nexTier Networks' is redefining the industry's standard of data leak prevention. The company's technology transparently fits into any enterprise network & security infrastructure to provide the most complete protection against all types of data and information extrusion.
nexTier’s technology prevents data loss by discovering data wherever it is located across the enterprise, analyzing that data and determining that data’s security value to the business. Much in the way that DNA is used to identify humans, nexTier’s algorithms interpret the unique DNA of data, correlates that information to security policies and uses that signature as a means of enforcing security policies against that data.
Unlike existing industry products that are deployed to work at the edge of the network, nexTier Networks’ appliance is designed for transparent deployment deep inside the enterprise network between corporate employees and data/information repositories.
nexTier Networks' advanced DLP technology prevents any malicious or inadvertent data leak or theft of information from any application including email, web-mail, ftp, telnet, IM, personal blogging software, printing, fax, and prohibits any unauthorized copy & save functions that could transfer data without authorization to external media including USB memory sticks, disks, or CDs. Designed to work with most any ERM/DRM products available, nexTier algorithms provide total visibility and control over malicious user actions and unauthorized activities.
Immune to evasion, nexTier’s technology an determine the origin of information even if it has been retyped into a brand new document or rearranged and reworded in an evasive manner.
While security vendors have long offered solutions that address data loss from information leaks to extrusion, IT managers and enterprise users have widely reported experiences that fall short of expectations. Inaccuracies and limitations in the technology plague some of the most commonly deployed DLP solutions.
Common challenges that are becoming commonplace in light of more sophisticated data leakage or extrusion techniques that are addressed using nexTier’s technology and DLP products are :
Inaccuracy : Unstructured & semi-structured data results in either a high number of undetected data leaks/extrusions (i.e. False Negatives) or inaccurate identification that causes a high number of False Positives.
Easy to Fool & Evade : Even for the simplest of data types, existing data leak and extrusion prevention solutions are very easily fooled or evaded by relatively simple techniques. Most use document fingerprinting technologies that are highly susceptible to the most basic evasion techniques such as making minor additions/deletions of text, shifting and repositioning of content, extraction of smaller content segments are among common. These technologies are defenseless against more advanced evasion techniques that rely on rewording and re-configuration of content.
Difficult to Use : Data theft prevention that involves extensive unstructured data requires expensive manual processing and long definition cycles to pre-define applicable policies for security. Many types of data and information generated in real-time across the enterprise cannot be adequately protected against extrusion without first going through automated initial content pre-processing. This process alone has evidenced major network bottlenecks, delays and a significant loss of productivity especially if the data is then required to be manually marked or tagged further for security or pre-processing purposes.
Complex Policy Setting :Policy setting and enforcement is a major challenge for data leak prevention. Often, extensive policy setting processes need to be enforced in order reach even marginal improvements securing and protecting data against loss. Automating policy assessment, classification and setting is difficult with current DLP.
Difficult to Deploy : Existing solutions are intrusive to enterprise infrastructures and require many “moving parts” that require tedious set-up or professional services that carry significant additional costs and ongoing maintenance to function properly.
You can’t secure what you can’t find : Unstructured and Semi-structured Data is scattered across the enterprise on desktop machines, in file systems, inside data warehouses, at the NAS and in content management systems – and that is just for starters. Automatically discovering unstructured data, classifying that data based upon IT-defined, administered and controlled parameters is a major obstacle and requires substantial efforts. Failure to protect complex documents is a major security problem.
Data Leak Prevention solutions that have been available to date upon technology and techniques that are easily penetrated in today's modern datacenters. Regular Expressions, Lexical Search and Document Fingerprinting are just a few of the techniques that have been historically used to prevent data loss. Yet, today these techniques are inherently incapable of addressing even slightly more sophisticated data theft scenarios that are happening now.
nexTier Networks advanced data leak prevention technology addresses these limitations and deficiencies. nexTier’s technology prevents data loss by discovering data wherever it is located across the enterprise, analyzing that data and determining that data’s security value to the business. Much in the way that DNA is used to identify humans, nexTier’s algorithms interpret the unique DNA of data, correlates that information to security policies and uses that signature as a means of enforcing security policies against that data.
Immune to evasion, the algorithm can determine the origin of information even if it has been retyped into a brand new document or rearranged and reworded in an evasive manner. Data is easily identified and protected in real-time.
Core to nexTier Networks’ technology is a set of innovative data leak technologies that addresses the limitations of DLP products.
Key features of nexTier Networks’ patent-pending technology includes:
IE-Vector Encoding Technology
nexTier Networks’ Information Enthalpy – Vector Encoding (IE-Vector Encoding) technology is far more accurate in identifying false positives, false negatives and is immune to evasion that is found in DLP “fingerprinting” approaches. IE Vector Encoding enables correlation at the semantic level and is not susceptible to “lexical” variations in documents. The approach resists commonly used evasion techniques including rewording, regeneration and re-positioning of content as well as the copy, cut & paste functions of content. Even unstructured documents that have not been pre-identified as a security vulnerability, but still contain information or content with a high security value, can be easily identified and protected in real-time.
