Your SlideShare is downloading. ×
By The Wanderers Securing Cision's Confidential Data with ...
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

By The Wanderers Securing Cision's Confidential Data with ...

596

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
596
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Here are the notes for the 1st slide
  • Introduction: Scott Industry Solution: Angel Data Loss Example DLP Industry / Introduction Establishing data security policy Identification of Sensitive Data Data in Motion Data at Rest Data at End Points Leak Prevention Business Requirements: Scott What does the business need to accomplish? Control access to information Control data transfer and use Provide review process Workflow Solution Parameters: Angel Feature list  / Criteria   (General solution) Policy based controls      Control of saving, printing, emailing, coping Logging      Quarantine / reprocessing              Monitoring vs. Prevention      Centralized Management      Backup and Storage Requirements      Ease of Integration      Market Presence / Vendor Selection / Proof of Concept      Staffing Needs Proposed Solution:  Koonal Websense      - Feature Review      - Modules      - Implementation Pro/cons of this solution How to Deploy/implement and deploy WebSense   Wander Define Policies Define User Groups Define data classifications Solution Architecture Alternative to vendor solutions   Wander Conclusion   Wander
  • Introduction: Scott Industry Solution: Angel Data Loss Example DLP Industry / Introduction Establishing data security policy Identification of Sensitive Data Data in Motion Data at Rest Data at End Points Leak Prevention Business Requirements: Scott What does the business need to accomplish? Control access to information Control data transfer and use Provide review process Workflow Solution Parameters: Angel Feature list  / Criteria   (General solution) Policy based controls      Control of saving, printing, emailing, coping Logging      Quarantine / reprocessing              Monitoring vs. Prevention      Centralized Management      Backup and Storage Requirements      Ease of Integration      Market Presence / Vendor Selection / Proof of Concept      Staffing Needs Proposed Solution:  Koonal Websense      - Feature Review      - Modules      - Implementation Pro/cons of this solution How to Deploy/implement and deploy WebSense   Wander Define Policies Define User Groups Define data classifications Solution Architecture Alternative to vendor solutions   Wander Conclusion   Wander
  • Considerations Standard Microsoft Operating Systems solutions not sufficient
  • Define  your confidential data set Discover  where confidential data is located using DLP automated tools Secure  confidential data where it's stored, move to a secure location, or purge where it shouldn't be (access controls, encryption) Monitor  confidential data use and movement Protect  the data from exfiltration
  • DLP rules also needs to be able to include inclusion and exclusion criteria for files and directories. -Example use of context-based analysis: permissible situation when a payroll employee can be observed viewing payroll data but can be considered a violation if this is done by someone else from another department
  • Data in Motion: -is the use of FTP to transmit data in cleartext wise? -should the file be leaving the company? -are the partied involved authorized to have access to the data? Data at End Points: -includes any data leaving through removable devices. -includes classified data set for printing -uses agent-based approach Data at rest: inspect data depositories for sensitive information using discovery scanning (discovery scanning can also be used to fingerprint data to be used in identifying unstructured data). -virtual session -incremental scanning (similar to incremental backups in order to conserve resources. -can be resource extensive -especially when placed in several locations in the network for data discovery purposes (may degrade network performance if facilities are not upgraded to meet the demands of DLP solutions) -DMZ servers as most common source of unintentional disclosures -located anywhere in the network (but will need IP connectivity to targets)
  • How do we choose a solution provider? DLP rules also needs to be able to include inclusion and exclusion criteria for files and directories. Example use of context-based analysis: permissible situation when a payroll employee can be observed viewing payroll data but can be considered a violation if this is done by someone else from another department When just out of the box, cannot be really counted to hit the ground running. Deployment might be an issue due to the learning time needed beyond the built-in policies to create file signatures for example.  The refinement process to reduce false-positives can be very resource intensive.  Usually these solutions are allowed to run in monitor mode for around 6 months before an efficient blocking capability can be deployed. An SMTP prevent server examines email content before sending this off to an MTA server for block/quarantine/encrypt/notify actions. Similarly HTTP and HTTP prevent servers examines page contents for any confidential information leaving the company through webmail, news groups, social networking sites, blogging sites, etc before traffic is sent through the Web proxy again as it goes out into the internet. The same is true for an FTP prevention server. Blocking P2P or IM activity are still in development, unless the entire service is disabled. DLP solution can also be selected as part of a Unified Threat Management solution such as Trustwave. Uses of an LDAP-aware capability to associate alerts with a particular user or users (e.g. If a user was observed making an unauthorized access, DLP will pull up the groups this user is part of. This can benefit in a couple of ways. If the entire group is allowed to access this particular data, there is likely a broken process. If the group is not allowed to access this data, this will indicate this particular user had either special permissions to access the content or was indeed making an unauthorized access, hence it would demand immediate attention.
  • speaker notes section
  • Originally used to meet security requirements for Israeli Military Identification and classification of 370 different file types Uses fingerprinting technology, rules, lexicons, dictionaries, exact and partial matching, statistical analysis and natural language processing
  • RSA strength Support distributed discovery agents
  • In a medium network, Websense Enterprise components should be distributed on two or more dedicated machines, depending on your operating environment. One machine is responsible for filtering, while a second machine is set up as a web server and runs the reporting components. The filtering machine can be running a Windows Server, Linux or Solaris operating system. Websense Enterprise supports TCP/IP-based networks only. If your network uses both TCP/IP and non-IP based protocols, only those users on the TCP/IP portion of your network are filtered by Websense Enterprise. Rather than deploying Websense Enterprise at each remote office firewall, companies can deploy Websense components in a location geographically central to each of its remote offices. Since Websense Enterprise is accessible from the Internet, the Websense machine should be protected by a firewall that allows URL lookup requests to pass through.
  • In a medium network, Websense Enterprise components should be distributed on two or more dedicated machines, depending on your operating environment. One machine is responsible for filtering, while a second machine is set up as a web server and runs the reporting components. The filtering machine can be running a Windows Server, Linux or Solaris operating system. Websense Enterprise supports TCP/IP-based networks only. If your network uses both TCP/IP and non-IP based protocols, only those users on the TCP/IP portion of your network are filtered by Websense Enterprise. Rather than deploying Websense Enterprise at each remote office firewall, companies can deploy Websense components in a location geographically central to each of its remote offices. Since Websense Enterprise is accessible from the Internet, the Websense machine should be protected by a firewall that allows URL lookup requests to pass through.
  • speaker notes section
  • speaker notes section
  • speaker notes section
  • speaker notes section
  • Transcript

