Date post: | 20-May-2015 |
Category: |
Technology |
Upload: | safenet |
View: | 707 times |
Download: | 4 times |
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
SafeNetThe Foundation of Information Security
Life After Compliance: Get More Out of Your PCI Investment
1
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Agenda
• SafeNet • Market Background • Current Approaches and Challenges• Addressing Challenges and Best Practices• Data Protection• SafeNet Approach
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
SAFENET
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
• Founded: 1983• Ownership: Private• Global Footprint with more than
25,000 customers in 100 countries• Employees: 1,600 in 25 countries• Recognized Security technology
leadership, over 600 encryption engineers strong
• Accredited with products certified to the highest security standards
The largest company exclusively focused on the protection of high-value information assets.
SafeNet Fact Sheet
4
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Proven Leader. Trusted to Protect.
5
SafeNet protects:• the most money that
moves in the world. 80% of all electronic banking transfers -- $1 trillion a day
• the most digital identities in the world. Most PKI identities for governments and F-100 companies
• the most high-value software in the world. 80 million hardware keys; more than any other vendor
• the most classified information in the world. The largest deployment of government communications security
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
MARKET BACKGROUND
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Market Trends, Threat Drivers
7
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Online Fraud is on the Rise
Source: Anti-Phishing Working Group, March 2009
The number of crimeware‐spreading sites infecting PCs with
password‐stealing crimeware reached an all time high of 31,173 in
December, an 827 percent increase from January of 2008.
The number of crimeware‐spreading sites infecting PCs with
password‐stealing crimeware reached an all time high of 31,173 in
December, an 827 percent increase from January of 2008.
Phishing: $3.2 Billion lost in 2007 in the US alone
Phishing: $3.2 Billion lost in 2007 in the US alone
Gartner Dec. 2007
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
What Are The Threats?
Source: Ponemon Institute, 2009
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
A Look Back: PCI DSS Effectiveness
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
What Is It Costing?
Source: Ponemon Institute, 2009
47%
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
CURRENT APPROACH AND CHALLENGES
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Is PCI DSS The Floor or Ceiling?
• “PCI DSS is the ceiling”
• Implementation obstacles “excuses?”
• It is overly complex
• Out of touch with current threats
• Longer time to implement
• More costly to meet compliance
• “PCI DSS is only the floor”
• Leveraged the investment
• 10% greater protection
• 50% cost advantage
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
What Is It Costing?
Allocation of PCI Investment Best-in-Class All Others
Cost to achieve initial compliance $520K $958K
Time to report 11 mo 11 mo
Annual cost to sustain compliance $135K $300K
Average time since first reporting 2.0 yrs 2.3 yrs
Average total spend on PCI compliance $784K $1,642K
Build & Maintain a Secure Network $197K $375K
Protect Cardholder Data $186K $399K
Maintain a Vulnerability Mgmt Program $88K $188K
Implement Strong Access Control $93K $211K
Regularly Monitor and Test $124K $317K
Maintain an IS Policy $97K $152K
Source: Aberdeen Group, 2009
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Where Is The Industry Today?
Objective Requirement Current Capability
Known Incidents
Avg. PCI Spend
Build & Maintain Secure Network
1. Firewall Configurations 85% 16% $250K
2. No Default Passwords 16%
Protect Cardholder Data
3. Protect Stored Cardholder Data 71% 23% $242K
4. Encrypt Transmission Across Networks 12%
Maintain Vulnerability Mgmt Program
5. Use &Update Antivirus Software 61% 19% $114K
6. Develop & Maintain Secure Applications
28%
Strong Access Control
7. Restrict Access Business Need-to-Know
65% 24% $124K
8. Assign a Unique ID 18%
9. Restrict Physical Access 15%
Regularly Monitor & Test
10. Track and Monitor Network Access 78% 23% $169K
11. Regularly Test Security Systems 22%
Maintain IS Policy
12. Maintain Policies for IS 83% 23% $118KSource: Aberdeen Group, 2009
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
ADDRESSING CHALLENGES AND BEST PRACTICES
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Compliance Questions You Should Be Asking
• Do I need to keep card data?• How do I de-scope?• Are there technologies that can help me de-scope?• Does outsourcing work for me?• What happens if my business processes change?• How do I keep abreast of new legislation?• How do I make sure that people accessing protected data
are who they say they are?
Can my firewall help me? My IPS? My Disk Encryption? What approach should I take? Should I just encrypt all of my databases?
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Lesson #1: It’s Protection, not a Check Box
PCI-DSS has evolved, as well as interpretation and enforcement
Learn from other’s mistakes It’s more than just passing an audit
PCI is about protecting your business and your customers
It’s more than just PCIPlan for protecting PII, IP and other sensitive
data.
