Enterprise Data Security Breach Protection
Headlines over the past few years include an alarming number of information-leakage incidents.
- Leaked: Debit card account information and associated PINs of more than 300,000 Citibank debit card users; millions of dollars stolen from accounts.
- Stolen: Source code and design documents from a provider of ID badge systems to the federal government and Fortune 500.
- Compromised: Names and Social Security numbers of 1.3 million students who borrowed funds from Texas Guaranteed.
Incidents of data leakage, or extrusions, from large organizations, including commercial enterprises, are up sharply in recent years. Addressing the threat is a top priority for Chief Information Security Officers (CISOs).
Commercial enterprises around the globe rely on the Fidelis Extrusion Prevention System®, Fidelis XPS™, to mitigate the risks they face in safeguarding their digital assets, complying with privacy regulations, and enabling network visibility and control. The loss of sensitive data goes far beyond the possible compliance consequences—the intensively negative market, brand, legal, operational, and financial impact, will have repercussions for years to come.
Fidelis XPS provides the first direct control to prevent the extrusion, or unauthorized disclosure, of digital assets including identity information. As a network appliance, the system enables organizations to actually mitigate their risks by implementing a policy-based approach to prevent the transfer of digital assets, rather than merely reporting on compliance with internal policies and external regulations.
Fidelis XPS is the only next-generation data leakage prevention solution to address even your toughest challenges, allowing you to:
- SAEFEGUARD Digital Assets
- COMPLY with Privacy Regulations
- ENABLE Network Visibility and Control
Click on the links above to learn more about the various solutions important to your organization.
Contact us today to learn more about Fidelis XPS— the only next-generation data leakage prevention solution tested, installed, and delivering results for commercial enterprises around the globe.
SAFEGUARD Digital Assets
Commercial enterprises today are completely dependent on their digital assets—customer lists, product designs, source code, and other proprietary information are the essence of producing and providing goods and services in today's economy. Effective use of digital assets typically requires sharing them across an extended enterprise in some collaborative process. While today’s networked environment has enhanced productivity and flexibility it has also contributed to a loss of control, putting valuable intellectual property and personally identifiable information (PII) at risk. Unfortunately an extrusion of proprietary information can have an incredibly negative impact. In order to adequately protect identity information, content flowing on all channels must be monitored to prevent an extrusion. Fidelis XPS allows a commercial enterprise to quickly deploy an out-of-the-box solution with pre-built policies that automatically recognize sensitive information without labor-intensive data registration or significant false positives, thus saving IT dollars and offering a lower total cost-of-ownership solution.
COMPLY with Privacy Regulations
Many laws and industry regulations have been passed to protect sensitive information. But sometimes users and technology solutions lose sight of the goal of such regulations—the point is not to issue a report when policies have been breached and an organization is no longer in compliance with internal policies and external regulations, but rather to implement controls that mitigate the risks by preventing the extrusion altogether.
By selectively deploying Fidelis XPS pre-built policies, you can tailor a solution to address the specific privacy-compliance regulations your organization must meet. Pre-built policies for Privacy Compliance include PII, HIPAA, State Privacy Policies, and PCI.
|
Regulation / Governance Policy |
Data Specified for Control |
|
California State Bill 1386 (SB1386) and other state privacy legislation |
Driver’s license, Social Security numbers, PII, financial account information |
|
Health Insurance Portability and Accountability Act (HIPAA) |
PII, electronic protected health information (ePHI), individually identifiable health information |
|
Gramm-Leach-Bliley Act (GLBA) |
Non-public financial information, PII |
|
Payment Card Industry Security Standard (PCI) |
Credit card information, PII |
ENABLE Network Visibility and Control
A new generation of business buzz words has surrounded us—mobilization, googlization, globalization. The consumerization of information technology has spawned a host of productivity and collaborative applications, as well as pervasive communication channels such as Skpe, Linkedin, MySpace, and Facebook. Organizations have literally no way of telling where data is flowing on their networks. Networks are designed to forward packets as fast as possible. Applications are not information-aware and are unable to determine if the data they are using and transmitting is sensitive or not.
Visibility into how data is flowing on the network, putting it into context, and the ability to control this activity is critical to compliance with acceptable use policies and regulatory requirements such as HIPAA, PCI, and GLBA. Concern is not only about data leaving the network through the internet firewall, but also the security of data flowing throughout the network and intranet. Gaining the visibility into data content, the network channels, and most importantly the context in which data is used enables stronger control of how and by whom it is accessed and what are its acceptable uses.
Likewise, having the knowledge of what applications are running on networks—both sanctioned and rogue—is paramount to gaining control over the network. Emerging applications such as Skype and Facebook have obliterated the traditional application port paradigm, deploying technologies that enable a communication session to run over just about each one of the unmonitored 65,535 ports on the network and through the firewall. Because developers of such consumer technologies are motivated to make their applications pervasive, they have been specifically designed to subvert firewall controls with port-hopping and tunneling. Traffic flowing in these “back channels” is unmonitored and cannot be proxied. Visibility into information flow allows control over the internal network and the ability to restrict access based on polices of use and types of channels and resources.
To date, most enterprises have only placed controls on the web and e-mail gateways to prevent extrusions. However, almost half of all network traffic bypasses these two control points, making it easier for insiders to subvert these control points and send out inappropriate materials, typically via back channels like instant messaging, peer-to-peer technologies, and rogue web traffic.
