SlideShare a Scribd company logo

Data Leakage Prevention (DLP)

Haris Tahir
Haris Tahir

Justifying DLP

Presentations & Public Speaking
1 of 18
Download to read offline
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter. https://shaolininteger.blogspot.com haris@mycert.org https://www.linkedin.com/in/shaolinint @shaolinint HarisTahir@ Slash The Underground in DATA LEAKAGE PREVENTION
¤ Challenges and Threat Landscape ¤ Why Data Breaches Happen ¤ Data Leakage Prevention Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses CHALLENGES AND THREAT LANDSCAPE 4 Challenges and Threat Landscape Evolution efficiency and effectiveness Problems ² Modern attacks have moved up on the architectural layer, there are content based. ² Criminals have started to leverage online marketing as a tool to promote and sell their services on the black market. ² Modern malicious software (malware) is stealth and getting better, smarter, faster and stronger. ² The growing popularity of the “Internet of Things” makes the threat landscape a moving target. ² Abundant resources, data collection and mining unable to process millions or billions of data daily Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses CHALLENGES AND THREAT LANDSCAPE 5 Data Breach Investigation Report past data breaches Epsilon $4B, names/email Saudi Aramco 30,000+ PCs infected Adobe $152M (IDs, pwd, data) Target $110M affected and CEO/CIO gone 2011 2012 2013 2014 eBay $145M credentials Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses CHALLENGES AND THREAT LANDSCAPE 6 Data Breach Investigation Report impact on industries ² IP: 70% of value of public companies ² Annual losses: estimated over $300B ² China: +$107B sales and +2.1M jobs ² 2013: 856 reported breaches ² Q1 2014: 98.3% of data exposed ² 37%: Breaches affected the sector ² 43%: ITRC account of breaches ² 2013: 8.8M records stolen ² 1.8M: Victims of Identity Theft Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses CHALLENGES AND THREAT LANDSCAPE 7 Data Breach Investigation Report transition from geopolitical to large-scale attacks ² 95 countries ² 64,347 confirmed security incidents ² 1,367 confirmed data breaches ² Others reports: Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses Meet Your Whistleblower threat actors is about people WHY DATA BREACHES HAPPEN 9 59% of threat actors leave the organization with sensitive data Criminals Hacktivist Insiders Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses WHY DATA BREACHES HAPPEN 10 Knowledge is Power enough time and equipped with offensive security tools Threat actors spend most of their time understanding the target environment, operations and information system, and preparing attacking platform before the actual execution. Define mission 1 2 3 Information gathering Scoping 4 Scanning 5 Simulation 6 Execution 7 Exploit development 8 Rootkit and C2 cultivation Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses DATA LEAKAGE PREVENTION 12 Defense-in-Depth think about people, process and technology Defense-in-Depth is an Information Assurance (IA) concept to defend a system against attacks by placing multiple layers of security controls throughout an information technology system. Data in use Data in transit Data at rest Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses DATA LEAKAGE PREVENTION 13 Critical Path decision should be based on acceptable risk treatment plan “In preparing for battle I have always found that plans are useless, but planning is indispensable.” ~Dwight D. Eisenhower 1 2 3 4 5 RA Results People Process Technology What is the mission Who are the What is the gap Minimal disruption statement and resources required analysis results? with greatest business objective? to execute the plan? coverage Leverage Utilize others for what they know You are about to invest a substantial amount of the company's money, time and resources. Consult with research analysts such as Forrester or Gartner and gain a basic to intermediate understanding of the industry, the vendors and solutions available, and their particular strengths and weaknesses. DLP is solving different problem space to ensure data confidentiality. Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses DLP Technology four simple explanation DATA LEAKAGE PREVENTION 14 DLP is about preserving organization sensitive information from unauthorized access DLP means different things to different people þ data loss prevention þ data loss protection þ data leakage prevention 3 1 2 4 DLP technology is content aware Driven by significant insider threats and by rigorous privacy laws Use rules to examine file content and classification tag Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses Key DLP Questions what kind of animal is this? DATA LEAKAGE PREVENTION 15 It’s about governance and compliance, what is the business objective? What problem space? Unauthorized access of data due to an improper implementation, inadequacy of a technology, process and/or policy. What problem DLP does not solve? DLP are not designed to address data leakage issues resulting from external attacks. Do I have existing DLP protection? Surprisingly, firewalls, IDS and encryption solutions are part of overall data security strategy. Does the enterprise need DLP solution? Start with Risk Assessment and identify what are data type the enterprise processes and/or stores. FAQ Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses Preliminary Risk Assessment risk mitigated by DLP DATA LEAKAGE PREVENTION 16 The problem space is not solved comprehensively by DLP solutions! Example: an employee can still take a picture of sensitive data 1 Identifying insecure business processes 2 Accidental data disclosure by employee 3 Intentional data leakage by employee Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to the masses Benefits of DLP something to consider DATA LEAKAGE PREVENTION 17 Benefits ² Visibility – visibility to data and information that leaves the organization and exposing bad business processes. ² Compliance – Helps demonstrate compliance with privacy regulations such as Data protection Act, PDPA, PCI-DSS and HIPAA-HITECH ² Flexible security environment – Provide an alternative by allowing the organizations to say “Yes” to social media and personal email and other channels, but with ability to control the content posted to those destinations. ² Malicious activity detection – Stops malicious insiders from stealing valuable intellectual property such as product designs and financial reports. ² Employee education and awareness – Educates well-meaning employees of policy violations and prevents accidental data leaks. ² Reduce financial impact – By reducing the risk of data leaks, the financial risk to the enterprise decrease. Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
This slide can be downloaded from: http://www.slideshare.net/shaolinint Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter. https://shaolininteger.blogspot.com haris@mycert.org https://www.linkedin.com/in/shaolinint @shaolinint HarisTahir@ Slash The Underground in Thank You Q&A “no duty is more urgent than that of returning thanks”

