finds out, remediates and reports.

17

Endpoint and Printer Protection

MyDLP will protect all kind of removable storage devices connected to your computers through USB (1.0, 1.1, 2.0, 3.0), Firewire (400, 800, 1600, 3200 and S types) and more.

MyDLP can whitelist your removable storage devices so that only the devices you approve can be used in your network.

MyDLP can encrypt all files copied to your removable devices so data on them can be accesible only in your network

MyDLP support all printer models and all connection ports.

Does not require print server or any other agent installation.

If a sensitive information appears is in a place where it shouldn’t be, MyDLP finds out, remediates and reports. on endpoints too…

Management Console

Predefined and customizable ready to use policies

User roles with hierarchical authority scopes

Automatically revisions policies. You can turn back to any state at any time.

Advanced incident log searching including full text searches.

19

in other words….

who moves

which information

in which way

from which source

to which

destination

who can

access

confidential

information

MyDLP

automatically

detects

confidential

information

during

data

transfer

…

…and prevents data leakage.

Community

Thousands of users all around the world.

MyDLP has thousands of Enterprise Edition and Community Edition users all around the

world.

Market presence on almost all sectors with MyDLP Enterprise Edition

including Finance, Defense Industry, Government, Engineering, Military,

Health and Education.

Q: How can I intercept web traffic (gmail etc.) in my network? A: For HTTP/HTTPS (web) traffic, you need to forward the traffic to MyDLP. Thus, you can

either configure a proxy on the client machines or use the ICAP to forward the traffic from another proxy/firewall or use the built-in proxy in MyDLP and forward the traffic from a firewall directly (even by PBR)

Q: How can I intercept SMTP traffic?

A: You should forward the SMTP traffic from your email server to MyDLP. This is done by using "Send Connectors". Look at the installation guide for a detailed instruction.

Q: I'm unsure about how to forward the traffic in my network, can you help me? A: Our system engineers have extensive experience on such deployments. They will support you

through your tests and tailor a deployment scenario for your network based on your topology. Contact your Comodo representative for getting in contact with your system engineer.

FAQ

Q:I've installed the endpoint client by web rules do not work A: Web rules are not enforced via endpoint client, they are enforced by forwarding your traffic to

MyDLP from the network (see the first question) Q: I've a feature request, who sould I contact?

A: Reach your system engineer, he/she will forward the request to the developer teams and keep you informed. Every feature request is evaluated and responded within days, not weeks.

Q: MyDLP is running very slow, what should I do? A: Remember that the instructions on installation guide about the hardware requirements are

minimums. Depending on your specific usage, hardware requirements may vary as well. For example, if you intent to use the "Quarantine,Archive" actions a lot, than you should remember that a shadow copy of files is going to be kept at MyDLP, which will greatly increase the HDD sizes needed. Check the underlying Linux' RAM&CPU usages and upgrade as necessary. If this didn't solve your needs, consult with your system engineer.

FAQ cont...

25

Questions