Professional Documents
Culture Documents
Reviewer’s Guide
Version 3.4
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Important Notice
This guide is delivered subject to the following conditions and restrictions:
No part of its contents may be used for any other purpose, disclosed to any
person or firm or reproduced by any means, electronic or mechanical, without
the expressed prior written permission of Safend Ltd.
The text and graphics are for the purpose of illustration and reference only.
The specifications on which they are based are subject to change without
notice.
The information in this document is provided in good faith but without any
representation or warranty whatsoever, whether it is accurate, or complete or
otherwise and with the expressed understanding that Safend Ltd. shall have
no liability whatsoever to other parties in any way arising from or relating to
the information or its use.
Other company and brand products and service names are trademarks or registered trademarks of their respective
holders.
- Page 2 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Support contact:
Web: www.safend.com/189-en/Safend.aspx
Email: support@safend.com
Phone: 1-888-225-9193
- Page 3 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Table of Contents
About Safend ....................................................... 5
The Problem ....................................................... 6
The Safend Data Protection Suite Solution .................................. 7
Why Safend? ....................................................... 7
Features List ....................................................... 8
Safend Encryptor: Hard Disk Encryption ..................................................................................... 8
Safend Protector - Port & Device Control and Removable Storage Encryption ........................................ 8
Data Classification .................................................................... Error! Bookmark not defined.
Safend Inspector: Content Inspection & Filtering ......................................................................... 11
Safend Discoverer: Endpoint Data Discovery ............................................................................. 12
Safend Reporter: Reporting and Analysis .................................................................................. 13
Safend Data Protection Suite Management Features .................................................................... 14
- Page 4 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
About Safend
Safend software solutions protect an organization’s confidential information from loss and theft by monitoring,
detecting and restricting data transfers from the endpoint. It also allows encrypting both detachable devices and
internal hard disks.
Safend's solutions, available through channel partners worldwide, are deployed by multi-national enterprises,
government agencies and small to large scale companies across the globe.
Safend Data Protection Suite is centrally managed using a single management server, single management console
and single, lightweight agent. The combination of the Safend Data Protection Suite license-activated components,
Safend Protector, Encryptor, Inspector, Discoverer, Auditor and Reporter, provides a comprehensive endpoint
protection solution, thus protecting an organization’s sensitive data residing on PCs, laptops and detachable devices.
- Page 5 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
The Problem
Business survival and success is built on data security. Organizations depend on the security of their data, from
intellectual property such as business plans and trade secrets, to sensitive customer data like health records,
financial information and social security numbers.
Regulatory security initiatives such as Sarbanes Oxley (SOX), HIPAA, PCI, FISMA, and the UK Data Protection Act
(DPA), require organizations to maintain ongoing visibility into endpoint activity. In today’s sensitive regulatory
climate, organizations are expected to demonstrate a comprehensive data protection strategy and understanding of
all data transfer activities.
Industry statistics consistently show that the most significant security threat to the enterprise comes from within. With
over 60% of corporate data residing on endpoints, gateway solutions and written security policies alone cannot
mitigate the risk.
Growing numbers of laptops, removable storage devices, interfaces (physical and wireless), and users with access to
sensitive data have made data leakage via endpoints, both accidental and malicious, a very real threat. An inevitable
fact of life is that laptops are sometimes lost or stolen. It is simply too easy for sensitive data to walk out the door on
an iPod or be uploaded to the Web. According to Forrester, data loss through endpoints is now a leading endpoint
security concern, ahead of Malware, Spyware and other threats.
Despite the clear and present danger of data leakage and loss, implementing effective endpoint data protection
remains an uphill battle for most organizations. Securing endpoints, without impacting employee productivity and
system performance, demands a highly flexible solution that takes into account the dynamics of real-world work
environments.
Many end users view external devices and outbound communications as personal, and view encryption of any kind
as a headache, often balking at and circumventing imposed security measures. As a result, today’s data protection
solutions need to be transparent without compromising the data security of an organization. All possible endpoint
data leakage avenues must be managed with powerful, enforceable, tamper-proof security.
Endpoint data can exit organizational boundaries in any number of ways: it can be carried away on an unencrypted
storage device, mistakenly sent to unauthorized email recipients, or stolen with the laptop it is stored on. An effective
endpoint security program must address the entire range of risks in order to properly protect an organization’s data.
- Page 6 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Safend Data Protection Suite eliminates data leakage from endpoints, delivering comprehensive visibility, complete
data protection and total control over all available avenues to sensitive data.
Only with detailed visibility of endpoint activity, ongoing and historical, can security administrators effectively monitor
and enforce a security policy that is in-line with real world usage. With Safend Data Protection Suite, security
administrators can rapidly query all organizational endpoints while locating and documenting all devices that are or
have ever been locally connected. Safend Data Protection Suite’s advanced reporting capabilities provide ongoing
insight into the organization’s security status.
Safend Data Protection Suite monitors real-time traffic and applies granular security policies over all physical,
wireless and removable storage interfaces. Safend Data Protection Suite detects, logs, and restricts unapproved data
transfer from any computer in the enterprise. Each computer is protected 100% of the time, even when it is not
connected to the network. Safend Data Protection Suite’s control is built from the ground up to enforce a
comprehensive security policy which is appropriate for all organizational security needs. Sensitive data transfers can
be controlled at different logical levels: redundant physical and wireless ports can be blocked, devices and wireless
networks can be approved or denied by their types and specific characteristics, storage device’s functionality can be
partially or completely disabled, and the data which exits the organizational boundaries through approved data
transfer channels can be controlled according to its actual content.
Safend Data Protection Suite guards the data stored on hard drives with its innovative, easy to manage hard disk
encryption. Safend Data Protection Suite also ensures that mobile users and data are secure by encrypting any data
written to removable media such as USB flash drives, external hard drives and CD/DVD.
Why Safend?
Control all your data protection measures with a single management
server, single management console and a single lightweight agent.
Full control over sensitive data both inside and outside the
organizational network.
- Page 7 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Suite Components
Safend Data Protection Suite provides complete endpoint data protection with a single software product. It includes
several, license activated components. Each component within the Safend Data Protection Suite can be
implemented stand alone or in combination and compliments your existing security infrastructure.
The following are the main features of the product, divided according to the different components:
Safend Protector - Port & Device Control and Removable Storage Encryption
Safend Protector, a license-activated component of the Safend Data Protection Suite, protects endpoints by applying
customized, highly-granular security policies over all ports: physical ports, wireless ports and devices. It can also
mandate the encryption of all data transferred to removable storage devices and CD/DVD media.
Port Control – intelligently allows, blocks or restricts the usage of any or all
computer ports in your organization, according to the computer on which they
are located, the user who is logged in and/or the type of port. Safend controls:
USB, PCMCIA, FireWire, Secure Digital, Serial, Parallel, Modem (e.g., dialup,
3G, etc.), WiFi, IrDA and Bluetooth ports.
Storage Control – Special control over external and internal storage devices,
including Removable media, External Hard Drives, CD/DVD media, Floppy
and Tape drives. A policy can block usage of device types, models and even
distinct devices (by serial number), restrict usage for read only, or enforce
encryption (see below).
- Page 8 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Granular WiFi control - by MAC address, SSID, or the security level of the
network.
U3 and autorun control - Turns U3 USB drives into regular USB drives while
attached to organizational endpoints, and protects against dangerous auto-
launch programs by blocking autorun.
Block USB and PS/2 Hardware Key-Loggers - block or detect the widest
variety of USB and PS/2 hardware keyloggers in the industry, which are
devices that can tap and record every keystroke in your endpoints.
- Page 9 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Full Audit Trail - Comprehensive logs are provided for all activities.
- Page 10 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Block - prevents the user from extracting the information from the
endpoint.
Ask User - warns the user of their problematic action, and asks
them if they are sure they want to continue.
- Page 11 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Limit Logs From a Single Endpoint - the administrator can limit the amount
of data sent from a single endpoint in order to balance allocation of network
and storage resources.
- Page 12 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Drill down reports - the Safend Reporter interface allows a step-by-step drill
down into different aspects of the report, and enables a quick and intuitive
transition from a high-level view to specific detailed information.
Reports Export - the reports can either be viewed from within the Safend
Data Protection Suite Management Console or be exported to one of several
popular formats for viewing and analysis outside of the Management
Console.
- Page 13 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Extensive Logging - enables you to view and analyze the logs collected
from all the endpoints in your organization, both immediately and over time.
Logs Data View – Data-related security incidents are filtered, viewed and
analyzed from the Management Console. This incident information contains
all incident data (subject to activating the appropriate monitoring level), and
allows security administrators to analyze easily the incident and understand
why it was triggered.
Client Management - allows you to browse the status of your machines and
check whether they are protected by the latest version of the Client, what
policy they are using, when they were last updated and more.
- Page 14 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Built-In Real-Time Alerts – Enable you to issue alerts of your choice (e. g.,
e-mail, SNMP and more) to desired destinations. Administrators can set the
destinations for sending alerts on a per-policy basis. For example, it is
possible for alerts from different computers/users to be sent to different email
addresses.
Rich End User Interaction - Proper end user information security education
is a vital component in a successful security program. Safend Data Protection
Suite provides security administrators with the tools necessary for ensuring
end user education and involvement in the data protection process.
Database Management – Administrators can set the amount of days for logs
to be stored, as well as set a quota for the database files. Safend Data
Protection Suite Management Server also features manual as well as
scheduled backups for its keys, configuration and logs (logs backup only
available for Internal Database). These backups can be used when
recovering from hardware failures as well as when upgrading hardware
platforms.
- Page 15 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
- Page 16 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Product Walkthrough
System Architecture
The system architecture is presented in the following figure:
- Page 17 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Component Description
Safend Data Protection Suite Safend Data Protection Suite Management Server(s) store policies
Management Server(s) and other definitions, collect logs from Clients, enable Client
management and distribute policies to Clients. The Management
Server(s) uses either an internal/external database for its
repository (see below).
Internal/External Database Standard databases are used for storing system configuration,
policies and log data. Administrators may opt to use an internal
MySQL database supplied in the Management Server installation
package or to connect to existing MSSQL database
infrastructures. Even though using the internal database is simpler
and maintenance free, connecting to an external database
provides better performance and scalability.
Safend Data Protection Suite This enables you to manage Clients, view logs, define policies and
Management Console administer the system. The Management Console can be installed
and run from any computer on your network and uses SSL when
communicating with the Management Server. The Management
Console supports one-click deployment from the server website.
Safend Data Protection Suite This protects and monitors the endpoints in your organization and
Client alerts/reports about user activity. The Client communicates with a
Safend Data Protection Suite Management Server using SSL.
Safend Auditor Although not an integral part of Safend Data Protection Suite,
Safend Auditor is a light-weight client-less tool that goes hand in
hand with Safend Data Protection Suite and completes it by
providing you with a full view of what ports, devices and networks
are (or were previously) in use by your organization's users. You
use the output of a Safend Auditor scan to select the devices and
- Page 18 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Component Description
networks whose usage you want to approve.
Safend Data Protection Suite A server cluster enables the installation of several Safend Data
Management Server Cluster Protection Suite Management Servers connected to a single
external database, so that they seamlessly share the load of traffic
from the endpoints, as well as provide redundancy and high
availability.
- Page 19 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Hard Disk Encryption Security Policy defines whether or not the data on your internal Hard disks will be encrypted.
Port & Device Control Security Policy specifies your organization’s policy regarding the usage of physical ports,
wireless ports, devices and WiFi networks. It also specifies whether the data on removable storage devices and
CD/DVD media will be encrypted.
Data Control Security Policy specifies your organization’s policy regarding sensitive data transferred out of the
protected machine using endpoint or network data transfer channels.
Data Control Discovery Policy defines the parameters for the data discovery process, which locates and maps
sensitive data stored on the organizational endpoints.
Once you have defined and distributed a policy to the Safend Data Protection Suite Clients you can view activity logs
from each client through the Logs World in the Safend Data Protection Suite Management Console.
After analyzing the logs, you may wish to adjust your policies.
- Page 20 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Port Control
Safend Data Protection Suite can intelligently allow, block or restrict the usage of any or all computer ports in your
organization, according to the computer on which they are located, the user who is logged in and/or the type of port.