Recommended

SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212Haris Tahir
 
Hacked Revealed: Penetration Profession
Hacked Revealed: Penetration ProfessionHacked Revealed: Penetration Profession
Hacked Revealed: Penetration ProfessionHaris Tahir
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Ariel Martin Beliera
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHaris Tahir
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Risk assessment principles and guidelines
Risk assessment principles and guidelinesRisk assessment principles and guidelines
Risk assessment principles and guidelinesHaris Tahir
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinBrian D. Brown
 

Recommended

SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212SLASH-Seminar-security awareness-v1-0-20121212
SLASH-Seminar-security awareness-v1-0-20121212Haris Tahir
 
Hacked Revealed: Penetration Profession
Hacked Revealed: Penetration ProfessionHacked Revealed: Penetration Profession
Hacked Revealed: Penetration ProfessionHaris Tahir
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Ariel Martin Beliera
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHaris Tahir
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Risk assessment principles and guidelines
Risk assessment principles and guidelinesRisk assessment principles and guidelines
Risk assessment principles and guidelinesHaris Tahir
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinBrian D. Brown
 
Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...
Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...
Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...RowdMap has joined Cotiviti
 
Draganfly - January 2021 Deck
Draganfly - January 2021 DeckDraganfly - January 2021 Deck
Draganfly - January 2021 DeckRedChip Companies, Inc.
 
The Relationship of Video, Sound, Captions, & Everything Under the Sun
The Relationship of Video, Sound, Captions, & Everything Under the SunThe Relationship of Video, Sound, Captions, & Everything Under the Sun
The Relationship of Video, Sound, Captions, & Everything Under the Sun3Play Media
 
newresume
newresumenewresume
newresumeJohn Smith
 
Oracle database 12c 2 day + php developer's guide
Oracle database 12c 2 day + php developer's guideOracle database 12c 2 day + php developer's guide
Oracle database 12c 2 day + php developer's guidebupbechanhgmail
 
Emulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceEmulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceAdam Pennington
 
Infodemic management - present and future
Infodemic management - present and futureInfodemic management - present and future
Infodemic management - present and futureTina Purnat
 
Media studeis final pre production
Media studeis final pre productionMedia studeis final pre production
Media studeis final pre production12haino
 
