Token Scout Corporate DLP

Token Scout Corporate Data Loss Protection allows SMBs and corporations to effectively control how internal files are used, shared and stored by their employees.

 

 

  • Platform Integrity: the endpoint and the employee are protected against malicious tamper attempts or negligent exposure to security breaches. Threats are prevented and audited.
  • Content Analysis: a software agent decides what files are sensitive by means of automated content inspection. Content policies and access rights are centrally managed by a supervisor.
  • Activity Awareness: operating system kernel modules monitor the activity of the employee inside the endpoint and at the communication edges, triggering content analysis, preventing threats and reporting events.

data loss protection

 

Small and medium enterprises tend to store most confidential information in digital mediums. Source code, drawings, patents, customer listings, marketing studies, finantial statements, employees personal data and credit card numbers are just a few examples of information often stored as files in corporate computers.

The evident need of flexibility, communication and mobility in modern business poses a serious risk of sensitive data leakage whithin corporate environments. The most common leakage threats are the emails, USB memories and stolen laptops. As some reliable sources suggest, one out of ten employees loses his laptop, mobile phone or USB memory with corporate data every year. One out of ten employees extracts sensitive data without permission, or knows someone who does it. 60% of IT decission makers think that internal threats, from negligent or malicious employees, are the most important, while 30% think that external threats, like hackers, might be worse.

The challenge of Data Loss Protection solutions is to find secure, transparent and non-restrictive methods to prevent negligent or malicious activities from insiders, as well as to detect, prevent and report behaviour patterns that might yield a loss of sensitive data.

Most solutions in the market proved to be inefficient while trying to solve the problem. Either they were too complex to be easily accepted within the culture of the enterprises, too simple to prevent malicious activity, or too restrictive to allow smooth and efficient business processes.

 

architecture

 

Token Scout Corporate DLP continously monitors the endpoint's filesystem, network, clipboard and application operations. Whenever a potentially sensitive piece of information is detected, the content is further analysed against a set of rules defined by the Supervisor. Such rules may include:

  • recognition patterns: credit card numbers, bank accounts, names of individuals, social security numbers
  • exact or similar matches: potentially sensitive words, combined presence of words in phrases, paragraphs or a whole document, frequency of appearance
  • permissions: which users or departments are allowed to access a given category of sensitive files, who has permission to unprotect certain sensitive files, what are the physical or logical locations users are allowed to access files from
  • audit options: what content detections are eligible for centralized audit

The Supervisor remotely controls the contents being used at the endpoints by a set of rules that define the security policy of the company. Potential threats are audited, allowing the detection of negligent behaviour towards sensitive data, or malicious attempts against the information assets.

 

superior integrity

 

Data Loss Protection technologies often pay more attention to negligent behaviour of employees rather than to malicious attempts against the endpoint. While this protects a good percentage of data loss cases, it is not enough when an insider is fully determined to extract sensitive data from the company.

Token Scout Corporate DLP prevents malicious behaviour at endpoints by means of superior integrity technology. Every employee is assigned a unique Token Scout TPM, a USB device with CryptoArchitectureTM technology. This highly secure device provides physically unclonable authentication, sealed storage, and supervision of the integrity of all processes involved in the usage of contents at the endpoint.

 

 

sealed storage

 

All sensitive files in the endpoint of the employee are sealed by the USB TPM device, and stored in any storage device detected by the filesystem: hard disks, removable devices, network shares, rewritable optical discs, etc. Sealed files may only be decrypted by the supervisor and those individuals or departments allowed by the security policy rules.

Whenever an employee tries to open a sealed file with an application (i.e. a word processor) the policy settings are checked. If the employee and the application are authorized to access the file, and no integrity threats are detected, the file will be decrypted on-the-fly and on-demand. The application will see the file in memory as if it was never sealed, even though the actual contents on disk will always be encrypted.

In some cases the employee might need to use the USB TPM as a storage device. Token Scout TPMs can be conveniently upgraded on purchase to include flash memory of different capacities, from 512 MB to 32 GB. Contents in flash memory will be encrypted and decrypted on-the-fly, with the encryption key and all security critical algorithms residing on the highly secure CryptoArchitectureTM logic.

 

requirements

 

Token Scout Corporate DLP requires:

  • Windows 2000, XP, Vista or Windows 7.
  • Network TCP connection between the supervisor and the endpoints (only for synchronization of policies and audits). Note: Endpoints will function offline provided the USB TPM is attached.

 

QUICKS SPECS

  • Data Loss Protection with content inspection.
  • Transparent, unattended operation.
  • Integrity Assurance, with TPM and CryptoArchitecture.
  • Central Management.

 

 

alt