Documentos de Académico
Documentos de Profesional
Documentos de Cultura
1 Safetica Endpoint Auditor...............................................................................................................................3 1.1 Internet Usage Monitoring .......................................................................................................................3 1.1.1 Websites Access Monitoring ...........................................................................................................3 1.1.2 Detailed Websites Categorization....................................................................................................3 1.1.3 E-Mail Monitoring ..........................................................................................................................4 1.1.4 Webmail Monitoring ......................................................................................................................4 1.1.5 General Record on IM Communication.............................................................................................4 1.1.6 Monitoring of Work with Files .........................................................................................................5 1.2 Activity Monitoring .................................................................................................................................5 1.2.1 Intelligent Screen Record ................................................................................................................5 1.2.2 Key Trapping - KeyLogger ...............................................................................................................5 1.2.3 Search Monitoring .........................................................................................................................5 1.2.4 Monitoring of Printing ....................................................................................................................5 1.3 Intelligent Employee Profiling ...................................................................................................................6 1.3.1 Monitoring of Employee Productivity ................................................................................................6 1.3.2 Employee Profiling .........................................................................................................................6 2 Safetica Endpoint Supervisor ..........................................................................................................................6 2.1 Application Control ................................................................................................................................6 2.1.1 Application Blocking ......................................................................................................................6 2.1.2 Large Database of Applications.......................................................................................................7 2.2 Web Control .........................................................................................................................................7 2.2.1 Blocking of Websites according to Categories and Keywords .............................................................7 2.3 Print Control ..........................................................................................................................................7 2.3.1 Blocking Access to Printer ...............................................................................................................7 2.3.2 Blocking printing of selected documents in connection with Safetica Endpoint DLP .................................8 3 Safetica Endpoint DLP ....................................................................................................................................8 3.1 Device Control.......................................................................................................................................8 3.1.1 Control over USB, IrDa, Bluetooth, FireWire, serial and parallel ports ..................................................8 3.1.2 Detailed Identification of USB and Bluetooth Devices ..........................................................................8 3.2 Data at Rest Protection ............................................................................................................................9 3.2.1 Data at Rest Security and Disk Encryption .........................................................................................9 3.2.2 Data Shredder ..............................................................................................................................9 3.3 Data in Motion Protection .......................................................................................................................9 3.3.1 Encryption of Portable Disks ............................................................................................................9 3.3.2 The Safest Encryption Algorithms ...................................................................................................10 3.4 Data in Use Protection ..........................................................................................................................10 3.4.1 DLP Rules ....................................................................................................................................10 3.4.2 Anti-KeyLogger ............................................................................................................................10 3.4.3 Intelligent Data Classification ........................................................................................................10 3.4.4 Control of Behavior and Access of Applications to Data ...................................................................11 3.5 Endpoint Security Tools .........................................................................................................................11 3.5.1 Secure Manager of Passwords ......................................................................................................11 3.5.2 Support of Current Archives Types .................................................................................................11 3.5.3 Password Generator ....................................................................................................................12 3.5.4 PC Lock ......................................................................................................................................12 3.5.5 Security Keys ...............................................................................................................................12 3.5.6 Sending of Safeguarded Data by E-Mail.........................................................................................12 4 Other ........................................................................................................................................................13 4.1 Regulatory Compliance ........................................................................................................................13 4.2 Time Efficient Security ...........................................................................................................................13 4.2.1 Easy Application of Setting Templates .............................................................................................13 4.2.2 Automatic Warnings ....................................................................................................................13 4.2.3 Repeated Task Planner ..................................................................................................................13 4.2.4 Remote Administration of Clients Stations .......................................................................................14 4.3 Detailed Control of Access to Administration and Supervision ...................................................................14 4.4 Optimization for Large Network Installation ............................................................................................14
productivity
new job
Key Features Wide categorized database of websites Nearly 5M records Regularly updated data Possibility to add own websites Main Benefits The use of categories increases clearness of monitored outputs. Speed of Safetica Endpoint Auditor installation is increased by automatic website categorization. Safetica Endpoint Auditor installation requires minimum manual configuration. Thanks to the categories, the company manager does not need to check every website manually and evaluate its content.
