SCB 2013 DLP, công nghệ, và phương pháp triển khai

2,837 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,837
On SlideShare
0
From Embeds
0
Number of Embeds
495
Actions
Shares
0
Downloads
279
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

SCB 2013 DLP, công nghệ, và phương pháp triển khai

  1. 1. DLP DLP, giải pháp, và phương phát triển khai
  2. 2. Đơn vị tổ chức: Đơn vị tài trợ:
  3. 3. Bản thân Họ tên: Đơn vị: Email: Cell: TRẦN CHÍ CẦN Công ty CP Tin Học LẠC TIÊN can.tranchi@lactien.com 090 858 68 01
  4. 4. DLP là gì?
  5. 5. Have Broken Business Processes? Source code forwarded to private email accounts? Lack of visibility of what & how data is being leaked? PCI data copied onto non-encrypted USBs?
  6. 6. DLP Can Help! Protect Sensitive Information Improve Business Process Ensure Regulatory Compliance
  7. 7. The Sources of Data Loss Data Types Data-in-Motion Web Post Network IM Chat W I L D Email W I L D Data-at-Rest Database Desktop/Laptop Data-in-Use Removable Media Printer Screen Clipboard W E S T File Share
  8. 8. You Cannot Protect What You Don’t Know! Understanding How & What Data is Leaving Your Organization. 1101010111000100101011101000101010010001001010111010100010010000100100111100011100010011010101110001001010111010001010100100010010101110101000100100001 1011101010001001000010010011110001110 0010011010101110001001010111010001010100100010010101110101000100100001001001111000111000101 Policy 11010101110001001010111010001010100100010010101110101000100100001001001111000111000100110101011100010010101110100010101001000100101011101010001001000010 1011101010001001000010010011110001110 0010011010101110001001010111010001010100100010010101110101000100100001001001111000111000101 Data Analytics Violations 8 October 29, 2013 Captured Data
  9. 9. Deploy Data Types Data Loss Vectors Solution DLP Prevent DLP Monitor Data-in-Motion Email Web Post Network IM Chat Data-at-Rest DLP Discover File Share Database Desktop/Laptop Data-in-Use DLP Endpoint Removable Media Printer Screen Clipboard
  10. 10. Discover Data DLP Endpoint DLP Endpoint DLP Discover • Crawl local drives & Tag  Application, location or content  Outlook files (PST/OST) • Remediate  Move, delete or encrypt DLP Discover • Crawl servers  Inventory, classify, or fingerprint data What It Does Find and protect sensitive information in storage repositories and hard drives. • Remediate  Move, delete, or encrypt • Supported repositories/databases  CIFS/NFS/HTTP(S)/FTP(S)  SharePoint/Documentum  SQL/Oracle/DB2/MySQL Enterprise
  11. 11. Protect Data DLP Endpoint • Provide content-aware device control  Move or block DLP Endpoint • Integrated with Endpoint Encryption Email/Web Gateway  File, folder, or USB • DRM support  Adobe, MS RMS DLP Prevent What It Does Protect against data loss via outbound email, web postings, and endpoints such as laptops, USBs and other devices. DLP Prevent • Analyze network traffic for both email and web  SMTP/HTTP/HTTPS  IM/Blog/FTP/FTPS • Allow, block, bounce or notify • Encrypt, quarantine, or redirect
  12. 12. Monitor Data DLP Endpoint • Provide content-aware detection  Over 300 content types  Outlook, webmails DLP Endpoint  IM/FTP/HTTP(S) Switches/Routers DLP Monitor What It Does Monitor data as it moves across the network and as it leaves the endpoint.  I/O channels (USB, media, devices) DLP Monitor • Passively monitor all network traffic  Detect tags via keywords or concept • Examine how data is being used  What, where, who or why • Protocol agnostic
