DeviceLock By BorderLAN

DeviceLock by BorderLAN provides network administrators the ability to set and enforce contextual policies for how, when, where to, and by whom data can or can't be moved to or from company laptops or desktop PCs via devices like phones, digital cameras, USB sticks, CD/DVD-R, tablets, printers or MP3 players. http://borderlan.com/data-loss-preven...

---

Closed Caption:

my name's Adrian speaker for device lock
device lock is an independent software
vendor
we do endpoint device control and data
leak prevention
basically what we do is help
organizations lockdown
PCM structure so that employs just can't
arbitrator lease and stuff
to other employees are happy outside
up network or just drop things on the
USB drives and
portable storage
all really a leader in the device port
control we have a lot of customers into
paying customers
on a lot and points and we deploy all
the way up to
very large deployments 71,000 in one
particular financial services firm
and to retail and to the many tens of
thousands
and help carers a is huge a small parts
as was down to you know little offices
with stop 100 computers
as well so we really go the full him
if you look at the root causes
data breach everybody's worried about
hacker
for the malicious criminal attack will
in reality
up most if your data breaches are not
gonna happen from
I A malicious outsider attack it's gonna
happen through either negligence
or a system glitch people again spent a
lotta time securing their outer
perimeter
and its like an ache you know it's hard
on the outside
really soft and squishy on the inside
very important that you look at not only
your perimeter
but from the inside out and being able
to manage the negligence issue
and employees always going to be
negligent you can do a lot of training
to reduce the amount of negligence
negligence is gonna happen so how do I
mitigate that negligence
so some more statistics which are pretty
interesting
seventy-three percent up IT staff use
USB drives
with out authorization so these are the
people that you're supposed to trust
and 73 percent of them use it without
authorization
what do you think about your employees
and here again
seventy-two percent up those people up
the IT staff have
lost rise without notifying anyone and
this is the
this is what's your experience for
people that's losing that information
what are your employees doing
and ass if the last up Ottoman Porte
it on average cost breach is 200
250 dollars record at the 250 Rangers
healthcare and finance
in at the 200 range I believe it's on
retailing
manufacturing but this is it seems
almost astronomical especially when you
start to think
Wow how many records I put on
a little USB flash drive god forbid
somebody throws in a one terabyte USB
Drive and dumps
everything onto it it could be into the
millions
in even an organization into the
billions of dollars
and by the way there are organizations
that are being sued me
ap billion dollar breached and kisses
absolutely very interesting I had a hard
time believing it but it was definitely
an InformationWeek
in the past two years and this is year
old but it still pertinent to this day
seventy percent of businesses trace the
lawsuit sensible information USB flash 6
now that doesn't mean that seventy
percent above the
breaches happen because some person you
know dump data and took off
its I'll a lot of that also happens to
be
some be stuck in the USB Drive at a
virus on it that when penetrated the
network
and then transmit that information
outside network so
that is a huge huge problem at the very
least
I think any organization really has to
look at their USB Drive policy
removable drive policy and even their CD
rom at the very least
to really get a handle on locking down a
lot of potential risks
losing information what looks more like
a threat
the person on the Rights the bigger
threat you know just one of your
employees doesn't think about it
post company information on to Facebook
by the way
which there's recorded a fat somebody
taking a picture the company party
posting on Facebook and have the merger
plans background so something if
innocent something is posting something
on the base
book can have dire consequences for
company what this device lock do exactly
well world I employing solution
that on really focuses on the PC itself
and what we do is give you the ability
to control
great granularity the physical devices
you're plugging into those those PCs out
giving the ability the little limit the
amount that the USB sticks can be used
smartphones iPad
digital cameras how much CD-rom's can be
used by
whom when and what can be transferred
giving you a lot of granularity with a
lot of eats
furthermore we can even work with
network ORN trapped social networks even
our company email personal web mail
cloud file sharing I mean it's really
kinda scary
that somebody can just take stop don't
right onto their Dropbox account and
they've got everything
in the clout in again maybe some
firewalls will handle that stop
what about when that week goes off
network a particular home decor
go to a Starbucks lot owner Billy stark
opening up there
so how do you manage those network for
threats what we do is we kinda take care
about all in one shot
were so poor only solution so the nice
thing is we deployed just like and I
parts
if you deploy antivirus you pretty much
know everything you need to know about
deploying our stuff
no additional hardware is needed so
that's one of the big
advantages between us and a lot of the
other guys
a lot of the other guys out there that
you'll see well I'm not install servers
an app install all kinds databases we
architect my network to get stopped work
technically just the player stuff like
anti-virus
and pretty much just run
all through Active Directory group
policy to literally
if you know how to play antivirus and
you know Active Directory group policy
your product very simple so
rather than taking weeks and months and
doing this really complicated roll out a
DLP Wow mean I can just play it like
anti-virus
going to my Active Directory work
repulsive snappin
and directly track director star
configuring policies on who can use USB
keys who can use
