Introduction. The Safe-T Solution

Similar documents
Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

Introduction. The Safe-T Solution

Introduction. The Safe-T Solution

CipherCloud CASB+ Connector for ServiceNow

Securing Your Most Sensitive Data

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

BUFFERZONE Advanced Endpoint Security

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

Network Security Protection Alternatives for the Cloud

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

VMware AirWatch Content Gateway Guide for Windows

MigrationWiz Security Overview

HikCentral V1.3 for Windows Hardening Guide

VMware AirWatch Content Gateway Guide for Windows

BUFFERZONE Advanced Endpoint Security

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

VMware AirWatch Content Gateway Guide for Windows

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

VMware AirWatch Content Gateway Guide for Linux For Linux

VMware AirWatch Content Gateway Guide for Windows

Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

GUIDE. MetaDefender Kiosk Deployment Guide

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

DreamFactory Security Guide

CIS Controls Measures and Metrics for Version 7

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

#1 Enterprise File Share, Sync, Backup and Mobile Access for Business

System Overview. Security

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

CS 356 Operating System Security. Fall 2013

HikCentral V.1.1.x for Windows Hardening Guide

Secured Browsing with SmartBrowser

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

WHITEPAPER. Security overview. podio.com

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

CIS Controls Measures and Metrics for Version 7

Integrating Metascan and CyberArk

Enterprise Guest Access

CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Product Brief. Circles of Trust.

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

Changing face of endpoint security

Security Fundamentals for your Privileged Account Security Deployment

Datacenter Security: Protection Beyond OS LifeCycle

Syncplicity Panorama with Isilon Storage. Technote

Security Readiness Assessment

CYBERSECURITY RISK LOWERING CHECKLIST

Copyright 2011 Trend Micro Inc.

#1 Enterprise File Share, Sync, Backup and Mobile Access for Business

Cyber Essentials Questionnaire Guidance

ENDPOINT DATA MINING Designed and patented data mining capability to turn every endpoint into a network sensor for US Military.

Annexure E Technical Bid Format

Branch Office Desktop

Security by Default: Enabling Transformation Through Cyber Resilience

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Service Description VMware Workspace ONE

Projectplace: A Secure Project Collaboration Solution

Mobile Devices prioritize User Experience

The Evolution of Data Center Security, Risk and Compliance

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Security Assessment Checklist

Solutions Business Manager Web Application Security Assessment

Cloud Security: Constant Innovation

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations

Copyright Huawei Technologies Co., Ltd All rights reserved. Trademark Notice General Disclaimer

Cyber security tips and self-assessment for business

RSA Authentication Manager 8.0 Security Configuration Guide

PCI DSS Compliance. White Paper Parallels Remote Application Server

Microsoft MB Microsoft Dynamics CRM 2016 Installation. Download Full version :

SYMANTEC DATA CENTER SECURITY

AKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017

CloudSOC and Security.cloud for Microsoft Office 365

VMware AirWatch Content Gateway Guide For Linux

Citrix ShareFile Share, store, sync, and secure data on any device, anywhere

Future-ready security for small and mid-size enterprises

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Disclaimer CONFIDENTIAL 2

SECURE DATA EXCHANGE

Sentinet for Microsoft Azure SENTINET

Symantec Ransomware Protection

McAfee Security Management Center

How to Apply a Zero-Trust Model to Cloud, Data and Identity

CogniFit Technical Security Details

OptiSol FinTech Platforms

Seqrite TERMINATOR (UTM) Unified Threat Management Solution.

SERV-U MANAGED FILE TRANSFER SERVER FTP SERVER SOFTWARE FOR SECURE FILE TRANSFER & FILE SHARING

GoAnywhere MFT System Architecture Guide. For High Availability, Scaling, and Performance

A (sample) computerized system for publishing the daily currency exchange rates

Transcription:

Secure Internal File Access Product Brief Contents Introduction 2 The Safe-T Solution 2 How It Works 3 Capabilities 4 Benefits 5 5 Access Component 5 Data Exchange Component 8