  13. 13. Comprehensive Data Protection Web & Email Gateway DLP integration with MWG and MEG analyzes email and ICAP traffic using its realtime rule engine and enforces actions (Block, Allow, Encrypt…). ESM Ability to inspect, analyse, correlate and report information of DLP. Secure log storage (historical). Chain of Custody and Non-Repudiation. Web & Email Gateway SIEM MDM/EMM Database Security Database monitor for DLP audit and control of data leak. Endpoint Encryption DLP integration with EEFF, EERM for remediation and to protect information base on content. Database Security ePO DLP Encryption Mobile Device Control Mobile DLP prevent data and intellectual property loss via Secure Containers. Device Control DLP integration helps control and audit of external USB Storage devices on the endpoint.
  14. 14. You Cannot Protect What You Don’t Know! Understanding How & What Data is Leaving Your Organization. 1101010111000100101011101000101010010001001010111010100010010000100100111100011100010011010101110001001010111010001010100100010010101110101000100100001 1011101010001001000010010011110001110 0010011010101110001001010111010001010100100010010101110101000100100001001001111000111000101 Policy 11010101110001001010111010001010100100010010101110101000100100001001001111000111000100110101011100010010101110100010101001000100101011101010001001000010 1011101010001001000010010011110001110 0010011010101110001001010111010001010100100010010101110101000100100001001001111000111000101 Data Analytics Violations 14 October 29, 2013 Captured Data
  15. 15. Data Violations Define Policy Test Policy Tune Rules Captured Data
  16. 16. Data Discovery “I’d like to deploy DLP, but where do I start?” 1000’s of Servers “I don’t know where all my data sits and on which servers.” Millions of files Unknown content
  17. 17. Encrypt PCI Data Sensitive IP Inventory with Metadata 17 Delete Move Categorization & Classification Remediation Prioritized
  18. 18. Endpoint Protection Protected Finance Share Endpoint Copied Tagged Applications Enforcement Web posting Copy/Paste Save as/Rename Download Tagged Copy to media/device
  19. 19. Enhanced Protection for IP Clipboard Protection • Prevent paste of sensitive information TO designed apps e.g. block PCI info being pasted TO Skype Screen Capture protection • Protect screen capture by any configured apps (e.g. Snipping tool, SnagIt) e.g. pasting of the screen capture will succeed, but will provide a blurred image
  20. 20. McAfee DLP Layout DLP Discover Databases or Repositories McAfee ePO Data-at-Rest Email Gateway Data-in-Motion DLP Prevent Web Gateway Data-in-Motion DLP Monitor Data-in-Use Data-in-Use Switch DLP Endpoint DLP Prevent Firewall
  21. 21. Layout
  22. 22. MyDLP Commercial Support Virtual Appliance Web Mail Block and Log Actions Quarantine and Archive Actions IRM Actions Customizable Dashboard Simple Reporting Exporting to Microsoft Excel Full-text search with SOLR Integration Mail Archive Policy Revisioning E-mail Notifications Customizable Notification Messages Community Edition V V V V V V V V V - Enterprise Edition V V V V V V V V V V V V V V V
  23. 23. Removable Storage Devices Removable Storage Encryption Removable Storage Inbound Data Monitor Printer Protection Screenshot Protection Discovery ( Data at Rest ) On Demand Workstation Discovery MyDLP API Removable Storage Inbound Archive Offline Endpoint Protection Community Edition V - Enterprise Edition V V - V V V V - V V V V V V V
  24. 24. Microsoft Active Directory Integration Database Integration (SQL / JDBC) ICAP Integration SMTP Gateway Integration Native Syslog Integration Community Edition V V V V Enterprise Edition V V V V - V
  25. 25. Keywords Predefined Dictionaries Regular Expressions Partial (Approximate) Document Matching Document hashes Predefined Data Types (e.g. Credit Card Numbers) National Identification and Social Security Numbers Source Code Identification Distance (Partial Context Grouping) Predefined Policies Custom Content Definition Community Edition V V V Enterprise Edition V V V V V V V V V V V V V V V V V V
  26. 26. Demo
  27. 27. Thank you!

×