Verdasys Risk Assessment Program

The Verdasys Managed Service Risk Assessment Program begins with a questionnaire which gathers answers to key questions such as “Are users allowed to use Dropbox?” or “Are users allowed to email sensitive data to any known third parties?” The purpose of the questions is to determine if there are pre-existing policies in place.

It’s easier than ever to move sensitive data from an endpoint to removable media such as USBs, iPods and iPhones. Verdasys’ MSIP relies on the Verdasys Digital Guardian DLP solution to provide removable media encryption on data and devices individually by file, device type, brand or model. The customer receives a report like this one detailing who is sending what and where, for a complete audit to meet compliance and forensic needs.

Capturing hard-to-detect, high-risk user actions such as print and “print screen” information can prohibit the unauthorized movement of confidential information. The MSIP print report shows key information such as file size and type, top users and printers. Many organizations can’t confirm whether valuable data is exposed, let alone how. The MSIP helps them answer the most detailed data security questions. It can even see printing online or offline, from home or work, to local, network and “soft” printers such as PDFs.

From this Verdasys MSIP report, the customer can see how data is moving throught the enterprise and who is sending it, as well as in what format.

Visibility into the way data flows through email systems is critical. MSIP has the ability to track which users are sending data to particular domains. Another important component of the MSIP reports details what type of data is being emailed.

Who is using Dropbox? What are they doing with it? Is a company’s sensitive data at risk of being sent to the cloud unencrypted? It’s important to monitor the usage of risky applications in an environment and determine whether these applications have accessed sensitive data. This report drills down into individual machines and users. It can also show how data is used in a complete usage context, from executive summaries to detailed forensics.

Another aspect of the MSIP involves presenting the right report to the right customer. Different business units may need to access different reports about different user populations. The MSIP service uses role-based access so that console views can be tuned to the needs of each business.

Understanding acceptable use verses unacceptable use of data is critical in order to enable users to legitimately conduct business. Here you can see that an email was sent to Gmail with work data. Is it safe? Enterprises need to be able to collaborate or allow users to send social email, for example. But what is an acceptable use of these social services? This report allows the MSIP customer to see a full view of activity and flag potentially risky behavior.

Customizable MSIP reports can offer insight into data activity that may be questionable. This report shows that a single executable uploaded files to a remote host and accessed system-level files. This can be indicative of a cyber-threat, and the business utility of this process should be reviewed.

This MSIP report, provided by an actual Verdasys customer with identifying information removed, was provided because it flags a questionable business process—a single executable was uploaded to a host in China and accessed system-level files. This type of activity can be indicative of an Advanced Persistent Threat or some other cyber-threat. It was recommended that the business utility of this process should be reviewed. The response the MSIP team can take may include restricting the application, retrieving all files it touches, cautioning the user of a risky business activity or even shutting down the application.

Verdasys MSIP engineers work closely with the customer to create rules and policies tuned specifically for each business workflow and process. Robust exception handling capabilities, honed over years of field experience with large Global 2000 companies, are invoked to support complex workflows.