Introduction Sensitive data leakage by internal employees is a major concern for any organization in terms of data protection, but for highly secure organizations such as defense contractors, military manufacturers, intelligence agencies, law enforcement agencies, etc, it is the most pressing concern and may affect the organization in many ways including jeopardizing human lives. Such organizations are usually cut off from the outside world, but they hold the most highly sensitive data in the world, so the threat is internal rather than external. The internal threat can be any of the following employees, 3rd party contractor working within the facility, or the IT administrator managing the file storages. The problem is that like their enterprise counterparts, also highly secure organizations use file shares in order to provide users with access to organization data, as well as ensuring data is regularly backed up. While providing ease of access to files, standard files shares do not provide high levels of access and usage controls, but rather basic user permissions. In addition, the main protocol used for file shares is Server Message Block (SMB) also known as Common Internet File System (CIFS). But while SMB has become in the center of all organizations, it s inherent vulnerabilities have been exploited as part of various attacks. The continued use of the SMB protocol is a major security concern for organizations globally, regardless their type. The Safe-T Solution The Safe-T Solution Safe-T SmarTransfer, which is part of Safe-T s Software Defined Access solution, allows internal users to gain transparent access to secure storages over the standard HTTP/S protocol. What appears as a standard mapped network drive is actually a secure, encrypted and access-controlled channel to be exposed to the sensitive information /files with the right authorization rights to upload, download, copy, open, delete, view, etc all according to need to know basis and permissions, while not relying on the vulnerable SMB protocol. All transactions are subject to Safe-T s SecureStream policy and workflow engine, thereby ensuring secure and controlled access to any file type file content, meeting governance and audit requirements. SmarTransfer integrates with the organization s authentication solution (e.g. Active Directory), transparently authenticating the user when they open their mapped drive. The list of presented Safe Spaces (folders) displayed to the user, depends on the user s group and permissions. backend application.

How It Works Safe-T s SmarTransfer allows deploying a Secure Internal File Access solution. It can be deployed in one of two deployment scenarios: Single Segment As can be seen in figure 1 below, when deployed in a single segment, the Safe-T Secure Internal File Access solution requires a single Safe-T SmarTransfer unit which is connected to the organization s file server, authentication tier (e.g, Active Directory), and 3rd party security solutions (e.g. anti-malware, sandbox, etc). Organization Anti-Malware File/Data Storage SmarTransfer User IAM DLP Internal Segment Figure 1 - Safe-T Secure Internal File Access Single Segment Multiple Segments As can be seen in figure 2 below, the Safe-T Secure Internal File Access solution is composed of multiple components. The solution is usually deployed in one or more internal segments within the organization. Internal Segment 1 includes a Safe-T SmarTransfer which is connected to the organization s file server, authentication tier (e.g, Active Directory), and 3rd party security solutions (e.g. anti-malware, sandbox, etc). If users connect to this segment for other segments, then an Access Controller is deployed also in Internal Segment 1. The Access controller communicates with an Access Gateway in other internal segments. Internal Segment 2 includes an Access Gateway which communicates with the Access Controller in Internal Segment 1. It is used to allow users from Internal Segment 2 to reach the Safe-T SmarTransfer server without the need to open the firewall between the two segments.

Organization Anti-Malware File/Data Storage Access Gataway Access Controller SmarTransfer User User IAM DLP Internal Segment 2 Internal Segment 1 Figure 2 - Safe-T Secure Internal File Access Multi Segment Capabilities Deploying Safe-T s SmarTransfer for Secure Internal File Access provides the following capabilities: Deployed as a virtual machine, SmarTransfer seamlessly integrates into existing file shares Server-side capabilities maximize the security on overall users file transmissions Zero SMB protocol usage, connection using HTTP/S protocol from client to Safe-T As opposed to other solutions, Safe-T SmarTransfer is clientless and does not require any installation on the user desktop. Clientless deployment minimizes the complexity of managing desktop client installations and upgrades, and it is transparent to any operating systems Access and permissions control ensures secure and controlled access to any file types and content Supports file operations with full file function capabilities, such as: Upload, download, copy, create, open, move, delete SmarTransfer acts as a secure file gateway between users and remote file servers, enabling 3rd party integration (AV/DLP/etc.) and policy enforcement Prevents any unauthorized file access or usage - changing file original format, encrypting files, etc Built-in file encryption and/or encryption using external HSM for Secure encryption keys storing Full audit trail and reporting to SIEM solutions (e.g. Arcsight) View only options, without the option to download the sensitive information to the local work station

Benefits The benefits of providing application access via Safe-T s Secure Internal File Access: Full segregation of duties between IT administrators and business users Seamless integration into existing file access environments Simple and easy deployment Reduce the risk of data theft, and data leakage attacks Reduce the overall network attack footprint by removing SMB protocols Access Control ensures secure and controlled access to any file types and content Ability to interact with organization security and data protection tools Brings back the control over sensitive information from the users to the organizations Access Component System Level s High Availability (HA) Ability to perform high availability/clustering mode in the same data center and between data centers Safe-T Secure Application Access solution can be setup in HA using an external load balancer or application delivery controller. In addition, a single Access Controller can operate with multiple Access Gateways and Authentication Gateways.

