Symantec数据防泄密技术介绍.pptVIP

* Objective Set up demo scenario with typical Endpoint Data Monitoring and Prevention incident. Scenario Here’s an example of an employee who has a file called “sockets.c” on his desktop that contains confidential source code. Note that the opened file contains confidential source code. Also note that the employee has a USB device attached to their machine – it is the “E” drive. This USB device represents a significant threat because employees can easily drag drop potentially several GBs of data to USB devices, including thumb drives or iPods. The employee attempts to copy the file to the USB device. A Vontu Endpoint Prevent Agent is on this machine. It has been configured to scan all the files on this endpoint being copied to USB devices or CD/DVDs, to compare them against the IP data loss policy previously written in Enforce, but which now reside in the Agent (the agent does local detection for policies that use DCM only). If the Agent sees data that violates the detection rules in a policy it activates the appropriate automated response rules. In this case it is to block the file from being copied off the endpoint. STATISTICS: A survey sponsored by Vontu and conducted by Forrester Consulting finds that 52% of respondents have lost confidential data via USB drives and other mobile devices; 69% will pursue endpoint DLP in 2007. Vontu also did a study in September 2006 with the Ponemon Institute that reported 1:2 USB drives contain confidential information. * Objective Show automatic remediation for Endpoint Prevent Scenario Endpoint Prevent uses deep content inspection to detect that this file is in violation of the pre-written IP policy. Automated response rules are activated, in this case the Agent blocks the file copy and also displays a pop-up notification advising the employee of the incident. Data loss has been prevented. The pop up gives the employee a way to self-educate on the violated policy with the URL in it, and also presents the user with fields