CipherTrust Compliance - Neutralizing
Outbound Threats
Driven by increasing regulatory scrutiny at all levels of government
and seemingly endless headline-grabbing security breaches, privacy
issues have risen to the top of the list of priorities for today’s
forward-thinking corporate executive. Federal US legislation such
as HIPAA and GLBA, as well as state laws such as California’s SB 1386,
clearly define acceptable practices with regards to digital information
security, and provide harsh penalties for organizations that fail
to protect this data. These laws should provide ample impetus for
administrators and compliance officers to ensure that they have complete
control over the contents of email, as well as the processes of defining
policies, mapping them to specific business processes, monitoring
and detecting violations, enforcing policy and encrypting messages
as necessary. CipherTrust provides administrators and compliance
officers with complete control over defining policies, mapping them
to specific business processes, monitoring and detecting violations,
enforcing policy and encrypting messages as necessary. The CipherTrust
Compliance Profiler is optimized to address policy violations for
multiple vertical markets and eliminates the administrative burden
associated with enforcing corporate policies to protect sensitive
electronic communication. The Compliance Profiler's category-based
engines analyze multiple file types (including images), incorporate
artificial intelligence technologies, and reduce the administration
time associated with simple content filtering technologies.
Key Benefits and Functionality
Industry and government regulations dictate that companies exercise
close control over many types of electronic data, and organizations
are looking for ways to maintain the integrity of their corporate
information. Although content filtering technologies have been available
for quite some time, they have been increasingly difficult to manage
in terms of time associated with creating dictionaries, assigning
thresholds and other activities related to the analysis of described
content. CipherTrust’s Compliance Profiler analyzes multiple file
types, including images, uses artificial intelligence technologies
and reduces the administration time associated with simple content
filtering technologies by:
- Automatically “learning” which data is sensitive and eliminating
the need to build manual dictionaries.
- Applying simple high-level rules defined for classes of content
rather than complicated individual threshold rules.
- Enforcing role-based administration with compliance review
interface and workflow capabilities.
- Analyzing many document formats, including 85 different image
types and more than 200 file types.
- Supporting multiple languages, including French, German, Korean,
Japanese, Portuguese, Simplified Chinese and Traditional Chinese,
for customized dictionaries and content analysis, translated versions
of all reports, rule and policy input in any supported language,
and more.
The Steps to Complete Compliance
Achieving security and compliance in your outbound messaging is a
three-step process. From defining corporate and regulatory policies
to detecting and enforcing them, this process is the surest way to
ensure that no inappropriate information ever leaves your enterprise
gateway.
Policy Definition
For many organizations, defining corporate and regulatory policy can
be a daunting task. The expertise required to understand the myriad
requirements in each of the regulatory acts is not commonly found
in most enterprises, and fees paid to third-party compliance consultants
to develop comprehensive policies can easily eat up a department's
budget before the first hint of implementation. Fortunately for these
organizations, CipherTrust has spent years perfecting the process
of policy definition, and the CipherTrust suite of gateway security
products ships with pre-loaded policy creation tools to simplify the
process, including lexicon-specific dictionaries for all major legislation
and default policies based on industry-specific best practices. These
policies are easily modified and are constantly updated through CipherTrust's
Threat Response update program.
Violation Detection
Once policies are defined, it's time to ensure that you can detect
any and all violations of these policies. The text contained within
an e-mail message must be thoroughly scanned in order to identify
terms that could constitute a violation of the law. Dynamic dictionaries
of regulation-specific terms must be maintained and common formats
such as Social Security and credit card numbers must be identified
before the message leaves the e-mail gateway. File attachments present
an additional risk, as they can contain libraries of information that
must also be handled in accordance with federal guidelines. To neutralize
the threat of file attachments, file attachments must be verified
based on their encoding, not just their extension. Archives such as
.zip files must also be thoroughly scanned in order to evaluate everything
contained in the archive.