Access Component System Level s Disaster Recovery Ability to failover to another data center in the event of application unavailability or site disasters Safe-T Secure Application Access solution can be setup in a disaster recovery architecture using an external load balancer or application delivery controller Deployment On-premises Access s Patented Reverse-Access technology Requires opening firewall ports Safe-T s reverse-access technology is patent protected. The Reverse-access technology is a dual node technology, which removes the need to open any ports within a firewall, while allowing secured application access between networks (through the firewall) No Support any TCP based application / service Logical Network Segmentation WebDAV Support Safe-T Secure Application Access solution supports any TCP based application / service, applying reverse-access to it Logically segment the network, deploying a Zero Trust model, to reduce the risk of cyber-attacks from reaching internal network segments, or laterally moving throughout your network Safe-T Secure Application Access solution supports WebDAV based file access Client-less and VPN-less application access Safe-T Secure Application Access solution does not require any client application to be installed on the end-user s machine

Access Component Management and Operation Using a Web for full management System logs External Provisioning, via TCP API for reverse-access rules System Level s Server base platform to host the server application Client base platform to run the client application Configuration database Location where configuration settings are stored Database Encryption of sensitive information inside local SQL/MySQL database with which MFT product works. Full Web access interface for internal/external users and guests VM VM/Hardware Windows Server Safe-T SmarTransfer uses an SQL database. Safe-T supports multiple protocols including NTFS, thus allowing customer to work directly with existing data centers All sensitive information is encrypted including contacts, passwords, emails, packages, messages, etc. Encryption is done using AES 256-bit. Ease of Use Detailed attachment and transaction tracking (who, when, what?) Communication protocol(s) between Safe-T SmarTransfer and Data Storage Communication protocol(s) between user and Safe-T SmarTransfer Any user or application which touches the package/attachment is tracked Tracking is done using a dedicated log within Outlook SMB WebDAV (HTTPS)

Data Exchange Component Ease of Use Ability to perform applied policy scanning on an uploaded/downloaded attachment Ability to enforce policy on any file type or size File encryption at rest HTTPS secured connection NTFS file access over HTTPS Online viewing of files via SmarTransfer Control file access, using a 3rd party anti-malware, or sandbox solution upports file I/O operations on remote file servers with full file function capabilities, such as: Upload, download, copy, create, open, move, delete and NTFS complimentary permissions associated with users and groups. Clientless capabilities minimize the complexity of managing desktop client installations and upgrades, and it is transparent to operating systems (Windows/Mac/Linux). Support using HTTP URL only and authenticating using standard authentication methods: Kerberos/Negotiate/NTLM/Multifactor/ Header-Auth/etc. Server-side capabilities maximize the security of overall user file transmissions. Ensures secure and controlled access to any file types and content. Acts as a secure file gateway between users and remote file servers while enabling thirdparty integration and enforced policies (AV, etc). This helps to prevent any unauthorized access or usage (such as changing file original format, encrypting files, Ransomware attacks, etc).

Data Exchange Component Ease of Use Control file access From the user s perspective, it acts as any mapped drive, including sharing links to the mapped drive with other users. Management and Operation LDAP integration Ability to manage users via Active Directory Ability to manage passwords of Active Directory and non- Active Directory users Using a Web admin for full management Storage management of occupied space of uploaded files with the ability for easy delete Users/group control integrated through Active Directory Report generation Ability to schedule the generation of reports Policy on group and individual users Policy regards file types allowed/not allowed External Provisioning, using Active Directory policy Available (Disk Quota Management), detailed, simple, summary, etc. The following reports can be scheduled for generation (manually or via SDK): - Generate report detailing the total sent/ received files and sizes manager and user level - Safe-T allows generating manager and user level reports, via REST API

Data Exchange Component Safe-T Connectors Protocols Active Directory WebDAV HTTP/S NAS NTFS Applications Antivirus and Sanitization solution integration - Check Point SandBlast - Palo Alto WildFire - Fortinet FortiSandbox - Votiro Disarmer - SoleBit Solgate - AVG (Client/Server) Server - Sasa Software Gate Scanner - ReSec ReSecure - OPSWAT MetaDefender - ODI ODIX - McAfee - Symantec SEP - Trend Micro OfficeScan 2019 Safe-T Data Ltd. All Rights Reserved. Safe-T and all other Safe-T product and service names are registered trademarks of Safe-T Data in the U.S. and other countries. All other trademarks and names are the property of their respective owners. ST-2-19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback