Shariyaz abdeen data leakage prevention presentation


Published on

Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Here are the notes for the 1st slide
  • Introduction: Scott
    Industry Solution: Angel
    Data Loss Example
    DLP Industry / Introduction
    Establishing data security policy
    Identification of Sensitive Data
    Data in Motion
    Data at Rest
    Data at End Points
    Leak Prevention
    Business Requirements: Scott
    What does the business need to accomplish?
    Control access to information
    Control data transfer and use
    Provide review process
    Solution Parameters: Angel
    Feature list  / Criteria   (General solution)
    Policy based controls
        Control of saving, printing, emailing, coping
        Quarantine / reprocessing        
        Monitoring vs. Prevention
        Centralized Management
        Backup and Storage Requirements
        Ease of Integration
        Market Presence / Vendor Selection / Proof of Concept
        Staffing Needs
    Proposed Solution:  Koonal
        - Feature Review
        - Modules
        - Implementation
    Pro/cons of this solution
    How to Deploy/implement and deploy WebSense   Wander
    Define Policies
    Define User Groups
    Define data classifications
    Solution Architecture
    Alternative to vendor solutions   Wander
    Conclusion   Wander
  • (*) You can run through the numbers here.
    (*) Key take aways: Data loss is on the rise, ID theft is becoming a national crisis. Healcare companies are targets
    (*)Costing consumers $5 billion and businesses $48 billion annually.
    Terror ties: About 5 percent of identity thieves are tied to terrorist organizations.
    Violent crimes: About 15 percent used identity theft to facilitate a violent crime.
    Drug trafficking: Drugs were related to at least 15 percent of the cases.
    (*) Over 23 States have drafted or approved notification laws
    (*) There are over 6 NATIONAL notification laws in House and Senate committees. Most likely a national notification standard will happen this year.
    (*) Are you ready?
  • Shift in Data Security Threats
    Up until last year, securing the perimiter from hackers #1 privacy and security priority
    2005 Changed That
    Over 70 incidents over 53 million exposed
    Cases of ID theft: Over 10 million
    What is the insider threat?
    Vontu Risk Assessment. 96% from inadvertent
    Less than 1 % malicious
    Companies are focusing on are new ways to establish and enforce data protection policies.
  • (*) So what are the most common incidents that happen every day, hundreds of times a day? Any guesses (make a joke about we won’t assume its from your company just because you said it…we’ll go with the “a friend told me” rule here)
    (*) Any guesses?
    (*) Build the list
    NPI - Non Public Information
  • Objective of Slide
    Explain what Vontu means by Data Loss Prevention
    Understand prospects data security priorities, especially as it relates to encryption and access control.
    Position “Encryption, Access Control, and Data Loss Prevention” as the three legged stool of Data Security.
    Explain how Vontu complements these priorities
    Data Loss Prevention is a new class of security software that gives companies insight and control over both data at rest and data in motion. As reported by the analysts and media, in 2006, data security has become the #1 priority for companies. Companies are realizing that network defense is not enough – companies need to protect their data and prevent it from getting outside their organization.
    They are putting in place solutions to help them protect both their data at rest as well as data in motion. Solutions like encryption, access control and identity management, and data loss prevention.
    Solutions that allow companies to have insight and control over…
    Where is my confidential data? (Vontu Discover)
    Who has access to it? (Access Control and ID Mgt.)
    Where is it going? (Vontu Monitor)
    How do you prevent it from leaving? (Vontu Prevent)
    Help me understand what you are doing in each of these areas…..
    DISCOVERY DISCUSSION around access control, encryption, policy enforcement.
    Discuss where they are with each of these initiatives and how Vontu fits as part of this solution.
  • Objective of Slide
    Explain what Vontu does
    Understand data protection priorities
    Further discovery on data types
    2005 has brought a shift in data security priority. For the first time, the insider threat passed the threat of hackers or intruders as the number one cause of security breaches. Of the 107+ security breaches so far in 2005, over 52% were caused by insiders.
    The risk and cost of the insider threat drove the demand for a new class of security software called Data Loss Prevention.
    Vontu has software that exposed data and stops confidential data loss across all types of data: intellectual property, company confidential information, and customer, employee or patient non-public personal information.