Safend controls: USB, PCMCIA, FireWire, Secure Digital, Serial, Parallel, Modem (e.g., dialup, 3G, etc.), WiFi, IrDA
and Bluetooth ports.
A blocked port is unavailable, as if its wires were cut. An indication that a port is blocked is given when the computer
boots or when a policy is applied that disables a previously allowed port.
- Page 21 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Device Control
In addition to controlling port access, Safend Data Protection Suite provides another level of granularity by enabling
you to define which devices can access a port.
For USB, PCMCIA, FireWire ports you can define which device types, device models and/or distinct devices can
access a port, as follows.
The device types that are available for selection are built
into Safend Data Protection Suite. If you would like to
allow a device that is not of one of the types listed here,
you can use the Models or the Distinct Devices option,
described below.
Distinct Devices: This option refers to a list of distinct devices each with their
own unique serial number, meaning each is an actual specific device. For
example: the CEO's PDA may be allowed and all other PDAs may be
blocked.
- Page 22 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Hardware Key Loggers are devices that can be placed by a hostile entity between a keyboard and its host computer
in order to tap and record keyboard input and steal vital information, especially identity and password.
With Safend Data Protection Suite you can block or detect the widest variety of USB and PS/2 hardware keyloggers
in the industry.
Storage Control
Storage control provides an additional level of detail in which to specify the security requirements of your
organization. This can apply to all storage devices regardless of the port to which they are connected. You can block
storage devices completely, allow read-only access or encrypt the device.
Like non-storage devices, removable storage devices can also be white listed according to the device module or the
specific device serial number.
- Page 23 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Safend Media Encryption allows administrators to mandate the encryption of all the data being transferred off
organization endpoints to approved storage devices, such as USB flash drives, memory sticks and SD cards, as well
as CD/DVD media and external hard drives, using the 256-bit AES encryption algorithm. This provides organizations
with comprehensive protection from both accidental data loss and deliberate leakage of corporate assets.
Unique to the Safend Data Protection Suite solution is the ability to restrict the usage of encrypted devices to
company computers. This extends the security borders of organizations and prevents rogue employees from
deliberately leaking data through these high-capacity devices.
Within the organization, media encryption is completely transparent and encrypted devices can be read and used
interchangeably on any computer in the organization. End-users are able to read and write to storage devices just as
they would do normally. However, when the same device is plugged into a computer that is not part of the
organization, the data on it will not be accessible.
The Safend Data Protection Suite administrator can choose whether or not to allow specific users password-
protected access to the data on non-authorized computers. If allowed, individual users are able to set their own
device password, which is required for accessing the device on non-company computers. When plugging in the
device outside the organization, a utility residing on the device is used to validate this password and provide access
to encrypted information.
File Control
File Control includes an additional layer of granularity and security by monitoring and controlling file transfers to/from
external storage devices. Definitions are set at the level of file type, providing the ability to allow or block specific file
transfers as well as to generate logs and alerts, or even to send a hidden copy of the file to the Management Server.
With File Type Control a highly reliable classification of files is performed by inspecting the file header contents rather
than using file extensions, thus preventing users from easily bypassing the protection by renaming file extensions.
File type control and logging is enabled both for files written to external storage devices and files read from them.
However, if you are using the complete Safend Data Protection Suite, including Safend Inspector for Data Control, it
is recommended to use the Port and Device Control Security Policy only for files read from the device, and use the
Data Control Security Policy to control files written to the device according to their classification.
By inspecting both the files downloaded to external storage devices and those uploaded to the protected endpoint,
multiple benefits can be achieved:
- Page 24 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
The file control aspect of the policy will apply to approve storage devices which were configured to
apply file type control in the Devices tab of the policy:
For these devices, the relevant file type control configurations will apply:
- Page 25 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
WiFi Control
WiFi control ensures that users only connect to approved networks. You can specify which networks or ad hoc links
are allowed access by the MAC address of the access points, SSID of the network, authentication method and
encryption methods to define approved links.