Micrso Strategy Advanced Guide
Micrso Strategy Advanced GuideMicrso Strategy Advanced Guide
Micrso Strategy Advanced Guidedivjeev
 
SVI Pitchbook
SVI PitchbookSVI Pitchbook
SVI PitchbookSVI2014
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWithum
 
Deepfake Technology's Emergence: Exploring Its Impact on Cybersecurity
Deepfake Technology's Emergence: Exploring Its Impact on CybersecurityDeepfake Technology's Emergence: Exploring Its Impact on Cybersecurity
Deepfake Technology's Emergence: Exploring Its Impact on CybersecurityPC Doctors NET
 
Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...
Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...
Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...RowdMap has joined Cotiviti
 
Global Human Resources Cloud Using Benefits.pdf
Global Human Resources Cloud Using Benefits.pdfGlobal Human Resources Cloud Using Benefits.pdf
Global Human Resources Cloud Using Benefits.pdfPrabhakar Subburaj
 
Oracle 11g
Oracle 11gOracle 11g
Oracle 11gKundan Kumar
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
 
Verizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott Spector
Verizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott SpectorVerizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott Spector
Verizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott SpectorScott Spector
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
Jobs in the tv radio industry
Jobs in the tv radio industryJobs in the tv radio industry
Jobs in the tv radio industryPaigeward96
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 

More Related Content

Similar to Data Leakage Prevention (DLP)

Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...
Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...
Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...RowdMap has joined Cotiviti
 
The Relationship of Video, Sound, Captions, & Everything Under the Sun
The Relationship of Video, Sound, Captions, & Everything Under the SunThe Relationship of Video, Sound, Captions, & Everything Under the Sun
The Relationship of Video, Sound, Captions, & Everything Under the Sun3Play Media
 
Oracle database 12c 2 day + php developer's guide
Oracle database 12c 2 day + php developer's guideOracle database 12c 2 day + php developer's guide
Oracle database 12c 2 day + php developer's guidebupbechanhgmail
 
Emulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceEmulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceAdam Pennington
 
Infodemic management - present and future
Infodemic management - present and futureInfodemic management - present and future
Infodemic management - present and futureTina Purnat
 
Media studeis final pre production
Media studeis final pre productionMedia studeis final pre production
Media studeis final pre production12haino
 
Micrso Strategy Advanced Guide
Micrso Strategy Advanced GuideMicrso Strategy Advanced Guide
Micrso Strategy Advanced Guidedivjeev
 
SVI Pitchbook
SVI PitchbookSVI Pitchbook
SVI PitchbookSVI2014
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWithum
 
Deepfake Technology's Emergence: Exploring Its Impact on Cybersecurity
Deepfake Technology's Emergence: Exploring Its Impact on CybersecurityDeepfake Technology's Emergence: Exploring Its Impact on Cybersecurity
Deepfake Technology's Emergence: Exploring Its Impact on CybersecurityPC Doctors NET
 
Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...
Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...
Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...RowdMap has joined Cotiviti
 
Global Human Resources Cloud Using Benefits.pdf
Global Human Resources Cloud Using Benefits.pdfGlobal Human Resources Cloud Using Benefits.pdf
Global Human Resources Cloud Using Benefits.pdfPrabhakar Subburaj
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
 
Verizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott Spector
Verizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott SpectorVerizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott Spector
Verizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott SpectorScott Spector
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
Jobs in the tv radio industry
Jobs in the tv radio industryJobs in the tv radio industry
Jobs in the tv radio industryPaigeward96
 

Similar to Data Leakage Prevention (DLP) (20)

Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...
Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...
Capturing Your Hidden Value: Using Newly Released Government Benchmark Data t...
 