    As we just discussed, X, Y, and Z are important to you. What else is important?
    Vontu data loss prevention discovers confidential data that is exposed in your network, and monitors and stops confidential and classified information, including customer (civilian) data and intellectual property, from being sent outside the corporate network via email, web, IM and other Internet communications.
    The risk of the insider threat includes both data at rest and data in motion.
    Let’s look first at data at rest. Why do companies need to protect data at rest? Simply put, data at rest is one click away from being data in motion.
    Organizations don’t have an accurate view of where all of their confidential data is stored.
    Organizations don’t have a systematic way to evaluate the effectiveness of access control and encryption policies.
    Undetected, unsecured data may be accessed by unauthorized employees, leading to data loss incidents.
    Proliferation of unsecured confidential data increases the risk of data loss.
    Lost or stolen laptops put data and company at risk. (major source of breaches in 2005)
    We are all well aware of the challenges of securing data in motion. Employees have ready access to both data and the Internet.
    Vontu is the only DLP solution that covers both data at rest and data in motion.
    Vontu 6.0 helps Fortune 500 companies and government agencies discover and protect confidential data at rest, monitor and prevent data in motion from wrongful disclosure, and automatically enforce Data Loss Prevention policies. Only Vontu is proven to scale to meet the needs of global organizations across industries and government markets. By reducing the frequency and severity of both inadvertent and malicious data loss incidents, Vontu helps protect a company’s brand and reputation, reduce compliance risk and protect brand and reputation.
    Only Vontu delivers on the requirements of business and government leaders and data security teams:
    Vontu Discover: Detect confidential data at rest on shared file servers, web servers, desktops and laptops.
    Vontu Protect: Quarantine or remove exposed confidential data at rest.
    Vontu Monitor: Accurately detect all confidential information over all network protocols including encrypted web traffic (HTTPS).
    Vontu Prevent: Stop confidential data loss via email, FTP, HTTP or secure HTTP.
    Vontu Enforce: Automatically enforce data security policies with centralized management, remediation and compliance reporting.
  • Purpose
    Educate on How Discover and Protect work so prospect has context for demo slides to follow
    We’re going to take a few minutes to go through an example of Vontu Discover and Protect in action. Before we do that, let’s take a minute to make sure you understand how Vontu Discover and Vontu Protect work to secure your data at rest.
    First, you use Vontu’s pre-built policy templates and implement your confidential data policies.
    Second, you define what you are scanning and how often you want your scans to occur. Vontu Discover is agentless, and as the scans run, Vontu Discover identifies unsecured confidential data exposed on shared file servers, web servers, and individual desktops and laptops.
    Next, as incidents are discovered, Vontu automatically enforces your security policies.
    Then, your incident responders use Vontu Workflow to remediate the incidents.
    Finally, as scans are repeated, you can use Vontu reporting to measure and track your risk reduction efforts over time.
    Is part of your data protection strategy to identify and reduce the amount of confidential information on your network?
    Isn’t it important for you to partner with a vendor that allows you to reduce risk across both data at rest and data in motion?
    Are you doing anything like this today? If so, how? What do you like about it? What could be improved?
  • Purpose
    Educate on How Monitor and Prevent work so prospect has context for demo slides to follow
    Data at rest is half the story. For data in motion, people often think its malicious insiders, when actually our customers have seen that 95% of all incidents are inadvertent. Meanwhile, according to our most recent data, we have see about 1 in 400 outbound messages contain confidential information.
    Now we’re going to take a few minutes to go through an example of Vontu Monitor and Protect in action. Before we do that, let’s take a minute to make sure you understand how Vontu Monitor and Prevent work to secure your data in motion.
    First, an employee sends some confidential data out of the company. It could be over email, or even another protocol, such as IM or HTTPS (as we’ll see in our example).
    Second, Vontu detects this incident and according to the policy, also may prevent the message from leaving the company.
    Next, as incidents are discovered, Vontu notifies the employee in real-time.
    Then, your incident responders use Vontu Workflow to remediate the incidents.
    Finally, you use Vontu reporting to measure and track your risk reduction efforts over time.
    What protocols are you most concerned with?
    CUSTOMER EXAMPLE: Vontu’s Risk Assessment data shows that 27% of incidents happen over the web, 5% FTP and other protocols, and 68% of incidents are over email.
    Is your executive management team concerned with reducing incidents over only email or are they looking to reduce the risk of data loss across all business processes?
    Do you know what information is leaving your network today? If so, how? What do you like about it? What could be improved?
  • RSA strength
    Support distributed discovery agents
  • Objective of Slide
    Get prospect to agree to a risk assessment/evaluation
    Drive to a joint Discover/Protec and Monitor RA
    How we typically work with our customers is by starting with a Risk Assessment consulting engagement
    The goal of the project is to help understand what if any risk your company has and how your risk compares to others in our industry.
    Deliverables include a risk summary by data type, benchmark comparison, and business case to justify the investment in Vontu
    A typical engagement lasts for approximately 48 hours monitoring for a selected site of highly sensitive information over email (http, ftp, and IM can also be monitored)
    Vontu professional services team helps to set up the policies and scheduled reports
    After the 48 hours of monitoring, we deliver a risk assessment report showing key metrics and statistics of risk, build an overall business case for investing in Vontu and build a preliminary Best Practices solution recommendation (implementation/rollout plan)
    This will include:
    How much and what type of confidential data is leaking?
    Who is leaking data from your company?
    What protocols carry the most violations? (email, instant message, etc)
    What compliance regulations are being violated?
    What is <COMPANY>’s overall risk profile compared to industry averages
    What effort is required to implement the solution?
    What business processes are needed and what effort is required to operate?
    What is the net value and benefit of the solution?
    Highlights vulnerabilities of information and people
    What is posted where it should not be
    Who has access to information they should not
    Who has access to high value information
    How effective is your access control
    Prioritization of data security and education efforts
    What we ask of your company is a Dedicated Project Manager, Remediation team with defined process, Access to executive decision making team, Access to your network.
    Who else would it make sense to include in Risk Assessment process?
    Explaining the Scorecard
    Risk is defined as frequent exposure to possibly damaging events.
    This is an example of one of the deliverables from the Risk Analysis
    The first part of this process was to Interview the customer for severity of impact for data type.
    Then, in the pilot we went to a direct measurement of the frequency of exposure.
    The assessed risk is a function of frequency of exposure and severity.
    So for example, in this case, even a medium frequency of exposure of a highly severe impact scenario like M&A plans going to a unauthorized destination is a very high risk.
  • speaker notes section
  • Shariyaz abdeen data leakage prevention presentation

    1. 1. Securing Organizations Confidential Data with Data Loss Prevention Systems By Shariyaz Abdeen
    2. 2. Scope  Business Problem and Requirements  Data Loss Prevention (DLP) Solutions  Proposed Solution  Vendor Comparisons and Architecture  Company implementation & Conclusion
    3. 3. ID Theft Tops FTC's List of Complaints • For the 5th straight year, identity theft ranked 1st of all fraud complaints. • 10 million cases of Identity Theft annually. • 59% of companies have detected some internal abuse of their networks
    4. 4. Changing Threats to Data Security
    5. 5. Top 10 Most Frequent Incidents 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Patient PHI sent to partner, again, and again Employee 401k information sent outbound and inbound Payroll data being sent to home email address Draft press release to outside legal council Financial and M&A postings to message boards Source code sent with resume to competitor SSNs…and thousands of them Credit Card or account numbers….and thousands of them Confidential patient information Internal memos and confidential information
    6. 6. Source:
    7. 7. Data Loss Prevention Three Key Customer Challenges 1. Where is my confidential data stored? – Data at Rest 2. Where is my confidential data going? – Data in Motion 3. How do I fix my data loss problems? – Data Policy Enforcement
    8. 8. Why Data Loss Prevention is a Priority • Compliance • Brand and Reputation Protection • Remediation Cost 1:400 messages contain The Risk confidential information 1:50 network files are wrongly exposed
    9. 9. Unified Data At Rest and Data in Motion Protection Intellectual Property Source Code Design Documents Patent Applications Patient Data Employee Data Corporate Data Social Security Numbers Non-Public Information Credit Card Numbers Social Security Numbers Employee Contact Lists 401K and Benefits Info Financials Merger & