Minimize Data Loss Via Transparent, Unified Endpoint Protection

Data loss is a hydra with many heads

The question "How can we keep mission-critical data from leaving the organization in unacceptable ways?" is getting harder to answer every year.

Among other significant factors making things more complex:

• Malware that can transmit data is becoming smarter, more multifaceted, and harder to eradicate. Need an example? Consider the Conficker worm—originally released in 2008 and still creating considerable trouble for IT teams worldwide, according to the latest IBM X-Force Trend and Risk Report. This particular malware comes in many variations and uses many attack vectors, making it particularly hard to isolate and block.
• Malware signatures and definitions are getting more complex in proportion. Many anti-malware solutions upload large signatures files to endpoints themselves at regular intervals; this process generates an ever-growing load on the endpoints, the anti-malware systems, and the network connecting them.
• USB thumb drives and other forms of removable storage make it particularly quick and easy for rogue employees to copy data in violation of internal security policies and take that data offsite. These devices have rapidly grown in storage capacity, and as a result, they represent a bigger and bigger threat every year.
• Other channels—e-mail, certainly, but also optical drives and Web sites—can also easily be used to move critical data outside the organization. In some cases, this can happen without the employee even realizing it's taking place, such as following a successful social engineering attack.
• Organizations interested in minimizing these and other forms of potential data loss will also typically want to find a way to do so in a centralized manner—simplifying both initial deployment and any subsequent management required. Given the number and diversity of both endpoints and job roles in the organization, though, that is no simple task.

IBM Endpoint Manager for Core Protection: Multifaceted data loss prevention from a single point of control

It was with exactly this situation in mind that IBM last year released IBM Tivoli Endpoint Manager for Core Protection—a powerful security solution specifically designed to secure endpoints and minimize data loss in a variety of different respects in a centralized policy-driven manner.

"IT team members can assess at a glance the organization's total endpoint security posture—the percentage of endpoints that haven't yet been properly configured, patched, and/or updated—as well as pinpoint the specific endpoints that need more work."

The IBM Endpoint Manager family features a straightforward graphical user interface, accessible from any standard Web browser, which reflects key information about the security status and configuration of endpoints.

Using it, IT team members can assess at a glance the organization's total endpoint security posture—the percentage of endpoints that haven't yet been properly configured, patched, and/or updated—as well as pinpoint the specific endpoints that need more work.

The way the solution handles the endpoint device is similarly elegant. Once the single agent has been deployed—and it supports both Windows and Mac OS X-based endpoints—that agent communicates automatically with the server and a cloud-based protection network.

Instead of relying solely on signature files that are stored on the endpoint, the endpoint can continually obtain the most current information about new malware from the cloud-based service. In tests, this capability has been shown to protect a stunning 100% of known malware—an eye-opening figure appealing to any IT manager.

Task-based, data-based, and file-based protection via a dedicated data loss component

Added power comes via special data loss prevention capabilities that allow managers to create policies that reflect the differences that exist among job roles. The solution can be configured to prevent data copying by certain employees while permitting it for others, even if both groups of employees have access to that data.

What's more, this solution also delivers special power for administrators who may need to block data transmission to a variety of alternate channels, like printers, CD/DVD drives, and network drives. And beyond the channel being blocked, the solution allows managers to specify the data they need to stop from being transmitted.

Once they create a list of blacklisted data—specific keywords, for instance, or company credit card numbers, or social security numbers—the solution can automatically detect when a given endpoint is attempting to transmit matching data and stop that from happening.

The same capability applies to files as a whole—particular named files, or files with any particular cluster of traits such as size or type, can be blocked.

Granular power to protect against risky e-mail, Web sites, removable storage, and user behavior

Additional protection against data loss stems from the fact that Endpoint Manager for Core Protection can also assess target destinations for both e-mail and Web sites—comparing, for instance, the site that is listed in an e-mail just received by an employee against a list of millions of continually updated sites that are seen as high-risk. This is useful to reduce the odds that data-transmitting malware might inadvertently be installed.

Should employees try to visit such a site in any way, whether deliberately or without realizing they're going there, the solution will simply block the visit (and thus prevent an unfortunate outcome such as the silent installation of Web-hosted malware on that employee's endpoint).

IT managers struggling to cope with data loss that occurs via removable plug-and-play devices, such as USB thumb drives, will find the solution's granular device control attractive. Using it, they can restrict such devices in a way that they themselves define and control—preventing, perhaps, certain vendors or models of removable drives from working, or only allowing certain vendors or models to work at all.

Together, all these capabilities combine to significantly help drive down the total amount of business data that leaves the organization in unacceptable ways, while also providing:

• Centralized oversight of the endpoint infrastructure
• Fast and simple endpoint security assessment, and
• The flexibility to adjust to a constantly evolving array of security threats

Additional information

• IBM Security
• IBM Endpoint Manager
• IBM Endpoint Manager for Core Protection

Recent Articles

• Smarter Asset Management: IBM Maximo Heals Healthcare

  Jul 10

• Smarter Endpoint Management: Simplify Baseline Security Auditing and Compliance with IBM Tivoli

  Jun 26

• IBM Maximo Fulfills the Promise of Smarter Cities

  Jun 19

• Managed Services: How IBM Tivoli Optimizes Outsourced IT

  Jun 12

• High-IQ Asset Management: IBM Adds New Intelligence to Transportation

  May 22

• Innovate 2012: Find Out What's Next—Now

  May 15

• IBM Edge2012: Expect More From Your Storage

  May 08

• The IBM Tivoli User Community Site v2.0: Refreshed and Open for Business

  Apr 24

• Take Your Storage into the Cloud

  April 17

• IBM Trend and Risk Report: New Threats, New Strategies

  April 03

• Browse full Tivoli Beat archive

Pulse Comes to You

Pulse Comes to You (PCTY) 2012 delivers the experience, value, and education of Pulse 2012 around the world with local events. IBM Executives and Industry Leaders will share how Integrated Service Management can deliver the Visibility Control Automation™ needed to deliver differentiated services and build competitive advantage on a Smarter Planet.

Find cities and dates

Featured community

Leverage and contribute to the collective wisdom around Tivoli

Engage the community