By using Imperva's "SecureSphere" and "CounterBreach" alone or in combination, we provide effective measures against the following GDPR requirements.

• SecureSphere database/file firewall (appliance products):
  Implement policy-based detection/blocking of information assets in a timely manner to protect information assets (GDPR Articles 25, 32, 33, 35, and 44)
• CounterBreach (SecureSphere optional license):
  By detecting access to information assets that deviate from normal behavior through machine learning, stronger measures can be taken (GDPR Articles 32 and 33)

Broadcom's CASB solution supports GDPR readiness with the following features:

1. Visualize multiple cloud services, shadow IT, and shadow users used by companies
2. Visualize what data is being exchanged to cloud services from the perspective of data security and data protection
3. Visualization of user activity
4. Achieve compliance for each company

To meet GDPR requirements, encryption measures must be deployed in both on-premises and cloud infrastructure environments.

By using Thales' HSM (Hardware Security Module), it is possible to realize centralized management of encryption keys in order to encrypt servers (files, applications, databases) and storage and further strengthen security. .

HSM securely stores the private key, which is the most important element in PKI, and never leaves the private key on the server throughout the private key life cycle (key generation, storage, destruction).

When implementing GDPR measures on your own website, it is necessary to grasp the overall picture of where and what kind of company site exists.

RiskIQ identifies and tags the following target pages related to GDPR:

1. Pages where PII is collected
2. page with login form
3. First party cookie violation page
4. Second party cookie violation page

We also provide quarterly GDPR reports. We summarize information such as sites with certificate errors and the percentage of sites that collect personal information that use HTTP.

Box is GDPR-Ready

• Transfer of PII (Personally Identifiable Information) in compliance with GDPR requires execution of SCC or BCR
  In order to transfer PII outside the EU after the implementation of GDPR, it is necessary to have SCC (Standard Contractual Clauses) or BCR (Binding Corporate Rules) with the authorities.
• Box has signed BCRs with complex contracts
  Box has entered into the BCR Data Controller Policy and Data Processor Policy in August 2016. This makes it possible to transfer PII from within the EU/EEA to the United States.
• The BCR is a regulation recognized by national authorities
  Box's BCR is approved by UK ICO, Spanish and Polish DPA authorities. Japan's Personal Information Protection Commission also recognizes the value of the BCR.

GDPR compliant mobile device management system

The GDPR also obliges companies to implement appropriate technical and organizational security measures when handling personal data and to keep records of the processing of personal data.

MobileIron is GDPR compliant when managing mobile devices for enterprise use, including:

• Minimizing access of data to individuals:
  Create an area where "personal data" and "corporate data" are mixed in the device, and create an environment where both cannot be accessed across the boundary.
• Protect your device:
  Enforce data encryption, enforce data leakage protection, enforce secure communication when accessing corporate data, and more
• Clarifying the work of administrators:
  The operations performed on the terminal by the administrator using MobileIron are recorded in the Audit Log, and the privacy data that the administrator can access is also clarified.

Exabeam enables quick and easy situational awareness and reporting

Exabeam supports "notification to the supervisory authority within 72 hours in the event of an information leakage incident (Article 33)".

Exabeam uses its own patented technology and machine learning to link various logs to people and devices, summarize the behavior of each user in chronological order, and display it in an easy-to-understand GUI. As a result, not only can information leaks be detected at an early stage, but in the event of an information leak accident, even a person with little specialized knowledge can easily and quickly respond to the situation, assess the situation, investigate and report within 72 hours. Since all logs are linked, it is easy to link information with personnel departments, audit departments, and legal departments who are not familiar with IT.
Exabeam also allows you to customize the anonymization of the information it displays, minimizing the disclosure of your employees' personal information.

Next-Gen SIEM Platform Exabeam your security operations more efficient.