64_201110-iss-iad-t3-utimaco3.pdf
TRANSCRIPT
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
1/19
Utimaco Safeware
12th October 2011 ISS World Americas
Ramon MendezBusiness Unit LIMS
Confidential InformationThis presentation contains confidential information related to
, .be disclosed to others without prior acknowledgement by Utimaco.
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
2/19
Contents
Utimaco Safeware & Sophos
Business Unit LIMS
Utimaco LIMS Overview
Utimaco DRS Overview
The EU Directive Data Retention on Europe today
The Utimaco Advantage
Utimaco Safeware AG 2
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
3/19
Utimaco Safeware AG
Utimaco Safeware AG Sophos PLC
Strong Encryption andDigital Signatures
Hardware Securit
Lawful Interception
Data Retention
Endpoint Protection
Information Security
IT Governance and
Compliance
Utimaco Safeware AG 3
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
4/19
Sophos Group
Headquarters in Oberursel and Aachen, Germany
163 employees
Headquarters in Oxford, UK andBurlington, MA, USA
maco a eware op os
37.7 million revenues (fiscal year 10/11) 1,800 employees
$ 340 million revenues (fiscal year 10/11)
Sophos is a world leaderin IT security and control
Utimaco Safeware AG 4
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
5/19
Utimaco LIMS
Utimaco has been providing LI solutions since 1994
Market leader in Germany
Worldwide operations: more than 180 installations in 60 countries
Lawful Interception and Data Retention Systemsfor 10 thousands to millions of subscribers
Compliant to international LI standards of ETSI, 3GPP, ANSI/ATIS,
CableLabs and active member of ETSI TC LI
Conform to numerous national telecommunication laws
Utimaco Safeware AG 5
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
6/19
Utimaco LIMS
Utimaco LIMS Proven Solution for
Fixed network operators
Internet service providers
Utimaco Safeware AG 6
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
7/19
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
8/19
Data Retention Lawful Interception
Legal obl igationof service providers
Handover interfacesArch ival
of connection Realtime
monitorin of to l aw enforcement
agencies
Network interfaces
Administrationof warrants
records and
subsriber data
communication
Connectionsrecords andcontent
No long-term
Access protect ion
Data security
Accounting and audi ting
Appl ies to voice
storage
Utimaco Safeware AG 8
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
9/19
Data Preservation vs. Data Retention
Data Preservation (aka. quick freeze)
Is applied only from the moment a suspicion arises
Data Retention
Is key to investigate events prior to the moment when a criminalsuspicion arises
case
Gathers all relevant communication records, suspicious or not
Utimaco Safeware AG 9
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
10/19
Utimaco DRS
Purpose-built system for compliance with the EU DR directive
Key functions
any telecommunications networkRetains large amounts of data in a powerful and secure data warehouse
Provides very fast search and analytics in billions of data records
Automates request processing and delivers data to authorized agencies
b faxe-mail, or secure IP interfaces
Utimaco Safeware AG 10
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
11/19
Utimaco DRS
Central Management of all requests for retained data
Modularity and scalabili ty
-
various communication services, low CAPEX
Benefit: Suitable for large networks with several billions of CDRs per day
ne granu ar user an secur y managemen , mu - enan capa y
Benefit: Strong data protection as required by law, suitable formulti-provider networks and hosted service models
Utimaco Safeware AG 11
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
12/19
Contents
Utimaco Safeware & Sophos
Business Unit LIMS
Utimaco LIMS Overview
The EU Directive Data Retention in Europe today
The Utimaco Advantage
Utimaco Safeware AG 12
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
13/19
EU Directive 2006/24/EC The Directive aims atharmonizing the provisions of the member states concerning
obligations incumbent on the providers of telecommunications services withrespect to data retention
The objective is to ensure the availability of subscriber traffic related data (CDRs)and subscriber data for the purpose of investigating, detecting and prosecutingserious crime
Entered into force on 3rd May, 2006 Member states to enact the EU Directive by 15th September 2007
Internet access, Internet tele hon and e-mail, o tional deadline of March 09
Obligation to retain data
Telcos, ISPs and anyone providing publicly available telecom services
Retention period: 6 to 24 months Whats to be retained
Essential subscriber traffic information regarding mobile, internet and fixedtelephony, internet access and e-mails and subscriber data
Utimaco Safeware AG
Upon request to competent authority without undue delay13
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
14/19
Data to be retained
Subscriber Data Telephony Internet E-Mail
Address
Date&time of service
A/B/C IMSI
A/B/C IMEI
Subscriber IP
address
sender and
receiver(s)
and end of call
Service type (call,
and end of Internet
connection
Callin no. or circuit
,
receive, store
Subscriber ID
(user account), ,
VoIP: IP address of
caller
ID Subscriber IP
address
begin and end of call
Utimaco Safeware AG
. . . ,
14
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
15/19
Adoption of the EU DR Directive in Europe
EUDRD fully implementedEUDRD fully implemented
Non EU memberNon EU member
EUDRD implemented in 2010EUDRD implemented in 2010
EUDRD transposed into law
but declared unconstitutional
EUDRD transposed into law
but declared unconstitutional
EUDRD not implementedEUDRD not implemented
Correct: June, 2010
Source: Frost & Sullivan, 2010
Austria has implemented the DRD in national law by April 2011. Operators must comply byApril 2012.
Greece has implemented the DRD in national law by Feb 2011. Operators must comply in
Utimaco Safeware AG 15
.
Cyprus has declared the law unconstitutional in Feb 2011.
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
16/19
European Directive revision why?
Law Enforcement Agencies
Need to be equipped with the tools needed to serve the criminal
Telecommunication Service Providers
market
Personal data needs to be protected and this calls for high standardsto be applied in all Member States
End-to-end data retention process
Key areas need to be carefully considered: purpose, period,authorities, procedures, arrangements for reimbursing operators
Utimaco Safeware AG 16
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
17/19
Utimaco LIMS & DRS
ExperienceUtimaco has been providing LI systems for more than 16 years to 150+ operatorsin more than 60 countries
ExpertiseUtimaco actively cooperates with standardization bodies and equipment vendors tocon nuous y a ap e maco pro uc s o newes ec nca an regua ory requremen s
ComplianceUtimaco LIMS + DRS complies with numerous national regulations and international
Cost-efficiencyThe modular architecture of Utimaco LIMS and DRS enables cost-effective solutions
for networks of any size
ReliabilityUtimaco is a recognized global player and financially stable public company in the world-wide IT security industry. We support our customers in all technical and organizational
Utimaco Safeware AG
aspec s re a e o aw u n ercep on
17
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
18/19
Utimaco LIMS
Utimaco Safeware AG 18
-
7/28/2019 64_201110-ISS-IAD-T3-UTIMACO3.pdf
19/19
please visit us at booth # 102Ramon Mendez
Business Unit LIMS
Utimaco Safeware AG 19