Published on

Vontu and RSA mix

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • <number>May 22, 2009- Confidential -<number>
  • <number>May 22, 2009- Confidential -<number>
  • <number>May 22, 2009- Confidential -<number>
  • <number>May 22, 2009- Confidential -<number>
  • <number>
  • <number>
  • <number>
  • DLP

    1. 1. Agenda IP and DLP Management and the Data Security System Information Risk Agenda 1
    2. 2. Why DLP…because sensitive information is always moving and transforming Endpoint Network Apps/DB FS/CMS Storage Internal Employees LAN Enterprise Production Applications Database File Server Disk Backup Arrays Tape WAN Remote Employees Business Disk Backup Replica File Server System Analytics Arrays WWW Disk Backup Arrays Disk Outsourced Staging Dev. Partners 2 Endpoint Network Apps/DB 2 FS/CMS Storage
    3. 3. Growing Costs without Results Endpoint Network Apps/DB FS/CMS Storage Cost Breach Remediation Regulatory Fines  More sensitive information Compliance Efforts Brand Erosion  More sharing Customer Churn  More credentialed users  More markets for stolen data  More sophisticated threats  More regulations  More complex environments 3 Endpoint Network Apps/DB 3 FS/CMS Storage
    4. 4. Sensitive Information High Impact Medium Impact Low Impact Endpoint Network Apps/DB FS/CMS Storage Transformed Transformed App Data Tape backup LAN data e-mailed data on FS Internal Transformed Employees data on Production Enterprise endpoints Database Applications File Server Disk Backup Arrays Tape Data in transit WAN over WAN Transformed Data Removable and on eRoom or Database Data printed media SharePoint sites Business Disk Backup Replica File Server Analytics Arrays System Data sent/stored on public WWW Remote infrastructure Employees Collaboration & Disk Backup Replicated DB Content Mgmt IP shared with ArraysData stored onDisk for DR, bulk Data in CMS Systems partner disk analysis Outsourced Staging Dev. Partners 4 Endpoint Network Apps/DB 4 FS/CMS Storage
    5. 5. Why DLP – Case Study  Global retailer announces security breach, Jan. 2007  Brand Impact  Page 1 news: the most widely publicized breach ever  Millions of customers affected, globally  Major customer inconvenience e.g. Registry of Motor Vehicle phone lines crash with customers rushing to remove Social Security Numbers from Drivers Licenses  Customer Alert becomes “permanent” real estate on web landing page  Earnings Impact  Company records $196m charge for compromised customer cardholder records  Discloses additional $21m charge to be recorded in 2009  Litigation  27 Putative Class Action lawsuits filed in over a dozen different jurisdictions  Litigants include cardholders, card issuers, merchants and pension funds 5
    6. 6. What is Data Loss Prevention ?  Technology to Identify the important or business sensitive information  Determine the IP  Identify the Critical Information stores  Monitor the flow of Information  Prevent the loss or unauthorized use of data 6
    7. 7. Data Security: Apply Policy Based on Drivers Revenue Growth Cost Reduction Customer Retention Business Continuity Compliance Sensitive Information Classification High Biz Medium Biz Low Biz Impact Impact Impact Classification Policy: Description of sensitive data Policy Usage Policy: Appropriate handling in different contexts Security Incidents Endpoint Network Apps/DB 7 FS/CMS Storage
    8. 8. DLP Phases Endpoint Network Apps/DB FS/CMS Storage Policy & Strategy Assessment Services Security Architecture Services Security Program & Policy Development Services Discover & Monitor Risk Advisor Services Policy Data Loss Prevention Suite – Discover Modules Enforce Data Loss Prevention Suite – Enforcement Modules EMC IRM Suite Encryption Suite Report & Audit RSA enVision + DSS Audit Modules 8 8
    9. 9. DLP Product Suite DLP Datacenter E Discover and Discover and Remediate data at rest in the Datacenter N Remediate T E R P R DLP Network Monitor Monitor sensitive data in motion as it leaves the Network I S E Enforce Enforce sensitive data in motion as it leaves the Network M A N A DLP Endpoint G Discover Discover sensitive data at rest on corporate endpoints including laptops E R Enforce Enforce sensitive data in use on corporate endpoints including laptops 9
    10. 10. DLP Datacenter  Discovery Use Cases  Discover and remediate sensitive data and help put into categories based on content and context  Segment High, Medium, Low Impact  Remediate sensitive data by deleting, quarantining, or moving  Highlight areas in need of additional enforcement  Encryption  Access Control solutions  eDRM enforcement products  Prove no sensitive data existed prior to a 10
    11. 11. Datacenter – Two Approaches 11
    12. 12. DLP Network – Monitor and Enforce  DLP Network Use Cases  Passively monitor data leaving the network to understand IT process improvement areas and identify key risk areas  Pass regulatory audits by proving sensitive information is being blocked and or encrypted as it leaves the network  Protect Intellectual Property or Strategy and operations data from leaving the network 12
    13. 13. DLP Network - Distributed Network Approach 13
    14. 14. DLP Endpoint - Enforce DLP Endpoint - Enforce Use Cases • Protect sensitive data on endpoints from being copied, printed, or saved to a unsecure file system or off to a mobile device 14 14
    15. 15. Discovery Technical Deployment Specs Grid Worker / Agent 32 BIT OS 64 BIT OS Windows  End point Agent Support 2000/ Windows XP/ Windows Windows 2003 Windows Vista 2003/ Windows Vista Windows Y N N 2000 32 BIT OS Enterprise or Site Windows Y N N Coordinator 2003 Windows 64 BIT OS Y Y Y* 2003 15
    16. 16. Strategy---Vendor Selection  Define the requirements  Evaluating vendors against requirements  Vendor Presentations  Proof Of Concept against the self evaluated ratings  Product Check  Customer references 16
    17. 17. Gartner Magic Quadrant 17
    18. 18. Project Schedule  July 08  Discussion on the Project Need  Understanding the solution  Define the requirement for risk assessment  Define the DLP requirement criteria’s  August 08  Discussion with Vendors  Securing the Budget?  September – December 08  POC  Q2-09  Starting the Phase I 18
    19. 19. Security Posture  Security Event Monitoring in Bad Shape  Sensitive information flowing across egress and ingress points  Phishing and malware Attacks  Internal and external threats  Security Framework 19
    20. 20. Security Framework Event Correlation ISO 27001 HIPS NAC DLP 20
    21. 21. Roadmap Framework  Define the Security Framework  ISO 27001  Identify and prevent against external threats  Monitoring tools  Protection from Phishing and Malware attacks  HIPS  Prevention from Internal threats  NAC  Protect IP  DLP 21
    22. 22. Technology Roadmap  Monitoring  Event Aggregation  Event Correlation  HIPS  End Point Security  Buffer Over flow and DOS attacks  Behavior based analyses  NAC  Security Posture Checking  Pilot for Vendor Network  DLP  Risk Analysis  Identify and control the Sensitive information  Protecting IP 22