cynapspro endpoint data protection 2010 - technical specifications
-
Upload
cynapspro-gmbh -
Category
Technology
-
view
225 -
download
2
description
Transcript of cynapspro endpoint data protection 2010 - technical specifications
cynapspro
Endpoint Data Protection2010
Technical Specifications
and Modules
.
Cynapspro Endpoint Data Protection
DeviceDeviceDeviceDeviceProProProPro prevents data loss by controlling all kinds of ports and external storage devices.
CryptionCryptionCryptionCryptionProProProPro protects your company data by efficiently encrypting data stored on external devices.
ApplicationApplicationApplicationApplicationProProProPro controls the use of applications based on a white list or black list.
EraseEraseEraseEraseProProProPro ������������������� �� ���������������������������.
PowerPowerPowerPowerProProProPro cuts energy costs and reports suspicious activity.
Core BenefitsCore BenefitsCore BenefitsCore Benefits of cynapspro of cynapspro of cynapspro of cynapspro TTTTechnoechnoechnoechnologylogylogylogy
Sophisticated Rights Management
Rights Management can be user centered, machine centered or a combination of both. Flexible inheritance structures allow the transfer of group rights to users and the exemption of individual users or devices. Permissions may be assigned to Active Directory Groups that are automatically synchronized or to individually generated groups, which substantially reduces the management overhead. In addition, user permissions may be defined for different scenarios, i.e. users may have different online or offline rights.
Real-Time Management
The cynapspro® client server architecture is based on a real-time solution without group policies and schema extensions. All changes to access permissions will be immediately pushed out to the clients and stored in the cynapspro database. Users don’t need to restart their machines or even connect to the company network in order to upgrade their usage rights. Just consider the manufacturing sector, which requires uninterrupted processes (production lines or the like), where changing the logged on user or even a restart is simply not an option. cynapspro is the right solution for these workplaces, as it ensures that IT management guidelines are implemented and that there are no security risks.
Complete Offline Support
Even disconnected systems remain manageable. Unblocking codes can be uses to temporarily or permanently change user rights. CryptionPro Mobile allows the encryption and decryption of data on mobile devices anytime and anywhere, e.g. when working from unmanaged computers.
Secure Kernel Driver Technology
The secure cynapspro® kernel driver technology is loaded into the operating system during the boot sequence and thus ensures that the service running on the client is not visible to the end user. It can only be stopped or uninstalled by an authorized Administrator.
Minimal Network Load
All changes, such as the allocation of access permissions, updates to application white lists or encryption policies, become effective immediately using “Push and Pull” technologies, which have definite advantages over “Polling intervals”. Solutions using 'Polling intervals' (regular queries from Client to Server in order to check for updates) can cause unnecessary network load which may impact system performance and affect the user in his daily work.
Minimal System Requirements
Apart from a SQL database (the free MSDE or SQL Server 2005 Express edition are fully sufficient), there is no additional software required, such as the IIS Server or .NET client. Consequently, no new vulnerabilities are introduced by installing additional back office software and memory and CPU utilization is minimal.
Integration into 3rd Party Applications
The XML interface allows the allocation of access permissions from an existing customer Helpdesk or Service Desk implementation in a fully automated way, leveraging existing processes, approval workflows, notifications and management reports. There will be no need for service desk workers to use an additional console.
cynapspro cynapspro cynapspro cynapspro ArchitectureArchitectureArchitectureArchitecture
cynapspro Server and DatabaseThe cynapspro server is responsible for managing all DevicePro clients. The Cynapspro server can be installed on any available physical or virtual server (or even a Windows XP Professional system) in your network environment. For large environments or in order to have a backup, devicepro can be installed on several servers that replicate each other.All records are stored in a SQL database (MSDE, MS SQL Server Express, MS SQL Server 2000 or 2005) and managed by the cynapspro server.
cynapspro Agent Installation and UpdateThe Administration Console enables you to create an MSI-package which can be rolled out to all clients using the usual software distribution mechanisms or AD policies. Once installed, the agent will automatically receive updates from the cynapspro server.
