GTB - Protecting PII in the EU


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

GTB - Protecting PII in the EU

  1. 1. Protecting PII in the EUGTB Data Leak Prevention March 27, 2012 Oxford, UK
  2. 2. Security Breach Statistics - (2005 -2011): 479,072,533 Confidential records stolen/lost Over $150 Cost per breached record 1 in 75 emails Contain secure content 2 of 50 files Exposed files on the network $0.10 to $25 Price of a valid credit card w/ CVV $10 - $1,000 Price for bank account credentials Sources:, Ponemon llc., Privacy Rights Clearinghouse5/3/2012 Copyright GTB Technologies, Inc. 2
  3. 3. All time largest reported incidents records date organizations Known Cost130,000,000 January 20, 2009 Heartland Payment Systems $68 mill94,000,000 January 17, 2007 TJX Companies Inc. $64 mill90,000,000 June 1, 1984 TRW, Sears Roebuck Unknown77,000,000 April 26, 2011 Sony Corporation $173 mill76,000,000 October 5, 2009 National Archives and Records Administration unknown40,000,000 June 19, 2005 CardSystems, Visa, MasterCard, American Express unknown32,000,000 December 14, 2009 RockYou Inc. unknown26,500,000 May 22, 2006 U.S. Department of Veterans Affairs $20 mill25,000,000 November 20, 2007 HM Revenue and Customs, TNT unknown24,600,000 May 2, 2011 Sony Online Entertainment, Sony Corporation unknownSource: 5/3/2012 Copyright GTB Technologies, Inc. 3
  4. 4. EU Electronic Communications Guidance Section 16: Offences and Penalties Failure to comply with certain provisions of the Regulations are criminal offences:• Data Security and Data Breaches• Unsolicited Marketing Communications• Requirements specified in Information and Enforcement Notices issued by the Commissioner Requirements imposed by the Commissioner’s authorised officers.The offences attract a fine of up to €5,000 – per message in the case of unsolicited marketing –when prosecuted by the Commissioner in the District Court.Unsolicited marketing offences may be prosecuted on indictment and attract fines of up to€250,000 in the case of a company and €50,000 in the case of an individual. A data securityoffence may similarly be prosecuted on indictment and attract the same level of Penalty.Source: 5/3/2012 Copyright GTB Technologies, Inc. 4
  5. 5. Defining DLPA DLP system performs real-time dataclassification on Data at Rest and Datain Motion and automatically enforcessecurity policies including PREVENTION.5/3/2012 Copyright GTB Technologies, Inc. 5
  6. 6. DLP answers 4 questions: 1. Where is my 2. Who is sending 3. What data is 4. Who is receiving data? my data? being sent? my data?• Desktops • Trusted users • PII • IP address• Laptops • Intruders • PHI • Email destination• File shares • Spyware • Source code • Geographic• SharePoint • Viruses • Intel. Property location5/3/2012 Copyright GTB Technologies, Inc. 6
  7. 7. The 8 use-cases for Network DLP 1. Control a broken 2. Demonstrate 3. Automate Email 4. Detect or Block business process Compliance Encryption encrypted content Should I allow I have no way of How do I automateWho is sending, what encrypted data to enforcing EU data loss encrypting emailsdata and to whom? leave without compliance regulation which require it? content inspection? 7. Detect/Block TCP 8. Employees’ 5. Severity Blocking 6. Visibility to SSL from non-trusted users Education How do I detect My employees areSome breaches are so I have no visibility to transmissions from not complying withsevere that I prefer to SSL in general and non-trusted users the Writtenaltogether block them! HTTPS in particular! (Malware/Viruses/Troj Information Security ans) Policy (WISP) 5/3/2012 Copyright GTB Technologies, Inc. 7
  8. 8. Where is my data?5/3/2012 Copyright GTB Technologies, Inc. 8
  9. 9. Who is sending my data?5/3/2012 Copyright GTB Technologies, Inc. 9
  10. 10. What data is being sent? a5/3/2012 Copyright GTB Technologies, Inc. 10
  11. 11. Who is receiving my data?5/3/2012 Copyright GTB Technologies, Inc. 11
  12. 12. The problem of protecting PII – Avoid false positivesLast Name Email Phone Salary SSN Bank Account Credit CardAbel 9495550002 224491.19 001010003 12345678000000002 371230000000004Abelson 9495550003 80721.60 001010004 123000000003 6011120000000000Abourezk 9495550004 84170.59 001010005 123000000004 5312340000000010Abrams 9495550005 248851.63 001010006 12345678000000005 4123400000000014Ace 9495550006 81827.08 001010007 123000000006 371230000000012Acton 9495550007 38145.58 001010008 12000000007 6011120000000018Adams 9495550008 97567.90 001010009 1234000000008 5512340000000026Adams 9495550009 27973.57 001010010 1000000009 4123400000000022Adams 9495550010 168487.07 001010011 123456000000010 371230000000020 5/3/2012 Copyright GTB Technologies, Inc. 12
  13. 13. Solution: Fingerprint your PII5/3/2012 Copyright GTB Technologies, Inc. 13
  14. 14. GTB DLPLive Demo GTB DLP Suite-Confidential
  15. 15. Essential Elements of DLP1. Detection accuracy2. Resiliency to data manipulation3. Comprehensive protocol support4. File format independence5. Performance – no network degradation6. Security7. Detection of encrypted content8. User remediation GTB DLP Suite-Confidential
  16. 16. Detection Engine AccuracyWould you enforce blocking if you don’t trust the event is true? Imprecise Algorithms •Data Pattern engine •Bayesian analysis •Statistical analysis •Others GTB DLP Suite-Confidential
  17. 17. Detection Accuracy (continued) Would you enforce blocking if you don’t trust the event is true?Precise Algorithms•Whole file hash•Cyclical hashes•Rolling hashes•Watermarking/tagging•Recursive Transitional Gaps (GTB proprietary) GTB DLP Suite-Confidential
  18. 18. Un-structured Data Fingerprinting
  19. 19. Structured Data Fingerprinting - 100% accuracy!
  20. 20. Resiliency to Data Manipulation•Data extracting – copy and paste Imprecise Algorithms•File format conversion•Compression•File embedding•File extension changes•Re-typing – secure text is re-typed•Data representation change (069-44-4321 – 069,44,4321) GTB DLP Suite-Confidential
  21. 21. File format and protocol independence •SMTP, HTTP and FTP are most commonly used Imprecise Algorithms •HTTP Server, HTTP Tunnel, NNTP, IM, POP3, MS Networks, SSL and unknown protocols •Secure data may reside in any file format GTB DLP Suite-Confidential
  22. 22. Performance & Security• Make sure all packets are scanned without Imprecise Algorithms network degradation• Make sure the solution is secure• Choose a solution that does not copy secure content in order to protect it GTB DLP Suite-Confidential
  23. 23. What data must be protected? Personal identifiable information (PII)• Credit card number• Social security number• Customer name• Address• Telephone numbers• Account numbers/Member numbers/Tax ID’s• PIN or password• Username & password• Drivers license number• Date of birth
  24. 24. Enterprise class DLP GTB DLP Suite-Confidential
  25. 25. Network DLP configuration - OOL •Log Enforcement •Encrypt Actions •Quarantine •Severity Block Mirror port switch Scans all TCP channels on all 65,535 ports5/3/2012 CopyrightDLP Suite-Confidential GTB GTB Technologies, Inc. Slide 25
  26. 26. Secure mail integration GTB DLP Suite-Confidential
  27. 27. HTTPS visibility5/3/2012 CopyrightDLP Suite-Confidential GTB GTB Technologies, Inc. Slide 27