2010 Check Point Software Technologies Ltd. | [Restricted] ONLY
for designated groups and individuals Check Point DLP Technical
Presentation
Slide 2
2 22010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Check Point DLP Makes
data loss prevention work Agenda 1 DLP and its Key Challenges 2
Introducing Check Point DLP 3 How Does Check Point DLP Work? 4
Summary
Slide 3
3 32010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Data Loss Prevention
Prevent Loss of Sensitive Data Consequences of Data Loss Bad media
and brand damage Company secrets and intellectual property
Financial data, forward-looking earnings Confidential customer data
Regulatory penalties Liability and lawsuits Why Data Loss
Prevention?
Slide 4
4 42010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Data Breaches
[email protected] Corporate Strategy Green World Strategy Plan
2010 E-mail sent to the wrong recipient, intentionally or by
mistake. Data Breaches Have Happened to All of Us Company document
uploaded to an external website. 80 to 90% of Data Breaches are
Unintentional
Slide 5
5 52010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals DLP Challenges DLP Has
Not Yet Been Solved Technology Challenge Computers can not reliably
understand human content and context IT Staff Challenge Burden of
incident handling Exposure to sensitive data
Slide 6
6 62010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals [email protected]
Corporate Strategy John, Lets review the corporate strategy in our
morning meeting. Green World Strategy Plan 2010 John
[email protected] Confidential data sent to the wrong
recipient! Data Loss Prevention Alert An email that you have just
sent has been quarantined. Reason: attached document contains
confidential internal data The message is being held until further
action. Send, Discard, or Review Issue User prompted to take action
User remediates Check Point Makes DLP Work Introducing Check Point
Data Loss Prevention
Slide 7
7 72010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals John, Lets review the
corporate strategy in our morning meeting. Green World Strategy
Plan 2010 [email protected] Corporate Strategy Data Loss
Prevention Alert An email that you have just sent has been
quarantined. Reason: attached document contains confidential
internal data The message is being held until further action. Send,
Discard, or Review Issue Introducing Check Point Data Loss
Prevention Educate Users on corporate data policies Educate Users
on corporate data policies Enforce Data loss business processes
Enforce Data loss business processes Prevent Move from detection to
prevention Prevent Move from detection to prevention Check Point
Combines Technology and Processes to Make DLP Work NEW!
Slide 8
8 82010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Introducing Check Point
DLP At-A-Glance Features Scaling from hundreds to thousands of
users Supporting HTTP, SMTP and FTP protocols Inline network-based
Software Blade running on any existing Check Point gateway Alert
notification using either a thin agent, an email to the user or web
browser popup Proactively block intentional and unintentional data
loss
Slide 9
9 92010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals MultiSpect Detection
Engine UserCheck Ease of Deployment How Does Check Point DLP
Work?
Slide 10
10 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Data Loss Prevention
Alert An email that you have just sent has been quarantined.
Reason: attached document contains confidential internal data The
message is being held until further action. Send, Discard, or
Review Issue 2. User alert 1. Mail sent or document uploaded by
HTTP or FTP 3. User remediation UserCheck Non-disruptive Real-time
Educational UserCheck Provides User Remediation by Alerting
User
Slide 11
11 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals UserCheck Scenarios
Block Web upload of proprietary information Ask user to confirm and
remediate potential breach Filter communications of confidential
information based on policy exception Scenario 1: Prevent Scenario
3: Alert, Ask and Educate Scenario 3: Alert, Ask and Educate
Scenario 2: Enforce Scenario 2: Enforce
Slide 12
12 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals | UserCheck Scenario1
http://mywebuploads.com [email protected][email protected] Code
subroutine to work on from home Software Developer Developer
uploads source code to file share to work on from home Rights to
files posted to web file shares transfer to host site Check Point
DLP blocks upload and notifies user UserCheck Preemptively Prevents
Data Breaches src.c src2.c src3.c src4.c src5.c src.c c:\src.c
http://mywebuploads.com
Slide 13
13 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals | Corporate VP sends
M&A contract to attorney UserCheck Scenario 2 2.UserCheck
Allows Filtering Based on Corporate Data Policies Corporate
Development VP [email protected] M&A letter of intent for
review ProjectAtlantisLoI.pdf Hi James, We have revised the terms
of the acquisition. Attached is the Letter of Intent for your
review. Thanks, David Alert notifies user of data policy
Slide 14
14 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals | UserCheck Scenario 3
