DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-Loaded


Published on

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Symantec Encryption SolutionsProtection for laptops, desktops, endpoints, email, mobile, and data in the cloud.Verisign + SSL
  • Endpoint Protection, Encryption, ComplianceNBU, BE, cluster, ApplicationHAHW & OS INDEPENDENT
  • Focus on information rather than decivesDON’T TRUST CLOUD SAME AS USB STICK
  • Data Leakage Prevention (DLP)Encrypt sensitive information on removable devicesEnsure that sensitive data is not stored unencryptedEncrypt sensitive data on file sharesEncrypt outbound email containing sensitive information
  • DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-Loaded

    1. 1. For your eyes only - Encryption and DLP Erkko Skantz Symantec Finland 1
    3. 3. Focus on information 3
    4. 4. Today's System-Centric Enterprise Data Center Field Offices Point of Sale Field Headquarters 4
    5. 5. Today's System-Centric Enterprise Data Center Field Offices 1 in 10 people have lost a laptop, smart phone, or USB drive with corporate information on it Point of Sale 12,000 Field Headquarters Laptops lost in United States airports every week 5
    6. 6. Today's System-Centric Enterprise Data Center Field Offices 1/2 of corporate data resides on mobile Point of Sale devices Field Headquarters 6
    7. 7. Information is the most important asset you have Data Center Field Offices Point of Sale Field Headquarters 7
    8. 8. Where to get started? Where to implement encryption and DLP? 8
    9. 9. Recovey point- and time objective How much data can I afford to lose? How long does it take to get my system up again? CRASH 24 Hours 1 Hour Last backup taken 1/2 Hour Impact of data loss? 1 Hour System up again 9
    10. 10. The Mistakes that Companies Often Make Disk Encryption Find tactical solution Create keys Deploy infrastructure USB Encryption Find tactical solution Create keys Deploy infrastructure Mobile Encryption Find tactical solution Create keys Deploy infrastructure 10
    11. 11. Pay attention 11
    12. 12. Encryption is Easy 1) Take a document 2) Create a key and encrypt the document / file / disk • Most customers think they are buying an encryption application. Don’t make this mistake. • Ask for management platform for encryption. 12
    13. 13. Administration can be difficult 1) Encryption management is UNLIKE any other administrative responsibility 2) Normally, administrative responsibilities end when the user leaves / quits 3) You must manage an encryption key for as long as there is encrypted data! 13
    14. 14. Suggested roadmap FTP, batch, backup transfer Smartphone solutions File/folder/shared server encryption End-2-end email encryption Full disk encryption Encryption Management Server Device and media encryption Gateway email encryption 14
    15. 15. Full disk encryption, the easy way 15
    16. 16. Symantec Full Disk Encryption • Encrypts desktops, laptops, and USB drives • Protects against – Personal computer loss / theft / compromise / improper disposal • Reduces risk of data loss • Protects against reputation damage • Enables business continuity without disrupting user productivity • Demonstrates compliance to regulatory standards • Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification 16
    17. 17. Symantec Full Disk Encryption Deployment Encryption Management Server Clients LDAP Software Deployment Tool • Flexible .MSI and .PKG formats • Support for SMS, Zenworks, Altiris, AD GPO • Deploy to: Windows, (including Windows Server), Windows 8 (BIOS and UEFI), Mac OS X, Ubuntu, and Red Hat clients 17
    18. 18. Full Disk Encryption How It Works Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Policy and Provisioning Initial Encryption Pre-Boot Environment Authentication Compliance Helpdesk • User is presented with modified preboot environment on reboot (or resume from hibernation) • User logs in using passphrase or smart card • Administrators configure policy on Symantec Encryption Management Server • Deploy installation package(s) to Windows (or Mac OS X/Linux) laptops/desktops • Install Symantec Drive Encryption client • System is encrypted, blockby-block • Administrator views logs and reports on Symantec Encryption Management Server • Forgotten passwords • Unavailable employee • Machine recovery 18
    19. 19. It is about the information Symantec Drive Encryption Situation Product & Solution Result Bag (+computer) lost at the airport or stolen from the car. Symantec Drive Encryption: Encrypt all laptops and desktops. The laptop was encrypted and the data was inaccessible by unauthorized users. Because the data was encrypted, the company did not have to report the breach. The company did not suffer a public blackeye. 19
    20. 20. It is about the information THEME: Cloud Storage Situation Product & Solution Result Employees are storing confidential documents in the cloud. They are doing this for collaboration purposes. Symantec File Share Encryption: Encrypt data on internal file shares and data on cloud storage lockers. All data being stored in the cloud is encrypted prior to being sync’d into the cloud. Data is secure from 3rd party cloud companies as well as from compromise of account information to the cloud. 20
    21. 21. It is about the information THEME: Email Situation Product & Solution Result Email administrators are reading the email of the Executive staff Symantec Desktop Email Encryption: Encrypt and decrypt emails at the desktop level before leaving the desktop to the mail servers. Emails are secured on the desktop. Email admins can still access the emails on the mail server, but cannot read them because they are encrypted. Backups of the emails remain encrypted and secured. 21
    22. 22. Information encrypted Objectives • Keep data secure • Meet compliance objective • Protect the business • Control costs and liabilities Tasks • Protect data at rest Products MANAGEMENT • Product data in motion • Protect in use ENDPOINT ENCRYPTION FILE AND SERVER ENCRYPTION EMAIL ENCRYPTION 22
    23. 23. Complete Encryption Platform Full Disk Encryption (FDE) Device and Media Encryption FTP/Batch and Backups Management File/Folder/Shared Server Encryption Central Management of Encryption Applications Symantec Encryption Management Server Key Management PGP® Key Management Server (KMS) End-End Email Gateway Email Encryption Smartphone Solutions 23
    24. 24. The alternative option for encrypting everything 24
    25. 25. Where is your confidential data? DISCOVER How is it being used? MONITOR How best to prevent its loss? PROTECT 25
    26. 26. How Symantec DLP Works DATA LOSS POLICY DETECTION RESPONSE Content Context Action Notification Credit Cards Who? Notify User SSNs What? Justify Manager Intellectual Property Where? Encrypt Security Prevent Escalate Find it. Fix it. 26
    27. 27. Symantec Data Loss Prevention 27
    28. 28. Symantec Data Loss Prevention Products STORAGE Network Discover ENDPOINT Endpoint Discover NETWORK Network Monitor Endpoint Prevent Network Prevent for Email Data Insight Mobile Email Monitor Network Protect Mobile Prevent Network Prevent for Web Management Platform Symantec Data Loss Prevention Enforce Platform 28
    29. 29. Symantec Data Loss Prevention Architecture Secured Corporate LAN DMZ STORAGE MTA or Proxy Network Discover - Data Insight - Network Protect MGMT PLATFORM Enforce NETWORK Network Monitor - Network Prevent – Mobile Email Monitor – Mobile Prevent ENDPOINT Endpoint Discover - Endpoint Prevent SPAN Port or Tap 29
    30. 30. Continuous Risk Reduction 1000 Visibility Incidents Per Week 800 Remediation 600 400 Notification 200 Prevention 0 Risk Reduction Over Time Competitive Trap 30
    31. 31. Putting it all together 31
    32. 32. Defense in Depth: DLP and Encryption Gateway DLP: FIND Removable Storage ENCRYPTION: FIX File-Based 32
    33. 33. Thank you Questions? - erkko.skantz@symantec.com 33