Secure and efficient CommunicationThe communication between server and clients uses XML – RPS (optional encryption). All passwords and encryption keys are encrypted (RSA 1024 Bit) without exception.
The cynapspro agent communicates all rights changes made in the management console and takes over complete communications between the server, the kernel driver and, if necessary, with the user. The cynapspro agents use a Push/Pull process to communicate with the server, which ensures that all changes are transferred immediately. There is no client polling, which significantly reduces the network load. Only the machines of those users, whose access rights have been changed, will be contacted and updated.
User and Group ManagementThe directory structure of your existing MS Active Directory or Novell eDirectory is synchronized by the cynapspro server and a local copy will be maintained in the database. No LDAP schema extensions to MS Active Directory or Novell eDirectory are needed. cynapspro only creates a local copy of the structure, which will be updated either on a schedule or on an ad hoc basis. All it takes is a user account with read-only permissions to the AD.
Secure Permission ManagementPermissions to external devices and applications will be controlled by the kernel driver. Systems that are disconnected from the network can receive changes to access permissions via a secure TAN.
Functional OverviewFunctional OverviewFunctional OverviewFunctional Overview
DevicePro�
- Release of individual devices by serial number, Hardware ID,- Device White List (Certification)- Individual release of media (CD/DVD) based on hash value- Device access can be set to read- Content header filter (black/white list)- Password protected Logging of Data Transfer
CryptionPro�
- File-based encryption- Automated on-the-fly encryption- AES 256 encryption- Triple DES encryption- Central key management- Device Blacklist (will always be encrypted, even if users may temporarily disable encryption)- Mobile Client for encryption/de- Centrally managed password policies for mobile - Individual encryption limits decryption to authorized
cynapspro Endpoint Data Protection
Architecture- Secure kernel driver technology- MS AD, NDS, workgroup synchronization- Bidirectional communication (push and pull)
Rights Management- Allocation of rights by groups, usersor machines- Role-based allocation of rights- Temporary or scheduled permissions
Functional OverviewFunctional OverviewFunctional OverviewFunctional Overview
by serial number, Hardware ID, Volume ID, or name Device White List (Certification)- Integrated device discovery ndividual release of media (CD/DVD) based on hash valueevice access can be set to read-only mode
filter (black/white list)ng of Data Transfer
fly encryption
Device Blacklist (will always be encrypted, even if users may temporarily disable encryption)encryption/decryption (without installation on the client)
Centrally managed password policies for mobile clientsdecryption to authorized employees only
Endpoint Data Protection
Management Console & Agentkernel driver technology - Multilingual, intuitive user interface
orkgroup synchronization - MSI-Packager 32Bit/ 64BitBidirectional communication (push and pull) - Role-based display of functionality
- Audit-ready Compliance Repor- Reports and Analysis
llocation of rights by groups, users - Alternative user login – “Log on As” (to avoidsystem downtime)
based allocation of rights - Ticket system for changesemporary or scheduled permissions - Offline support (intelligent Cache and
Volume ID, or name
Device Blacklist (will always be encrypted, even if users may temporarily disable encryption)
Endpoint Data Protection2010�
Management Console & Agentnterface
based display of functionalityready Compliance Reports (SOX,Basel II)
“Log on As” (to avoid
ntelligent Cache and secure TAN)
ApplicationPro
- Black/White lists for applications- Application learning mode (manual and scheduled mode)- Free application package definition- Temporary non-blocking mode- Audit of application usage- Centralized version control- Automated hash value creation for applications
ErasePro�
- Support for various data erasion methods such as simple overwriting,random order, Peter Gutmann method
- Optimization of the erasion speed- Secure deletion of files, shadow copies, directories and drives- Support for internal and external storage media- Scheduled deletion of specific directories such as TEMP, recycle bin, etc.- Reports & Analysis and audit-proof logs- End of Life Management
PowerPro�
- Intelligent management of the computer states ‘hibernate’, - Activity-based regulation and control of monitors, USB devices, …hard drives, fans, CPU, etc.- Alarm system is triggered by suspicious activities- Flexible and individual definition of idle time based on a variety of criteria- Intelligent exemption rules – based on the computer state, active programs or network activities
- Scheduler with several adjustable actions- Central management and reporting- Savings calculator in Dollars, kWh and CO2 emissions for the entire company, OU,
Pro�
lists for applicationsApplication learning mode (manual and scheduled mode)Free application package definition
blocking mode
Automated hash value creation for applications
Support for various data erasion methods such as simple overwriting,random order, Peter Gutmann methodOptimization of the erasion speedSecure deletion of files, shadow copies, directories and drives
and external storage mediaScheduled deletion of specific directories such as TEMP, recycle bin, etc.
