2. 6.7 ZB Data Created in 2020
More Data Gives Your
Organization a
Competitive Advantage
“The amount of digital
data created over the
next five years will be
greater than twice the
amount of data created
since the advent of digital
storage.”
- Dave Reinsel, senior
vice president, IDC's
Global DataSphere.
Understanding, Managing, and Protecting that Data is Critical to your Business
4. Damage From a Breach
Legal/Regulatory
Penalties
Loss of Trust/Brand
Damage
Loss of Intellectual
Property
5. The bottom line…
*Reference: 2022 COST OF INSIDER
THREATS GLOBAL REPORT by
Ponemon Institute
$484,93
1
$648,06
2
$804,99
7
Employee /
Contractor
Criminal /
Malicious
Insider
Credential
Theft
Average cost per
incident based on
Threat Actor*
12%
25%
29%
34%
Percentage distribution of
incidents
Less than 31 days 31 to 61 days
61 to 91 days More than 91 days
Average:
85 days to
contain ONE
security
incident
69
19 39 57
282
96
690
571
378
2
338
132
101
681
537
76
241
137
47 68
651
Accommodation
Administrative
Agriculture
Construction
Education
Entertainment
Finance
Healthcare
Information
Management
Manufacturing
Mining
Other
Services
Professional
Public…
Real
Estate
Retail
Transportation
Utilities
Wholesale
Trade
Unknown
Reference: 2022 COST OF INSIDER
THREATS GLOBAL REPORT by
Ponemon Institute
Reference: 2022 Verizon DATA BREACH INVESTIGATION REPORT
6. Challenges
Home Hotel Airport Distributed Shared Sensitive
Web-borne and Cloud-borne
Endpoint, Network, Cloud
Data is everywhere Threats Complexities
Remote Usage
• Data is sprawling
• Sensitive data must be
identified and protected
everywhere
Most Data breaches are due
to :
• Inadvertent actions of
internal users
• Security Vulnerabilities
External actors also
introduce threats over web
and Cloud
• Lack of visibility of
sensitive data
• Lack of unified control
and management of data
from device to Cloud
• Organizations are not
fully prepared for new
data privacy laws
• Users are on the move
• Employees are working
across many locations
• Data is travelling with
employees to unsafe
locations
9. Discover, Inventory, Classify, Protect
Data in the Network Data in the Cloud
Data in the Database
Data on the Endpoints
Discover
More than 300 content types
Self-remediation scan option
On-premise and in the cloud
Classify
Manual
Automated
3rd party integrations
Protect
Create user awareness
Multiple vectors
Customizable reports
Comprehensive visibility, Unified control
10. Protect Data Wherever it Resides
Policy Orchestration
Data
Repositories
Firewall
Email & Web
Gateway
Internet
Switch
Cloud
SaaS & IaaS
Providers
Native Capabilities Partner Integration
DLP Discover
DLP Endpoint
DLP Prevent
DLP Monitor
Skyhigh
ePO
11. Trellix DLP Classification
Identify and track sensitive content
Manual
Automatic
Fingerprint
3rd Party Integrations
Allow end-users to manually classify documents
Content & Context based automatic classification
Structured / Unstructured data fingerprint
Exact Data Matching
Integrate with MIP, Titus, Bolden James
12. Trellix DLP Discover
Discover and protect sensitive data in storage locations
Inventory
Classify
Remediate
Fingerprint
Inspect content in files / DB tables to identify sensitive
content
Move and encrypt to protect sensitive content from
unauthorized locations
Scan files to generate fingerprints to be used in protection
rules
CIFS
NFS
MySQL
DB2
SQL
Oracle
SharePoint
Box
13. Trellix DLP Monitor
Safeguard vital data
Email
•Web
Network
Integrated with egress devices using SPAN or TAP
Analyze network packets for type of data and its content
Supports multiple protocols:
SMTP, IMAP, POP3, HTTP, LDAP, Telnet, FTP, IRC, SMB, SOCKS
Enable capture of every information for forensics & policy finetuning
14. Trellix DLP Endpoint
Extend Your Data Security to the Endpoint
Device Control
Protect data loss
Discover sensitive data
User Awareness
Prevent unauthorized external devices connecting to your
corporate network
Monitor & Protect sensitive data such as PCI, PII, and PHI
from multiple endpoint vectors
Discover sensitive files including OST & PST
Show user notifications providing feedback on their
actions, and request business justification when needed
15. Trellix DLP Prevent
Enforce Network Policies
Web
•Email
Prevent the movement of
sensitive data
Integrate with any commercially available email and
web gateway products using SMTP or ICAP.