    • 1. By The Wanderers Securing Cision’s Confidential Data with Data Loss Prevention Systems
    • 2. Outline of contents
        • Business Problem and Requirements [ Scott ]
        • Data Loss Prevention (DLP) Solutions [ Angel ]
        • Proposed Solution [ Koonal ]
        • Vendor Comparisons and Architecture [ Wander ]
        • Company implementation & Conclusion [ Scott ]
    • 3. Business Problem
        • Problem
            • Cision needs the capability to exchange confidential information securely and easily.
        • Cision
            • 1200 Employees, 30+ offices, 8 countries
            • Confidential Data
              • Credit Card / Client Information
              • Customer privileged data
              • Employee personal data
              • Business Confidential data
            • Secure data from
              • Employee Error, Employee Theft
    • 4. Business Solution Requirements
        • Required
          • Meet the Payment Card Industry (PCI) requirements for credit card handling
          • Prevent client, business or employee data from being incorrectly disclosed internally and externally
          • Global capabilities with central configuration and enforcement
        • Out of Scope
          • Anti Virus, Firewall, Intrusion Detection Systems, Email Spam Filtering
          • Limited Other legal requirements: No HIPPA or SOX requirements
    • 5. Source: http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2008-04-techlinks/data-protection.jpg
    • 6. DLP Background
        • Definition of Data Loss Prevention
          • Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use, through deep content analysis.
              • - Rich Mogull of Securosis
        • Other TLAs
          • Data Loss Protection
          • Data Leak Prevention/Protection
          • Information Loss Prevention/Protection
          • Information Leak Prevention/Protection
          • Extrusion Prevention System
          • Content Monitoring and Filtering
          • Content Monitoring and Protection
    • 7. DLP Background
        • Identify where holes or exit points where leaks may occur
          • Instant messaging (Yahoo Instant Messaging, Windows Live)
          • P2P file sharing (e.g. LimeWire case as reported by LA Times)
          • Media streaming
          • Web mail (Yahoo mail, Gmail, Hotmail)
          • USB storage devices (ZDNet story from UK)
          • Removable drives
          • Devices connected through external ports (Firewire, serial, parallel)
          • FTP server
          • Printouts
    • 8. DLP Background Source: Securosis.com http://securosis.com/images/uploads/Pragmatic_Data_Security-_Data_Protection_DecisiionsV2.006_.png
    • 9.
        • How data are flagged and identified
          • Initial predefined policies 
            • Social security numbers
            • Prescribed in HIPAA, SOX, GLBA, etc. (Bank account numbers, Credit card numbers)
            • Customized categories based on client needs
          • Data Discovery
            • Looks into the content and not just the file type
            • Examine context considerations (factor in parent directories, user group matching)
            • Structured data matching (SSN, credit card numbers, etc)
            • Unstructured data matching (diagrams, source codes, media files)
              • Fingerprint the data by using one way hash and saved in the database         
              • Information can then be used to identify confidential data elsewhere
      DLP Background
    • 10.
        • Three different levels of DLP solution
          • Data in Motion
            • Data which uses HTTP, FTP, IM, P2P and SMTP protocols are mirrored in the DLP server for inspection where visibility is enhanced
          • Data at Rest
            • Data in file servers, databases, hosts computers set for file sharing, etc.
          • Data at End Points
            • Data which sits on end user hosts (workstations and notebooks)
      DLP Background
    • 11.
        • Technical Feature Considerations
          • Deep content analysis, monitoring and prevention
            • Identification and blocking capability
          • Centralized Management
            •  Central policy setting, dashboard features
          • Broad content management across platforms and ease of Integration
            • Review of information infrastructure including software for requirement and compatibility issues
          • Automated remediation
            • Transfer confidential files, LDAP lookup, secure purging of sensitive data
        • Business Environment Considerations
          • Matching with Business Need
            • Matches defined business need over feature allure
          • Market Presence
            • Major presence in the market, financial industry experience
          • Staffing Needs
            •  Staffing considerations to handle additional responsibilities
      DLP Background
    • 12.  
        • The Selection
