Securing Confidential Data with DLP Systems
•
10 likes•2,546 views
This document discusses data loss prevention (DLP) systems and solutions. It outlines key challenges in securing confidential data, including identifying where data is stored and located, monitoring where data is going, and enforcing data security policies. The document compares several DLP vendors and their solutions for discovering and protecting data at rest and in motion. It also provides examples of common data security incidents and evaluates risks to prioritize data types for protection. Overall the document promotes DLP systems as an important tool for securing organizations' confidential and regulated data.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (14)
Similar to Securing Confidential Data with DLP Systems
Similar to Securing Confidential Data with DLP Systems (20)
Recently uploaded
Recently uploaded (20)
Securing Confidential Data with DLP Systems
- 1. Securing Organizations Confidential Data with Data Loss Prevention Systems By Shariyaz Abdeen
- 2. Scope Business Problem and Requirements Data Loss Prevention (DLP) Solutions Proposed Solution Vendor Comparisons and Architecture Company implementation & Conclusion
- 3. ID Theft Tops FTC's List of Complaints • For the 5th straight year, identity theft ranked 1st of all fraud complaints. • 10 million cases of Identity Theft annually. • 59% of companies have detected some internal abuse of their networks
- 4. Changing Threats to Data Security
- 5. Top 10 Most Frequent Incidents 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Patient PHI sent to partner, again, and again Employee 401k information sent outbound and inbound Payroll data being sent to home email address Draft press release to outside legal council Financial and M&A postings to message boards Source code sent with resume to competitor SSNs…and thousands of them Credit Card or account numbers….and thousands of them Confidential patient information Internal memos and confidential information
- 6. Source: http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2008-04-techlinks/data-protection.jpg
- 7. Data Loss Prevention Three Key Customer Challenges 1. Where is my confidential data stored? – Data at Rest 2. Where is my confidential data going? – Data in Motion 3. How do I fix my data loss problems? – Data Policy Enforcement
- 8. Why Data Loss Prevention is a Priority • Compliance • Brand and Reputation Protection • Remediation Cost 1:400 messages contain The Risk confidential information 1:50 network files are wrongly exposed
- 9. Unified Data At Rest and Data in Motion Protection Intellectual Property Source Code Design Documents Patent Applications Patient Data Employee Data Corporate Data Social Security Numbers Non-Public Information Credit Card Numbers Social Security Numbers Employee Contact Lists 401K and Benefits Info Financials Merger & Acquisitions Strategy and Planning
- 10. Discover and Protect Confidential Data at Rest Define Confidentia l Data Policy 1 Run Scan and Discover Exposed Data 2 Enforce Policy by Automatica lly Protecting Files 3 Remediate Incidents Report on Risk and Compliance 4 5
- 11. Monitor and Prevent Confidential Data in Motion Employee Sends Confidentia l Data Vontu Detects or Prevents Incident 1 2 Vontu Notifies Employee 3 Vontu Workflow Automates Remediatio n 4 Report on Risk and Compliance 5
- 12. Secure Messaging Solution Employee sends confidentia l data 1 Vontu detects incidents 2 Vontu tags email message 3 PGP automatica lly encrypts tagged messages 4 Report on Risk and Compliance 5
- 13. DLP Policy
- 15. Data Loss Prevention Data Insight The majority of your data exists as unstructured files located on file servers. Analysts predict the growth of unstructured data to continue at over 60% per year, and in many organizations it accounts for more than 80% of all data. •content-aware discovery to scan and find the data you have identified as sensitive. •identify who owns the Data. •You also need to discover file shares that suffer from overly permissive access rights and are therefore at risk of incursion. Data Insight giving you insight into usage patterns and access permissions[2]
- 17. Symantec DLP Overall • Detection a) Described Content matching b) Finger printing a) Exact data matching b) Indexed document matching c) Vector machine learning • Group • Response a) Smart response b) Automatic Response
- 18. [1]
- 19. Smart Response
- 22. Detecting the unstructured data
- 26. Druva inSync vs. Altiris/Symantec DLO [3]
