How to Secure Your Files with DLP and FAM


Published on

A single gigabyte of data in your data center contains thousands of folders and a massive amount of files. Which files contain sensitive data? Who owns and has access to these files? How do you protect this data? When faced with an audit or forensic investigation, most organizations are left scrambling for answers to these questions. Learn how the unique combination of File Activity Monitoring (FAM) and Data Loss Prevention (DLP) technologies simplify and accelerate these processes, reducing the time to remediate and protect sensitive data.
Our five step plan includes automating processes to:
1. Discover sensitive data
2. Identify data owners
3. Communicate with business owners
4. Implement policy controls
5. Remediate excessive access

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to Secure Your Files with DLP and FAM

  1. 1. 5 Ways to Lockdown Your Sensitive Files with DLP and FAM Presented by, Ash Devata, Sr. Manager, DLP Products, RSA Raphael Reich, Director of Product Marketing, Imperva
  2. 2. Agenda Major Trends 5 Steps to Regain Control Conclusion And Q&A
  3. 3. Today’s PresenterAsh Devata, Sr. Manager, DLP Products, RSA Expertise + DLP, data security, information classification + Presented at RSA, ISC2 sessions, EMC World, etc. Worked at + RSA, EMC, Startups + Chaired sustainable development projects in Boston Academics + Degrees in MBA and Electronics and Instrumentation Engineering + Co-author of books/journals on BPO
  4. 4. Today’s PresenterRaphael Reich, Dir. Product Marketing, Imperva Expertise + 20+ years in product marketing, product management, and software engineering Professional Experience + Cisco, Check Point, Digital Equipment Corp. Academics + Bachelor’s degree in Computer Science from UC Santa Cruz + MBA from UCLA
  5. 5.  Major Trends 5 Steps to Regain Control Conclusion And Q&A CONFIDENTIAL
  6. 6. Data is Growing & Constantly Changing Enterprise data volume20% Substantial volume 80% Unstructured (file data) IDC: 2009 File-Based Storage Taxonomy, 11/09 Structured (DB, Apps) 500 400 60%Volume 300 200 Constant growth 100 IDC: 11/09 0 1 2 3 4 5 6 7 8 9 Time • As data grows, so does the volume of user access rights • Rights are also very dynamic • Employees, contractors, consultants, etc., join/leave the organization, start/finish projects, change job roles, etc.
  7. 7. Two Types of Sensitive Data Data You Data You Collect Create • Credit card data • Intellectual property • Privacy data (PII) • Financial information • Health care information • Trade secrets
  8. 8. And Companies Are Losing Data Three Main Threat Vectors 1 2 3 Non-malicious end IT and Business Malicious useruser trying to get the managing data stealing data using job done without total visibility authorized tools
  9. 9. And There Are Regulations to Prevent Data Loss  Regulations: sensitive data must be protectedRegulation Scope Example Requirement Control measure Requirement 7: “Restrict access to cardholder Audit and review userPCI-DSS Credit card data data by business need to know” rights Section 164.312(b): “Implement…mechanismsHIPAA Healthcare-related PII Activity monitoring that record and examine activity…”FERC- Requirement 5.1.2: “…create historical audit trails US energy industry Activity monitoringNERC of individual user account access activity.” Section 120.17: Restricts “Disclosing…or Audit and review userITAR US weapons export transferring technical data to a foreign person…” rights Section 17.04 (1d): “…restrict access to active Audit and review userMA 201 users and active user accounts…" rights, plus Activity PII of state residents SummaryCMR 17 Section 17.04 (2a) "restrict those who monitoring to identify Requirements Controls need…to perform their job duties" dormant users Business need-to-know User rights auditing and reviews access Historical audit trails Audit file access activity Restrict access to active users Correlate file rights with file access activity
  10. 10. Personal Information Breach Notification Laws 46 States have PII breach notification laws 3214 Number of notified incidents since Jan 2006 75% PII breaches are a result of insider actions States with No PII Breach Notification Laws Alabama, Kentucky, New Mexico, and South Dakota
  11. 11. Highly Prescriptive Regulations for Managing PII Proactive Prescriptive Auditable
  12. 12. End of The Day, Data Loss is Very Expensive What does a data breach cost? US$7.2 Million or $214 per record Source: 2010, Annual Study: Cost of a Data Breach, Ponemon Institute
  13. 13. The Second Type of Sensitive Data Is Import Too Source Code Financial Results Blue Prints Patent FilingsRoad Maps Contracts Strategic Plans M&A Initiatives Biddingns Partnership Plans Investment Details Portfolio Models Competitive Intelroduct Docs Research Results Un-Published Docs Raw R&D Data Busin “Secrets comprise two-thirds of the value of firms’ information portfolios” Forrester 2009: Securing Sensitive IP Survey Competitive Brand Employee Advantage Equity Morale
  14. 14. Taking Data With Them When They Go Insiders  70% of employees plan to take something with them when they leave the job + Intellectual Property: 27% + Customer data: 17%  Over 50% feel they own it Source: November 2010 London Street Survey of 1026 people, Imperva
