Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DLP - Network Security Conference_ Ramsés Gallego

2,043 views

Published on

Published in: Technology
  • Be the first to comment

DLP - Network Security Conference_ Ramsés Gallego

  1. 1. DLP: Concepts and Solutions Ramsés Gallego CISM, CGEIT, CISSP, SCPM, ITIL, Six Sigma Black Belt Certified General Manager Entel Security & Risk Management rgallego@entel.es © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  2. 2. Agenda • The problem: Data is lost or stolen everyday! • Securing Data requires different thinking: new challenges • The DLP ‘ecosystem’ • Steps for implementing a DLP solution • Summary © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  3. 3. The problem Explosive Growth Public Embarrassment Escalating Privacy of Mobile Devices and Disclosure Cost Regulations USB Memory Sold Sticks Units BlackBerry SmartPhone + Palm/Treo PocketPC Laptops Desktops 1995 2000 2005 2010 Data Protection: #1 CISO Priority Today 2007 CISO Survey © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  4. 4. Increasing Risk of Information Theft • 19 people a minute become new victims of identity theft due to data breaches1 • During a 3-year period, over 217 million Americans were victims of identity theft or exposure2 • Each data breach costs an average of 4,3 million Euros3 • A typical Fortune 1000 company can’t locate 2% of their PC’s4 • A typical Fortune 1000 financial institution loses 1 laptop a day5 1. Identity Theft Resource Center, 2007 2. 2007 Ponmon Institute Cost of Data Breach study 3., 4., 5. www.privacyrights.org © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  5. 5. And it does happen… BREAKING NEWS! Boeing Breach quot;Police reported findin g a thumb drive that w as connected to his co cord that ran along the mputer terminal via a back of the terminal to USB the storage device tha drawerquot; in his desk.” 7 t was quot;hidden in a /11/07. Fidelity NIS Theft quot;To avoid detection, th e administrator appea rs to have downloaded device rather than tran the data to a storage smit it electronically.quot; 7 /03/07. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  6. 6. Understanding the Risk The Market Value of Sensitive Data 980€-4.900€ 147€ Trojan to steal account Birth certificate information 98€ 490€ Social Security card Credit Card Number with PIN 6€-24€ 78-294€ Credit card number Billing data 6€ 147€ PayPal account Driver's license logon and password © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  7. 7. Increasing Need for Mobile Access to Data Explosive Growth in Mobile Devices USB Sold Memory • Information and data moving out of Sticks Units corporate ‘perimeter’ BlackBerry • Storage capacity grows as devices SmartPhone become smaller Palm/Treo • Advances in mobile device PocketPC technology will continue to produce Laptops new and more powerful devices Desktops 1995 2000 2005 2010 © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  8. 8. Increasing Regulatory Pressure 2008 US Government • Growing in number and OMG Initiative US Senate Bill 1350 (USA) Proposed complexity (USA) Data Protection Act (Japan) California SB 1386 • Public disclosure is (USA) Sarbanes- Oxley required in the event of (USA) Government Network Security Act data loss (USA) Gramm-Leach-Bliley (USA) • Intellectual property loss Data Protection Act (UK) HIPAA and theft is also a (USA) GISRA concern (USA) Directive on Protection of Personal Data (EU) Datenschutz (Germany) 1996 © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  9. 9. The Major Endpoint Threats 1 Physical loss or theft of laptops and 2 mobile devices Unauthorized transfer of data to external devices 7 Unintentional distribution via e-mail, web, etc. 3 Privileged users breach the data 4 User applications 6 Information hacked 5 escapes via print, Trojans/key CD-ROM, DVD, etc. loggers/malware © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  10. 10. The Major Endpoint Threats © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  11. 11. The Major Endpoint Threats “I’ve seen organizations spend hundreds of millions of dollars on security safeguards that were penetrated by a knowledgeable person with a handheld device.” Bill Boni CSO, Motorola © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  12. 12. Today’s Security Solution Gap Anti-virus • Most “information security” products don’t actually “secure information” Change/Patch Authentication Management –They are designed to protect networks and Threat VPN Detection servers Anti-virus –They do little to protect the confidentiality LAN Clients and integrity of information Web Filtering Anti-spyware Servers • Information is in constant motion — Firewall making it difficult to be locked down © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  13. 13. Current Approaches to Security Do Not Protect the Most Valuable Asset: Data System-centric view of data protection: Protect the perimeter, one system at a time User Authentication Sensitive Data Access Control © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  14. 