CODE GREEN NETWORKS TECHNICAL OVERVIEW Organizations in Every Industry Have Sensitive Data That Intentional Exposure of Confidential Data

WHITE PAPER

CODE GREEN NETWORKS TECHNICAL OVERVIEW Organizations in every industry have sensitive data that intentional exposure of confidential data. must be kept secure (e.g. customer records, financial data, personal health information, and intellectual Today’s organizations have many potential channels for property). Beyond simply securing data, many companies data loss to occur including: webmail, email, FTP transfers, must demonstrate compliance with government and removable USB devices, and cloud storage. Many of these industry regulations regarding information privacy. channels are not currently monitored or controlled, leaving Most organizations don’t know where their sensitive the organization with no visibility into the extent of their data resides—laptops, unmanaged SharePoint servers exposure or any means of proactively preventing data loss. or network file shares—which can lead to inadvertent or

CODE GREEN NETWORKS SOLUTIONS SET

Code Green Networks (CGN) is a complete Data Loss data loss Prevention (DLP) solution that allows companies to −− Webmail and FTP visibility and control, including effectively discover, monitor, control, and secure sensitive SSL-enabled sessions data, whether on the network, in use on desktops or −− Policy based monitoring and blocking of Web laptops, at rest on end user devices and network servers, or 2.0 applications, including wikis, blogs, and other stored in the cloud. applications −− Email encryption for secure communication and • Comprehensive DLP Solution — Unified solution for regulatory compliance Network DLP, Endpoint DLP, Discovery DLP, and Cloud DLP • Key Features • Accurate Content Detection — Fingerprint based −− Monitors and inspects all TCP protocols — SMTP, inspection delivers highly accurate identification of HTTP/S, FTP/S, IM, P2P, and other TCP sensitive content −− A built—in mail transfer agent (MTA) with • Integrated Email Encryption — Onboard encryption quarantine, block, reroute, or encrypt actions seamlessly integrates with leading email encryption −− Standards—based ICAP integration with Web services and FTP proxy servers allows inspection and • Cloud content control for leading Cloud storage control over web and FTP content even over SSL— providers—Box, Citrix ShareFile, Egnyte encrypted sessions • Easy To Use — Delivers full-featured protection with −− On—board email encryption integrates with Cisco, reduced administration overhead ZixCorp, and Voltage encryption services • Fastest “Time to Protection” — deploys in days rather than weeks or months • Why Network DLP • Low Cost of Ownership — Non-subscription pricing −− Secure communications with partners and offers low cost of ownership customers • Scalable Architecture — Supports single site, multi-site, −− Comply with regulations regarding PII and PHI and distributed enterprises data −− Prevent intellectual property leaks NETWORK DLP −− Enforce company policies regarding handling of CGN DLP monitors and controls network communications external communications to prevent sensitive data from leaving your organization’s network. It’s network DLP without the complexity. CLOUD DLP CGN Cloud DLP allows organizations to adopt cloud Utilizing a network tap, Code Green Networks appliances storage without giving up visibility and control required monitor all network traffic and enforce policies to ensure by today’s regulatory environment. All files uploaded to protection. Policy based actions include: allow, block, an enterprise’s cloud can be scanned for confidential or encrypt, reroute, quarantine. CGN appliances monitor sensitive information and remediation can be automatically and control all communications channels — including applied. email (SMTP), Web (HTTP/HTTPS), File Transfer Protocol (FTP), Secure Sockets Layer (SSL), and applications such as Code Green Networks brings extensive technology, webmail, blogs, and wikis. experience and proven solutions for controlling regulated information in industries such as—healthcare, financial • Key Benefits services, retail, and government. To comply with today’s −− Prevents data loss via the network regardless of government and industry regulations (e.g. HIPAA/HITECH, protocol PCI-DSS, Sarbanes-Oxley, and GLBA) it is necessary not −− Content based email monitoring and message just to encrypt, but, to track where the regulated data handling to manage the most common source of resides, and, when and with whom that data is being www.digitalguardian.com WHITE PAPER / 1 accessed or shared. −− Detailed audit logging and reports −− Scalable agent based discovery scanning Key Benefits −− Scan all files uploaded to cloud storage for • Why Discovery DLP confidential or regulated data −− Scan laptops for personally identifiable information −− Continuously audit files that have been uploaded like credit cards, customer databases −− Integrated technology to mitigate the loss of −− Find data exposed