McAfee Host Data Loss Prevention

McAfee Host Data Loss Prevention Overview:

Enterprises face dire consequences due to user behavior at endpoints, which puts confidential data at risk. McAfee Host Data Loss Prevention monitors and prevents risky user behavior that can lead to a sensitive data breach. This protection works across networks, through applications, and via removable storage devices. You’re in control whether users are in the office, at home, or on the move.

Description:

McAfee Host Data Loss Prevention delivers unrivaled protection against theft and accidental disclosure of confidential data. This protection works across networks, through applications, and through removable storage devices.

Data transfer methodology — Host Data Loss Prevention controls how you transfer data over the network, use it in applications, and copy it to removable storage devices.

Data protection regardless of format — Protect data in any format, even if it’s modified, copied, pasted, compressed, or encrypted.

Controlling data sent to removable storage — Prevent data from being written to USB drives, iPods, and other removable storage devices, and stop data loss from endpoints by monitoring and preventing risky user behavior.

Streamlined data encryption — When you combine Host Data Loss Prevention with Endpoint Encryption, the data encryption is content-aware which makes the encryption process more efficient.

Centralized management console — Managing Host Data Loss Prevention allows you to define and manage data protection policies, deploy and update agents, monitor real-time events, and generate reports to meet compliance requirements, all from the centralized McAfee ePolicy Orchestrator (ePO) management console.

Host DLP prevents data loss by providing comprehensive monitoring, auditing, and control over user behavior across all endpoints. Host-based protection secures data regardless of where users or information go, or whether or not client machines are connected to the corporate network.

Integration with McAfee ePolicy Orchestrator® 4.0 enables you to streamline security risk management tasks from a centralized console. Advanced Web-based management and reporting and auditing capabilities let you define and manage policies that control how employees use and transfer sensitive data. You can also monitor real-time events and generate reports to prove internal and regulatory compliance to auditors, senior management, and other stakeholders.

* Threats Within Volume II: Data Loss Disaster. Illuminas and McAfee. February 2, 2007.

Benefits and Features:

Solutions:

As regulations and corporate standards place increasing demands on IT to ensure safe data handling, deploying necessary protective solutions can seem daunting. Some data loss prevention (DLP) products require substantial effort to deploy and typically have large ongoing consulting costs. These products leave it up to IT to know about all the data that needs to be protected. Can IT be expected to know about all the data in the various departments of an organization and how it needs to be handled? Of course not. It’s impossible for IT to identify all of the sensitive data, interpret the regulations, and translate them into effective policies. When faced with this dilemma, many companies simply fall back to “good enough” solutions that don’t provide basic protection and offer little insight into ongoing data-related risks.

At McAfee we have a better way. Built from the ground up, our DLP solution quickly and effectively protects your data wherever it may be. We make it easy to get the solution up and running by delivering it as simple components that can start analyzing your data in minutes, not months. Why waste precious time and money with frustrating solutions? There’s an easier way to resolve your data protection issues— the McAfee® Data Loss Prevention solution.

Key Advantages
McAfee has the most complete data protection portfolio of products available today from a single vendor. Tight integration helps keep costs down and helps deliver unrivaled data security from the USB drive to the firewall.

• Increases protection while reducing complexity and cost
• Eliminates the need for expensive and disruptive consulting
• Deploys in just days with preintegrated, hardened appliances
• Integrates encryption, USB, and device control for comprehensive enforcement
• Manages policies, incidents, and cases with simple, flexible work flows

Build a Foundation for Complete Data Protection
Comprehensive data protection cannot be achieved without DLP. The McAfee Data Loss Prevention solution tightly integrates with other solutions in our data protection portfolio which all work together to provide the ultimate in policy enforcement and solution flexibility. The McAfee Data Loss Prevention solution is the content-aware coordinating force that orchestrates the actions taken to encrypt, redirect, monitor, and block usage of data while notifying and educating users about acceptable data use policies. McAfee offers a seamless solution that tackles the most complex data use scenarios with unrivaled agility.

When Data Is in the Wild, Speed Is Everything
You can’t afford to wait months for your data protection solution to start to do its job. Every minute your data is unprotected is another minute that the reputation of your business and the safety of your customers’ information is at risk. Some solutions require lengthy and complex deployments that demand highly specialized skills to build, tweak, and tune. Heavy deployment costs can double the acquisition price and prolong risk that can wreak untold damage. The McAfee Data Loss Prevention solution breaks this impasse. The solution is up and running as quickly as you can plug it in. Within a week, the system gathers a wealth of information about your data use, allowing you to start building effective policies that immediately deliver value.

How Can You Protect What You Don’t Understand?
Most DLP solutions can’t protect your data if you can’t accurately describe what your data looks like and where it is. Do you know where your data is today? How long would it take you to learn about it? Would you ever be able to keep up with the changes that happen, minute to minute, to the data inside your organization? The truth is, no IT department can take on this task single-handedly. The McAfee Data Loss Prevention solution helps you easily understand the data that flows through your networks, giving you and your business stakeholders a real-world map of all your critical information assets, not just the ones you already know about. This provides you with the insight you need to build policies that protect your data today and into the future.

McAfee Data Loss Prevention Solution Components

McAfee Host Data Loss Prevention
Deployed through the McAfee® ePolicy Orchestrator® (McAfee ePO™) management platform agent, McAfee Host DLP software lets you instantly monitor and prevent confidential data loss at work, at home, and on the road. McAfee Host DLP software protects your organization from the risks of financial loss, brand damage, lost customers, competitive disadvantage, and regulatory noncompliance. With McAfee Host DLP software, you can quickly and easily monitor real-time events, apply centrally managed security policies to control how employees use and transfer sensitive data, and generate detailed forensics reports with minimal impact to your daily business activities. Prevent data loss and leakage when data is modified, copied, pasted, printed, or transmitted while enabling its flexible use.

