Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Shariyaz abdeen data leakage prevention presentation

2,233 views

Published on

Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.

Published in: Technology
  • Be the first to comment

Shariyaz abdeen data leakage prevention presentation

  1. 1. Securing Organizations Confidential Data with Data Loss Prevention Systems By Shariyaz Abdeen
  2. 2. Scope  Business Problem and Requirements  Data Loss Prevention (DLP) Solutions  Proposed Solution  Vendor Comparisons and Architecture  Company implementation & Conclusion
  3. 3. ID Theft Tops FTC's List of Complaints • For the 5th straight year, identity theft ranked 1st of all fraud complaints. • 10 million cases of Identity Theft annually. • 59% of companies have detected some internal abuse of their networks
  4. 4. Changing Threats to Data Security
  5. 5. Top 10 Most Frequent Incidents 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Patient PHI sent to partner, again, and again Employee 401k information sent outbound and inbound Payroll data being sent to home email address Draft press release to outside legal council Financial and M&A postings to message boards Source code sent with resume to competitor SSNs…and thousands of them Credit Card or account numbers….and thousands of them Confidential patient information Internal memos and confidential information
  6. 6. Source: http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2008-04-techlinks/data-protection.jpg
  7. 7. Data Loss Prevention Three Key Customer Challenges 1. Where is my confidential data stored? – Data at Rest 2. Where is my confidential data going? – Data in Motion 3. How do I fix my data loss problems? – Data Policy Enforcement
  8. 8. Why Data Loss Prevention is a Priority • Compliance • Brand and Reputation Protection • Remediation Cost 1:400 messages contain The Risk confidential information 1:50 network files are wrongly exposed
  9. 9. Unified Data At Rest and Data in Motion Protection Intellectual Property Source Code Design Documents Patent Applications Patient Data Employee Data Corporate Data Social Security Numbers Non-Public Information Credit Card Numbers Social Security Numbers Employee Contact Lists 401K and Benefits Info Financials Merger & Acquisitions Strategy and Planning
  10. 10. Discover and Protect Confidential Data at Rest Define Confidentia l Data Policy 1 Run Scan and Discover Exposed Data 2 Enforce Policy by Automatica lly Protecting Files 3 Remediate Incidents Report on Risk and Compliance 4 5
  11. 11. Monitor and Prevent Confidential Data in Motion Employee Sends Confidentia l Data Vontu Detects or Prevents Incident 1 2 Vontu Notifies Employee 3 Vontu Workflow Automates Remediatio n 4 Report on Risk and Compliance 5
  12. 12. Secure Messaging Solution Employee sends confidentia l data 1 Vontu detects incidents 2 Vontu tags email message 3 PGP automatica lly encrypts tagged messages 4 Report on Risk and Compliance 5
  13. 13. DLP Policy
  14. 14. Symantec DLP Components
  15. 15. Data Loss Prevention Data Insight The majority of your data exists as unstructured files located on file servers. Analysts predict the growth of unstructured data to continue at over 60% per year, and in many organizations it accounts for more than 80% of all data. •content-aware discovery to scan and find the data you have identified as sensitive. •identify who owns the Data. •You also need to discover file shares that suffer from overly permissive access rights and are therefore at risk of incursion. Data Insight giving you insight into usage patterns and access permissions[2]
  16. 16. Symantec DLP Overall
  17. 17. Symantec DLP Overall • Detection a) Described Content matching b) Finger printing a) Exact data matching b) Indexed document matching c) Vector machine learning • Group • Response a) Smart response b) Automatic Response
  18. 18. [1]
  19. 19. Smart Response
  20. 20. Detecting the unstructured data
  21. 21. Vector Machine Learning
  22. 22. Alternative Vendors (Considerations)
  23. 23. Druva inSync vs. Altiris/Symantec DLO [3]
  24. 24. Alternative Vendors (Comparison) Vendor Strengths Weaknesses Symantec Industry-leading network discovery and endpoint protection Supports localization in 16 languages Mature deployment methodology Most expensive enterprise license costs Admin Console is not localized (English only) Websense Robust on network discovery and endpoint protection Supports localization in multiple languages and already has global presence Subscription based or perpetual licensing Most appealing to current WebSense clients wishing to leverage existing products RSA(EMC) Robust on network discovery Providing a broad range of DLP inspection capabilities Document fingerprinting content-inspection capabilities. Weak on endpoint protection Limited localized detection and support
  25. 25. Trust but Verify - OWASP
  26. 26. DLP Market Analysis • Growth of IT based Healthcare Systems that's $10 billion in market growth in just five years. clinical information systems, hospital information systems, electronic medical records, picture archiving and communication systems • • • • Growth of Software development industry BOYD Banking & Online payment Systems – PCI DSS Government sector
  27. 27. Alternative Endpoint Device Growth 28%
  28. 28. Employees Access Sensitive Data from Mobile Devices like Tablets
  29. 29. Mobile Data Security Technologies and Their Limitations
  30. 30. Risk Assessment Scorecard Priority Data Severity of Loss Data at Rest Frequency HIPAA Patient Data High High Data in Motion Risk High 721 incidents Frequency High Very High High 256 incidents High 2178 incidents Very High Very High Medium 78 incidents 9 incidents Very High CA 1386 High Medium High Medium Medium 939 incidents 132 incidents High Research Very High High 10,178 incidents Very High Physician Referral Risk High High High 624 incidents 24 incidents High Severity x Frequency = Risk High
  31. 31. The Bigger Truth • The iPad has seen great success, but the tablet and mobile device revolution is just getting started. Since business managers see boundless potential, CISOs need to wrap their arms around risk management and security controls as soon as possible. Many security managers believe that DLP is the best logical first step as it not only offers data security, but also aligns with security policies and regulatory compliance requirements.
  32. 32. Questions?
  33. 33. References [1] Chapter 2 - The Concept of DLP - Monitoring and Blocking Confidential Data | Symantec Connect Community. 2013. Chapter 2 - The Concept of DLP - Monitoring and Blocking Confidential Data | Symantec Connect Community. [ONLIN Available at: http://www.symantec.com/connect/articles/chapter-2-concept-dlp-monitoring-and-blocking-confidential-da [Accessed 28 June 2013]. [2] 2013. . [ONLINE] Available at:http://eval.symantec.com/mktginfo/enterprise/fact_sheets/b-symc_dlp_data_insight_DS [Accessed 28 June 2013]. [3] Enterprise Endpoint Backup Protection & Availability Druva inSync. 2013.Enterprise Endpoint Backup Protection & Availability Druva inSync. [ONLINE] Available at: http://www.druva.com/insync/. [Accessed 28 June 2013].

×