on insecure network shares or visibility and control when data is moved to the servers Cloud −− Provide confidential data inventory report −− Perform remediation based on potential risk −− Proactively manage sensitive information exposure in case of laptop loss • Key Features −− Complete Cloud content control for leading Cloud ENDPOINT DLP storage providers—Accellion, Box, Citrix ShareFile, CGN Endpoint DLP delivers powerful data loss protection and Egnyte for data as it is used on endpoint devices, providing visibility −− Content aware monitoring and inspection policies, and control over sensitive information being copied to with detailed activity logging and reporting removable media or sent over wireless connections. −− Device level control, with audit, report, alert, move, Endpoint DLP provides both device level control and and remove remediation actions content aware inspection, allowing flexible policy—based −− Encrypt sensitive data as it is copied the cloud enforcement. −− End user notification and remediation of policy violations Detailed activity logging provides audit history information necessary to demonstrate compliance. Offline policy • Why Cloud DLP enforcement ensures protection for laptops and other −− Enables organizations to meet data privacy devices even when disconnected from the network. regulations while storing data in CGN −− Scans files to allow encryption, removal or other • Key Benefits remediation of sensitive data before the file can be −− Extend Data Loss Prevention to laptops and shared in the cloud desktops −− Enterprise level Data Loss Prevention (DLP) −− Provides visibility into file and device activity on solution to control sensitive content in the cloud endpoints −− Seamless integration with leading Cloud storage −− Controls sensitive information being copied to providers to further enhancing their security removable media or sent over wireless connections −− Restrict device use to authorized users and devices DISCOVERY DLP −− Protect laptops and other devices even when CGN Discovery DLP locates and identifies sensitive data disconnected from the network residing at endpoints and servers across the network, −− Comply with regulations by enforcing encryption providing visibility and audit reporting of potentially of sensitive data unsecured information. Automatic, configurable scanning −− Educate users on confidential data handling of local and network shares using discovery specific policies inspection policies ensure sensitive content is discovered wherever it is located. Detailed audit logging and reports • Key Features provide administrators with the information needed to −− DLP policies for removable media and wireless demonstrate compliance, protect confidential information, devices and reduce data loss risk. −− Detailed activity logging and reporting of all device and file activity • Key Benefits −− Content aware monitoring and inspection policies −− Locates and identifies sensitive content residing −− Device level control, with read only, block, encrypt, endpoints and servers and log actions −− Provides visibility and audit reporting of unsecured −− Separate online and offline policies sensitive content −− Encrypt sensitive data as it is copied to removable −− Demonstrate compliance devices. −− Reduce data loss risk −− End user notification and remediation of policy violations • Key Features −− Configurable scanning based on endpoint, Active • Why Endpoint DLP Directory user/group, folders, and file types −− Prevent confidential data from leaking via USB −− Content aware inspection policies devices www.digitalguardian.com WHITE PAPER / 2 −− Create reports of removable device usage • Key Benefits −− Create reports of confidential data copied to −− Unified protection regardless of Data Loss point. removable devices −− Architecture supports low traffic branch office to −− Alert and educate users when data handling high volume headquarters sites and scales to any policies are violated size organization −− Support audit investigations −− Simple deployment, installation and management −− Demonstrate regulatory compliance reduces administration overhead

BRINGING IT ALL TOGETHER • Key Features Code Green Networks brings all its components together −− Centralized administration of content registration, through a centralized management system that provides policies, incidents, logs, and reporting enterprises a simple and flexible single point of access to −− Centralized based administration of CI Appliances all its content inspection appliances regardless of where and CI Agents. they reside. This key enterprise component simplifies −− Universal content inspection policies apply across the configuration and maintenance of many single—or Network, Endpoint, Discovery and the Cloud multi—site appliances, and endpoint clients, as well as data −− Centralized appliance management for distributed registration, policy management and incident reporting. multi—site or high performance deployments −− Appliance based solution with web management console

