Learn about our Information Security and Privacy Solution:
“Through 2010 we expect 80-90% of sensitive information leaks to be unintentional, accidental or the result of poor business processes.”
Gartner Group
Historically, information security solutions have focused on preventing external threats such as viruses, hackers and worms through perimeter solutions that include firewalls and antivirus software. While still aware of outside threats, companies are now coming to understand they can no longer ignore inside violations concerning data at rest.
Over 80% of your company’s information resides in files and email somewhere on your network. Employee information (e.g. social security numbers, home addresses, medical histories), customer information (e.g. credit card numbers, account numbers) and operational information (e.g. product launch plans, source code, financial projections) can sit exposed on laptops, desktops, email servers, archives, and file shares for long periods of time without anyone formally classifying and tracking it.
At the same time, laws and regulations continue to reinforce the need for companies to implement effective policies to prevent non-public information (NPI) and personally identifiable information (PII) from escaping the organization. Regulations such as SOX, GLBA, HIPAA, the Personal Data Privacy and Security Act of 2007, PCI DSS and others have turned the protection of private data and information into a requirement. In many cases, confidential data breaches translate into very real and very large fines. As a series of high-profile incidents have demonstrated, in addition to fines and sanctions, loss of brand reputation, loss of customer retention and loss of competitive advantage are not uncommon when confidential information escapes.
Today’s employees are able to easily export sensitive files and information via email or by copying to file shares and portable media. Many companies simply do not have the resources or appropriate policies in place to identify NPI and PII and avoid inadvertent, accidental mis-steps or malicious actions from within. As companies continue to accumulate NPI and PII, they are under enormous pressure to mitigate risk and to secure sensitive information before an undesirable loss occurs. Whether you call it Data Loss Prevention, Content Loss Prevention or simply Information Security & Privacy, the time has come to take steps to protect your company.
Deployed in under 30 minutes, the Kazeon Information Server discovers sensitive information contained in emails and files regardless of physical or logical location. Kazeon not only classifies email and file metadata (e.g. mailto, mailfrom, owner, creation date, last accessed, size, format) but also provides a comprehensive set of rules that extract common, confidential patterns such as phone numbers, social security numbers and credit card numbers. In addition, key words and phrases contained in a document (e.g. “company confidential”, “financial statement”) can be accurately identified and automated policies enabled to prevent data loss.
Validation Reduces the Number of False-Positives - Applying published rules (e.g. Social Security Administration) and algorithms (e.g. Luhn), Kazeon is able to distinguish valid Social Security and credit card numbers from random digits. Kazeon greatly reduces the number of emails and documents that are accidentally identified as containing confidential information (when in fact, they do not) to ensure that reports are accurate and user information is not unnecessarily identified and/or quarantined.
Automated Risk Assessment - Kazeon provides additional functionality to assess the risk exposure of a document. This risk assessment can be based on any combination of file attributes, application properties, file content and user-defined metadata. For example, there is significant risk associated with a document that contains a large amount of personally identifiable information (PII) types and elements; even more so when that file is discovered in a less-than-secure location with a meaningless name and incorrect file extension.
Comprehensive Security and Privacy Dashboard - Access pattern reports help you to understand which files and documents contain privacy data and have been accessed or modified so that you can inform employees of the risk associated with copying, cutting and posting private data. Summary and detailed reports are presented enabling you to review documents in real time. Privacy and security reports can be emailed regularly to a centralized IT security team for further review.
Take Action to Enforce Compliance Policies - Automate the process of controlling confidential information by creating business policies that take action at regularly scheduled intervals. For example, policies can be set to quarantine files and notify individuals when an email or document containing sensitive information is accidentally stored on an exposed area of your network. Important business records can be secured to an appropriate location (e.g. an email archive such as Symantec Enterprise Vault or an Enterprise Content Management application). Emails and documents that should be retained in an unalterable format can be automatically copied or moved to write-once (WORM) storage such as NetApp NearStore with SnapLock or EMC Centera.
Quarantine files classified as “Non-Public Records” to the Secure
Data folder with restricted permissions. Click to see screenshot larger
Automatic Discovery of network file systems. Click to see screenshot larger
Kazeon ensures that sensitive, business-critical, or confidential information residing on your corporate network is identified and managed, resulting in reduced liability and legal exposure, while delivering an immediate positive impact on business credibility. Kazeon allows you to take pro-active actions such as quarantining, moving or deleting sensitive or non-public information on your network before it impacts your business
Reduce business risk and liability. Know the exact types of confidential information on your network, where it is located and who owns it.
Continuously monitor your network and take automatic action. Discover, classify and act on all emails and documents that are identified as sensitive, business critical, or confidential.
Facilitate compliance. Comply with SOX, GLBA, HIPAA, PCI DSS and other data security laws and regulations to keep your company out of the headlines.
Create a security and privacy dashboard. Provides daily, weekly, monthly and annual reports that can be used to satisfy audit requests.
Scale with your information growth. Able to scan hundreds of millions of files representing Terabytes to Petabytes of data in a timely and cost effective manner.
Easy Installation. Deployed in under 30 minutes as an appliance (optional software only), the Kazeon Information Server is agentless, operates out-of band and causes no interruption to end user behavior.
Little IT oversight required. Kazeon provides pro-active and automatic information crawls and automated, pre-defined actions for data loss prevention.
“66% of corporations polled are less than
confident about where their confidential
information is located”
Source: Enterprise Storage Group, 2006
“We’re looking forward to sitting across the table from our bank auditor, who visits once a week between March and September, to pull up the Kazeon Information Server and show him the report that ran the night before to demonstrate that no sensitive data is stored inappropriately.”
Steven Cartwright, Omnium Director of Information Security
|
