Taking Control

Controlling networked end points such as such as desktops, laptops, servers, kiosks and POS systems, and the software that is executing on them, is a difficult and often arduous task for any system administrator or ICT department.

In October 2008 the Information Commissioner, Richard Thomas reported to Parliament that a total of 277 data breaches had been reported to him in the twelve months following the HMRC loss of two CDs containing 25 million child benefit records in 2007. These information security incidents were reported from central and local government departments; the NHS; law enforcement; education; charities and the private sector.

New Guidelines

The Local Government Data Handling Guidelines, written by Paul Coen, Chief Executive of the Local Government Association and Steve Thomas, CE of the Welsh Local Government Association were written for local council staff at all levels in response to high profile losses of public data.

The guidelines call for all local councils to work to recover the public’s trust in the government’s ability to safeguard their personal information.

The guidelines call for all local councils to work to recover the public’s trust in the government’s ability to safeguard their personal information. The guidelines reflect the good practice set out in the ISO/ IEC 2700 Information Security Management Systems and set out the fundamental steps that every council should take to mitigate risks to information.

Organisations must be able to demonstrate that their risk management activities reduce the identified vulnerabilities to an acceptable level.

This includes:

Vulnerabilities within or around the system or service;
Threats that are in a position to exploit those vulnerabilities;
And the impact of any resulting compromises.

However, the potential impact of data loss is a very real concern, be it accidental or malicious. And today, removable devices (such as USB flash drives) and media (such as CDs/DVDs) are the most common data leakage routes -- no file copy limits, no encryption, no audit trails and no central management. Lumension Data Protection  enforces organisation-wide usage policies for removable devices, removable media, and data (such as read/ write, encryption). Using a whitelist / “default deny” approach, administrators can centrally manage devices and data and enforce encryption of data.

Importantly, this helps to alleviate the need for an ICT department to "do away" with the existing stock of unencrypted USB keys or mobile hard drives in exchange for hardware encrypted versions. The solution automatically encrypts any data being transferred onto the transfer media, locking it down with 256 bit encryption, making the safe storage and movement of data easier and accessible, as users require.

Solution Overview

The Lumension Endpoint Protection solution stops endpoints from becoming a doorway for security threats to enter and sensitive data to escape. Lumension Application Control™, which is the primary component of Lumension Endpoint Protection solution, allows only authorized applications to run, so your endpoints are fully protected from malware and unknown threats.

Operational desktop management is improved by eliminating unnecessary support calls and performance issues that come with managing unauthorized and illegal software. And, you’ll easily demonstrate compliance by enforcing software license compliance, providing a detailed audit trail of all application and device execution attempts, while safeguarding confidential information from being leaked.

1. Discover: identify all removable devices that are now or have ever been connected to your endpoints through the use of a “learning” mode that allows you to collect information without disrupting business.

2. Assess: define rules at both default and machine-specific levels for groups and individual users with regards to device access by class, model and/or specific ID and uniquely identify and authorize specific media. These permissions can be linked to the user and user group information stored in Microsoft Active Directory or Novell eDirectory.

3. Implement: enforce device and data usage policies by: file copy limitations (amount per day, time of day) and file type filtering. You can also enforce the encryption of data moved onto removable devices / media and apply permissions to specific and/or groups of endpoints, ports, devices and users (both on- and off-line), including scheduled / temporary access.

4. Monitor: continuously monitor the effectiveness of device and data usage policies in real time and identify potential security threats by logging all device connections, recording all policy changes and administrator activities and tracking all file transfers by file name and content type. You can even keep a copy of every file that is transferred to or from a removable device using our patented bi-directional shadowing technology.

5. Report: create both standard and customized reports on all device and data activity showing allowed and blocked events, which can be saved into a repository, shared via email, and/or imported into 3rd party applications. Detailed forensic reports and comprehensive auditing capabilities enable you to demonstrate compliance with internal security policies and external government and industry regulations such as SOX, HIPAA or PCI DSS.

Try it...

We can set up a 30 day trial, with no software charge. This can help you quickly and easily identify potential issues on a zero risk basis. Trials have taken a place amongst some UK trusts and organisations with some eye opening results;

Example case study of 2 week trial for NHS Organisation;

• 18gb of data was transferred from Feb 1st to Feb 14th On / Off CD and Removable Storage Devices (That is over 1gb  per day)
• The largest file written to a CD was 375mb
• 19.avi files were copied
• 58 .bmp files including - shin_splints_piccy.bmp,Barbie-Swan Lake.bmp
• 1889 .Doc files, including- RIP’s July 2007.doc, lovetoshop.doc, Signaturelist.doc
• 5468 Jpeg files , including - Glad and Cyrils Birthday.Jpeg, Many digital camera files (DCIM), TeenGirl2Black.Jpeg
• All data movement un-encrypted

Increased levels of detail are available when using the audit service, such as the frequency of data transfers, and even pinpointing the number of times an Ipod/MP3 player was plugged in...

Instances can be monitored, and ultimately managed centrally, therefore reducing the chance of the end user introducing Malware to his/her or even the network PC, as well as providing an encrypted, managed platform to allow secure acess and transportation of data. Through working with Equanet and Lumension to provide the industry leading solution, we can help you to reduce the number of incursions and off policy activity in your organisation.

This approach significantly reduces the cost and difficulty of achieving CoCo compliance and reduces the risk of policy drift by ensuring that systems maintain a trusted state. Lumension also enables organisations to effectively protect against unknown threats to systems and data through:

Regularly automated scanning and remediation of operating system and applications vulnerabilities and insecure configurations.

Policy-based enforcement that enables only trusted applications to execute and thus preventing malware and zero day attacks.

Policy-based enforcement of removable device usage and data encryption that enables only trusted devices to be accessed by only trusted users, and if necessary allows only trusted file types into the system.

To set up your trial, or to speak to your account manager please call; 0844 871 2709