Draganfly - January 2021 Deck
Draganfly - January 2021 DeckDraganfly - January 2021 Deck
Draganfly - January 2021 Deck
 
The Relationship of Video, Sound, Captions, & Everything Under the Sun
The Relationship of Video, Sound, Captions, & Everything Under the SunThe Relationship of Video, Sound, Captions, & Everything Under the Sun
The Relationship of Video, Sound, Captions, & Everything Under the Sun
 
newresume
newresumenewresume
newresume
 
Oracle database 12c 2 day + php developer's guide
Oracle database 12c 2 day + php developer's guideOracle database 12c 2 day + php developer's guide
Oracle database 12c 2 day + php developer's guide
 
Emulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceEmulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect Intelligence
 
Infodemic management - present and future
Infodemic management - present and futureInfodemic management - present and future
Infodemic management - present and future
 
Media studeis final pre production
Media studeis final pre productionMedia studeis final pre production
Media studeis final pre production
 
Micrso Strategy Advanced Guide
Micrso Strategy Advanced GuideMicrso Strategy Advanced Guide
Micrso Strategy Advanced Guide
 
SVI Pitchbook
SVI PitchbookSVI Pitchbook
SVI Pitchbook
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
 
Deepfake Technology's Emergence: Exploring Its Impact on Cybersecurity
Deepfake Technology's Emergence: Exploring Its Impact on CybersecurityDeepfake Technology's Emergence: Exploring Its Impact on Cybersecurity
Deepfake Technology's Emergence: Exploring Its Impact on Cybersecurity
 
Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...
Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...
Network as Strategic Advantage: Curating a Risk-Ready Network to Succeed in a...
 
Global Human Resources Cloud Using Benefits.pdf
Global Human Resources Cloud Using Benefits.pdfGlobal Human Resources Cloud Using Benefits.pdf
Global Human Resources Cloud Using Benefits.pdf
 
Oracle 11g
Oracle 11gOracle 11g
Oracle 11g
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
 
Verizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott Spector
Verizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott SpectorVerizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott Spector
Verizon NAB Show Media Cloud Ecosystem April 6, 2015 Final Scott Spector
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
 
Jobs in the tv radio industry
Jobs in the tv radio industryJobs in the tv radio industry
Jobs in the tv radio industry
 

Recently uploaded

Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 

Recently uploaded (20)

Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdf
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 

Data Leakage Prevention (DLP)