14. Data Protection Requires Different Thinking Data is not static, so security cannot be static – it must persist with the data itself. This is Data-Centric Protection. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  15. 15. Data Protection Requires Different Thinking Data is not static, so security cannot be static – it must persist with the data itself. This is Data-Centric Protection. Encryption Strong Authentication Data Loss Prevention Device Control © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  16. 16. Throwing Point Tools at the Problem Doesn’t Work! Non-security staff must manage a myriad of point High Management security systems. Compounds with changes in Cost personnel and systems No Alignment You are unable to align needs with security policy requirements to Policy Life Cycle Managing the lifecycle of security rules becomes overly complex, increasing infrastructure vulnerability Vulnerabilities Broken Business Businesses processes break as systems go their own way on security Processes Lack of centralized monitoring and auditing opens Data Loss Risk vulnerabilities that could lead to data loss © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  17. 17. Data Protection Requires Different Thinking Easy to Lose Easy to Transfer Enticing to Steal $147 $490 $98 $147 ® Bluetooth Cybercrime “Black Market” Value Data must be protected regardless of: Location Access Usage Device © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  18. 18. The Solution: Holistic Data Protection Device Control Data Loss Protection/ Leak Prevent unauthorized use of Prevention removable media devices Full control and absolute visibility over user behavior Data Loss Device Control Protection/ Data Leak Integrated technologies for a Prevention total data protection solution. Encrypted USB Encryption Encrypted USB Endpoint Encryption Secure, portable external storage Full-disk, mobile device, and file and devices folder encryption coupled with strong authentication © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  19. 19. The Solution: Holistic Data Protection Device Control Data Loss Protection/ Leak Prevent unauthorized use of Prevention removable media devices Full control and absolute visibility over user behavior Data Loss Device Control Protection/ Data Leak Integrated technologies for a Prevention total data protection solution. Holistic Data Protection Encrypted USB Encryption Encrypted USB Endpoint Encryption Secure, portable external storage Full-disk, mobile device, and file and devices folder encryption coupled with strong authentication © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  20. 20. Methodology for DLP Too many vendors, too many use cases, too overwhelming There has to be a guided, phased deployment path to complete data protection Block Monitor & Encrypt Multilayer Encrypt mobile unauthorized Secure All Laptops Protection data devices Channels ® Increasing Protection and Compliance © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  21. 21. Endpoint Encryption What is needed •Encryption for laptops, desktops, and mobile devices with the flexibility to choose full-disk or file/folder encryption •Confidence in integrity of sensitive data when a device is lost or stolen •Safe Harbor protection (i.e. Loss of encrypted data = non-event and does not require public disclosure) What technology offers •Broad support for laptops, desktops, and mobile devices •Full audit-trails for compliance & auditing needs •Support for multiple strong authentication methods •Certifications: FIPS 140-2, Common Criteria Level 4 (highest level for software products), BITS, CSIA, etc. © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  22. 22. Endpoint Encryption Full-Disk Encryption .XLS .APPS .DOC Files/Apps Files are in full text and fully viewable by the 1 authorized user(s) and application(s) 1 Lorem ipsum dolor sit amet Lorem ipsum dolor sit amet Files are Sectors are 2 Operating translated into assembled into 2 System sectors files 3 Encrypted Sectors are Encryption sectors are encrypted in 3 Driver decrypted in memory memory #$$%%#%%&& #$$%%#%%&& 4 Sectors are Sectors are stored in hard read from hard Hard Disk 4 disk disk © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  23. 23. Endpoint Encryption Full-Disk Encryption Boot Records Highly Sensitive Files User Data Operating System Files MBR PBR Data System (PW Swap etc.) Files Encryption System Files MBR PBR Operating Data (PW Swap etc.) System Whole Disk Encryption Full Encryption Master Mandatory Modified System Files Operating Data Boot Access Partition (PW Swap etc.) System Record Control Boot Record © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  24. 24. Endpoint Encryption Full-Disk Encryption Boot Records Highly Sensitive Files User Data Operating System Files MBR PBR Data System (PW Swap etc.) Open Information Secured Information Files Encryption System Files MBR PBR Operating Data (PW Swap etc.) System Whole Disk Encryption Full Encryption Master Mandatory Modified System Files Operating Data Boot Access Partition (PW Swap etc.) System Record Control Boot Record © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  25. 