Information Leakage - A knowledge Based Approach


Published on

Illyas Kooliyankal CISCO -ADC Presentation at the CIO Event for more information click here

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • to create a comprehensive solution that guards against the risk posed by insiders.
  • Information Leakage - A knowledge Based Approach

    2. 2. Information Leakage – A Knowledge Based Approach
    3. 3. <ul><li>Introduction </li></ul><ul><li>Some real life examples </li></ul><ul><li>Existing Security Mechanisms? </li></ul><ul><li>Best Approach towards Protection </li></ul><ul><li>Protection Mechanisms </li></ul><ul><li>Technology behind DLP </li></ul><ul><li>Case Study </li></ul><ul><li>Summary </li></ul>
    4. 4. Why Data is a Priority? Indirect Costs $1.5M $15/record Opportunity Costs $7.5M $75/record Direct Costs $5.0M $50/record Cost of Data Breaches $140/record Source: Ponemon Institute SVB Alliant Leakage of confidential/ proprietary information Un patched vulnerabilities Insider attacks Spyware Phishing attacks Malicious Code Spam Denial of Service attacks Fraud Keystroke loggers 52% 24% 18% 14% 10% 4% 4% 4% 2% 2% What do you consider to pose the biggest current threat to your organization’s overall security? (multiple responses) Source: Merrill Lynch survey of 50 North American CISOs, July 2006
    5. 5. 70% - loss caused by insiders 23% of loss is from malicious intent 92% use email to send confidential data 55% use portable devices to take confidential data out of the workplace every week Some stats
    6. 6. Top Leakage concerns of customers
    7. 7. A serious Concern Now? <ul><li>More mobility, flexibility </li></ul><ul><li>Criminals </li></ul><ul><li>Business impact – Reputation, monitory, growth, … </li></ul><ul><li>Legal and Regulatory compliances </li></ul><ul><li>International standards like ISO 27001 </li></ul><ul><li>Personally… </li></ul>
    8. 8. <ul><li>A researcher, who accidentally sends a new product formula to hundreds of partners </li></ul><ul><li>OR </li></ul><ul><li>A junior member of the finance team who unknowingly exposes the company’s unannounced financial results to the public </li></ul>
    9. 9. A Hard-working, loyal employee who takes home his laptop or a USB drive for the weekend to get work done and Accidentally leaves it on the subway as he runs to greet his children at the end of a long workweek “ Internal risk that can lead to data loss are real.”
    10. 10. Data Leakage - Boundary Employees (remote workers, mobile workers) Business Partners (Suppliers, outsourcers, consultants) Customers Hackers Contractors Temporaries Visitors Digital Business Cyber-crime SOURCE: FORRESTER RESEARCH Employees Sensitive Data Competitors
    11. 11. Existing Security Devices/Solutions?
    12. 12. Data - Concerns
    13. 13. <ul><li>Holistic Approach </li></ul><ul><li>People </li></ul><ul><li>Process </li></ul><ul><li>Technology </li></ul>
    14. 14. <ul><li>Develop and implement fool proof processes in overall business environment (Information –at all stages/states) </li></ul><ul><li>Staff Awareness and support </li></ul><ul><li>Implement appropriate technology to assist the users and the organization to protect the data efficiently and without business interruption. </li></ul>
    15. 15. <ul><ul><li>Information leaked by Internal/Authorized users </li></ul></ul><ul><ul><li>Performance issues. </li></ul></ul><ul><ul><li>False Positives and False Negatives </li></ul></ul><ul><ul><li>User Resistance & Org Culture of Trust, openness </li></ul></ul><ul><ul><li>Impact to the normal business operations? </li></ul></ul>Challenges!
    16. 16. <ul><ul><li>Business requires information easily and seamlessly </li></ul></ul><ul><ul><li>Existing security solutions and tools-limited capability </li></ul></ul><ul><ul><li>Huge amount of sensitive data; unwanted/outdated data </li></ul></ul>Is it Easy?
    17. 17. <ul><li>Approach it as a business problem, not technical. </li></ul><ul><li>Formulate a comprehensive strategy for Data protection </li></ul><ul><li>Develop a classification policy </li></ul><ul><li>Analyze various data sources and data, classify it, and conduct detailed risk assessment. </li></ul><ul><li>Identify and select an appropriate technical solution for DLP </li></ul>How can you protect?