proof logs
Intelligent management of the computer states ‘hibernate’, ‘standby’, etc.based regulation and control of monitors, USB devices,
Alarm system is triggered by suspicious activitiesFlexible and individual definition of idle time based on a variety of criteria
based on the computer state, active programs or network activitiesScheduler with several adjustable actionsCentral management and reportingSavings calculator in Dollars, kWh and CO2 emissions for the entire company, OU, Savings calculator in Dollars, kWh and CO2 emissions for the entire company, OU, group or user
FFFFeature Highlightseature Highlightseature Highlightseature Highlights
Intuitive Management Console
The single user-friendly Management Console is largely self-explanatory and only a minimum of training is required. The clear and concise structure allows the compilation of complex setting with just a few mouse clicks. The console and the locally installed agent are available in various languages.
Helpdesk
Changes requested by the user will automatically create a ticket. The assignment of the requested change can be initiated directly from the ticket. Email notifications can be leveraged to integrate into existing 3rd party Helpdesk or Service Desk Tools.
Easy-to use Statistics, Records and Reports
Information on rights assignments, access control, rights requests etc. can be evaluated, analyzed and exported.
Flexible Device Management
The definition of permissible devices can be done by device types, device models or specific devices allowing the usage of trusted equipment without compromises on security issues.
Content Header Filter
In addition to devices or ports, transmission of data can be allowed or blocked according on file types, file names or size. This way you can prevent the copying of internal data or large amounts of data to external storage and thus reduce potential abuse or loss.
Audit-Ready Security
Password-protected, detailed access statistics with filter and sort order functionality. In case of suspected data abuse or loss, cynapspro knows which files have been accessed, by whom and when. Access to the transmission protocol can be protected by up to three passwords in case workers’ committees need to be accommodated. All actions of the cynapspro administrators will be logged.
LDAP Integration
Existing users and user group definitions from Microsoft Active Directory or Novell eDirectory are imported by the cynapspro server thus reducing the workload for defining user groups for Access Client Lists (ACLs) as well as the sources of error.
Distributed Environments
Several mutually replicating cynapspro servers provide load balancing capabilities in enterprise environments.
Supported Devices
Floppy Disc, CD/DVD, USB Mass Storage, SD/MMC Cards, Infrared, Bluetooth, WiFi, PDA, Blackberry, ISDN cards, Modem, Printers, Scanners, Digital Cameras, Sound, Video and Game Controller, etc.
Supported Ports
FireWire, Parallel Port, Serial Port, PCMCIA cards, USB ports, etc.
System Requirements: Server
Operating System: Windows Server 2000, 2003, 2008 or Windows XP, Vista, 7
Supported LDAP Directories:
Microsoft Active Directory, Novell eDirectory 4.91 SP2 and above, proprietary Directory
Database Server: SQL Server 2000 SP3a, 2005, 2008, SQL Server 2005 Express Edition, MSDE
Free memory: 512 MB RAM
Free hard disk Space: 100 MB
System Requirements: Client
Operating System: Windows 2000 (SP4 + RollUp 1) Windows XP + SP2/SP3 Windows Vista (+ SP1) Windows 7
Free Memory: 128 MB RAM
Free hard disk space: 5 MB
Contact cynapspro GmbH Am Hardtwald 1 76275 Ettlingen Germany