25. Endpoint Encryption File and Folder Encryption 1 2 • Define policies more granularly than with full- Corporate disk encryption Directory Administrator • Full Windows Explorer integration 3 • Automatic encryption and decryption with no 4 performance loss, transparent to users Client Client Client Computer Computer Computer • Protect files and folders on desktops, laptops and servers 5 Terminal File Server Server © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  26. 26. Endpoint Encryption Mobile Device Encryption • Protect corporate data assets as users go mobile • Creates encrypted, protected space on mobile devices to protect sensitive data • Supports multiple strong authentication methods • Renders data on mobile devices in the event of data loss or theft • Encryption policies on mobile devices all centrally managed © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  27. 27. DLP What is needed Printer • To prevent users from accidentally or maliciously leaking sensitive data Peer-to- • Full visibility and control over usage & movement of Peer confidential data USB email • To enable the infrastructure and data to protect itself Copy-and- paste What technology offers CONFIDENTIAL DATA IM Hello, how • Protection against accidental leakage via everyday are you? user tasks • Complete spectrum of actionable responses upon https: detecting loss of confidential data such as ftp – Detailed logging & forensic evidence gathering – Real-time prevention & blocking – User and administrator notification – Quarantine of confidential data Wi-Fi © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  28. 28. Data Loss Prevention Classify confidential data Build content-based, reaction rules Monitor sensitive data transfer By location Prevent confidential data from leaving the enterprise By content Notify administrator and end users By file type Quarantine confidential data By fingerprint Enforce encryption © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  29. 29. Device Control What is needed • To monitor and allow only authorized devices to connect to endpoint • Restriction and blocking capabilities of the use of unauthorized devices such as iPods • Enforcement control over what data can be copied onto authorized devices What technology offers ® Fine-grained control of data and devices – Only allow company-authorized devices – Enforce control over what data can be copied to devices • Policies per user, group or department, i.e. allow CEO to connect any device while other employees can only connect sub-set of devices FireWire • Detailed user and device-level logging for auditing and compliance needs © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  30. 30. Device Control Centralised Management • Part of DLP technology Console • Complete content-aware, and context- Device and Policies aware device-blocking capability Data Events • Regulate how users copy data to external devices • Increase productivity and the ability to Serial/Parallel Other safely use any USB devices as part of daily work activities • Ensure control of all external devices CD/DVD WI/IRDA FireWire Bluetooth USB © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  31. 31. Encrypted USB What is needed • Secure external storage media for your power users • Ability to ensure sensitive data transported via external media is continuously protected What technology offers • A range of secure portable storage devices • Strong Access Control and Encryption • Centralized Management • Internal and External Compliance Support © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  32. 32. Encrypted USB • Deploy easily on an enterprise-wide scale • Easily deploy and track devices through a single console • Streamline workflow to save time and money • Leverage Active Directory to match users and devices • Encrypt data ‘on-the-fly’ • Enable secure data portability © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  33. 33. The educational dimension The legitimate access to information DOES NOT GRANT the right to take it out of the company © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  34. 34. The educational dimension The legitimate access to information DOES NOT GRANT the right to take it out of the company • Classical approach to security: Access Control (Pre-Admisssion) • Non-authorized data transmission: Data Loss Prevention (Pre and Post–Admission) © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  35. 35. Format handling Structure handling Data handling Hidden data Dataflow Copy-and-paste Hidden files © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  36. 36. Format handling Structure handling Data handling Hidden data Dataflow Copy-and-paste Hidden files © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  37. 