dlp trellix

1. Sreeharsha Raghavendra
Product Manager
Ravi Soni
Product Manager
Rob Ayoub, CISSP
Product Marketing Manager
Lock Down
Your Data, Not
Your Business
Trellix Data Protection

2. 6.7 ZB Data Created in 2020
More Data Gives Your
Organization a
Competitive Advantage
“The amount of digital
data created over the
next five years will be
greater than twice the
amount of data created
since the advent of digital
storage.”
- Dave Reinsel, senior
vice president, IDC's
Global DataSphere.
Understanding, Managing, and Protecting that Data is Critical to your Business

3. A Sampling of Breaches…

4. Damage From a Breach
Legal/Regulatory
Penalties
Loss of Trust/Brand
Damage
Loss of Intellectual
Property

5. The bottom line…
*Reference: 2022 COST OF INSIDER
THREATS GLOBAL REPORT by
Ponemon Institute
$484,93
1
$648,06
2
$804,99
7
Employee /
Contractor
Criminal /
Malicious
Insider
Credential
Theft
Average cost per
incident based on
Threat Actor*
12%
25%
29%
34%
Percentage distribution of
incidents
Less than 31 days 31 to 61 days
61 to 91 days More than 91 days
Average:
85 days to
contain ONE
security
incident
69
19 39 57
282
96
690
571
378
2
338
132
101
681
537
76
241
137
47 68
651
Accommodation
Administrative
Agriculture
Construction
Education
Entertainment
Finance
Healthcare
Information
Management
Manufacturing
Mining
Other
Services
Professional
Public…
Real
Estate
Retail
Transportation
Utilities
Wholesale
Trade
Unknown
Reference: 2022 COST OF INSIDER
THREATS GLOBAL REPORT by
Ponemon Institute
Reference: 2022 Verizon DATA BREACH INVESTIGATION REPORT

6. Challenges
Home Hotel Airport Distributed Shared Sensitive
Web-borne and Cloud-borne
Endpoint, Network, Cloud
Data is everywhere Threats Complexities
Remote Usage
• Data is sprawling
• Sensitive data must be
identified and protected
everywhere
Most Data breaches are due
to :
• Inadvertent actions of
internal users
• Security Vulnerabilities
External actors also
introduce threats over web
and Cloud
• Lack of visibility of
sensitive data
• Lack of unified control
and management of data
from device to Cloud
• Organizations are not
fully prepared for new
data privacy laws
• Users are on the move
• Employees are working
across many locations
• Data is travelling with
employees to unsafe
locations

7. The Trellix DLP Framework

8. The Trellix
DLP
Framework
Classify
Discover &
Monitor
User
Awareness
Enforce
Controls
Incident
Management

9. Discover, Inventory, Classify, Protect
Data in the Network Data in the Cloud
Data in the Database
Data on the Endpoints
Discover
 More than 300 content types
 Self-remediation scan option
 On-premise and in the cloud
Classify
 Manual
 Automated
 3rd party integrations
Protect
 Create user awareness
 Multiple vectors
 Customizable reports
Comprehensive visibility, Unified control

10. Protect Data Wherever it Resides
Policy Orchestration
Data
Repositories
Firewall
Email & Web
Gateway
Internet
Switch
Cloud
SaaS & IaaS
Providers
Native Capabilities Partner Integration
DLP Discover
DLP Endpoint
DLP Prevent
DLP Monitor
Skyhigh
ePO

11. Trellix DLP Classification
Identify and track sensitive content
Manual
Automatic
Fingerprint
3rd Party Integrations
Allow end-users to manually classify documents
Content & Context based automatic classification
Structured / Unstructured data fingerprint
Exact Data Matching
Integrate with MIP, Titus, Bolden James

12. Trellix DLP Discover
Discover and protect sensitive data in storage locations
Inventory
Classify
Remediate
Fingerprint
Inspect content in files / DB tables to identify sensitive
content
Move and encrypt to protect sensitive content from
unauthorized locations
Scan files to generate fingerprints to be used in protection
rules
CIFS
NFS
MySQL
DB2
SQL
Oracle
SharePoint
Box