DETECTION ACCURACY

Database Record Matching™ (DBRM™), exclusive to Code security, the original (un—hashed) data is not kept. These Green Networks, is a method of using mathematical hashes fingerprints will then be used to find instances of the exact of the actual data, and using those hashes to look for that same data if it exists in an inspected data file. exactly identical data when inspecting other sources such as an email, a file share, the Cloud, a web posting; anywhere INSPECTING DATA that same information would be problematic if found there. At this point, the DBRM engine is ready to find sensitive It is able to recognize and register a wide variety of both data elements inside operational data. The inspected structured (fields in databases or columns in spreadsheets) content might be an email, a web posting, in the Cloud, a file and unstructured data (document formats such as on a network share, a file being copied to a USB drive, or Microsoft Office, source code and PDF files) eliminating anything else being inspected by the overall solution. the high false positives and false negatives plagued in other DLP solutions. The content to be inspected is run through the same DBRM hashing process for each word and word combination that CREATING FINGERPRINTS was used to create the fingerprints of the actual data. When The DBRM process begins with querying an internal hashes match, then that exact sensitive data element has database table known to contain complete and accurate been accurately identified. records containing the relevant sensitive data. This is usually the handful of key identifiers mentioned previously, DBRM can determine which elements in the inspected such as SSN, Names, Medical Record #, Insurance Policy #, record matched the actual sensitive data. In addition, Account #, Member #, etc. multiple elements from the same actual records can be used for further confidence. This could include, for example, This is typically a simple query or set of queries, and is requiring that the corresponding last name belonging to usually performed against a data warehouse or reporting a sensitive field is seen somewhere nearby a potentially database, rather than core or production systems. Once sensitive discovered element in the inspected data. set up, this process is usually automated to re-query the database on a daily or other appropriate regular basis so Fingerprinting of all languages is supported, including those that new values can contribute to the inspection data set. with non—Roman scripts (ex: Japanese, Chinese). In practice this is typically set up in less than an hour with someone normally responsible for report generation or • Flexible Content Registration business intelligence. −− Databases: MS SQL, Oracle RDBMS, CSV files −− Network shares: CIFS, SMB (MS Windows), NFS Next the DBRM engine creates one way hashes, called (Unix/Linux) “fingerprints”, of each individual sensitive data element −− Microsoft SharePoint to be protected, and stores these fingerprints. For −− Content Management Systems: EMC www.digitalguardian.com WHITE PAPER / 3 Documentum, Oracle CMS • Accurate Content Detection −− Data element fingerprints • Comprehensive File Inspection −− Deep content fingerprints −− 400+ file formats −− Exact and partial file matching −− File format independent −− Pre-defined patterns −− Language independent, double—byte support −− Regular expressions −− Recursive archive file unpacking −− Lexicons/dictionaries −− Automatic document classification

RAPID TIME TO PROTECTION

Code Green Networks is easy to deploy and easy to • Monitor and Inspect — All content is inspected manage. Configuration wizard guides the user through whether occurring in network traffic, used on setup and configuration. The solution’s rapid time to the endpoint, or found during a discovery scan of protection is measured in days, not weeks or months. Once endpoints, servers and the cloud. Sensitive data is deployed, policy enforcement is automatic, with actions that detected even if not in the original format or placed ensure sensitive information is handled according to policy. into an archive file. Partial files are detected along with entire file matches. Automatic Policy Enforcement

Setup & Configuration Take Action Management & Reporting (Allow/Block/ Encrypt/Reroute)

Monitor CGN Register Set Create Incident and Reporting Data Policies Policy Incidents Mgmt. Inspect Enforcement