CD-rom wifi you name so bad i think is a
huge
advantage with us that you'll be able to
control all that
very quickly in easy easily at a low
cost point
not only from the heart dollar
perspective update to the purchase
but now you don't need a three-month
project will allow TLP can be done
very quickly measly you can move on to
the next and you know FC magazine even
agreed with us on quite a few of these
things as well giving us very high marks
in ratings
for capabilities
so really there are three components to
how we can help you so it's not
I take all ur take nothing with us you
can actually deploy in phases
or deploy all at once so we have three
components we have a core product which
is basically a device lock
or we call it and what this allows you
to do is basically just a ploy the
agents out there and now it can go out
chance for controlling all school bites
so with our device like or product
to right away you can take your pick USP
threat that seventy percent of data
breaches happen through
out right then and there take your your
USB cd-rom
wifi ports floppy something pretty much
you can see right there in the Consul
all the different things that we can
work with as you can see if you see this
consul you probably recognize it it's
basically Group Policy
that's the beautiful part about the vice
lock we could
thrill you with a lot of great beautiful
you use with big charts and all that fun
stuff
but what good is it if
I have to spend three days in a training
class understand
you guys are you understand you guys
have plenty in
a time to go work on other things you
don't want to be spending it learning a
whole new interface
something that's relatively simple to
deploy the next one is network lock
to plug into our device like corporate
now extensive from the physical devices
to connect to the machine
out to the network so now I can control
FTP access
and instant messaging access be
ability for somebody to transfer stuck
to the webmail account which is kinda
crazy
a copy we actual act a
called or I just need to transfer this
summer school for a few my gmail account
officer to me I will tell
well now you can control that whether
they're on network
of work what can the transfer from nap
that we have his contact block
content lock is great because now it's
good just having simply on of or
specifically file type protection
now i can say very specifically what
kind of content
are people allowed to transfer for
instance in health care
I could say I don't want anybody the
chance for client ID numbers
but in my county department they need
the ability to transfer client ID
numbers so my county department I'm
gonna let them transfer anything
with any file with the client ID number
on it
but if they do I wanna keep a copy
up that data on my network so I can go
back
forensically NC who had acts what and
where
very very powerful tool again like it in
hip fun
PCI in socks we have a whole sets
rules that you can implement very
quickly that says
a anything with the disease like in
hip-hop for instance anything with the
disease name data set to a USB Drive
stop stopping keep a copy to
because I want to know who was the
offender who attempted to transfer that
data
I wanna see what that data was so I can
use that as a training tool go back to
that doctor
nurse or health care professional say
hey I saw yesterday tried transfer
a transcript and shouldn't do that and
this is the reason why
so it's a great training tool as well
great for auditing
entire network what I'd like to do with
this point is actually turn this
over to David he said who is are
resident guru and engineer and Account
Manager
and he's going to take over I could show
you some examples
up really cool examples what you can do
with the vice-like very quickly
very today I'm gonna make You presenter
and thanks Adrian well as a ratio we we
operate the product primarily trigger
policy if you're an Active Directory
environment
and sewed screenshot your sister example
of our
R Kelly again inside a occur Policy
Editor
so your windows administrators who have
been trained on this for many many years
hope very cough what had a navigator
product how to set their product
and and had a player proctor policy
installation up the
endpoints MSI suffer installation
her policy object and then for Policy
Object various
levels for sacked and so very
straightforward
what I'll be doing today is china doll
China consuls well
our enterprise our Enterprise Manager
console which to work in any environment
whether it's
nobel El tap for workgroup or even any
Active Directory environment as well
or go ahead and show that in addition
while in the extra time
artie said a policy and but work we're
starting up very
restrictive here and of course your
normally wear that when you plug into
USB Drive
much have full access to it what I want
head lock that down so that
I'm not able to plug in USB Drive not
going to demonstrate what we do
when that happens so an option did very
specific
notify the user base that a lot used
iced
so the first error you see is one from
explore asleep to allow the device to
mount
and given a drive letter but will check
your particular
lot on authority and say okay you have
access to USB removable
an are policies is no it up
someone else on your lot on your machine
might have that ability or someone using
it
share Terminal Services session
succession or other winter session might
have access
so we do allow that to a point and then
we checked her
your particular axis paster membership
user account time of day day of the week
other
a contextual parameters that you can put
in place tossed
so we show that here we also show or
custom message
so it actually tells with the devices
sorry
their permission to use this particular
device please contact your system
administrator
well sixties assist Adrian said a
trading opportunity we have a
an app within the control panels wants
to request a exception
device for use on a temporary basis then
we have
away a doing that whether online or
offline
share information about that device
after a great
secure process with the device lock
administrator and they can choose
whether or not to give
section access to the normal policy