37. Format handling Structure handling Data handling Hidden data Dataflow Copy-and-paste Hidden files © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  38. 38. Endpoint protection architecture overview © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  39. 39. Now we can know Who What Where How FTP Human Resources Source Code Benefits Provider HTTP Customer Service Business Plans Spyware Site IM Marketing Customer Records Business Partner P2P Finance M&A Plans Blog SMTP Accounting Patient Information Customer Network Printing Sales Financial Statements Financial Chat Board Legal Employee Information North Korea Technical Support Technical Documentation Competitor Engineering Competitive Information Analyst © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  40. 40. Now we can know Who What Where How FTP Human Resources Source Code Benefits Provider HTTP Customer Service Business Plans Spyware Site IM Marketing Customer Records Business Partner P2P Finance M&A Plans Blog SMTP Accounting Patient Information Customer Network Printing Sales Financial Statements Financial Chat Board Legal Employee Information North Korea Technical Support Technical Documentation Competitor Engineering Competitive Information Analyst © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  41. 41. Now we can know Who What Where How FTP Human Resources Source Code Benefits Provider HTTP Customer Service Business Plans Spyware Site IM Marketing Customer Records Business Partner P2P Finance M&A Plans Blog SMTP Accounting Patient Information Customer Network Printing Sales Financial Statements Financial Chat Board Legal Employee Information North Korea Technical Support Technical Documentation Competitor Engineering Competitive Information Analyst © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  42. 42. Summary © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  43. 43. Summary 1. There is increasing regulatory pressure to protect data © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  44. 44. Summary 1. There is increasing regulatory pressure to protect data 2. Insiders are the biggest threat to your data – and they are increasingly more mobile © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  45. 45. Summary 1. There is increasing regulatory pressure to protect data 2. Insiders are the biggest threat to your data – and they are increasingly more mobile 3. A breach, no matter how big or how small, puts businesses at risk © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  46. 46. Summary 1. There is increasing regulatory pressure to protect data 2. Insiders are the biggest threat to your data – and they are increasingly more mobile 3. A breach, no matter how big or how small, puts businesses at risk 4. How many communication vectors is the company protecting? © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  47. 47. Summary 1. There is increasing regulatory pressure to protect data 2. Insiders are the biggest threat to your data – and they are increasingly more mobile 3. A breach, no matter how big or how small, puts businesses at risk 4. How many communication vectors is the company protecting? 5. Traditional approaches to data security won’t work – data-centric security that enables your data and infrastructure to protect itself is needed © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  48. 48. Summary 1. There is increasing regulatory pressure to protect data 2. Insiders are the biggest threat to your data – and they are increasingly more mobile 3. A breach, no matter how big or how small, puts businesses at risk 4. How many communication vectors is the company protecting? 5. Traditional approaches to data security won’t work – data-centric security that enables your data and infrastructure to protect itself is needed 6. Continuing to use point tools to solve the problem creates inconsistencies in enforcement, can break business processes and increase operational costs © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  49. 49. Summary 1. There is increasing regulatory pressure to protect data 2. Insiders are the biggest threat to your data – and they are increasingly more mobile 3. A breach, no matter how big or how small, puts businesses at risk 4. How many communication vectors is the company protecting? 5. Traditional approaches to data security won’t work – data-centric security that enables your data and infrastructure to protect itself is needed 6. Continuing to use point tools to solve the problem creates inconsistencies in enforcement, can break business processes and increase operational costs 7. First, processes, then, tools. There is technology around which provides the comprehensive solution needed to address the risks to corporate data © 2008 ISACA. All rights reserved Wednesday, March 25, 2009
  50. 50. THANK YOU DLP: Concepts and Solutions Ramsés Gallego CISM, CGEIT, CISSP, SCPM, ITIL, Six Sigma Black Belt Certified General Manager Entel Security & Risk Management rgallego@entel.es © 2008 ISACA. All rights reserved Wednesday, March 25, 2009

×