Notify / Log

• Register Data — The solution provides registration and • Take Action — When a violation is detected, policy— data detection of specific information such as customer based actions allow automatic enforcement of business information, financial records, or intellectual property, rules. An example might be to encrypt email containing allowing extremely accurate detection. Content may sensitive information if sent to a business partner but be registered from a variety of sources, including otherwise block or quarantine the email. Other actions data from databases or network shares, SharePoint include allow, block, quarantine, encrypt, reroute, and servers, in content management systems, or stored in retain a copy. the Cloud. Once configured, fingerprinting is updated automatically to ensure recent changes are detected. • Create Incidents — Incidents are automatically created for each policy violation. Detailed information • Set Policies — Flexible policies allow business rules is recorded including the exact content matched and for data security to be enforced by the CGN solution. the context in which the violation occurred (source, Policies may be based on content as well as contextual destination, user protocol, device, etc.). Incidents are constraints including source, destination, protocol, assigned a priority, severity, and owner according to the device, or user. The solution comes with over 100 policy, to assist with resolution. predefined policy templates for detecting regulatory compliance violations (HIPAA, GLBA, and PCI), • Notify/Log — The solution automatically notifies personally identifiable information (PII), and personal end users, content owners, and the security team of health information (PHI). incidents, according to policy settings. Detailed logging is provided for auditing and forensic investigations.

www.digitalguardian.com WHITE PAPER / 4 • Incident Management — Workflow based incident • Reporting — A built—in reporting engine provides management allows rapid resolution of violations predefined and custom reports, offering both high with minimal intervention. Role based administration level summary and detailed snapshots of violations. allows incidents to be assigned to appropriate owners. An executive summary dashboard provides concise Summary and detail views of incidents provide all information necessary for efficient operations. information necessary for quick resolution or to support a detailed forensic investigation. SOLUTION ARCHITECTURE

Code Green Networks is a comprehensive DLP solution SIMPLE AND FLEXIBLE DEPLOYMENT MODES PLUS that is easy to deploy and manage yet scales from single site ADVANCED CAPABILITIES to enterprise class distributed deployments. The solution CGN may be deployed to address specific data loss issues, consists of three components: Content Inspection Manager, from passive monitoring (to gain visibility of the extent Content Inspection Appliance, and Content Inspection of current violations) to proactive encryption of email (to Agent. secure communications containing sensitive information). Flexible deployment options address an organization’s CI Manager immediate DLP needs yet can grow and scale to meet future requirements.

NETWORK INSPECTION The CI Appliance utilizes non—intrusive monitoring of CI-1500 CI-750 network traffic to provide instant visibility and reporting of Central Site & Datacenter Branch & Remote Offices incidents involving sensitive information.

The CI Appliance monitors and inspects traffic across any TCP based application, identifying sensitive data and flagging policy violations.

Server/Storage Endpoint/In-Use Endpoint Network Network inspection is a sensible first step for organizations Discovery Discovery Inspection that wish to understand the type and extent of their data loss exposure prior to implementing proactive blocking of • Content Inspection Appliance — A high—performance user activity or policy—based encryption of data. appliance that provides network DLP and email encryption. The CI Appliance is available in two sizes appropriate for varying network size requirements.

• Content Inspection Agent — A software agent deployed on endpoint devices, the CI Agent performs content—aware data at rest discovery as well as data in Code Green Networks use endpoint DLP. In addition to device control policies, CI Appliance the CI Agent also applies content—aware policies to Network Tap or Switch SPAN Port inspect data at the endpoint and take appropriate Passive TCI action. In addition, the CI Agent monitors user activity, Monitoring Traffic creates activity logs, and reports improper data use to the central management console.

• Content Inspection Manager — A web-based CLOUD INSPECTION management console for centrally managing all Code Green Networks leverages the APIs of popular CI Appliances and CI Agents in a deployment. cloud storage providers integrating the CI Appliance to The CI Manager provides unified management inspect file servers—allowing encryption, removal or other across the entire solution, including centralized remediation of sensitive data—before the file is shared in content registration, common DLP policies, incident the cloud. Information that is already stored in the cloud management, and reporting solution. can be similarly scanned and audited at any time with the same DLP resource.

