Selecting Data Security Technology


Published on

n this Security technology workshop for IT and network security practitioners, we will teach you a three step process you can use for selecting the right data security technology for your business at the best price. In this session we’ll have a free discission of the do’s and don’ts and the pros and cons of different technologies such as agent DLP, network DLP and DRM.

  • Be the first to comment

  • Be the first to like this

Selecting Data Security Technology

  1. 1. Selecting Data security Technology Licensed under the Creative Commons Attribution License Danny Lieberman     
  2. 2. Agenda • Introduction and welcome • What is data security? • Defining the problem • Select by threat • Building threat cases • Three threat cases • Data security taxonomy • Selection process    
  3. 3. Introduction • Our mission today – Tools to help make your work easier – Share ideas    
  4. 4. What the heck is data security? • Security – Ensure we can survive & add value • Physical, information, systems, people • Data security – Protect data directly in all realms    
  5. 5. Defining the problem • You can't improve what you can't measure(*) – Little or no monitoring of data flows • Perimeter protection, access control – Firewall/IPS/AV/Content/AD – Disconnect between HR, IT     Lord Kelvin (*) 
  6. 6. We're not in Transylvania anymore • Threat scenario circa 1993 – Bad guys outside – Lots of proprietary protocols • Threat scenario circa 2009 – Bad guys inside – Everything runs on HTTP – Vendors decide threats    
  7. 7. Model of a crime • Means – Access rights • Opportunity – With rights, insider can exploit vulnerabilities in people, systems • Intent – Uncontrollable Enterprise integration Discovery Regulators Gartner    
  8. 8. Building a threat case Value at Risk Metrics =Threat Damage to  Asset value,  Asset x Asset Value x  Threat damage to asset, Threat Probability Threat probability      (*)PTA ­Practical threat analysis risk model
  9. 9. M&A threat case Asset has value, fixed over time or variable Plans to privatize, sell 50% of equity Threat exploits vulnerabilities & damages assets.  IT staff read emails and files of management board Employee leaks plans to press Buyer  sues for breach of contract. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & IT staff  Prevent leakage of have access management board documents to mail/file servers on all channels.    
  10. 10. Service provider threat case Asset has value, fixed over time or variable Internal pricing of service packages Threat exploits vulnerabilities & damages assets. Outsourcing DBA has SQL access to pricing schema. Competitor gets pricing  and undercuts company.  Company loses reputation and revenue. Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Monitor abuse of privilege & Outsource DBA  Prevent internal data leakage may gain access on Oracle database. during end of month close    
  11. 11. Media threat case – Israeli Trojan Asset has value, fixed over time or variable New product marketing campaign Threat exploits vulnerabilities & damages assets. Competitors distributed custom attack on a CDROM Got terms of new product undercut company.  Company loses revenue ­ > $20M Vulnerability is a state of  Countermeasure has a cost weakness mitigated by a fixed over time or recurring. countermeasure. Employees  Prevent leakage of data may take a CDROM to unauthorized channels and insert it in their PC    
  12. 12. Data security taxonomy Management Provisioning Events Reporting Policies Data Document Forensics Warehouse Server Detection point Interception Received: from  Session []  (­80­230­224­  Decoders Message  ID:<437C5FDE.9080> Policies “Send me more Countermeasures files today.    
  13. 13. Selecting a data security technology • Prove 2 hypotheses: – Data loss is currently happening. – A cost effective solution exists that reduces risk to acceptable levels.    
  14. 14. H1: Data loss is happening • What data types and volumes of data leave the network? • Who is sending sensitive information out of the company? • Where is the data going? • What network protocols have the most events? • What are the current violations of company AUP?    
  15. 15. H2: A cost-effective solution exists • What keeps you awake at night? • Value of information assets on PCs, servers & mobile devices? • What is the value at risk? • Are security controls supporting the information behavior you want  (sensitive assets stay inside, public assets flow freely, controlled  assets flow quickly) • How much do your current security controls cost? • How do you compare with other companies in your industry? • How would risk change if you added, modified or dropped security  controls?    
  16. 16. Match technology to threat case Threat case Agent DLP Network DLP DRM The Israeli Install agent on every PC Install appliance at gateway None  Trojan Intercept Win32 calls Intercept Layer 2 traffic Content, context and Content, channel and      organizational policy organizational policy Monitor, block,  prompt Monitor, block, quarantine Execute policy even  Execute policy for endpoints when PC is off network on network    
  17. 17. Coming attractions • Sep 17: Selling data security technology • Sep 24: Write a 2 page procedure • Oct 1: Home(land) security • Oct 8: SME data security     
  18. 18. Learn more • Presentation materials and resources