As the date that GDPR will become effective approaches, most organizations are at complete loss and still looking for the right course of actions. We have prepared a solutions matrix that maps certain aspects of GDPR to specific technologies and solutions. If you have any enquiries, do not hesitate to contact us. We are more than willing to help you throught the tedious task of complying to GPDR legislation.
Keyword | Need/Obligation | Action | Our proposal | Vendor |
---|---|---|---|---|
Pseudonomization | Pseudonomization – replace personal data with placeholders in order to be able to share documents but without the personal data in them. | Protect collected log data through compression, Encryption | Balabit Syslog-NG Filters collected log data in order to minimize storage by keeping only needed data. Compresses, Encrypts and timestamps the data. So only authorized persons have access and integrity is safeguarded. Has mechanisms for pseudonomization of data so log data can be given to auditors who need them but without personal data |
Balabit |
Pseudonomization | Pseudonomization – replace personal data with placeholders in order to be able to share documents but without the personal data in them. | Data Redaction – Detect the personal data and replace it with something else. | Clearswift Adaptive Redaction (AR) Available as: Argon for email, separate product. Can work in any environment. Secure ICAP Gateway, adds AR to 3rd party products Included in Clearswift Secure Email Gateway Included in Clearswift Secure Web Gateway Included in Clearswift Endpoint Solution |
Clearswift |
Accountability | Accountability – Need to keep record of what operations done on personal data | Privileged User Monitoring – automatically record actions of users with high privileges on servers with critical data. | Balabit Shell Control Box Controls and limits access , recording audit in form of Video |
Balabit |
Accountability | Accountability – Need to keep record of what operations done on personal data | Collecting and processing log data to create practical and meaningful reports and alerts | Balabit Syslog-ng A log management system that safeguards log information during collection, transfer and storage. Capable to handling mass volumes of information and forwarding them to designated endpoints. Filtering & Parsing, Encryption & Anonymization, Pseudonomyzation |
Balabit |
Accountability | Accountability – Need to keep record of what operations done on personal data | Collecting and processing log data to create practical and meaningful reports and alerts | Secnology Log data collecting, parsing, managing. Collects data of virtually any kind of system including workstations, in order to keep track of any kind of activity and prevent security incidents |
Balabit |
Incident Response | React promptly to personal data breaches and report to Authorities within 72 hours | Collecting and processing log data to create practical and meaningful reports and alerts. Tremendous flexibility in analyzing log data in order to find causes of incidents and create reports. | Secnology Log data collecting, parsing, managing. Collects data of virtually any kind of system including workstations, in order to keep track of any kind of activity, prevent security incidents and perform forensic research in case of an incident. |
Secnology |
Incident Response | React promptly to personal data breaches and report to Authorities within 72 hours | Automated auditing system which collects relevant data and allows for easy creation of reports. | Balabit Shell Control Box Privileged User Monitoring and access control. Auditing & Reporting. Keeps detailed audit trail allowing easy forensics research and report creation. |
Balabit |
Incident Response | Automated incident response system. | Automated auditing system which collects relevant data and allows for easy creation of reports. | F-Secure Rapid Detection Service Rapid Detection Service is a managed all-in-one service that detects and responds to advanced attacks. We combine best-in-class cyber security experts, threat intelligence and the latest technologies for 24/7 advanced threat protection. When we detect an attack, you'll know about it – in less than 30 minutes. |
F-Secure |
Control | Control and monitor (remote) access to personal data, including audit trails | Control (remote) access of administrators/users to critical servers and record activities. Monitor and Record the activities. |
Balabit Shell Control Box Privileged User Monitoring and access control. Auditing & Reporting Control who can access what and when on your data servers. Apply 4-eyes authorization: for an admin to have access to a server, a 2nd person needs to authorize him, allowing this 2nd person also to watch what the 1st person is doing. |
Balabit |
Control | Control and monitor (remote) access to personal data, including audit trails | Apply multiple factor authentication. Static credentials are not accepted as sufficiently protecting. | One Time Password authentication for remote access or local access | Vasco |
DLP | Detect and prevent Personal Data to leak out through email | Secure Email Gateway with DLP functionality able to detect Personal Data | Clearswift Secure Email Gateway with Adaptive Redaction (AR) DLP technology. Can detect Personal Data in multiple ways including Logical Expressions, Detect data from dictionaries/lists, Detect (personal) data exploiting real time link with database. Data Redaction replaces personal data with placeholders. Document Sanitization removes sensitive data from document properties, metadata and change tracking. And even more additional functionality is available if the Information Governance Server is applied which supports all other Clearswift Products to detect classified data from files. |
Clearswift |
DLP | Detect and prevent Personal Data to leak out through Web traffic | Secure Web Gateway with DLP functionality able to detect Personal Data | Clearswift Secure Web Gateway with Adaptive Redaction (AR) DLP technology. Can detect Personal Data in multiple ways including Logical Expressions, Detect data from dictionaries/lists, Detect (personal) data exploiting real time link with database. Data Redaction replaces personal data with placeholders. Document Sanitization removes sensitive data from document properties, metadata and change tracking. And even more additional functionality is available if the Information Governance Server is applied which supports all other Clearswift Products to detect classified data from files. |