IE-Vector Encoding technology uses patent-pending algorithms that combine Intelligent Search with Intelligent Security to automatically generate a unique set of IE-Vector sequences that are very much human DNA and generate a unique signature for each document, data and information element. This unique IE-Vector Sequence allows for the tracking, monitoring and controlling access, use/misuse and to prevent theft/extrusion of confidential data. IE-Vector encoding enables nexTier Networks' products to demonstrate strong security against possible information extrusion without requiring human intervention.
Semantic~Security Correlation Technology
nexTier Networks’ solution incorporates unique “Contextual-Conceptual Correlation Algorithms” that enable a security-based analysis of Unstructured Data with minimal or no human intervention required. Automatic recognition of the security-based significance and business value of data and information is automated. While a confidential M&A document or email attachment sent by the CFO may be perfectly legal, the same M&A document sent by the CFO’s secretary may not be permissible. An advanced DLP system should have the intelligence to differentiate and discern between what is allowable and what is not, in real time and with minimum human intervention or error.
Performance & Scalability
nexTier Networks provides the broadest range of unmatched data analysis capabilities and automation without compromising network performance. The architecture is designed from the ground-up to handle large volumes of unstructured, semi-structured and structured data against leaks and theft in real-time. Using a very high performance indexer, nexTier technolgies are capable of instantiating and searching through billions of entries in a minutes using standard hardware and can handle a high volume outbound egress data transmissions from email, fax, IM, SMS, web-mail, ftp, telnet, and more. nexTier's scalable architecture meets the needs of even the largest enterprise where large, complex e-mails, attachments or other files, including nested zip files, can be expanded for text extraction and then searched by thousands of different parameters in just milliseconds.
nexTier Networks’ has developed unique algorithms that perform automatic real-time classification and correlation of unstructured, semi-structured and structured data based upon IT-defined parameters. The technology automatically discovers unstructured data, classifies that data based on defined parameters, and then secures the data according to its security value from inappropriate access or theft.
nexTier’s technology was designed from the ground-up based on this automated data classification technology. Using Ontology-driven Knowledge Engineering in conjunction with eDiscovery to deliver the most complete data security classification possible, nexTier's Ontology-driven Knowledge Engineering Interface defines specific domain knowledge and a semantic set of data requiring protection. The Interface allows IT to tailor an Ontology-base that is specific to customized policies and security needs. This is particularly important in data-sensitive industries like financial services and banking, healthcare, legal, pharmaceutical, aerospace and defense, as well as homeland security that typically use domain-specific terminologies so that they can easily build a Ontology from a common base that automates data classification, security policies and DLP enforcement of these policies.
Working with a defined Ontology, nexTier's core algorithms use eDiscovery to perform security-based categorization and classification of newly created or existing data without requiring any human intervention. Documents and data belonging to broad categories such as financial, legal, engineering, intellectual property, source code, and other business-specific categories are automatically discovered, identified, and classified into relevant security categories for easy control by the enterprise’s knowledge engineering teams and/or IT security staff. This enables nexTier Networks’ DLP to identify monetary transactions, such as quotations, orders, invoices, payments and other sensitive data quickly. nexTier’s technology approach provides a breakthrough and is a significant differentiator to DLP security programs.
Determining and automatically applying security policies is a key feature of nexTier’s technology, setting it apart from homegrown security policy initiatives and other DLP solutions available today. nexTier Network’s Intelligent Policy Engine automates enforcement of highly granular security policies against information extrusion and delivers real-time DLP.
Using patent-pending 3-Dimensional Analysis & Correlation algorithms, nexTier correlates “Agents/Operations/Information” in real-time, identifying and discriminating between the “real” incident of data leak (or extrusion) and legitimate communications. The analysis performs real-time advanced contextual-conceptual reasoning to correlate agents (i.e. individuals, machines or processes), operations (i.e. functions such as email, ftp, print, copy, USB download, etc.), and the information (i.e. the data involved). This unique construct enables a much deeper level of automatic reasoning that dramatically reduces the number of false positives and false negatives reported, allowing for a true real-time system with minimum to no human intervention.
Almost all existing DLP solutions have required a confidential file, document or piece of data that is pre-marked for security policies, so that the system can then recognize and enforce corresponding pre-set security policies. When somebody attempts to “extrude” information (or any derivative of information there-of) the system will not permit the action. This has typically been a manual process that requires that every time a new document or data is created, somebody has to declare and set security policies on that new document or data. nexTier does not require pre-marking of security policies for data, and instead performs “Real-time Analysis” for security policy selection and enforcement. This patent-pending approach calculates the significance of information in real-time and assigns a security value. The it assigns the relevant policies and then applies them in real-time. The Intelligent Policy Engine uses this Real-time Reactivity to prevent data theft and extrusion, also in real-time.
For more information about nexTier Networks’ Intelligent Policy Engine technology, please contact info@nexTierNetworks.com