  15. 15. Example breach: $50M+ in automotive designs Xiang Dong Yu • Worked at Ford 10 years • Took 4,000 design documents • Estimated $50-100 Million in value • Went to work for Beijing Automotive Co.
  16. 16.  Major Trends 5 Steps to Regain Control Conclusion And Q&A CONFIDENTIAL
  17. 17. 5-Steps To Regain Control Discover sensitive data Identify data Remediate owners Implement Communicate policy with data controls owners
  18. 18. Discover Sensitive Data Attributes & Identity AnalysisSharePoint Grid • File extension • File type, size, etc.Databases Virtual Grid Content in File RSA DLP • General keywords DatacenterNAS/SAN • Specialized keywords Temp Agents • Patterns and strings • Proximity analysisFile Servers Agents • “negative” rulesEndpoints
  19. 19. Data Discovery Is Part of RSA Data Loss Prevention RSA DLP Enterprise Manager RSA DLP RSA DLP RSA DLP Network Datacenter Endpoint Connected Disconnected Email Web File shares SharePoint Databases PCs PCs
  20. 20. When You Find Sensitive Data… IT decides on remediation  • IT does not have business context • Potential of disruption to business Result Sensitive files discovered by DLP Involve end-user in remediation • Who to contact? • What to ask?  • • • How to track responses? How to follow up? How to orchestrate? • How to manage the process?
  21. 21. Step 2 In Regaining Control Discover sensitive data Identify data Remediate owners Implement Communicate policy with data controls owners
  22. 22. How Owners Are Identified Today See who created the file/folder Examine ACLs Mass e-mails Phone calls Keep notes Finding an owner: 1 hour per folder on average22
  23. 23. Who Owns It? Ask The People Who Know Best… ?23
  24. 24. Step 3 In Regaining Control Discover sensitive data Identify data Remediate owners Implement Communicate policy with data controls owners
  25. 25. Communicate With Data OwnersSharePoint Grid Business UsersDatabases Virtual Grid RSA DLP RSA DLPNAS/SAN Datacenter Risk Remediation Manager Temp AgentsFile Servers Imperva FAM AgentsEndpoints Manage Remediation Discover Sensitive Data Workflow
  26. 26. Step 4 In Regaining Control Discover sensitive data Identify data Protect files owners Implement Communicate policy with data controls owners
  27. 27. Real Time Policy Enforcement Through FAM Block and alert when users outside Finance access Finance data See triggered alerts Drill down for details on “who, what , when, where”
  28. 28. Leverage DLP Data Discovery in FAM Click to import CSV
  29. 29. Leverage DLP Data Discovery in FAM View classification in SecureSphere and use in policy building29
  30. 30. Step 5 In Regaining Control Discover sensitive data Identify data Remediate owners Implement Communicate policy with data controls owners
  31. 31. Apply Controls to Protect DataSharePoint Grid Business Users Apply DRMDatabases Virtual Grid Encrypt RSA DLP RSA DLP Delete / ShredNAS/SAN Datacenter Risk Remediation Manager Change Permissions Temp Agents Policy ExceptionFile Servers Imperva FAM AgentsEndpoints Manage Remediation Apply Discover Sensitive Data Workflow Controls
  32. 32. Remediate Excessive AccessShould “Everyone” have access to sensitive data? Are there dormant users? • “Everyone” group in Active Directory literally means all users • May want to revoke rights of inactive users What rights are not used? • Users with access they appear not to need
  33. 33. Understand Access Rights And Their Origins See what a user can access …and how they got access to data
  34. 34. Traditional Approach – The Old WayDay 4Minimal contextfor fileownership. Day 150 Spreadsheet consolidationLet the e-mail into an access database -exchange begin. Attempt to deliver metrics Day 1 30K files discovered by DLP Day 180 No consistent data. Contractor funding extensions have ended. Internal resources left with no repeatable process.
  35. 35. With The Solution: Reduce Time Up To 85% Day T + 60 90% of files remediatedDay T + 51200 Owners Repeatable andin 10 Countries continuously monitoredIdentified by RSADLP Analyst work space and executive metrics in DLPImperva identifies RRM.file owners basedon access to files Day T + 15 DLP RRM sends initialDay T questionnaire to data30K files ownersdiscovered by RSADLP Data owners and IT agree on remediation controls
  36. 36.  Major Trends 5 Steps to Regain Control Conclusion And Q&A CONFIDENTIAL
  37. 37. To Wrap Up… Discover sensitive data • Data protection is essentialProtect files Identify data owners • Data protection goes beyond IT • Focus on people & process • Look for more complete solutions • Involve all stake holders in planning Communicate Implement with data policy controls owners
  38. 38. About RSA, The Security Division of EMC Network SIEM DLP Monitoring AuthenticationWeb FraudDetection eGRC IT GRC EncryptionManage Risk Prove Compliance Secure Access Secureand Threats Virtualization & Cloud
  39. 39. Imperva: Our Story in 60 Seconds Attack Usage Protection Audit Virtual Rights Patching Management Reputation Access Controls Control
  40. 40. Webinar Materials Get LinkedIn to Imperva Data Security Direct for… Answers to Post-Webinar Attendee Discussions Questions Webinar Much more… Recording Link
  41. 41. Questions and Answers Questions and Answers