- Page 26 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Safend Encryptor utilizes Total Data Encryption technology that encrypts all data files, while avoiding unnecessary
encryption of the operating system and program files. This innovative concept minimizes the risk of operating system
failure, and poses negligible performance impact on user productivity.
Leveraging this unique encryption technology, Safend Encryptor provides a genuinely transparent Hard Disk
Encryption solution, by using the existing Windows login interface for user authentication.
Safend Encryptor utilizes industry standard AES-256 encryption, and is Common Criteria Certified (Evaluation
Assurance Level 2 for Sensitive Data Protection), and FIPS 140-2 Certified. Encryption of data on internal hard drives
is controlled by policy and enforced by the Safend Client on the endpoint.
Applying Hard Disk Encryption using Safend Encryptor is performed with a few simple steps, described below. The
encryption process is completely transparent to both end users and security administrators.
- Page 27 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
2. Click OK. This will apply the encryption policy to all computers associated with the security policy the next
time the Client will communicate with the Management Server.
3. Once the policy is updated on the Client, the system automatically conducts machine and user
authentication. This phase is comprised of two steps:
a. Machine registration – makes sure that the machine is listed only once in the domain computer
list.
b. User authentication – ensures that the currently logged on user is a valid domain user, which will
be able to access the encrypted data.
4. The Safend Server creates encryption keys and securely distributes them to the Client.
5. The encryption process begins automatically. This process runs in the background, and therefore does not
require any user action, and the user can continue working normally. The user can shut down or restart the
endpoint during the encryption process; encryption will resume the next time the computer is powered on.
The encryption status and progress is continuously updated on the Management Server, and can be
viewed in the Clients World.
6. The machine is now protected, and secure data will not be compromised in case the computer is lost or
stolen. Security administrators can view the current encryption status of the organizational endpoints, either
through the Clients World or with the Safend Reporter, by running the Encryption Status Report.
The system encryption mechanism and Key Management is presented in the following figure:
n
tio
i ca
un
SSL
m
m
Co
Co
L
SS
mmu
nicatio
Document Encrypted
with File Encryption Key
Document
- Page 28 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Before implementing hard disk encryption using Safend Encryptor, it is recommended to follow several steps to
ensure smooth and easy product implementation, while enabling swift data recovery in all failure scenarios:
1. Backup Server Secrets - create a backup server’s private and public keys in order to be able to re-install
the server in case of a hardware or software failure.
2. Backup Server Configuration (Scheduled Backup) – define a scheduled backup for the server
configuration file. All encryption keys are centrally generated and securely stored on the Management
Server before encryption is initialized.
- Page 29 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Data classification is a set of definitions which is used by the system to automatically identify data.
Safend Inspector and Safend Discoverer components both utilize the Data Classification Mechanism.
To customize a built in classification, right click the classification you want to modify and click
Customize:
Alternatively, organizations can configure their own custom classifications from scratch.
- Page 30 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Data classification consists of one or more classification rules and the Boolean relationship between
them (and, or, not):
The administrator can add additional rules to the classification. Each type of classification rule uses a
different method of identifying the data:
Together, these rules can be used to create highly accurate data classifications, which
will be used to locate and control sensitive data within your organization.
- Page 31 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Safend Inspector provides an additional protection layer for data transferred over approved data transfer channels,
such as a white-listed storage device, an approved WiFi connection, or even a machine’s LAN connection. It
enforces an accurate, data-centric security policy on data transferred via these endpoint channels, without disrupting
legitimate business processes and disturbing end user productivity.
A Data Control Security Policy defines how the Safend Data Protection Suite reacts when classified data is
transferred through controlled channels. Each data control policy defines how the Safend Data Protection Suite
reacts to a specific Data Classification.
This tab is divided into two sections. The first section, Data to Control, allows you to select the classification to which
the policy will refer. The bottom part of the tab, Channels Where this Data is Restricted, allows you to define what will
happen when the user attempts to transfer classified data using the specified channels.
- Page 32 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Safend Data Protection Suite controls data transferred over the following channels:
Channel Configuration
For each channel, you can define what happens when the user attempts to transfer classified data out of the machine
(Security Action):
You can also configure what kind of event will be sent to the server following the user action. You can decide if the
action will generate a log or an alert (monitoring action), and what information will be included in it (monitoring level).
In addition, you can configure the message which will be displayed to the end user following their actions. This
message can be configured to require end users to enter the justification for their action, by choosing it from a list of
options or inserting free text. This is a highly effective method of deterring users from committing potentially harmful
actions, without disrupting legitimate business procedures. The information which is provided by the end users is sent
to the Management Server together with the incident record, dramatically improving the incident management
process:
- Page 33 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Finally, you can configure exemptions for each channel. For example, you may want to apply the data control policy
to all emails except for those sent only to recipients in your company, or prevent users from downloading confidential
data to all external storage devices except for the CEO’s hardware encrypted device. Different parameters are used
to define exemptions for the different channels.
To define the channel specific exemption, mark the channel and click Edit Channel. In this window, you can
configure the data destinations you wish to exempt from inspection.
- Page 34 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Understanding where sensitive data is located is the foundation of any data protection project. Safend Data
Protection Suite allows security administrators to locate sensitive data stored on organizational endpoints. This
process helps identify gaps in data protection and compliance initiatives and provides insight into what policies
should be implemented using other components of the Safend Data Protection Suite.
The endpoint discovery process is triggered by applying a Discovery Policy on the protected endpoint. This policy
indicates which data classifications, should be searched for on the organizational endpoints. The Discovery Policy
also specifies the type of log record that will be sent to the Management Server when sensitive date is discovered.
When a Discovery policy is applied on the endpoint, the Safend Data Protection Suite Agent scans and classifies all
data files on the machine. When a classified file is discovered, a log record is sent to the Management Server. The
discovery process runs in the background, with minimal affect on endpoint performance.
The status of the discovery process conducted on each endpoint is displayed in the Clients World.
- Page 35 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Safend Auditor
Safend Auditor is a tool that goes hand in hand with Safend Data Protection Suite and complements its capabilities
by providing you with the visibility needed to identify and manage endpoint vulnerabilities: a full view of what ports,
devices and networks are (or were previously) in use by your organization's users. Organizations can use the output
of a Safend Auditor scan to select the devices and networks whose usage they want to approve.
- Page 36 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Safend Data Protection Suite Client is a lightweight software package that transparently runs on endpoint computers,
at the kernel level, and enforces protection policies on each machine on which it is applied. It has a minimal footprint
(in terms of file size, CPU and memory resources) and includes redundant, multi-tiered anti-tampering features to
guarantee permanent control over endpoints.
Safend Data Protection Suite Clients can be silently installed on all endpoints. Once policies have been distributed,
the Client immediately starts protecting the computer.
When a violation of a Safend Data Protection Suite policy occurs or during certain usage activities, a message is
displayed on the endpoint computer. A log entry may be created to record this event, according to the preferences
you defined in your policy.
If you wish, you may install the Client in Stealth Mode, hiding both Safend tray icon and messages and making
Safend Data Protection Suite Client invisible to the user at the endpoint.
- Page 37 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Step 1: Install the Safend Data Protection Suite Management Server and
Console.
Step 5: Define Safend Data Protection Suite 1st Policies. In this stage, is it
recommended to create a permissive policy for the entire organization, which
monitors end user activities. This policy will allow you to learn how devices
and data are used in your organization for legitimate business processes
before enforcing a more restrictive policy.
Step 8: Discover Sensitive Data. In this stage, you create and associate a
discovery policy to organizational endpoints to determine which endpoints
store sensitive data.
Step 9: Analyze Initial Logs. In this stage, you review the logs received from
the endpoints and determine which user activity is an appropriate business
process which should be allowed by policy and which is a potentially harmful
action which should be blocked.
Step 10: Create and distribute enforcement policies. In this stage you
define how data is protected in your organization: which machines and
removable storage devices are encrypted; how ports, devices and WiFi
networks are used and which data can be transferred out of protected
endpoints.
- Page 38 -
Reviewer’s Guide
SAFEND DATA PROTECTION SUITE™
Step 12: Monitoring Logs and Alerts, View the log entries generated by
Safend Data Protection Suite Clients. Analyze these logs and maintain
ongoing visibility into the organization’s security status, using Safend
Reporter.
- Page 39 -