Data Loss Prevention | Concorde Informatics

Organizations today are increasingly challenged in protecting customer data and safeguarding intellectual property from internal malicious use and accidental mishandling. Unauthorized disclosure of confidential information can result in loss of revenue, financial penalties and irreparable damage to an organization’s image, brand and customer loyalty. In addition, government regulations and guidelines require businesses to strictly monitor their confidential information and report confidential data leaks. Since corporations are mandated to report confidential data leaks, one cannot read the global news without seeing articles outlining how a sensitive data leak caused substantial corporate financial losses and directly affected the general consumer.

Concorde Informatics ******* addresses this demand by providing enterprises with real-time comprehensive content monitoring and data loss protection from insider threats and accidental misuse.
*********, an appliance-based solution powered by Code Green Networks, offers a fully-adminstered service that provides protection across all content, all languages and all potential leak points, SafetyNet enables organizations to:

• Inspect content flows across multiple protocols
• Detect unauthorized disclosures
• Enforce user-defined policies
• Monitor, inspect and archive WebMail
• Encrypt email according to corporate policies

Policy and Incident Management

Data privacy compliance is a continuous process of assessing risk, establishing and managing policies, detecting incidents, determining root causes, remediating them and tracking trends over time. ******* provides robust policy management functions to customize data security, acceptable use and best practice data management policies are enforced. A host of predefined policy templates (e.g. ) are included to quickly define and implement policies based on organization’s compliance and operational requirements. Once an incident is generated, clients can apply different levels of policy enforcement (e.g. notification, copy retention, logging) supported by a powerful role-based access mechanism to support business process and to enforce strict confidentiality
in managing content based security events. Predefined reports and the ability to customize reports enable management to review key compliance metrics as well as drill down to support more specific exploratory data analysis.

Automatic Email Encryption

Clients can e?ectively address two critical issues simultaneously using ******. The Code Green CI Appliances can be equipped with either Voltage Security Mail or Cisco’s IronPort, or can work seamlessly with other secure mail solutions (e.g. Tumbleweed, Zix, ) to automate the process of encrypting confidential information transmitted in electronic communications to include web-based formats. Messages containing con?dential information are identi?ed and encrypted based on a policy action and logged for future auditing and reporting purposes. No additional hardware or software is required.

Webmail Filtering

Consumer WebMail usage by employees continues to grow as both a security and data leakage issue for organizations. Simply blocking
WebMail access while employees are on the network is not an option for most of our clients. Organizations today must seek to apply the
same policy enforcement strategies they have in place for corporate email and online communications to consumer WebMail usage on the corporate network. Working in conjunction with an ICAP proxy (such as BlueCoat), the Code Green Networks CI appliance parses, inspects and applies policy to messages sent via consumer WebMail services such as Google Gmail, MSN Hotmail, AOL Mail, Windows Live Mail and Yahoo! Mail. In addition, SafetyNet allows you to set policies for archiving WebMail messages for future electronic discovery and auditing purposes.
 

Information Security

Effective identity management and access controls are necessary but not adequate to support the requirements of today’s highly digital enterprises. Inspection and enforcement capabilities that actually monitor network traffic, detect unauthorized attempts to transfer confidential content and intercept it, are integral to the new security paradigm. ***** provides a final layer of content inspection that complements existing security controls. As a last line of defense, ******* effectively monitors content transmissions to identify and report violations by content type, sender, recipient, policy and network protocol.

Compliance and Risk Management

******* is a powerful component of our clients’ compliance and risk management efforts as it is a solution specifically designed to mitigate
reputation, compliance and operational risk associated with the loss of customer data or company confidential information. If someone attempts to transfer sensitive content via email, other Internet channel or to/from authorized portable devices, ******** takes appropriate action based on policies established - allowing the transmission, blocking the transmission or encrypting the transmission - with robust auditing in place. By registering confidential data located in structured and unstructured content sources, clients automate the process of inspecting and monitoring all network traffic to identify, audit and prevent potential violations (e.g. ePHI for HIPAA, credit card data for PCI DSS).

Tailored Implementation and Managed Support

Concorde Informatics provides consulting services to aid in initial implementation and configuration of hardware and software and provides regular support for customization, optimization and deployment of new policy rules that control how your various data types are treated. All
implementation and managed support services are scalable to best meet your organization’s needs and budget. ******** managed components eliminate the hassle of standard solution implementation and policy alterations allowing your IT staff to concentrate on their other duties while feeling confident that your risk for data loss is being well managed.