Your SlideShare is downloading. ×
Information Leakage - A knowledge Based Approach
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Information Leakage - A knowledge Based Approach


Published on

Illyas Kooliyankal CISCO -ADC Presentation at the CIO Event for more information click here

Illyas Kooliyankal CISCO -ADC Presentation at the CIO Event for more information click here

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • to create a comprehensive solution that guards against the risk posed by insiders.
  • Transcript

    • 2. Information Leakage – A Knowledge Based Approach
    • 3.
      • Introduction
      • Some real life examples
      • Existing Security Mechanisms?
      • Best Approach towards Protection
      • Protection Mechanisms
      • Technology behind DLP
      • Case Study
      • Summary
    • 4. Why Data is a Priority? Indirect Costs $1.5M $15/record Opportunity Costs $7.5M $75/record Direct Costs $5.0M $50/record Cost of Data Breaches $140/record Source: Ponemon Institute SVB Alliant Leakage of confidential/ proprietary information Un patched vulnerabilities Insider attacks Spyware Phishing attacks Malicious Code Spam Denial of Service attacks Fraud Keystroke loggers 52% 24% 18% 14% 10% 4% 4% 4% 2% 2% What do you consider to pose the biggest current threat to your organization’s overall security? (multiple responses) Source: Merrill Lynch survey of 50 North American CISOs, July 2006
    • 5. 70% - loss caused by insiders 23% of loss is from malicious intent 92% use email to send confidential data 55% use portable devices to take confidential data out of the workplace every week Some stats
    • 6. Top Leakage concerns of customers
    • 7. A serious Concern Now?
      • More mobility, flexibility
      • Criminals
      • Business impact – Reputation, monitory, growth, …
      • Legal and Regulatory compliances
      • International standards like ISO 27001
      • Personally…
    • 8.
      • A researcher, who accidentally sends a new product formula to hundreds of partners
      • OR
      • A junior member of the finance team who unknowingly exposes the company’s unannounced financial results to the public
    • 9. A Hard-working, loyal employee who takes home his laptop or a USB drive for the weekend to get work done and Accidentally leaves it on the subway as he runs to greet his children at the end of a long workweek “ Internal risk that can lead to data loss are real.”
    • 10. Data Leakage - Boundary Employees (remote workers, mobile workers) Business Partners (Suppliers, outsourcers, consultants) Customers Hackers Contractors Temporaries Visitors Digital Business Cyber-crime SOURCE: FORRESTER RESEARCH Employees Sensitive Data Competitors
    • 11. Existing Security Devices/Solutions?
    • 12. Data - Concerns
    • 13.
      • Holistic Approach
      • People
      • Process
      • Technology
    • 14.
      • Develop and implement fool proof processes in overall business environment (Information –at all stages/states)
      • Staff Awareness and support
      • Implement appropriate technology to assist the users and the organization to protect the data efficiently and without business interruption.
    • 15.
        • Information leaked by Internal/Authorized users
        • Performance issues.
        • False Positives and False Negatives
        • User Resistance & Org Culture of Trust, openness
        • Impact to the normal business operations?
    • 16.
        • Business requires information easily and seamlessly
        • Existing security solutions and tools-limited capability
        • Huge amount of sensitive data; unwanted/outdated data
      Is it Easy?
    • 17.
      • Approach it as a business problem, not technical.
      • Formulate a comprehensive strategy for Data protection
      • Develop a classification policy
      • Analyze various data sources and data, classify it, and conduct detailed risk assessment.
      • Identify and select an appropriate technical solution for DLP
      How can you protect?
    • 18. How can you protect?
      • State of the Data– in motion, at rest, in use.
      • Develop/Decide on the policies to be applied based on the sensitivity and classification
      • Apply light weight policies and train the users to be more careful
      • Actions – Controls (Log, Alert, Justification, block, etc)
      • Monitor and Fine Tune
      • Approach it phase by phase – Begin with log only, analyze the events and tighten the controls slowly and steadily.
    • 19.
      • Data At Rest
        • Data classification
        • Device control
        • Content control
        • Application control
      • Transaction Data
        • Direct Database Access
        • Access via Applications
          • Web applications
          • Web services
      Communication Channels
      • Data In Motion
        • Outgoing communications
        • Internal communications
        • Databases and documents
        • Monitoring and enforcement
      Courtesy: The Landscape Databases Transaction Applications Data Storage (SAN and NAS) Servers, Endpoints Employees (Honest & Rogue ) Customers & Criminals Accidental, Intentional and Malicious Leaks Employees (Honest & Rogue) Employees (Honest & Rogue)
    • 20.
      • Lets you secure the data you know you need to protect
      • Automate the discovery and understanding of the data you don’t know
      • By securing all your information—from the datacenter to the network endpoints—you protect it through all phases of its lifecycle—at rest, in motion, and in use—and ensure its confidentiality and integrity.
      What DLP offer?
    • 21.
      • Identify and Classify data in motion, at rest, and in use
      • Dynamically apply the desired type and level of control, including the ability to perform mandatory access control that can’t be circumvented by the user
      • Monitors multiple channels for specific inbound and outbound content
      • DLP Products may differs based on these .
      How Does DLP Work?
    • 22.
      • Through
      • Deep content inspection
      • Contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.)
      • With a centralized management framework.
      • The systems are designed to detect and prevent the unauthorized use and transmission of confidential information
    • 23. Capabilities
    • 24. Data Protection What is the User Doing With It? Read, Write, Print, Move, Burn, Copy/Paste, Upload, etc . Where Did the Data Come From? (What Classification?) Where Is the Data Going? What is the Policy regarding Actions to be taken? Devices Applications Networks 1 4 2 3
    • 25. Reduce Your Risk Audit, Notify, Quarantine, Block Encrypt … Reduce Risk
      • Enable enforcement policy
      • Quarantine suspicious messages
      • Create audit trail of all communications to substantiate compliance
      • Reduce violations to required levels
      Enforce Learn Define Metrics
      • Use pre-defined policies or create custom policies
      • Learn critical information using information fingerprinting service
      • Monitor communication channels
      • Reporting of matches against policies and information fingerprints
      • Tune policies
      Assess Risk Courtesy:
    • 26.
      • Information Leakage is a serious concern to organizations and individuals
      • Approach has to be holistic addressing through People, Process and Technology
      • DLP technology addresses Data in motion, rest and at use.
    • 27.
      • Classification Policy, Information about Data and Data Source, Classify those, Select DLP Solution, Develop Policies and Test, Apply, Monitor, Fine Tune, Awareness
      • Action – Log, Alert, Justify, Block etc..
      • Resistance, Org Culture, Performance, huge amount of known/unknown data etc are some of the obstacles.
      • Start with light weight policies and gradually tighten it once the awareness and adaptability is achieved
      • Information Leakage Prevention is an ongoing process