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Lesson #2: Involve stakeholders
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Lesson #3: Data Discovery and Classification
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Lesson #4: Establish Threat Model
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Lesson #5: Document and Define security policies and Procedures
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Lesson #6: Determine Where to Protect Data
“Many organizations understand the benefits of encryption … but are dumbfounded by the question of just
where to encrypt the data?.”
Jon Oltsik, Senior Analyst, Enterprise Strategy Group
Deployment Effort
Security
Application/Web/Token
Database
Storage/Tape
File
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
DATA PROTECTION
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
As Threats ChangeData Protection Strategies Must Change as
WellData Protection 2.0
• Perimeter focused security
• All-or-nothing encryption
• Keep bad guys out, authorized users get full access
• Multiple products to meet business and security needs
• High level or very specific policy only,
•No proper central policy management
• Data-centric protection—intelligence to protect the data itself throughout its lifecycle
• Granular, selective protection over subset of unstructured or structured data (files, fields, and
columns)
• Granular data protection for authorized users, assure compartmentalization
• Centrally managed solution that addresses business, compliance, data governance & security
• Centralized policy and key management providing data use tracking and control
Data Protection 1.0
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Qualifying Questions for Encryption
• What is the threat model you are protecting against?• Physical media theft (tapes, drives)• Logical threats (application, database, systems being compromised)
• What is the data you want to encrypt?• What threat model are you protecting against?• Where are you going to perform encryption?• Are you indexing on the data you want to encrypt?• Are you using the data as a primary or foreign key?• What is the access mode for the data?• How many applications access the data?• What types of queries do you perform on the data?• Are you using stored procedures and building logic into the
database?• Are you importing/exporting data from columns/fields you are
encrypting?• Are you running batched processes that operate on
encrypted data?
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Approaches to Data Protection
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
SAFENET APPROACH
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
SafeNet Data Protection Portfolio
29
Identity Protection - Identity Protection - AuthenticationAuthentication
Offering the broadest range of authenticators, from smart cards and tokens to mobile phone auth—all managed from a single platform
The industry’s only unified authentication platform offering customers the freedom to adapt to changing environments
The market leader in certificate-based token authentication
Unique technology offerings with client-less tokens, high-assurance solutions, and more
Communication Communication Protection - High-Protection - High-
Speed Network Speed Network EncryptionEncryption
SafeNet high-speed network encryptors combine the highest performance with the easiest integration and management.
Solutions for Ethernet, SONET up to 10Gb
Best-in-class Security Management Center
Zero bandwidth loss, low- latency encryption
Unparalleled leverage across classified and COTS communication protection (FIPS 140-2 Level 3)
The fastest, most secure, and easiest to integrate application & transaction security solution for enterprise and government
Market leader in enterprise-grade HSMs
Industry innovator in payment HSMs
Widest portfolio of platforms and solutions
SafeNet delivered its 75,000th HSM—Sets industry milestone
Transaction and Transaction and Identity Protection - Identity Protection -
HSMHSM
World’s first and only unified platform that delivers intelligent data protection and control for ALL information assets
Data-centric, persistent protection across data centers, endpoints, and into the cloud
Centralized policy, key management, logging, and auditing
Integrated perimeter data leakage prevention
Appliance-based, proven scalability, and high performance
Data Encryption and Data Encryption and Control - DataSecureControl - DataSecure
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
30
SafeNet data encryption and control solutions protect information throughout its lifecycle – wherever it resides – from the data center to the broadest array of endpoint devices and into the cloud.
DataSecure is a unified platform for data encryption, key management, and granular access controls. eSafe Smart Suite offers data loss prevention capabilities.
.
DataSecureDataSecure
EdgeSecureEdgeSecure
ProtectDBProtectDB
ProtectAppProtectApp
ProtectZProtectZ
ProtectFileProtectFile
eSafe Smart Suite
eSafe Smart Suite
ProtectDriveProtectDrive
Identity Protection - Identity Protection - AuthenticationAuthentication
Communication Communication Protection - High-Protection - High-
Speed Network Speed Network EncryptionEncryption
Transaction and Transaction and Identity Protection - Identity Protection -
HSMHSM Data Encryption and Data Encryption and Control - DataSecureControl - DataSecure
Token ManagerToken Manager
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
Unrivaled Customer Success from Some of the World’s Most Respected and Admired
Companies
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
SafeNet DataSecureData Protection, Key, and Policy Management
Mainframes
Web/App
Servers
Endpoint
Devices
Network Shares
File Servers
Structured Data
Unstructured Data
All information provided in this document is proprietary, confidential information of SafeNet, Inc. and its affiliates, and is for informational purposes only. This information is not disclosed to you for any other purpose, and will be used for no other purpose. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law, and SafeNet, Inc. undertakes no obligation to update this information.
QUESTIONS?