Complete visibility is at your fingertips with these capabilities:

• Comprehensive incident reporting and monitoring gathers all needed data, such as sender, recipient, time stamp, and network evidence, for proper analysis, investigation and audit, remediation, and risk assessment
• Crawling of sensitive data at rest on local hard drives with granular targeting by user and network group

Comprehensive content management is also provided:

• Control and blockage of confidential data copied to USB devices, flash drives, iPods, and other removable storage devices, including optical media and hard copy
• Integration of DLP and digital rights management (DRM) extends protection beyond your network

McAfee Network DLP Discover
Understanding where sensitive data resides is the first step to securing it. The McAfee Network DLP Discover appliance simplifies the discovery of all kinds of sensitive information. Unlike other solutions that expect you to know exactly what content you want to protect and the locations where it’s likely to be stored, the McAfee Network DLP Discover appliance does the heavy lifting for you by crawling entire networks, including laptops, desktops, servers, document repositories, portals, and file-transfer locations, identifying sensitive data as it finds it.

Key benefits include:

• Comprehensive classification for even the most complex data—The McAfee Network DLP Discover appliance empowers your organization to protect all kinds of sensitive data, from common, fixedformat data to complex, highly variable intellectual property
• Scanning of all your network resources—The McAfee Network DLP Discover appliance automatically scans all accessible resources, including laptops, desktops, servers, document repositories, portals, and file-transfer locations, for policy violations. You can define scan groups based on IP addresses, subnets, ranges, or network groups and paths.

McAfee Network DLP Prevent
The McAfee Network DLP Prevent appliance enforces policies for information leaving the network through email, webmail, instant messaging (IM), wikis, blogs, portals, and Web 2.0 technologies. Ensure the security of the information you know you must protect—Social Security numbers, credit card numbers, and financial data—and the information you want to protect, such as highly valuable intellectual property. The McAfee Network DLP Prevent appliance allows you to take a variety of remediation actions, including encrypting, redirecting, quarantining, and even blocking—so you can ensure compliance with regulations governing the privacy of sensitive information and reduce the data risk to your business.

The McAfee Network DLP Prevent appliance offers standards-based integration with network gateways:

• Enforces policies for information leaving the network through email, webmail, IM, wikis, blogs, portals, HTTP/HTTPS, and FTP transfers
• Integrates with email gateways is done via SMTP while web traffic is inspected using the Internet content adaptation protocol (ICAP)

McAfee Network DLP Monitor
Integrated into the network, the McAfee Network DLP Monitor appliance performs real-time scanning and analysis of network traffic. Through detailed classification, indexing, and storage of all network traffic—not just information that violates its real-time policies—the McAfee Network DLP Monitor appliance allows you to quickly leverage historical information to understand what data is sensitive, how it is being used, who is using it, and where it is going. This gives you the ability to build effective and accurate policies the first time and allows you to anticipate how changes in your environment might impact the security of the sensitive data it contains. Additionally, you can perform rapid investigations based on the historical data to ensure that you leave no stone unturned:

• Scan and analyze information in real time—Integrated into the network using a switched port analyzer (SPAN) or tap port, the McAfee Network DLP Monitor appliance performs real-time scanning and analysis of network traffic at line speeds
• Discover unknown risks—Through detailed classification, indexing, and storage of all network traffic, not just information that matches existing rules, the McAfee Network DLP Monitor appliance allows you to quickly build a deep understanding of where data is, how it is being used, who is using it, and where it is going, helping you anticipate new risks as the environment changes

McAfee Network DLP Manager
The McAfee Network DLP Manager appliance is the central controller for the entire DLP solution and the integration point into enterprise-wide management and monitoring via the McAfee ePO server. The McAfee ePO server gives you a single view into your organization’s entire risk posture, and you can easily drill down to see specific security events and identify causes. It reduces the overall operational expenditure associated with managing and maintaining the solution by allowing you to quickly gain an overview of your data security status, distribute policies, and delegate administrative roles as needed. This makes it possible for multiple cross-functional stakeholders within the organization to collaborate on incident workflow and case management without any need for IT involvement.

Case and incident workflow functionality enables you to:

• Create actionable oversight with a unified incident dashboard
• Escalate incidents to any authorized individual through embedded case management
• Implement flexible incident and case logic—multiple incidents can belong to a case, or a single incident can belong to multiple cases

Preconfigured roles help you:

• Expedite setup for key team members within the organization, including administrators, legal, human resources, compliance, operations, and information security
• Define additional roles with a few mouse clicks
• Integrate with Microsoft Active Directory for centralized authentication services

System Requirements:

These are minimum system requirements only. Actual requirements will vary depending on the nature of your environment.

McAfee ePolicy Orchestrator (ePO) Server

Operating systems:

• Microsoft Windows Server 2003 with Service Pack 1 (SP1), 2003 R2

Desktop and Laptop Endpoints

Operating systems:

• Microsoft Windows 7 (32-bit)
• Microsoft Windows Vista (32-bit)
• Microsoft Windows XP Professional with SP1 or higher
• Microsoft Windows 2000 with SP4 or higher

Hardware requirements:

• CPU: Pentium III 1 GHz or better
• RAM: 1 GB recommended
• Disk space: 200 MB minimum
• Network connection: TCP/IP for remote access

Documentation:

Download the McAfee Host Data Loss Prevention Datasheet (PDF).

Download the McAfee Data Loss Prevention Solution Datasheet (PDF).