• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
S Maheswaran - Essential Information Protection - Interop Mumbai 2009
 

S Maheswaran - Essential Information Protection - Interop Mumbai 2009

on

  • 1,079 views

The Internet may be today’s most crucial enterprise productivity tool. However, unfettered use of this business platform endangers an even more critical business asset—an organization’s ...

The Internet may be today’s most crucial enterprise productivity tool. However, unfettered use of this business platform endangers an even more critical business asset—an organization’s essential information—that may range from sensitive intellectual property to financial statements to customer and employee data. Security managers must shift the protection emphasis from guarding infrastructure against inbound attacks—a model suited to perimeter boundaries and the Internet as a content resource—to guarding essential information against outbound data loss, in tune with Web 2.0 and the Internet as a business platform. This session will explain the changing risk environment to help security managers understand new requirements.

Statistics

Views

Total Views
1,079
Views on SlideShare
1,059
Embed Views
20

Actions

Likes
0
Downloads
29
Comments
0

3 Embeds 20

http://www.crn.in 16
http://www.slideshare.net 3
http://newcrn.crn.in 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    S Maheswaran - Essential Information Protection - Interop Mumbai 2009 S Maheswaran - Essential Information Protection - Interop Mumbai 2009 Presentation Transcript

    • Essential Information Protection Surendra Singh, Regional Director, Websense, SAARC web security | data security | email security © 2009 Websense, Inc. All rights reserved.
    • Agenda Changing Workspace Data Loss Prevention Data Loss Risk Assesment Websense Overview
    • Desktop of Today Basic Web Applications Local applications and data Static Websites Network applications and data
    • Desktop of Tomorrow Web-Based Mashup Hosted Applications and Data Corporate Webmail Blogs Hosted Applications YouTube Videos User Generated Local applications Hosted Security Content and data Instant Messaging Email Security Hosted Security Networking Local Weather User Generated Applications Network applications and data
    • Employee 1.0
    • Employee 2.0
    • Enterprise 1.0 Company Distributor Point-to-Point Partner Limited Information Transfer Customer
    • Enterprise 2.0
    • Threat 2.0 Threats are now focused on data – 37 percent of malicious Web/HTTP attacks included data-stealing code. – 57 percent of data-stealing attacks are conducted over the Web. – Most of the SPAM identified had a URL linked to it and the URL was infected with data stealing code.
    • Websense contends that Web 2.0 + Employee 2.0 + Enterprise 2.0 + Threat 2.0 means… We need a new data-centric security strategy
    • Data Loss Prevention - Overview
    • So What is DLP? “Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis.” Rich Mogull (securosis.com) – former Gartner analyst for DLP
    • Information Leaks – 4 main categories Unintentional Leaks: Customer_Info.xls Customer.xls By accident/Ignorance Un/intentional Leaks: Trojan… Keylogger Malicious intent Un/intentional Leaks: Data in Motion Data at Rest No/Bad business processes Intentional Leaks: Malicious intent 13
    • DLP Phases – Best Practices Management Data and Risk Actionable Policy Policy Design & Identification Auditing Enforcement Reporting • Scope it right • Monitor traffic leaving organizationwithEnforce policies and notify • Design policies • BU heads • Identify incident management roles • Identify Business processes • Identify and enforce incident • Freeze on responsibilities & channels remediation workflows • Focus on Essential Information •Design reporting metrics
    • Business Intelligent Policy Enforcement Who What Where How Action Human Resources Source Code Benefits Provider File Transfer Audit Customer Service Business Plans Personal Web Storage Web Block Marketing Patient Information Business Partner Instant Messaging Notify Finance M&A Plans Blog Peer-to-Peer Remove Accounting Employee Salary Customer Email Encrypt Sales Financial Statements Spyware Site Print Quarantine Legal Customer Records Partner Confirm Webmail Technical Support Technical Documentation Competitor Engineering Competitive Information Social Networking Site
    • DLP Phases – Best Practices Management Data and Risk Actionable Policy Policy Design & Identification Auditing Enforcement Reporting • Enforce policies and notify • Identify incident management roles • Identify and enforce incident remediation workflows •Design reporting metrics
    • We recommend to start with Risk Assessment “How is your sensitive data leaving the organization?” “How do your Employees treat sensitive data?” “Do you see a lot of mistakes/errors being made?” “Is there any misuse of our sensitive data”? “Are there any/many inappropriate recipients receiving sensitive data?” “Do your Employees seem to be aware of the sensitivity of the information?” “How do your Employees conform to your security policies?” “Do you need to change or add security policies?” “What are your approved business processes?” “Do you need to change the way we use our data?” “Is your sensitive data in places it should not be?” “Are you violating any compliance policies?” “Are there any other identifiable risks?” 17
    • About Websense Leading Provider of Web, Email and Data Security (DLP) Solutions Annual Billings: $356M Employees: > 1,300 More than 50,000 customers worldwide 44 million subscription seats • Global support and services “Today’s enterprises require a more holistic and integrated approach for “Today’s enterprises require a more holistic and integrated approach for Internet security—a Web security ecosystem—to combat emerging threats Internet security—a Web security ecosystem—to combat emerging threats from the Internet… Websense is the worldwide leading vendor in the Web from the Internet… Websense is the worldwide leading vendor in the Web Security market.” Security market.” -Brian Burke, Program Director Security Products, IDC -Brian Burke, Program Director Security Products, IDC 18
    • Websense leads DLP space Gartner Magic Quadrant for Content Monitoring and Filtering and Data Loss Prevention, June 2008 The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market From the 17 June 2008 Gartner report, “Magic Quadrant for Content Monitoring and and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does Filtering and Data Loss Prevention,” not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best by Eric Ouellet and Paul E. Proctor. available resources. Opinions reflect judgment at the time and are subject to change. The Gartner Magic Quadrant or Content Monitoring and Filtering and Data Loss Prevention was written by Eric Oullet and Paul E. Proctor and is copyrighted June 17, 2008 by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. The Magic Quadrant graphic was published by Gartner, Inc., as part of a larger research note and should be evaluated in the context of the This Magic entire report. The Gartner report is available upon request from Websense.
    • DLP Summary People have been losing and leaking data ever since they started banging a keyboard; We are constantly seeing information that is not meant for our eyes The chances, however, of data losses and leaks being exposed have increased exponentially People, Regulatory Compliance, Data Protection Authorities and the latest Malware threats are the key drivers of DLP adoption DLP solutions are a great tool to minimize the risk of data losses and leaks; and also a great tool to educate employees as well 20
    • THANK YOU web security | data security | email security © 2009 Websense, Inc. All rights reserved.