It is independent of webmail providers (it operates reliably for company webmails as well as for personal webmails). Main Benefits Obtain incriminating evidence in the case of employees risky behavior. Expose employees sending chain e-mails which waste their time and that of other employees. Expose employees attempts to divulge sensitive information by means of webmail. Incriminate employees who deal with their personal correspondence during working hours. Expose employees who communicate with competitors. Obtain incriminating evidence in the case of employees risky behavior.
Key Features It operates reliably in 32bit and also in 64bit architecture. It records text in context with applications to which it was written. Trouble-free cooperation with other Safetica Endpoint Auditor monitoring tools. Main Benefits KeyLogger records text in context with applications to which it was written. In the case of suspicion, you can obtain evidence against employees who criticize the company. You will verify employees real activity - what they really wrote.
Key Features Detection of anomalies within long-term users behavior Analysis of employee behavior on the basis of Internet and application activities Periodic analysis of obtained data Quick setting thanks to data and application categorization Retrospective view on employee behavior development Immediate security warning on considerable changes in behavior The possibility of setting the period of time during which behavior is to be compared. Main Benefits You will expose changes in employees behavior within a long-term timescale. In the case of critical changes, a security manager is immediately informed, also by e-mail. Expose employees who have lost their motivation for work. In the case of suspicion of undesirable activity, detailed records of monitoring are available. The authorized manager does not need to read tens of thousands records regularly.
Main Benefits Eliminate games and other applications that might distract employees during work. Concentrate users attention only on applications that they need for work. You can limit employees time spent for example by chatting via IM programs.
Endpoint Supervisor Internet facebook.com youtube.com times.com Applications Freecell MS Word Printing Office Hall
CEO
Assistant
Accountant
Benefits Save a considerable part of costs on company printers operation. Gain control over who is allowed to print - cut problematic employees.
2.3.2 Blocking printing of selected documents in connection with Safetica Endpoint DLP
Safetica Endpoint Supervisor manages to block printing of particular documents in connection with the Safetica Endpoint DLP module. In this way you can avoid physical document leakage. Protect your company against leakage of sensitive information and financial loss and good reputation connected with it. By blocking specific document printing for selected employees or full groups, you will achieve higher security of sensitive company information. Key Features This function is linked with Safetica Endpoint DLP module. Possibility to set rules for selected tagged files. The authorized manager is immediately informed on who tried to print protected documents and whether they were able to do so. Main Benefits You will gain control of the creation of physical copies of sensitive company documents. Increase security of sensitive information.
you do not authorize them. Encryption itself applies a minimum load on the computer. Safetica Endpoint Security uses only highly safe encryption methods. Security is executed continuously; your data is protected at all times.
Endpoint DLP
Creation
New data immediately secured.
Deleting
Erase redundant data reliably.
Transport
Keep information safe on the go.
Storage
All data encrypted securely.
Usage
Prevent illegitimate data usage.
Main Benefits Gain complete control of what employees might do with company data. Wide possibilities of setting the access roles, rules for access and allowed operations. Current employees cannot evade protection nor switch it off. It can also check any operation with files within connected portable devices. Blocking of unauthorized operations with files with Safetica Endpoint DLP does not slow down the clients computers.
3.4.2 Anti-KeyLogger
Spy programs - keyloggers- can bug passwords and other sensitive data which is inserted by the keyboard. AntiKeyLogger is a tool that intelligently executes an automatic check of launched applications. If it detects an application that shows the behavior of a keylogger, it finishes it and informs the appropriate security manager. If you use a specific application that behaves as a keylogger, it can be detached from the Anti-Keylogger setting and authorized. Key Features It detects and eliminates keyloggers. It operates reliably in 32bit and also in 64bit architecture. It does not use any database of spy applications and safeguards generally. Automatic run and monitoring of launched application activity. Possibility of immediate security warning in the case of a threat occurrence. Main Benefits You can secure company data against bugging if inserted by employees. It is not necessary to set anything, administrators and security managers are not held up. Anti-KeyLogger protects automatically without the necessity of a managers or employees action. You will obtain a long-term overview of keylogger occurance at your company. You can find out whether anybody is trying to install spy software in mass and intentionally. You will be informed of any spy application after its elimination.