Add X-RCIS Action headers to emails for gateway to
act
Web gateways get ICAP response action post
inspection
Enable capture of every information for forensics &
policy finetuning
18. Insider Threat
Negligent employees and credential thieves are the root causes of most
insider incidents
57%
51%
44%
23%
18%
4%
0% 10% 20% 30% 40% 50% 60%
Employee inadvertent or accidental
behavior
A malicious outsider stealing data by
compromising insider credentials or
accounts
Disgruntled employee manipulating the
organization’s systems, tools or
applications
Malicious insider exfiltrating sensitive
content (such as regulated data or
intellectual property)
Insider collaboration with malicious
outsider
Other
.
Manual Classification
Public
Confidential
Partner
Real-time Feedback
Enter Justification
My manager
approved this
transmission
This content is not
sensitive
Sorry, I didn’t
know
Self Remediation
Scan Details
Scan Name: Local File System
Scan Date: 15-Jul-2016 18:04:53
Files Scanned: 31
Files Monitored: 31
Files Quarantined: 2
Trellix allows administrators to coach and monitor
end-user Behavior
Reference: 2022 COST OF INSIDER THREATS GLOBAL
REPORT by Ponemon Institute
19. Data Privacy
Legislation in 120 countries to secure data and privacy.
PII
GDPR
PCI
SOX
And more…
In-built definitions and rules for quicker visibility and control
Fingerprinting ensure accurate detection of data
Detect sensitive text hidden in scanned images, forms,
screenshots and embedded graphics
Discover and monitor across multiple data loss vectors
Unified console for management, dashboard and reporting
20. Egress
100100001001001111000111
Forensics Capabilities
Forensic and learning ability
Violations Database
• Pre-set Policies
• Dashboard reports
• Distributed notification of
violations and reports
Traditional Vendor
• False negatives destroyed
• Cannot LEARN and adjust policies
• Assumes you know what to protect
Trellix Capture Database
• Everything captured
• “Information gap” solved
• Ability to LEARN from the past
DLP Policies
PCI
HIPAA
Intellectual Properties
Acceptable Use
• Mine data with Google-like search
capabilities
• Forensic search of historical data
• Bonus = Help catch theft of critical
data
Internet
All Matches
21. SecOps Use cases
Data Forensics
Trellix DLP Capture database ingests events about every data transfer
across the network providing forensic ability
Data Context
With sensitive data classified and identified across multiple egress
points, provides the data that is at most risk
User Context
Every user action monitored and logged with source and destination
information of sensitive data transfer, identify user risk
Application Risk
DLP endpoint integrated with Trellix Threat Intelligence Exchange
(TIE), can stop malicious applications accessing sensitive data
Number of records lost in the Notes…
https://techcrunch.com/2022/07/06/marriott-breach-again/
https://www.theregister.com/2022/06/28/amd-ransomhouse-data-extortion/
https://www.crn.com/news/security/the-10-biggest-data-breaches-of-2022-so-far-/2
Consider all the data loss vectors from endpoint to network and to cloud.
One of the most unique features and differentiators McAfee offers when it comes to Network Data Protection is the Capture Technology. It gives you visibility into network traffic and allows you to save this information in a very efficient manner, and later allows you to conduct data analytics.
For other traditional DLP vendors, only a flagged violation is logged, everything else is destroyed. Our capture technology can help you leverage your own historical data to implement a much faster, efficient deployment.
Stop guessing - build effective polices with confidence without having to wait for weeks to verify efficacy.
The Capture database helps you see the patterns of real-world data use in your organization. You can test policies against this real-world use before they go into production.
This ability to test in advance means you get policy right the first time, without months of trial & error and all the business disruption that can cause.
Another benefit is that it offers forensic capabilities. For example: the capture technology kept a record of data even when it didn’t trigger a violation. Later, something was leaked; but since you kept a record, you are now able to go back and look at what was leaked. This is like a digital recorder replay; you can do an investigation if you need to and take proper follow up action.