- 27. Alternative Vendors (Comparison) Vendor Strengths Weaknesses Symantec Industry-leading network discovery and endpoint protection Supports localization in 16 languages Mature deployment methodology Most expensive enterprise license costs Admin Console is not localized (English only) Websense Robust on network discovery and endpoint protection Supports localization in multiple languages and already has global presence Subscription based or perpetual licensing Most appealing to current WebSense clients wishing to leverage existing products RSA(EMC) Robust on network discovery Providing a broad range of DLP inspection capabilities Document fingerprinting content-inspection capabilities. Weak on endpoint protection Limited localized detection and support
- 28. Trust but Verify - OWASP
- 29. DLP Market Analysis • Growth of IT based Healthcare Systems that's $10 billion in market growth in just five years. clinical information systems, hospital information systems, electronic medical records, picture archiving and communication systems • • • • Growth of Software development industry BOYD Banking & Online payment Systems – PCI DSS Government sector
- 30. Alternative Endpoint Device Growth 28%
- 31. Employees Access Sensitive Data from Mobile Devices like Tablets
- 32. Mobile Data Security Technologies and Their Limitations
- 33. Risk Assessment Scorecard Priority Data Severity of Loss Data at Rest Frequency HIPAA Patient Data High High Data in Motion Risk High 721 incidents Frequency High Very High High 256 incidents High 2178 incidents Very High Very High Medium 78 incidents 9 incidents Very High CA 1386 High Medium High Medium Medium 939 incidents 132 incidents High Research Very High High 10,178 incidents Very High Physician Referral Risk High High High 624 incidents 24 incidents High Severity x Frequency = Risk High
- 35. The Bigger Truth • The iPad has seen great success, but the tablet and mobile device revolution is just getting started. Since business managers see boundless potential, CISOs need to wrap their arms around risk management and security controls as soon as possible. Many security managers believe that DLP is the best logical first step as it not only offers data security, but also aligns with security policies and regulatory compliance requirements.
- 36. Questions?
- 37. References [1] Chapter 2 - The Concept of DLP - Monitoring and Blocking Confidential Data | Symantec Connect Community. 2013. Chapter 2 - The Concept of DLP - Monitoring and Blocking Confidential Data | Symantec Connect Community. [ONLIN Available at: http://www.symantec.com/connect/articles/chapter-2-concept-dlp-monitoring-and-blocking-confidential-da [Accessed 28 June 2013]. [2] 2013. . [ONLINE] Available at:http://eval.symantec.com/mktginfo/enterprise/fact_sheets/b-symc_dlp_data_insight_DS [Accessed 28 June 2013]. [3] Enterprise Endpoint Backup Protection & Availability Druva inSync. 2013.Enterprise Endpoint Backup Protection & Availability Druva inSync. [ONLINE] Available at: http://www.druva.com/insync/. [Accessed 28 June 2013].
Editor's Notes
- Here are the notes for the 1st slide
- Introduction: Scott Industry Solution: Angel Data Loss Example DLP Industry / Introduction Establishing data security policy Identification of Sensitive Data Data in Motion Data at Rest Data at End Points Leak Prevention Business Requirements: Scott What does the business need to accomplish? Control access to information Control data transfer and use Provide review process Workflow Solution Parameters: Angel Feature list / Criteria (General solution) Policy based controls Control of saving, printing, emailing, coping Logging Quarantine / reprocessing Monitoring vs. Prevention Centralized Management Backup and Storage Requirements Ease of Integration Market Presence / Vendor Selection / Proof of Concept Staffing Needs Proposed Solution: Koonal Websense - Feature Review - Modules - Implementation Pro/cons of this solution How to Deploy/implement and deploy WebSense Wander Define Policies Define User Groups Define data classifications Solution Architecture Alternative to vendor solutions Wander Conclusion Wander
- (*) You can run through the numbers here. (*) Key take aways: Data loss is on the rise, ID theft is becoming a national crisis. Healcare companies are targets (*)Costing consumers $5 billion and businesses $48 billion annually. Terror ties: About 5 percent of identity thieves are tied to terrorist organizations. Violent crimes: About 15 percent used identity theft to facilitate a violent crime. Drug trafficking: Drugs were related to at least 15 percent of the cases. (*) Over 23 States have drafted or approved notification laws (*) There are over 6 NATIONAL notification laws in House and Senate committees. Most likely a national notification standard will happen this year. (*) Are you ready?
