INDUSTRY INSIGHT
An efficient new approach to data loss prevention Oded Gonda reveals how new technology can empower users to prevent data loss in a number of organizations.
S
ending an email to the wrong recipient or attaching the wrong fi le are common mistakes that we have all made at some point. For organizations, the prevalence of email for mass communication, combined with high-speed computing and data communication networks, has made the risk of data loss considerably high. In this increasingly digital environment, the question is how can organizations efficiently prevent data loss incidents and secure their informational assets? How can you mitigate the risk of having employees selecting and sending sensitive data to the wrong email recipient? How can you stop people from accidentally uploading confidential information to a public fi le sharing website? Check Point proposes a new approach to help businesses efficiently tackle the challenge and protect their data from intentional or unintentional loss. As many of the traditional data loss prevention (DLP) solutions have shown, technology alone cannot address the issue of data loss. What companies need is an innovative solution that combines the power of technology in order to analyze and correlate content, with users and processes in order to provide contextual background on each sensitive communication. In addition, the solution needs to be simple to deploy, simple to use, and of course, reliable. The new Check Point DLP solution pioneers a new era of data loss prevention. Without disrupting the company’s daily flow of business, the solution moves data loss from detection to prevention, and avoids false-positives by engaging users to remediate. For example, Check Point DLP can block an email containing sensitive fi nancial information to an external recipient. It will alert the user in real time of the potential breach and ask him to either discard the email, confi rm the sending - if it is a valid communication - or further review the email to understand the issue against the corporate data policies in place. Not only does Check Point’s DLP solution efficiently prevent data loss, but also it educates users on corporate policies while enforcing them. In the same scenario, other traditional solutions will typically create an event and block the communication until an IT security administrator reviews and remediates the potential breach. Th is process can take days until it tracks down the context of the communication and involves the user and his manager. In addition, the IT staff member dealing with the incident will be exposed
“The solution moves data loss from detection to prevention, and avoids false-positives by engaging users to remediate”
to sensitive data he or she was not authorized to see in the fi rst place. Check Point DLP relies on sophisticated detection technology that looks at multiple parameters and data types such as credit card numbers and personal identifiers, as well as a collection of words or numbers, which could represent a sales forecast or a payroll list. Each enterprise can easily select and create data types and configure their DLP rules to closely match their corporate data policies that govern what data can be shared with whom. The Check Point DLP solution addresses many of the problems that have dogged DLP in the past. It gives employees a valuable second chance to catch that email before they accidentally send it to the wrong person or attach a confidential fi le, and avoid what could possibly have been a data breach for their company. Check Point DLP comes as a soft ware blade that can be deployed on all Check Point security gateways, and is also offered as a stand-alone appliance, DLP-1. Both solutions are centrally managed through Check Point single security management console to reduce complexity and operational overhead. Thanks to its ease of configuration, as well as the built-in policies and rules it features, the Check Point DLP solution can provide protection within a matter of days.
Oded Gonda is vice president of Network Security Products at Check Point and is responsible for driving the vision, development and delivery of the company network security product lines. Since joining the company in 1999, Mr. Gonda has held several leadership positions in Check Point’s Products Organization. He has played a central role in the initiation, design and development of key architectures and products bringing them successfully to market. For more information, visit www. checkpoint.com
42 www.usfst.com
CHECKPOINT.indd 42
16/07/2010 14:47