  • 1. Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter. https://shaolininteger.blogspot.com haris@mycert.org https://www.linkedin.com/in/shaolinint @shaolinint HarisTahir@ Slash The Underground in DATA LEAKAGE PREVENTION
  • 2. ¤ Challenges and Threat Landscape ¤ Why Data Breaches Happen ¤ Data Leakage Prevention Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 3. Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 4. knowledge empowerment to the masses CHALLENGES AND THREAT LANDSCAPE 4 Challenges and Threat Landscape Evolution efficiency and effectiveness Problems ² Modern attacks have moved up on the architectural layer, there are content based. ² Criminals have started to leverage online marketing as a tool to promote and sell their services on the black market. ² Modern malicious software (malware) is stealth and getting better, smarter, faster and stronger. ² The growing popularity of the “Internet of Things” makes the threat landscape a moving target. ² Abundant resources, data collection and mining unable to process millions or billions of data daily Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 5. knowledge empowerment to the masses CHALLENGES AND THREAT LANDSCAPE 5 Data Breach Investigation Report past data breaches Epsilon $4B, names/email Saudi Aramco 30,000+ PCs infected Adobe $152M (IDs, pwd, data) Target $110M affected and CEO/CIO gone 2011 2012 2013 2014 eBay $145M credentials Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 6. knowledge empowerment to the masses CHALLENGES AND THREAT LANDSCAPE 6 Data Breach Investigation Report impact on industries ² IP: 70% of value of public companies ² Annual losses: estimated over $300B ² China: +$107B sales and +2.1M jobs ² 2013: 856 reported breaches ² Q1 2014: 98.3% of data exposed ² 37%: Breaches affected the sector ² 43%: ITRC account of breaches ² 2013: 8.8M records stolen ² 1.8M: Victims of Identity Theft Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 7. knowledge empowerment to the masses CHALLENGES AND THREAT LANDSCAPE 7 Data Breach Investigation Report transition from geopolitical to large-scale attacks ² 95 countries ² 64,347 confirmed security incidents ² 1,367 confirmed data breaches ² Others reports: Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 8. Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 9. knowledge empowerment to the masses Meet Your Whistleblower threat actors is about people WHY DATA BREACHES HAPPEN 9 59% of threat actors leave the organization with sensitive data Criminals Hacktivist Insiders Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 10. knowledge empowerment to the masses WHY DATA BREACHES HAPPEN 10 Knowledge is Power enough time and equipped with offensive security tools Threat actors spend most of their time understanding the target environment, operations and information system, and preparing attacking platform before the actual execution. Define mission 1 2 3 Information gathering Scoping 4 Scanning 5 Simulation 6 Execution 7 Exploit development 8 Rootkit and C2 cultivation Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 11. Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 12. knowledge empowerment to the masses DATA LEAKAGE PREVENTION 12 Defense-in-Depth think about people, process and technology Defense-in-Depth is an Information Assurance (IA) concept to defend a system against attacks by placing multiple layers of security controls throughout an information technology system. Data in use Data in transit Data at rest Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 13. knowledge empowerment to the masses DATA LEAKAGE PREVENTION 13 Critical Path decision should be based on acceptable risk treatment plan “In preparing for battle I have always found that plans are useless, but planning is indispensable.” ~Dwight D. Eisenhower 1 2 3 4 5 RA Results People Process Technology What is the mission Who are the What is the gap Minimal disruption statement and resources required analysis results? with greatest business objective? to execute the plan? coverage Leverage Utilize others for what they know You are about to invest a substantial amount of the company's money, time and resources. Consult with research analysts such as Forrester or Gartner and gain a basic to intermediate understanding of the industry, the vendors and solutions available, and their particular strengths and weaknesses. DLP is solving different problem space to ensure data confidentiality. Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 14. knowledge empowerment to the masses DLP Technology four simple explanation DATA LEAKAGE PREVENTION 14 DLP is about preserving organization sensitive information from unauthorized access DLP means different things to different people þ data loss prevention þ data loss protection þ data leakage prevention 3 1 2 4 DLP technology is content aware Driven by significant insider threats and by rigorous privacy laws Use rules to examine file content and classification tag Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 15. knowledge empowerment to the masses Key DLP Questions what kind of animal is this? DATA LEAKAGE PREVENTION 15 It’s about governance and compliance, what is the business objective? What problem space? Unauthorized access of data due to an improper implementation, inadequacy of a technology, process and/or policy. What problem DLP does not solve? DLP are not designed to address data leakage issues resulting from external attacks. Do I have existing DLP protection? Surprisingly, firewalls, IDS and encryption solutions are part of overall data security strategy. Does the enterprise need DLP solution? Start with Risk Assessment and identify what are data type the enterprise processes and/or stores. FAQ Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 16. knowledge empowerment to the masses Preliminary Risk Assessment risk mitigated by DLP DATA LEAKAGE PREVENTION 16 The problem space is not solved comprehensively by DLP solutions! Example: an employee can still take a picture of sensitive data 1 Identifying insecure business processes 2 Accidental data disclosure by employee 3 Intentional data leakage by employee Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 17. knowledge empowerment to the masses Benefits of DLP something to consider DATA LEAKAGE PREVENTION 17 Benefits ² Visibility – visibility to data and information that leaves the organization and exposing bad business processes. ² Compliance – Helps demonstrate compliance with privacy regulations such as Data protection Act, PDPA, PCI-DSS and HIPAA-HITECH ² Flexible security environment – Provide an alternative by allowing the organizations to say “Yes” to social media and personal email and other channels, but with ability to control the content posted to those destinations. ² Malicious activity detection – Stops malicious insiders from stealing valuable intellectual property such as product designs and financial reports. ² Employee education and awareness – Educates well-meaning employees of policy violations and prevents accidental data leaks. ² Reduce financial impact – By reducing the risk of data leaks, the financial risk to the enterprise decrease. Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
  • 18. This slide can be downloaded from: http://www.slideshare.net/shaolinint Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter. https://shaolininteger.blogspot.com haris@mycert.org https://www.linkedin.com/in/shaolinint @shaolinint HarisTahir@ Slash The Underground in Thank You Q&A “no duty is more urgent than that of returning thanks”