- Shift in Data Security Threats Up until last year, securing the perimiter from hackers #1 privacy and security priority 2005 Changed That Over 70 incidents over 53 million exposed Cases of ID theft: Over 10 million What is the insider threat? Vontu Risk Assessment. 96% from inadvertent Less than 1 % malicious Companies are focusing on are new ways to establish and enforce data protection policies.
- (*) So what are the most common incidents that happen every day, hundreds of times a day? Any guesses (make a joke about we won’t assume its from your company just because you said it…we’ll go with the “a friend told me” rule here) (*) Any guesses? (*) Build the list NPI - Non Public Information
- Objective of Slide -------------------- Explain what Vontu means by Data Loss Prevention Understand prospects data security priorities, especially as it relates to encryption and access control. Position “Encryption, Access Control, and Data Loss Prevention” as the three legged stool of Data Security. Explain how Vontu complements these priorities Script ------- Data Loss Prevention is a new class of security software that gives companies insight and control over both data at rest and data in motion. As reported by the analysts and media, in 2006, data security has become the #1 priority for companies. Companies are realizing that network defense is not enough – companies need to protect their data and prevent it from getting outside their organization. They are putting in place solutions to help them protect both their data at rest as well as data in motion. Solutions like encryption, access control and identity management, and data loss prevention. Solutions that allow companies to have insight and control over… Where is my confidential data? (Vontu Discover) Who has access to it? (Access Control and ID Mgt.) Where is it going? (Vontu Monitor) How do you prevent it from leaving? (Vontu Prevent) Help me understand what you are doing in each of these areas….. DISCOVERY DISCUSSION around access control, encryption, policy enforcement. Discuss where they are with each of these initiatives and how Vontu fits as part of this solution.
- Objective of Slide -------------------- Explain what Vontu does Understand data protection priorities Discovery ---------- Further discovery on data types Script ------- 2005 has brought a shift in data security priority. For the first time, the insider threat passed the threat of hackers or intruders as the number one cause of security breaches. Of the 107+ security breaches so far in 2005, over 52% were caused by insiders. The risk and cost of the insider threat drove the demand for a new class of security software called Data Loss Prevention. Vontu has software that exposed data and stops confidential data loss across all types of data: intellectual property, company confidential information, and customer, employee or patient non-public personal information. As we just discussed, X, Y, and Z are important to you. What else is important? Vontu data loss prevention discovers confidential data that is exposed in your network, and monitors and stops confidential and classified information, including customer (civilian) data and intellectual property, from being sent outside the corporate network via email, web, IM and other Internet communications. The risk of the insider threat includes both data at rest and data in motion. Let’s look first at data at rest. Why do companies need to protect data at rest? Simply put, data at rest is one click away from being data in motion. Organizations don’t have an accurate view of where all of their confidential data is stored. Organizations don’t have a systematic way to evaluate the effectiveness of access control and encryption policies. Undetected, unsecured data may be accessed by unauthorized employees, leading to data loss incidents. Proliferation of unsecured confidential data increases the risk of data loss. Lost or stolen laptops put data and company at risk. (major source of breaches in 2005) We are all well aware of the challenges of securing data in motion. Employees have ready access to both data and the Internet. Vontu is the only DLP solution that covers both data at rest and data in motion. Vontu 6.0 helps Fortune 500 companies and government agencies discover and protect confidential data at rest, monitor and prevent data in motion from wrongful disclosure, and automatically enforce Data Loss Prevention policies. Only Vontu is proven to scale to meet the needs of global organizations across industries and government markets. By reducing the frequency and severity of both inadvertent and malicious data loss incidents, Vontu helps protect a company’s brand and reputation, reduce compliance risk and protect brand and reputation. Only Vontu delivers on the requirements of business and government leaders and data security teams: Vontu Discover: Detect confidential data at rest on shared file servers, web servers, desktops and laptops. Vontu Protect: Quarantine or remove exposed confidential data at rest. Vontu Monitor: Accurately detect all confidential information over all network protocols including encrypted web traffic (HTTPS). Vontu Prevent: Stop confidential data loss via email, FTP, HTTP or secure HTTP. Vontu Enforce: Automatically enforce data security policies with centralized management, remediation and compliance reporting.