10
After primary classification it runs further during current operation, so that also newly created files are classified and marked with an appropriate tag. Key Features Data identification according to name, ending, placement, kind of application that created the file and other parameters. Smooth administration of classification rules by means of the Safetica Management Console Classification runs over local and shared data. Other components of Safetica Endpoint Security identify sensitive files according to the tag. Possibility to extract some files from the classification, e.g. system files. Immediate reaction of the classification mechanism on changes and transfer of files. Main Benefits You can classify a huge amount of sensitive data simply, without the necessity of sorting through it manually. Newly created data is also classified automatically. Data stays tagged also in the case of a file name change or in the case of its transfer. Tag-mark is an integral part of a file (extended file attribute).
Possibility of rule setting only from the application point of view, for example a ban of access to the Internet. Possibilities of blocking printing applications, if they access sensitive information. It also safeguards applications accessing files in network folders. Main Benefits Protect sensitive information against modification and replacement by means of various applications. You can easily enforce a security policy for work with sensitive data. Ensure that sensitive data influenced by application activity does not leave a security zone without appropriate protection.
11
be easily compressed into an executable file, transferred to another computer and extracted by merely clicking and entering a password. Such usage does not require the installation of Safetica Endpoint Security software to target computers. Safeguarded DCF archives can also be created in addition to common archives. They are suitable for the transfer of sensitive information and they make use of the same encryption as other Safetica Endpoint Security software modules. Key Features Used encryption methods: Blowfish, CAST5, CAST6, MARS, RC5, RC6, Rijndael (AES), Serpent and Twofish Support of all common archives types Support of self-extracting SFX archives Support of safeguarded DCF archives Main Benefits Save costs on unnecessary software for data compression, all common archives can be extracted with Safetica Endpoint Security Tools. Safe data transfer in DCF archive eliminates the possibility of data leakage, e.g. during sending e-mails.
dition, frequent and repeated password insertion hinders an employee and offers a good chance to an attacker to lip-read a password. PC lock offers comfortable locking of a workstation in the case of an employees absence. A common USB flash disk then behaves as a key for unlocking the computer. Safetica Endpoint Security identifies an attempt to copy a key, so it is impossible for an attacker to duplicate the key. This function is a part of Safetica Endpoint Security Tools. Key Features Security key for computer locking created from a common flash disk. Integration into Windows system. Main Benefits Employees will not waste their time in password insertion. Employees will not transfer passwords mutually and endanger the security of workstations and data accessible from them.
3.5.4 PC Lock
An employee leaving a computer is an opportunity for data theft. Common locking during a break for lunch with a password is not sufficient and it can be easily broken. In ad-
12
Key Features Sending of safeguarded files via several clicks Integrated into the context menu of Windows for easier use Main Benefits Employees do not need to learn complicated procedures of safeguarding and work with new complex software. Sending of an encrypted file is quicker than a common files attachment to a message. It solves security problems in the case of a shared e-mail box. Encrypted attachments are not readable even for mail server administrators or for anybody who is not authorized. Impossibility of unauthorized reading of attachments in the case of breaking the password to e-mail box.
Main Benefits Avoid problems with laws that, for example, do not allow some kind of monitoring of employees work. Combine your employees privacy and the protection of your companys interests. You can easily apply a newly issued standard or a legitimate provision.
4 Other
4.1 Regulatory Compliance
Safetica Endpoint Security offers mass administration of setting so you can easily reach compliance with the industrial standards, regulations or laws of your country. It is possible that your countrys laws approach the protection of company interests strictly and do not allow the monitoring of employees activities even for a short term. Thanks to Safetica software, you can nevertheless reach the maximum possible protection of your company interests. By means of templates with settings, you can very easily deactivate individual components on the top level. You can avoid their unintentional use during routine operation. Achieving compliance with industrial standards and regulations is also very easy with Safetica Endpoint Security software. You can download templates from the product website for setting compliance with the best known standards. Their number keeps increasing. You can also download documents from the Safetica Endpoint Security website for individual legal and industrial standards, thanks to which you can understand the meaning of individual standards and regulations correctly. They also help you to orientate yourself in the problems of your employees privacy protection. Key Features Software consists of components that can be individually activated and deactivated. Easy setting thanks to easy application of setting templates. Continuously expanding list of templates for specific legal and industrial standards on the product website.