whether again here on the network or
even of network a laptop out
out the wild so you have a very secure
processor providing exceptional access
I've also shut down on for our network
lock protocol sobils
shut down our ability to use capital
messengers
shot that works it will launch the
application but will not allowed
sign it again these are contextual
security items here
will get into the content at the moment
see that to try to launch in its
going to try sinuses sorry donna
precious tax yes mister
maybe your organization has standardize
on a difference to messenger
or you don't like any estimates just
happening outside
outsider far or whatever the case might
be thus allows you to control us again
for an end point where
again if that sheen you sir network
printer we no longer have to step it
controls
locally than this stay with the laptop
sleeves
and light still in force that policy so
quickly showed how that blocks
salter consulate class like Enterprise
Manager against work in any type
a Windows environment I'll go ahead and
go into
might give myself a few more settings or
something shows contact patrols
that's the beauty of adding content
level controls to contextual controls
you don't have to necessarily be as
lockdown as
might for you have the building than to
say well
I trust you to use these devices I don't
trust certain content
and I kiss you the flexibility of
putting the state rules
place still having the productivity %uh
up using its
biased test phones and other devices in
a in a corporate
or and see that I have believes also
from me
removable media stamp when I have the
ability to affect
permissions on chair partitions and
curved partitions slums
wanna technologies integrate with from
encryption detection capability
so you can vacate your access again for
chair partitions
anything other whether I cricketer with
different technology
and then when we recognize that
encryption verified that is to create a
partition
then you can open up those rights for
those folks we also have again
day of the week and our the day control
streak first
I think that's really powerful because
om a lot of times you have a desktop
now there and you know cleaning crews
come in at 11 at night
and a half full access to computers or
you can simply turn those USB ports of
at those times a day and this is again
the content lot portion of the product
so what I've done as I have two
different types rules in place I have a
based thou shalt not run any execute
ables from removable media sup tonight
read and write accessed inexcusable an
this is not just with the files named we
actually looking at the binary the file
so something that was originally malware
da txt is renamed happy days to text
walk past sturdy lookin see excusable
type inexcusable will be able to detect
that
blocked access accordingly we also have
II
data numerically conditions social
security number check
so in this case show that real briefly
so this is the very elaborate regular
expression to provide for you as a
template
and a lot done to modify this was Isobel
islet
I don't want only flag every time issues
screen number only block every time
she's
because maybe there's legitimate reasons
for people to have street numbers in
particular transactions
their nature are group for may be there
dealing with your
medical insurance whatever they really
have to transfer these documents things
like that so
obvious you can make that based upon a
group membership and have a different
role for that group
in this case maybe only care about a
certain number social security numbers
maybe someone's refinancing our mortgage
from the office
lunchtime minutes and that back to the
lender do you really want to block that
transaction many shadow
that and have it there prosperity check
to make sure people aren't
real preached that that doctor might
have you or your spouse the social
security number and
so can't Romana block that and kinda be
the reason why tope was accepted
in the industry very well for five years
ago to truck on Interstate remission
earlier
of this example s okay well maybe i care
about. instances where its greater than
or equal to 3
hustle screen apps why with 33 its
market resize first
so that's what I've done here in this
particular rule plus you can validate
against these expressions
it's not just a it's a very intelligent
expressions
its can recognize this looks like a
format street number but
doesn't validate this one south side the
range about
certainly 21 within the balanced
in there verify what type of data same
will capture
so I put these rules in place for me and
push that tap on this particular
interface push the template out
whereas if you're in Group Policy want
to change that it dynamically miss out
all the important
so I'm gonna go ahead and put my device
back in okay see that is now standing at
device cuz I file type role in place
I didn't get the block message targets
mother pop-up messages coming
so here's the device so then you see the
pop-up messages found several different
files it appear to be based on the
binary check
executed balls giving you fair warning
it look you're not supposed to have read
or write access to these
giving you fair warning what happens if
I can or that warning
go ahead and try to watch something like
that sorry
you're not allowed to do anything like
that at all and I'll give you a separate
message saying look you don't even have
axis treats stop track but I can
certainly go into
you know up logfile Matt certainly
I have rights at other types of files
here as long as stun excusable or
something social security number
so fun to create a new document here I
do have rights to do that like discredit
X doctor first
what if we want to copy some data that
might have some information
we care about well here's a very easy
example here said mortgage application I
mention so here's a couple different
social security numbers but they're
still
okay so far wanna move that from my hard
drive
over to your mobile media okay
no problem that's underneath the
threshold what I when I cared about
seeing from a content standpoint so
great but about this
well this might be an identity theft
situation or something compromising