13. Trellix DLP Monitor
Safeguard vital data
Email
•Web
Network
Integrated with egress devices using SPAN or TAP
Analyze network packets for type of data and its content
Supports multiple protocols:
SMTP, IMAP, POP3, HTTP, LDAP, Telnet, FTP, IRC, SMB, SOCKS
Enable capture of every information for forensics & policy finetuning

14. Trellix DLP Endpoint
Extend Your Data Security to the Endpoint
Device Control
Protect data loss
Discover sensitive data
User Awareness
Prevent unauthorized external devices connecting to your
corporate network
Monitor & Protect sensitive data such as PCI, PII, and PHI
from multiple endpoint vectors
Discover sensitive files including OST & PST
Show user notifications providing feedback on their
actions, and request business justification when needed

15. Trellix DLP Prevent
Enforce Network Policies
Web
•Email
Prevent the movement of
sensitive data
Integrate with any commercially available email and
web gateway products using SMTP or ICAP.
Add X-RCIS Action headers to emails for gateway to
act
Web gateways get ICAP response action post
inspection
Enable capture of every information for forensics &
policy finetuning

16. Packages
DLP
Endpoint
Complete
Data
Protection
Complete Data
Protection -
Advanced
Total
Protection
for DLP
Device Control X X X
DLP Endpoint for Windows X X X
DLP Endpoint for Mac X X X
NDLP Discover X
NDLP Monitor X
NDLP Prevent X
File & Removable Media Protection X X
Endpoint Encryption X X
Management of Native Encryption X X

17. Key Use Cases

18. Insider Threat
Negligent employees and credential thieves are the root causes of most
insider incidents
57%
51%
44%
23%
18%
4%
0% 10% 20% 30% 40% 50% 60%
Employee inadvertent or accidental
behavior
A malicious outsider stealing data by
compromising insider credentials or
accounts
Disgruntled employee manipulating the
organization’s systems, tools or
applications
Malicious insider exfiltrating sensitive
content (such as regulated data or
intellectual property)
Insider collaboration with malicious
outsider
Other
.
Manual Classification
Public
Confidential
Partner
Real-time Feedback
Enter Justification
My manager
approved this
transmission
This content is not
sensitive
Sorry, I didn’t
know
Self Remediation
Scan Details
Scan Name: Local File System
Scan Date: 15-Jul-2016 18:04:53
Files Scanned: 31
Files Monitored: 31
Files Quarantined: 2
Trellix allows administrators to coach and monitor
end-user Behavior
Reference: 2022 COST OF INSIDER THREATS GLOBAL
REPORT by Ponemon Institute

19. Data Privacy
Legislation in 120 countries to secure data and privacy.
PII
GDPR
PCI
SOX
And more…
In-built definitions and rules for quicker visibility and control
Fingerprinting ensure accurate detection of data
Detect sensitive text hidden in scanned images, forms,
screenshots and embedded graphics
Discover and monitor across multiple data loss vectors
Unified console for management, dashboard and reporting

20. Egress
100100001001001111000111
Forensics Capabilities
Forensic and learning ability
Violations Database
• Pre-set Policies
• Dashboard reports
• Distributed notification of
violations and reports
Traditional Vendor
• False negatives destroyed
• Cannot LEARN and adjust policies
• Assumes you know what to protect
Trellix Capture Database
• Everything captured
• “Information gap” solved
• Ability to LEARN from the past
DLP Policies
PCI
HIPAA
Intellectual Properties
Acceptable Use
• Mine data with Google-like search
capabilities
• Forensic search of historical data
• Bonus = Help catch theft of critical
data
Internet
All Matches

21. SecOps Use cases
Data Forensics
Trellix DLP Capture database ingests events about every data transfer
across the network providing forensic ability
Data Context
With sensitive data classified and identified across multiple egress
points, provides the data that is at most risk
User Context
Every user action monitored and logged with source and destination
information of sensitive data transfer, identify user risk
Application Risk
DLP endpoint integrated with Trellix Threat Intelligence Exchange
(TIE), can stop malicious applications accessing sensitive data

22. Trellix | Always Learning. Always Adapting.
22
Thank You!

23. Trellix | Always Learning. Always Adapting.
23
Appendix