          • Given that the business problem of to be able to exchange confidential information securely and easily,
          • We believe that a DLP solution have the ability to address such need by identifying and securing confidential data in a comprehensive and efficient manner as described in the guidelines above,
          • We select Websense as a representative of such DLP solution which has met all criteria mentioned above.
        • Websense
          • Global leader in integrated Web security, data security, and email security solutions.
          • Protects approximately 40 million employees at more than 40,000 organizations worldwide
          • Core strength in Web filtering, discovery and classification of content
          • Source: http://www.websense.com/content/aboutus.aspx
      Solution Selection
    • 13.
        • Websense Data Security Suite
          • Data Discovery
          • Data Protect
          • Data Monitor
          • Data Endpoint
      DLP Solution:
    • 14.
          • Data Discovery
            • Software-based solution that remotely scans specified network file shares, databases, email servers, data repositories, and desktops to discover and classify confidential data on these systems
            • Automated remediation of unsecured confidential data on data repositories, such as encryption, file removal, etc
            • 370 different types of file definitions
      DLP Solution:
    • 15.
          • Data Protection
            • Protects data with policy-based controls that map to business processes
            • Automated, policy-based enforcement options including block, quarantine, file removal, encrypt, audit and log, user notification in real time.
      DLP Solution:
    • 16.  
    • 17.
          • Data Monitor
            • Monitors and identifies what customer data is at risk; who is using the data in real time; and where this data is going
            • Precise ID technology
      DLP Solution:
    • 18.
          • Data Endpoint
            • Provides endpoint security and control over what confidential data is and should be stored (through local discovery)
            • Who is using it
            • How it is being used (with what applications)
            • Where it is being transferred (USB storage, printer)
      DLP Solution:
    • 19.  
    • 20. Websense Data Security Suite in Action (Case: Miss Bea Haven) DLP Solution:
    • 21. Alternative Vendors (Considerations)
    • 22. Alternative Vendors (Comparison) Vendor Strengths Weaknesses Symantec
      • Industry-leading network discovery and endpoint protection
      • Supports localization in 16 languages
      • Mature deployment methodology
      • Most expensive enterprise license costs
      • Admin Console is not localized (English only)
      Websense
      • Robust on network discovery and endpoint protection
      • Supports localization in multiple languages and already has global presence
      • Subscription based or perpetual licensing
      • Most appealing to current WebSense clients wishing to leverage existing products
      RSA(EMC)
      • Robust on network discovery
      • Providing a broad range of DLP inspection capabilities
      • Document fingerprinting content-inspection capabilities.
      • Weak on endpoint protection
      • Limited localized detection and support
    • 23.
        • Deployment Architecture
        • Windows Enterprise Network
        • 500 – 2,500 Users
      DLP Solution
    • 24.
        • Deployment Architecture
        • Windows Enterprise Network
        • 500 – 2,500 Users
      DLP Solution
    • 25.
          • Project Implementation Cost Estimates
      Company Implementation 1st Year Fees / Component Qty Price Total Websense Data Security Suites 1200 $65 $78,300 Estimated Discount (25% of list) 1200 -$16 -$19,575 Implementation Consulting 80 $175 $14,000 Hardware $18,000 Totals     $90,725 Ongoing Fees / Component (Yearly) Qty Price Total Websense Data Security Suites 1200 $65 $78,300 Estimated Discount (25% of list) 1200 -$16 -$19,575 Totals     $58,725
    • 26.  
    • 27.
          • Requirements Support
          • Other Considerations
      Company Feasibility Requirement Websense Supported Notes Legal Requirements X PCI Regional / Language Requirements X 8 countries Centralized Administration X Auto Identify Confidential Data X Limit End Point data actions X Industry Recognized Leader X Limitations / Concerns Software sold as subscription software (yearly ongoing costs) Websense cannot detect data within image Will users be able to easily create new controlled data sets Data Privacy rules are regional and may conflict
    • 28.
          • Cision needs to add DLP capabilities to their current security solutions to meet the business needs.
          • Websense meets the requirements
          • Websense is well positioned to grow with Cision’s future needs.
          • Your mileage may vary
      Conclusion
    • 29. Questions? Preguntas? Pangutana? Tanong? Perguntas? क्वेस्चन्स ?
    • 30. DON’T BE A MISS BEA HAVIN!
    • 31. The Wanderers

    ×