UserCheck Alerts, Asks and Educates Users Chief Financial Officer
[email protected] Preliminary Financial Statement
Preliminary_financials.pdf Greg, Sending you the Q1 preliminary
financials for audit. Thanks, Matt Gerhart Chief Financial Officer
ACME Corp. [email protected] Company CFO sends preliminary
financial statement to external auditor Check Point Data Loss
Prevention Reconsider sending this email (Prelimi Fri 4/2/2010 3:45
PM Rachel Greene PCI Audit Status Fri 4/2/2010 1:23 PM Tom Peters
Sales Planning Meeting Thu 3/2/2010 9:45 AM [email protected]
Reconsider sending this email (Preli Preliminary Financial
Statement The attached message, sent by you, is addressed to an
external email address. The Check Point Data Loss Prevention System
determined that it may contain confidential information. Emails
attachment Preliminary_financials.pdf appears to contain financial
records. The message is being held until further action. Send,
Discard, or Review Issue Preliminary Financial Statement
[email protected] Hi, This information is OK to send to our
outside auditor. Thanks, Matt User provides an explanation of his
request to send User receives an email alert asking owner of
sensitive data to confirm communication
Slide 15
15 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals | UserCheck Scenario 3
UserCheck Alerts, Asks and Educates Users Chief Financial Officer
[email protected] Preliminary Financial Statement
Preliminary_financials.pdf Greg, Sending you the Q1 preliminary
financials for audit. Thanks, Matt Gerhart Chief Financial Officer
ACME Corp. [email protected] Company CFO sends preliminary
financial statement to external auditor Check Point Data Loss
Prevention Reconsider sending this email (Prelimi Fri 4/2/2010 3:45
PM Rachel Greene PCI Audit Status Fri 4/2/2010 1:23 PM Tom Peters
Sales Planning Meeting Thu 3/2/2010 9:45 AM [email protected]
Reconsider sending this email (Preli Preliminary Financial
Statement The attached message, sent by you, is addressed to an
external email address. The Check Point Data Loss Prevention System
determined that it may contain confidential information. Emails
attachment Preliminary_financials.pdf appears to contain financial
records. The message is being held until further action. Send,
Discard, or Review Issue Preliminary Financial Statement
[email protected] Hi, This information is OK to send to our
outside auditor. Thanks, Matt User provides an explanation of his
request to send User receives an email alert asking owner of
sensitive data to confirm communication
Slide 16
16 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals | Employee sends file
attachment to personal email to work from home UserCheckHow it
Works Company confidential spreadsheet containing customer data
Check Point DLP
Slide 17
17 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals | Check Point DLP SMTP
Envelope Sender: [email protected][email protected]
Recipients: [email protected][email protected] Subject: Some homework Body:
Doc to work on Message intercepted by Check Point DLP Message
decomposed into its constituent parts by DLP engine Check Point DLP
UserCheckHow it Works
Slide 18
18 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals | SMTP Envelope Sender:
[email protected][email protected] Recipients:
[email protected][email protected] Subject: Some homework Body: Doc to work
on Apply DLP Policy per message part Check Point DLP UserCheckHow
it Works
Slide 19
19 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals | Sensitive file
detected Check Point DLP UserCheckHow it Works User alerted policy
enforced
Slide 20
20 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals | MultiSpect Detection
Engine UserCheck Ease of Deployment How Does Check Point DLP
Work?
Slide 21
21 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals | Item No. NameSocial
Security Number Job TitleGross Pay 1John
Smith987-65-4320CEO$200,000 2Kevin Brian987-65-4221VP
R&D$150,000 3Margret White 769-65-7522VP Marketing $153,000
4Bob Johns342-62-3323CFO$140,000 5Mike Riddle777-43-4324COO$180,000
Correlates data from multiple sources using open language New
MultiSpect Technology MultiSpect Detection Engine Detects more than
600 file formats 600+ File Formats 250+ Data Types Over 250
pre-defined content data types Detect and recognize proprietary
forms and templates
Slide 22
22 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals MultiSpect:
Self-Learning Technology Self-Learning Technology Improves Accuracy
User alerted User remediated Doc Sent 1. First occurrence System
has learned Doc Sent No further action 2. Additional occurrences No
Burden on User!
Slide 23
23 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Open Scripting Language
Example: Use Open scripting language to create Australian Business
Number data type Upload the script to DLP engine using Data Type
wizard Create completely new data types Enhance existing data types
Unmatched flexibility in customizing DLP Create completely new data
types Enhance existing data types Unmatched flexibility in
customizing DLP MultiSpect
Slide 24
24 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals MultiSpect Detection
Engine UserCheck Ease of Deployment How Does Check Point DLP
Work?