- Purpose Educate on How Discover and Protect work so prospect has context for demo slides to follow Script We’re going to take a few minutes to go through an example of Vontu Discover and Protect in action. Before we do that, let’s take a minute to make sure you understand how Vontu Discover and Vontu Protect work to secure your data at rest. First, you use Vontu’s pre-built policy templates and implement your confidential data policies. Second, you define what you are scanning and how often you want your scans to occur. Vontu Discover is agentless, and as the scans run, Vontu Discover identifies unsecured confidential data exposed on shared file servers, web servers, and individual desktops and laptops. Next, as incidents are discovered, Vontu automatically enforces your security policies. Then, your incident responders use Vontu Workflow to remediate the incidents. Finally, as scans are repeated, you can use Vontu reporting to measure and track your risk reduction efforts over time. Discovery/Traps Is part of your data protection strategy to identify and reduce the amount of confidential information on your network? Isn’t it important for you to partner with a vendor that allows you to reduce risk across both data at rest and data in motion? Are you doing anything like this today? If so, how? What do you like about it? What could be improved?
- Purpose Educate on How Monitor and Prevent work so prospect has context for demo slides to follow Script Data at rest is half the story. For data in motion, people often think its malicious insiders, when actually our customers have seen that 95% of all incidents are inadvertent. Meanwhile, according to our most recent data, we have see about 1 in 400 outbound messages contain confidential information. Now we’re going to take a few minutes to go through an example of Vontu Monitor and Protect in action. Before we do that, let’s take a minute to make sure you understand how Vontu Monitor and Prevent work to secure your data in motion. First, an employee sends some confidential data out of the company. It could be over email, or even another protocol, such as IM or HTTPS (as we’ll see in our example). Second, Vontu detects this incident and according to the policy, also may prevent the message from leaving the company. Next, as incidents are discovered, Vontu notifies the employee in real-time. Then, your incident responders use Vontu Workflow to remediate the incidents. Finally, you use Vontu reporting to measure and track your risk reduction efforts over time. Discovery/Traps What protocols are you most concerned with? CUSTOMER EXAMPLE: Vontu’s Risk Assessment data shows that 27% of incidents happen over the web, 5% FTP and other protocols, and 68% of incidents are over email. Is your executive management team concerned with reducing incidents over only email or are they looking to reduce the risk of data loss across all business processes? Do you know what information is leaving your network today? If so, how? What do you like about it? What could be improved?
- RSA strength Support distributed discovery agents
- Objective of Slide -------------------- Get prospect to agree to a risk assessment/evaluation Drive to a joint Discover/Protec and Monitor RA Script ------- How we typically work with our customers is by starting with a Risk Assessment consulting engagement The goal of the project is to help understand what if any risk your company has and how your risk compares to others in our industry. Deliverables include a risk summary by data type, benchmark comparison, and business case to justify the investment in Vontu A typical engagement lasts for approximately 48 hours monitoring for a selected site of highly sensitive information over email (http, ftp, and IM can also be monitored) Vontu professional services team helps to set up the policies and scheduled reports After the 48 hours of monitoring, we deliver a risk assessment report showing key metrics and statistics of risk, build an overall business case for investing in Vontu and build a preliminary Best Practices solution recommendation (implementation/rollout plan) This will include: How much and what type of confidential data is leaking? Who is leaking data from your company? What protocols carry the most violations? (email, instant message, etc) What compliance regulations are being violated? What is <COMPANY>’s overall risk profile compared to industry averages What effort is required to implement the solution? What business processes are needed and what effort is required to operate? What is the net value and benefit of the solution? IF RA INCLUDES DISCOVER Highlights vulnerabilities of information and people What is posted where it should not be Who has access to information they should not Who has access to high value information How effective is your access control Prioritization of data security and education efforts What we ask of your company is a Dedicated Project Manager, Remediation team with defined process, Access to executive decision making team, Access to your network. Who else would it make sense to include in Risk Assessment process? Explaining the Scorecard ------- Risk is defined as frequent exposure to possibly damaging events. This is an example of one of the deliverables from the Risk Analysis The first part of this process was to Interview the customer for severity of impact for data type. Then, in the pilot we went to a direct measurement of the frequency of exposure. The assessed risk is a function of frequency of exposure and severity. So for example, in this case, even a medium frequency of exposure of a highly severe impact scenario like M&A plans going to a unauthorized destination is a very high risk.
- speaker notes section