13
Main Benefits The authorized manager is not overloaded by useless information. The time needed for checking the correct behavior of employees is minimized. For warning delivery, the manager does not even need to be logged in to the Safetica Management Console.
Main Benefits Comfortable installation and software administration without the necessity of a physical visit to the clients computers Branch servers operate separately. One server breakdown does not endanger operation of the others. You can distribute the load among more servers. Everybody is authorized to access permitted functions or data only. Including administrators and security managers. Possibility of interbranch help by a more experienced administrator or by a security manager. One security manager can monitor more branches.
14
Support of terminal users login (more employees on one PC). Support of users roaming accounts (a worker on more PCs). Administrators authorization is not required for a separate run of the clients component. Main Benefits You can distribute the load among more independent servers. Thanks to data saving into databas-
es, you will obtain all required data quickly. Thanks to the well-arranged Safetica Management Console, administrators and security managers save their work by not walking through individual working places. The manager and the administrator have the possibility to administer more server components at the same time.
License Policy
Safetica Endpoint Security software consists of three individually saleable modules. It is licensed by the subscription model (per year). The license influences the number of stations which can use the Safetica software at the same time. Each client operating system using the Safetica software needs license (licensed per asset). For extension of a previously purchased license in its validity period there is an extending license.
Regulatory Compliance
Branch office B
SMS
Branch office C
SMS
Safetica Endpoint Security will help you to meet legislation requirements and industrial standards required from your company. The software can be easily adapted to specific regulations, ordinances and laws. It enables you to protect your company interests in accordance with local legislation and the privacy of your staff. Easy achievement of conformity with laws and industrial standards. Activation of product selected components in accordance with relevant standards. Preset templates for particular standards and laws. Documentation for easy achievement of conformity with standards. Import and export of templates for quick setting.
SEC
SMS
Branch office D
SMS
SEC
SQL
SEC Safetica Endpoint Client SMC Safetica Management Console SMS Safetica Management Service
Safetica Endpoint Security is a software based on a client-server architecture. This architecture consists of a client (Safetica Endpoint Client), a server part (Safetica Endpoint Service), a database (MS SQL with a large installation, SQLite with a small installation) and an administrator console (Safetica Management Console). Within one domain more services can run due to load distribution by means of an Active Directory tree division. An alternative for a smaller network is also the option of installation to a network without a domain where this service can run on an ordinary PC. The database is used for storing of monitoring settings. It also includes categorization database with application categories and web pages. Safetica uses Microsoft SQL Server platform and SQLite for smaller networks.
Technical requirements
Recommended requirements: 2,4/1,6 GHz one-core/dual-core processor 32-bit (x86) or 64-bit (x64) 1 GB of RAM memory 2 GB of free disk space Installation on client Hidden agent (also with GUI) MS Windows XP SP3, Vista, 7, 32-bit and 64-bit MSI installation package
Activity Monitoring
Endpoint Supervisor
Regulatory Compliance Data at Rest Protection Endpoint Security Tools Data in Motion Protection Device Control
Recommended requirements: 2,4 GHz dual-core processor 32-bit (x86) or 64-bit (x64) 2 GB of RAM memory 10 GB of free disk space Shared or dedicated server, more servers better load balancing availability MS Windows Server 2003 SP2, 2008, 2008 R2, 32-bit and 64-bit MS SQL or SQLite for smaller networks Support for Active Directory or without AD also
Copyright 2011 Safetica Technologies s.r.o. All rights reserved. Safetica is a registered trademark of Safetica Technologies s.r.o. All trademarks are the property of their respective owners. Contact your reseller for Safetica Endpoint Security. Safetica Technologies s.r.o. reserves the right to change product specifications or other product information without notice. Prague | Czech Republic | Europe | 15th of April 2011