    18. 18. How can you protect? <ul><li>State of the Data– in motion, at rest, in use. </li></ul><ul><li>Develop/Decide on the policies to be applied based on the sensitivity and classification </li></ul><ul><li>Apply light weight policies and train the users to be more careful </li></ul><ul><li>Actions – Controls (Log, Alert, Justification, block, etc) </li></ul><ul><li>Monitor and Fine Tune </li></ul><ul><li>Approach it phase by phase – Begin with log only, analyze the events and tighten the controls slowly and steadily. </li></ul>
    19. 19. <ul><li>Data At Rest </li></ul><ul><ul><li>Data classification </li></ul></ul><ul><ul><li>Device control </li></ul></ul><ul><ul><li>Content control </li></ul></ul><ul><ul><li>Application control </li></ul></ul><ul><li>Transaction Data </li></ul><ul><ul><li>Direct Database Access </li></ul></ul><ul><ul><li>Access via Applications </li></ul></ul><ul><ul><ul><li>Web applications </li></ul></ul></ul><ul><ul><ul><li>Web services </li></ul></ul></ul>Communication Channels <ul><li>Data In Motion </li></ul><ul><ul><li>Outgoing communications </li></ul></ul><ul><ul><li>Internal communications </li></ul></ul><ul><ul><li>Databases and documents </li></ul></ul><ul><ul><li>Monitoring and enforcement </li></ul></ul>Courtesy: The Landscape Databases Transaction Applications Data Storage (SAN and NAS) Servers, Endpoints Employees (Honest & Rogue ) Customers & Criminals Accidental, Intentional and Malicious Leaks Employees (Honest & Rogue) Employees (Honest & Rogue)
    20. 20. <ul><li>Lets you secure the data you know you need to protect </li></ul><ul><li>Automate the discovery and understanding of the data you don’t know </li></ul><ul><li>By securing all your information—from the datacenter to the network endpoints—you protect it through all phases of its lifecycle—at rest, in motion, and in use—and ensure its confidentiality and integrity. </li></ul>What DLP offer?
    21. 21. <ul><li>Identify and Classify data in motion, at rest, and in use </li></ul><ul><li>Dynamically apply the desired type and level of control, including the ability to perform mandatory access control that can’t be circumvented by the user </li></ul><ul><li>Monitors multiple channels for specific inbound and outbound content </li></ul><ul><li>DLP Products may differs based on these . </li></ul>How Does DLP Work?
    22. 22. <ul><li>Through </li></ul><ul><li>Deep content inspection </li></ul><ul><li>Contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.) </li></ul><ul><li>With a centralized management framework. </li></ul><ul><li>The systems are designed to detect and prevent the unauthorized use and transmission of confidential information </li></ul>How?
    23. 23. Capabilities
    24. 24. Data Protection What is the User Doing With It? Read, Write, Print, Move, Burn, Copy/Paste, Upload, etc . Where Did the Data Come From? (What Classification?) Where Is the Data Going? What is the Policy regarding Actions to be taken? Devices Applications Networks 1 4 2 3
    25. 25. Reduce Your Risk Audit, Notify, Quarantine, Block Encrypt … Reduce Risk <ul><li>Enable enforcement policy </li></ul><ul><li>Quarantine suspicious messages </li></ul><ul><li>Create audit trail of all communications to substantiate compliance </li></ul><ul><li>Reduce violations to required levels </li></ul>Enforce Learn Define Metrics <ul><li>Use pre-defined policies or create custom policies </li></ul><ul><li>Learn critical information using information fingerprinting service </li></ul>Monitor <ul><li>Monitor communication channels </li></ul><ul><li>Reporting of matches against policies and information fingerprints </li></ul><ul><li>Tune policies </li></ul>Assess Risk Courtesy:
    26. 26. <ul><li>Information Leakage is a serious concern to organizations and individuals </li></ul><ul><li>Approach has to be holistic addressing through People, Process and Technology </li></ul><ul><li>DLP technology addresses Data in motion, rest and at use. </li></ul>Summary
    27. 27. <ul><li>Classification Policy, Information about Data and Data Source, Classify those, Select DLP Solution, Develop Policies and Test, Apply, Monitor, Fine Tune, Awareness </li></ul><ul><li>Action – Log, Alert, Justify, Block etc.. </li></ul><ul><li>Resistance, Org Culture, Performance, huge amount of known/unknown data etc are some of the obstacles. </li></ul><ul><li>Start with light weight policies and gradually tighten it once the awareness and adaptability is achieved </li></ul><ul><li>Information Leakage Prevention is an ongoing process </li></ul>