To provide the most comprehensive violation detection for organizations
in any industry, the CipherTrust Compliance Profiler searches all
outbound message traffic for violations of corporate or federal
regulatory policy. What separates the Compliance Profiler from other
gateway-based solutions are CipherTrust's Advanced Compliance features,
including:
- Fingerprinting: The fingerprinting engine decomposes
a document into a series of algorithm-generated hashes. This collection
of hashes is referred to as the document "fingerprint."
The engine then creates algorithmic hashes for all outbound e-mail
and attachments and will compare those hashes to known hashes.
Fingerprinting looks for exact replicas of protected documents,
or to detect modifications to protected documents.
- Adaptive Lexical Analysis: Documents fed into this engine
are examined for lexical structures such as frequency of words,
and position of words with respect to each other. Once engine
is trained on protected documents it will filter outbound email
and attachments' looking for lexical structures similar to those
within the documents it was trained on.
- Clustering: The clustering engine is trained on groups
of documents that are similar in nature. Clustering considers
the individual words, the counts of those words and the correlations
between the words in a document, and the correlation of the documents
in relation to others within the group. This way documents are
placed in mathematical clusters. The clustering engine scans documents
to determine whether the document is similar to know clusters
which would indicate protected content.
- Advanced Content Filtering: Allows for searching content
using "and" and "or" expressions so that multiple
dictionaries and Boolean expressions can be used in combination.
Therefore, advanced content filtering can search for combinations
of expressions that when used together could constitute a violation,
but used individually would not.
Image Analysis Module
CipherTrust Research has found that 10 percent of all messages contain
pornographic images or are related to pornographic content, with
the majority of those images being .gif and .jpg files. CipherTrust’s
Image Analysis Module is fully integrated and goes far beyond basic
“flesh-finder” technology to identify and block those
messages, which can compromise corporate integrity and take up valuable
server space. CipherTrust’s Image Analysis Module provides:
- Support for 85 image types and characteristics – Detects
pornographic or sexually offensive images embedded within or attached
to an e-mail message.
- Inbound and outbound message filtering – Detects and controls
the sending and receiving of pornographic images through e-mail
to block pornographic spam and comply with corporate policy.
- Tunable configuration options – Gives administrators the
flexibility to implement customized corporate tolerance policies
across users, groups or domains.
- Flexible rule sets to enforce actions – Enforces actions
based on policy to deal with offensive images, including drop
part, subject rewrite, copy as attachment, forward as attachment,
drop message and quarantine message,.
Enforcement
Once a message has been processed by the Compliance Profiler, appropriate
action must be taken. Administrators need as much flexibility as possible
in determining the action to be applied to each message, and CipherTrust
Compliance allows them to take as granular an approach as they desire.
Messages found to be free of violations can be allowed to leave the
network without further processing, while "conditional permission"
can be granted to messages that are appropriate, yet need further
treatment:
- Encrypt: CipherTrust Compliance features policy-based encryption
that removes the burden of determining encryption requirements from
the end user. As most casual e-mail users neither understand the
need for encryption nor how to apply it to individual messages,
a policy-based gateway encryption solution is the easiest and most
effective method of ensuring that messages containing confidential
information are encrypted appropriately and transparently. Learn
more about CipherTrust Encryption
- Copy/BCC: Messages that are considered "borderline" or that contain
known violations can be automatically forwarded to administrators,
corporate security personnel or any other desired recipient for
further review. This action is completely transparent to the sender.
- Message Stamp: Many organizations require senders to include a
message to the bottom of outgoing e-mail messages with a legal disclaimer
or a number of other specific messages. CipherTrust simplifies this
process by performing message stamping at the gateway, ensuring
that every e-mail that leaves the organization contains the appropriate
message (as determined by the needs of each individual enterprise).
- Block/Quarantine: Some messages are so inappropriate that they
do not qualify for "conditional permission" and must be stopped
and analyzed further before they are allowed to leave the gateway.
For these messages, CipherTrust Compliance offers a Quarantine to
hold all suspect messages for further review by appropriate personnel.
Once the message has been analyzed, the administrator or information
security manager can either release it for delivery or block it
outright.
|
 |
|