Fidelis Security Systems is the leading provider of next-generation data leakage prevention solutions that stop data leakage, giving you visibility into and control over your network. The Fidelis Extrusion Prevention System®, Fidelis XPSTM, adds an additional layer of defense-in-depth to your security program by providing the ability to detect and control both content and applications in use on the network across all network ports. The ability to manage content and applications at gigabit speeds provides an organization the ability to see and control what is occurring across the network, and ultimately extends the infrastructure protection capabilities to detect and contain risky activities that originate from inside the infrastructure. Through this insight and control into how people communicate—and with what applications—the risks associated with the overall infrastructure can be detected and contained.
MAXIMIZE Security Program Performance
Enterprises must address their risk of data leakage by choosing and deploying security products in programs that maximize both their security and financial performance. Gone are the days when companies can afford to acquire and implement individual point solutions—application by application—first at the poorly defined and dissolving perimeter, and then trying to extend these ill-equipped solutions to the internal networks. Solutions must be repeatable—a platform deployed to prevent the extrusion of data through IM, email, and the web, past the perimeter—and should leverage existing policies and be applicable to all channels. These solutions must extend to new applications and internal network segments and flexibly adapt to custom applications and proprietary protocols. Information security must be incorporated as part of a defense-in-depth strategy extending data security into the core of the network, controlling traffic at gigabit speeds.
A security solution yielding the lowest total cost of ownership and highest return on security investment has to be up and running fast, have low implementation and operating costs, and be able to provide more comprehensive security. To maximize returns, organizations should not have to spend additional time and dollars post-sale to deploy a software solution that requires purchasing hardware, configuring, integrating, testing, deploying, and troubleshooting when network-based data leakage prevention solutions are available as a ready-to-install appliance. With easy appliance deployment, a solution can be online within hours of plugging into the network and show immediate results within days. The faster the time to value, the more widely accepted the solution will be, thus increasing the reach and optimizing the effectiveness of the program and your security investment.
Fidelis Security Systems is the leading provider of next-generation data leakage prevention solutions that stop data leakage while allowing an organization to maximize its security program performance. The Fidelis Extrusion Prevention System®, Fidelis XPSTM, is a network appliance designed to go beyond preventing data leakage to help control the use of subversive technologies and policy violations such as identifying internal machines that are part of botnets, key loggers that are sending outbound strokes or downloading sensitive files to insecure local servers/databases, or accessing files remotely (at home or on the road, over insecure networks). Fidelis XPS prevents traffic without a proxy or MTA and require no additional third party products to enforce policy violations. By being dynamic, Fidelis XPS is able to solve more than just the data leakage problem at the network perimeter for applications such as instant messaging, email, FTP, web traffic, and peer-to peer communications.
MITIGATE Risk While Accelerating Adoption of Collaborative Technologies
In today’s networked environment we are all inter-connected on many levels. We are in the midst of a communication revolution with pervasive technologies such as Facebook, Linkedin, wikis, and blogs popping up on your user’s desktops, in addition to the more mainstream technologies such as instant messaging, peer-to-peer, and webmail. The formation of these new communication “channels” can bypass an organization’s typical controls on web and e-mail gateways. The reality of the traditional network perimeter has all but dissolved. The emergence of dynamic relationships with partners—and the ability to share information securely—is critical to your organization’s success.
As information flow has become the currency of the new economy, it is not only probable, but likely, for an organization to lose control of their information in the realities of the new technologies circling around your networks. The promise of increased efficiency that emerging and collaborative technologies can bring to your business sounds powerful. But the adoption of these new technologies is not without risk—legal and financial liability, negative impact on worker productivity, and consumption of precious network resources.
Fidelis Security Systems is the leading provider of next-generation data leakage prevention solutions that stop data leakage, mitigating the risks organizations face while enabling collaborative and emerging technologies. The Fidelis Extrusion Prevention System®, Fidelis XPSTM, adds an additional layer of defense-in-depth to your security program by providing the ability to detect and control both content and applications in use on the network across all network ports. The ability to manage content and applications—both individually or logically combined—solves more complex problems, provides an organization the ability to see and control what is occurring across the network, and ultimately extends the infrastructure protection capabilities to detect and contain risky activities that originate from inside the infrastructure. Through this insight and control into how people communicate—and with what applications—the risks associated with the overall infrastructure can be detected and contained.
Worried about what is getting out? Schedule your FidelisProtect™ Assessment today.
Learn more about data leakage preventions solutions from Fidelis by downloading our Fidelis Extrusion Prevention Overview brochure
Read our white paper, Managing the Evolving Risk of Data Leakage
“As an integrated service provider in a highly competitive market, we know that attacks on our network operations directly impact our customers and we are happy to have Fidelis XPS protecting our digital assets. We needed a solution that would protect our assets without requiring a complex and costly implementation and changes to our production infrastructure. Fidelis XPS’ unique approach to content and network process to a logical combination of content interception technology enabled us to implement extrusion prevention on all channels without adding headcount. Fidelis XPS is the only product we know of that allows us to map a business process to a logical combination of content and network policies and precisely identify suspected policy violations and internally launched attacks.”
--Moti Landes
IT Infrastructure & Network Manager
Barak