Slide 25
25 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals For Unified Control
Across the Entire Security Infrastructure Centralized Management
Quick scan of Data Loss Prevention incidents Ratio of incidents to
data inspected Enforcing gateways data Quick links to priority data
and actions to perform
Slide 26
26 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Controlling Your DLP
Policy Enable rules and apply policy Install policy DLP policy rule
base Compliance rules for PCI and HIPAA DLP Policy Created and
Enabled
Slide 27
27 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Changing Policy Actions
Action on rule now changed Quickly change action to be taken for a
rule
Slide 28
28 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Exhaustive
Out-of-the-Box Data Types Search results displayed immediately
Easily find the data types you need With Powerful Search
Functionality
Slide 29
29 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Managing Incidents with
SmartEvent for DLP DLP Event Management Incident Details: Look up
the user name and machine info
Slide 30
30 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals DLP Event Management
Timeline Severity Map Powerful Tools to Manage DLP Incidents
Slide 31
31 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Bypass option Bridge
mode (L2) support Bypass option Bridge mode (L2) support Dedicated
Appliance Integrated into Gateway Manageability Lower TCO Lower
carbon footprint Integrated into Gateway Manageability Lower TCO
Lower carbon footprint Software Blade DLP Deployment DLP Solution
Options
Slide 32
32 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals DLP-1 Appliance
Specifications DLP-1 2571DLP-1 9571 Performance Number of Users
1,0005,000 Messages/Hour 70K350K Throughput 700 Mbps2.5 Gbps
Specifications Storage 500 GB2 x 1 TB ( RAID 1 ) NICs 6 Copper
1GbE10 Copper 1GbE Optional Bypass Card 4 ports - 2 segments
(pre-packaged appliance) 4 ports - 2 segments ( orderable as
accessory) Price Price Year 1 Without bypass card - $14,990 With
bypass card- $15,990 Without bypass card - $49,990 With bypass card
- $54,985 Annual price Year 2+$7,000$12,000
Slide 33
33 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Check Point DLP Software
Blade CPSB-DLP-500CPSB-DLP-1500CPSB-DLP-U Recommended Users
(depending on configuration)* Up to 5005001,5001,500+ Messages/Hour
5,00015,00015,00050,000 50,000 250,000 Max Throughput 700 Mbps1.5
Gbps2.5 Gbps Annual Price $3,000$7,000$12,000
Slide 34
34 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Competitive pricing
after 3 years 1000 users Year 1: DLP-1 2571 Year 2,3: 2x DLP blade
Year 1: DLP-1 2571 Year 2,3: 2x DLP blade
Slide 35
35 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Competitive pricing
after 3 years 5000 users Year 1: DLP-1 9571 Year 2,3: 2x DLP blade
Year 1: DLP-1 9571 Year 2,3: 2x DLP blade
Slide 36
36 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals DLP-1 9571
AppliancesAccessories ModelPrice Field Replaceable 4-Port, Copper,
Bypass Card (for DLP-1 9571, PWR-1 907x, IPS-1) $4,995 Check Point
Replacement parts Kit including one Hard-Drive, one Power Supply,
and one Fan (for DLP-1 9571) $3,900 Check Point
Lights-Out-Management card (for DLP-1 9571, PWR-1 907x, IPS-1)
$2,500
Slide 37
37 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Flexible Deployment
Options Internet Mail Server Check Point Security Gateway Check
Point DLP Software Blade Security Management and Logs AD/LDAP
server Integrated Software Blade L2 bridge mode with fail-open
option L3 routing Deployment Modes WWW Behind perimeter gateway L2
Dedicated Deployment Options Behind perimeter gateway Protect
outgoing mail traffic Behind perimeter gateway Protect outgoing
mail traffic Directly protect user subnet
Slide 38
38 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Activating DLP: Quickly
set up DLP DLP Deployment Under Gateway General Properties, check
Data Loss Prevention This starts the DLP Blade Wizard Under Gateway
General Properties, check Data Loss Prevention This starts the DLP
Blade Wizard Specify the FQDN which will be used for the DLP portal
Configure a mail server for notification emails Basic DLP setup
completed DLP Blade Wizard quickly gets DLP up and running
Slide 39
39 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Differentiate Check
Point DLP Network Security Vendors Standalone DLP Vendors
Enterprise DLP Vendors Check Point DLP Network-based DLP Data
Classification Multi-Parameter Data Type Correlation In-line
Prevention User Self-remediation Integrated into Security Gateway
Data-type Customization User Education on Sensitive Data Ease of
Administration Comprehensive Deployment Options
Slide 40
40 2010 Check Point Software Technologies Ltd. | [Restricted]
ONLY for designated groups and individuals Summary Prevent Data
Breaches Move from detection to prevention Enforce Data Policies
Across the entire network Educate and Alert Users Without involving
IT staff Check Point combines technology and processes to make DLP
work
Slide 41
2010 Check Point Software Technologies Ltd. | [Restricted] ONLY
for designated groups and individuals Thank You!