IT Compliance and Governance with DLP Controls and Vulnerability Scanning Software


Published on

Overview of data loss prevention controls and vulnerability scanners

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IT Compliance and Governance with DLP Controls and Vulnerability Scanning Software

  1. 1. Delivering on the Promise. IT Compliance and Governance with DLPControls and Vulnerability Scanning Software By: Brian Rosenfelt, CPA And Joseph Compton, CISSP, CISA February 16, 2012
  2. 2. Delivering on the Promise. Security SoftwareAgenda • Data Loss Prevention Controls • Aids in policy development • Helps identify data to be protected • Provides real-time incident response tickets • Provides centralized audit reports • Vulnerability Scanners • Identify Network Device Weakness • Used to validate machine configuration • Used to identify missing patches
  3. 3. Delivering on the Promise. The SoftwareData Loss • DLP tools have been around for a long timePrevention • Expensive Controls • Geared toward single task • Poor alerting • New unified platforms are coming online • Comprehensive approach • Unified exception and audit reporting • Real time incident responses • Controls can be configured to function as • Detective • Corrective • Preventive
  4. 4. Delivering on the Promise.Organizational Data in Motion Challenges • What is the confidential data? • Where is the confidential data stored? • Where is the confidential data going? • Can the controls enforce data use polices?
  5. 5. Delivering on the Promise. Enterprise Data Protection and GovernanceWhat can these tools protect • Email encryption • Content profiling • Web filtering • End-point protection • Document management • Finger printing • Employee monitoring
  6. 6. Delivering on the Promise. Multiple endpointsSecurity / DLP • Storage drives (CD, DVD, USB) • Print devices • Websites • Home networks • Screen capture • Clipboard monitoring • Content profiling
  7. 7. Delivering on the Promise. CTH Technologies Secure CareOur DLP • Agent based technologySolution • Works on and off the network • Lockdown the desktop with policy enforcement • Policies will travel
  8. 8. Delivering on the Promise. Define Run Enforce policy Remediate Report on riskconfidential scan and by incidents anddata policy discover automatically compliance exposed data protecting files
  9. 9. Delivering on the Promise. Employee Detects or Notifies Workflow Report on sends prevents employee automates risk andconfidential incident remediation compliance data
  10. 10. Delivering on the Promise. SENSITIVE Employee Detects Tags email Automatically Report on risk sends incidents message encrypts andconfidential tagged compliance data messages
  11. 11. Delivering on the Promise.
  12. 12. Delivering on the Promise.CTH Demo
  13. 13. Delivering on the Promise. Business IntelligenceCTH DLPSummary • Behavioral Analytics • Employee Monitoring • Employee Activity / Productivity Reports • Software Audit Reporting • Usage Report • Compliance Report
  14. 14. Delivering on the Promise. DLP Solutions shouldCTH DLPSummary • Capture and Monitor • Desktop Data • Customer and Employee Data • Application Performance Data • Analyze Data • User • Machine • Application • Risk Mitigation Compliance
  15. 15. Delivering on the Promise.SAINT Security Scanner• Besides a tool for security testers, auditors can leverage the power of the Saint Security Scanner • Review Network Device Configuration • Perform Security Patch Audits • Test for PCI Compliance (Payment Card Industry) • Test for FISMA Compliance (Federal Information Security Act) • Test for HIPPA Compliance (Health Insurance Portability and Accountability Act) • Test for NERC Compliance(North American Electric Reliability Corporation).
  16. 16. Delivering on the Promise. What Can SAINT Do?Compliance • Besides various compliance checks SAINT can also Features run OVAL (Open vulnerability and Assessment Language) Vulnerability and Inventory tests • XCCDF and SCAP (NIST Extensible Configuration Checklist Description Format and Security Content Automation Protocol) • Import Lists from National Vulnerability Database
  17. 17. Delivering on the Promise. What else is out there?Other Scanning Tools and • A list of approved Scanners: Resources • Other DLP Vendors: Code Green Networks, Websense, Axway, and SMARSH
  18. 18. Delivering on the Promise. What We LearnedSummary • There are a variety of automated controls available • Each type can be used to speed up policy and procedure development • Auditors / Like security testers should have access to these tools • The right toolset should be customizable to the for any environment or reporting criteria
  19. 19. Delivering on the Promise. Our Whether seen by our clients, employees,Philosophy business contacts or community, our identity is the symbol of a promise delivered with enthusiasm, innovation, teamwork, drive and commitment. • Clients - Provide premier business services to our clients • Employees - Foster an environment that maximizes personal and professional growth • Business Contacts - Maintain the highest ethical standards • Community - Enhance the future of our community
  20. 20. Delivering on the Promise.Questions?