Scanning files for the cloud storage platform is performed using the same deep content inspection technology www.digitalguardian.com WHITE PAPER / 5 deployed in hundreds of installations to accurately identify CGN solution delivers policy based inspection and control sensitive data. Enterprises are able to detect and control of Web and FTP traffic by integrating with any ICAP sensitive data — in motion, at rest and in use — through capable Web/FTP proxy server. The Web/FTP proxy server advanced content analysis techniques within a single shares information and access to Web and FTP sessions — management console. even SSL—encrypted sessions — with the Code Green CI Appliance using the standard Internet Content Adaptation Protocol (ICAP). The CI Appliance inspects the traffic for sensitive content and applies the appropriate DLP policy. Based on policy, the CI Appliance instructs the Web/FTP server to allow or block the session.

Inspect The solution provides organizations complete visibility and control over webmail communications as well as web- Share based applications such as wikis, blog posting, and Web 2.0 Code Green Networks applications. CI Appliance

EMAIL INSPECTION The CI Appliance incorporates an inline mail transfer agent (MTA) that integrates with a local mail server to provide Code Green Networks ICAF Capable CI Appliance ICAP Requests policy-based email monitoring, control, and optional Web Proxy encryption.

The CI Appliance inspects all messages and attachments for Web and FTP Request sensitive data and applies policy—based actions. Messages containing sensitive data can be blocked, quarantined, rerouted, or encrypted, offering full policy-based control Web and FTP over email traffic. Request

Many companies require email encryption to secure sensitive email communication. The solution offers optional email encryption, providing seamless and secure integration ENDPOINT SECURITY with leading email encryption services from Cisco, ZixCorp, The CI Agent, deployed on desktops, laptops, and servers, and Voltage Security. Policy-based email encryption as part provides powerful endpoint—based DLP and Discovery. of the solution offers greater accuracy and control than the The CI Agent inspects files copied to devices such as USB, limited DLP capabilities of message gateway solutions. CD/DVDs, cameras, or wireless ports and applies policy actions including block or encrypt, delivering both device- based and content—aware control of data movement. Detailed logging of file and device activity offers complete visibility over data use on endpoints.

The CI Agent also provides Discovery of sensitive data on endpoints across the enterprise. The CI Agent scans local Code Green Networks drives, network shares, and removable media to locate and CI Appliance identify sensitive content, allowing proactive risk mitigation before data loss occurs. Complete logging and reporting Mail Server offers visibility into sensitive content wherever it resides. Nail Processing (allow, block, encrypt, reroute) Server/Storage Discovery

CI-1500 Email Content Inspection Appliance

WEB AND FTP INSPECTION Endpoint/In-Use Discovery

www.digitalguardian.com WHITE PAPER / 6 ABOUT CODE GREEN NETWORKS

Founded in 2004 in Sunnyvale, Calif., Code Green remote, mobile or in the Cloud. Code Green Networks Networks was acquired by Digital Guardian in October solutions have been tested and proven through daily use by 2015. For over a decade Code Green Networks appliances hundreds of deployments in large and small organizations have helped enterprises protect and manage regulated and across the United States and around the globe. other sensitive data across their networks, whether local,

ABOUT DIGITAL GUARDIAN

Digital Guardian is the only data aware security platform valuable assets with an on premise deployment or an designed to stop data theft. The Digital Guardian platform outsourced managed security program (MSP). Our unique performs across traditional endpoints, mobile devices data awareness and transformative endpoint visibility, and cloud applications to make it easier to see and stop all combined with behavioral threat detection and response, threats to sensitive data. For more than 10 years we’ve let you protect data without slowing the pace of enabled data-rich organizations to protect their most your business.

CORPORATE HEADQUARTERS 860 Winter Street, Suite 3 Waltham, MA 02451 USA [email protected] 781-788-8180 www.digitalguardian.com

Copyright © 2015 Digital Guardian, Inc. All rights reserved. Digital Guardian and Security’s Change Agent are trademarks of Digital Guardian, Inc. in the U.S. and other countries. All other trademarks are the property of their respective owners.