Clearswift |
DLP | Detect and prevent Personal Data to leak out through endpoints | Apply endpoint protection solution enabling enforcement of policies for use of external devices and including DLP functionality to detect movement of personal data | Clearswift Critical Information Protetion (CIP) Agent and Server Includes device control functionality to control use of external devices Includes DLP functionality to detect Personal Data being exported from the endpoint. Can also work together with the Clearswift Information Governance Server (IGS) which supports all other Clearswift Products to detect classified data from files. |
Clearswift |
DLP | Detect and prevent Personal Data to leak out through endpoints | Apply endpoint protection solution enabling enforcement of policies for use of external devices and including DLP functionality to detect movement of personal data | Cososys End Point Protector (EPP) Device Control, DLP and Mobile Device Management Exhaustive functionality to control use of external devices at the endpoint Endpoint DLP based on logical expressions and detection of data present in imported dictionaries Covers Windows, Linux, Mac Controls data export to external devices, email & web, social media, cloud services (e.g. dropbox), clipboard etc |
Cososys |
Minimize | Data Minimization – Keep only the data that really needs to be kept | When archiving log-data, filter out the data which is not needed | Balabit Syslog-ng Log data collection, filtering, parsing and storage system Filtering of data reduces the stored data to the minimum. Encryption and fingerprinting ensures privacy and integrity of the stored data. |
Balabit |
Minimize | Data Minimization – Keep only the data that really needs to be kept | Minimize stored personal data on endpoints by scanning data at rest and detecting personal data | Clearswift Critical Information Protetion (CIP) Agent and Server. Can scan "data at rest" and detect personal data which can then be removed if not needed at that specific endpoint | Clearswift |
Prevent Breach | Prevent breach: leaking of data, corruption of data, loss of data | Scanning of Email & Web traffic with multiple Anti Malware engines. Application of advanced Data Sanitation. | Clearswift Secure Email Gateway Clearswift Secure Web Gateway With 2 AV Scanning engines from different vendors. With Structural Sanitization technology which removes active content from files, email body, http data and thus prevents infiltration of embedded malicious code With very comprehensive DLP functionality |
Clearswift |
Prevent Breach | Prevent breach: leaking of data, corruption of data, loss of data | Apply best available Anti Malware protection, in particular strong in prevention of Zero Hour malware infiltration. | F-Secure Anti Malware Available with in-house administration as well as administration through cloud infrastructure (e.g. in form of Anti Malware as a service) Covers Workstations, Servers, MS Exchange, Smartphones/Tablets, HTTP&SMTP Proxy. Includes Deepguard technology to detect zero-hour malware, renowned for its effectiveness. |
F-Secure |
Prevent Breach | Prevent breach: leaking of data, corruption of data, loss of data | Untrusted Wifi network protection. When our employees are communicating using an untrusted network (e.g. Wifi on airport), make sure traffic is encrypted so no eavesdropping possible |
F-Secure Freedome for Business VPN service Encrypts traffic from PCs, Laptops, Tablets, Smartphones, so any untrusted network can be used safely. |
F-Secure |
Prevent Breach | Prevent breach: leaking of data, corruption of data, loss of data | Patch management / software updating. Majority of malware exploits known vulnerabilities to penetrate. This is successful because many organizations cannot manage to apply patches/hotfixes in time and do timely updating of software. Effective patch management/software updating will make tremendous difference. |
F-Secure Anti Malware Includes Software Updater module, for efficient patch management and software updating. Not only of F-Secure and Microsoft software, but also the majority of 3rd party applications. |
F-Secure |
Prevent Breach | Prevent breach: leaking of data, corruption of data, loss of data | Find and close vulnerabilities | F-Secure Radar Automated vulnerability scanning and reporting. Includes ticketing system to manage and guide remediation activities. |
F-Secure |
Prevent Breach | Prevent breach: leaking of data, corruption of data, loss of data | Perimeter security with Firewall including Intrusion Prevention Technology | Stormshield Firewall Series Includes patented Intrusion Prevention technology Network Vulnerability Detection option |
Stormshield |
Integrity & Availability | Protect archived data against theft, corruption | Audit trails protection through encryption, digital signature, fingerprinting | Balabit Shell Control Box Privileged User Monitoring and access control. Auditing & Reporting Can store audit trail in an encrypted, time-stamped and digitally signed format. So tamper proof. The 4-eyes principle can be used for the auditors as well; Shell Control Box can use multiple keys to encrypt audit trails. In this case, multiple decryption keys are needed to replay the audit trails, so a single auditor cannot access all information about activities and accessed data. |
Balabit |
Integrity & Availability | Protect collected Log Data against corruption or loss | Protect collected log data through compression, Encryption | Balabit Syslog-ng Filters collected log data. This way minimizes the stored data to only the needed data. Compresses, Encrypts and timestamps the data. So only authorized persons have access and integrity is safeguarded. Has mechanisms for pseudonomization of data so log data can be given to auditors who need them but without personal data. |
Balabit |
Integrity & Availability | Protect archived data against theft, corruption | For email archive Keep archive in encrypted form. Keep fingerprint of data in order to prove integrity. |
Cryosever, Email archiver | Cryoserver |