people's identity or or medical records
or some other ish with an
mister Cup so I have more than three so
far not an HR
maybe I do care about by sending out
anything like this try to pass that on
sorry
did not appreciate even read the steps
file because it has
a content rule that was in breach and it
takes that away
and house to read and write seige to
differ messages you cannot read you
cannot write these
and that files no longer bill security
camera brief example of how we can
manage on a contextual level and a
content level and a good show you
briefly how we've
tracking that as well as a dream mention
a lot of this has to do with
auditing and shouting what's going on
see see all the different items you've
been dealing with your set SSN to file
that was
success there's other files shared
working with created things like that so
I have
fully qualified machine name date/time
stamp
where came from the
the driver everything that came from
national device all the details on that
particular device
attract different devices in your
organization fully qualified username
and then with no shadowing where we
actually ok
have a capture up the actual files
themselves see that I have failed the
vet here
sent three I had a success event SSN to
its all good information
but one of you that information in
several formats second to
so exodus more attack
so forensic analyst look at this is not
modify the content of the file
or the attributes the file again cue
track
contact rules locate a successful this
one failed like a look in there and say
well
that was over our over threshold for
how much so she can be captures actual
file captured during that process
and with that I'll go ahead and turn it
back over to cater
thank you day table want covertly some
the unique things are kinda makers
different maybe audience would like to
know you know there's a lot of different
vendors out there what makes us
widely covered very well
and the early part the presentation were
but were the only product we know about
the worst directly through Group Policy
with the names
snap its national scheme extension
there's no ATM radium extemp let's
rethink lucia like that it's truly an
immense
snap answer natively working with are
are setting stricter policy
and that allows to scale to any size
environment that
actor-director can scale and I think
they've proven they can get into several
hundreds of thousands
%uh endpoints finished posts
we have past as well of be
we've been at this a long time with
endpoint security solutions for over 16
years
where very intimate with Alec patrol
different items data lost data leakage
printing is the angel wanna well you
know if i cant
Nick electron a copy that I can make a
are copping go ahead and print that out
what we control a lot of different
aspects
pretty and at 7.2 watch bill to content
filter against
approach up works out up some other
items
I see on your list your the SIR us 7.2
items
coming up early this fall %uh skype is a
very difficult just a messenger to
control
it St decide to come to find its way
around
network parameters and and controls
people ask
make sure that works well with make sure
that we can
up control that as he would like to
I'm exchange happy people do have
gateway controls
typically for their email but what
happens if you want actually controlled
at the end point
so people are sending out even internal
emails have information at the which
what have s internal preach up you know
what's last
replied all the next elia include
someone's
payroll information in terms everybody
knows aspects
back system information so you can
control this type thanks employed
exchange capsules %uh mission earlier
the
a cloud file sharing issues the drop
boxes and I folders and
the various Amazon s3 and those type
sites
abstract those away as their own
controls you can both whitelist or
expropriate
and also block that type of activity
again yes your firewalls to typically do
that as people move from
maybe a ten to fifteen to twenty percent
mobile environment
approaching 80 to 100 percent those
that that were permitted no longer means
anything seen it happen is kinda
controls on the endpoint
are moving down we also are are
expanding our ability to work with
virtual
environments speci with terminal
services client
are search type environment will support
certainly the VMware and hyper-v
environments
up a lot of yep step trance happy for
are are computing now and they're using
a lot of his virtual systems
have to be able to protect those as well
and one other big
evolution so far our company and our
solution is that
whitman's 100 for many many years well
we're gonna had a a macintosh version
ability manage mcintosh's
is very important as people move towards
mobile environment and
I was still too much refunded their
should that
but thats that's very important to our
tort yeah I'm actually very excited
about Tom
Mac fans myself and I there really
aren't any good solutions out there all
the major vendors really
don't have a max solution we're
currently
and Mac beta I and we should be having
release probably next to the
re months roughly on the Mac product
but basically as explained earlier we
have three different components
our product just device like or network
lock
and the contact block this really most
closely mimics art
vice lock are or product on the Mac
product
so basically allows you to block all
physical ports whether it's Firewire USB
cd-rom
even wonderful will be able to control
all that give you the auditing and the
shadowing
about on max so very powerful
and especially I'm out its ok on Bali I
can't tell you how many people
maps walk around here so I
you know having that were pure looking
very forward to that if you want to be
part of a beta
please let me know happy to get you on
the beta program the beta
actually works pretty darn good so you
get a good feel for
how it works
I want to thank you for attending this
want in our listen to the device locked
story
also want to give a special thanks to
our sponsors
Borderlands security and
lose contact them if you have further
questions you would like to schedule a
demo
you can reach them at four 760
736 the one 00
against 7607 36
be one as CIR me