Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Data Leakage Prevention
Sigal Russin, CISO
Senior Analyst at STKI
sigalr@stki.info
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
What are...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Symantec...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
It’s abo...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Customer...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Variety ...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
What is ...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Defense ...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Sensitiv...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Round ta...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
DLP Proj...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
DLP Proj...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
13
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Recommen...
Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Thank Yo...
Upcoming SlideShare
Loading in …5
×

DLP Data leak prevention

1,087 views

Published on

RT May 2014

Published in: Technology
  • Be the first to comment

DLP Data leak prevention

  1. 1. Data Leakage Prevention Sigal Russin, CISO Senior Analyst at STKI sigalr@stki.info
  2. 2. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph What are you getting: 2 1 2 3 4 5 6
  3. 3. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph Symantec DLP News 3
  4. 4. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph It’s about People 4
  5. 5. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph Customers need more than a technology solution 5 Source: http://www.slideshare.net/ArrowECSMarketing/data-loss- prevention-from-symantec
  6. 6. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph Variety of Misuse Actions 6
  7. 7. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph What is DLP? • DLP means different things to different people * Data Loss Prevention * Data Leakage Prevention * Data Loss Protection • DLP is always about protecting organization sensitive information. • DLP technology is content aware referred to as deep packet inspection, analyzes the payload contained within a file or session. • DLP references data in one of three states * Data in motion * Data at rest * Data in use 7 Source: http://www.slideshare.net/technetbelux/data-leakage- prevention-22804526
  8. 8. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph Defense In Depth: Encryption + DLP 8
  9. 9. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph Sensitive organization data Lack of familiarity with the types of information that exist in organizations and processes related to use. • What is confidential information? • Where is it stored? • What are the channels through which information may leak ? • What actions will be taken if and when the event occurs leaked confidential information? 9 Source: http://searchsecurity.techtarget.com/feature/IT- Security-Trends-2013-Mobile-security-concerns-tops-the- list
  10. 10. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph Round table Insights 2010 10 This project includes: Legal dep. , IT, HR. 50% organization culture, 50% technology tools. Data classification should include all Department managers and management. You can not get 100% coverage of Data Leakage, even with three systems. Not all organizations covering the issue of data leakage from all views.
  11. 11. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph DLP Project I. Analysis of the business environment and existing threats (internal / external ). II. Data classification - Definition of Confidential Information / sensitive and classified according to the level of sensitivity. For example, Financial info, medical info, customers info etc. III. Identification and mapping of confidential / sensitive data storage. For example: USB drives, Data Bases, file servers, mobile, PC etc. 11
  12. 12. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph DLP Project V. Mapping and analysis of business processes and information lifecycle organization: create data, distribution data (email), backup, update a file server etc. VI. Mapping and assessment of potential leakage channels. For example: Interfaces and external web links, third-party authors or temporary workers, faxes and printers etc. VII. Characterization requirements- product selection and implementation, including compliance and design policies, procedures, processes Reply and complementary measures. 12
  13. 13. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph 13
  14. 14. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph Recommendations 14 Work Procedures and Guidelines Processing of events - depending on organization nature and information security team.capabilities Responsibilities and new roles Life cycle processes of organization information- Determining the classification tags each document creation stage. Audit logging and connection to SIEM systems Lifelong learning and improving the quality of monitoring depending on the events and the number of false alarms produced by the system.
  15. 15. Sigal Russin’s work/ Copyright@2014 Do not remove source or attribution from any slide, graph or portion of graph Thank You! Sigalr@stki.info

×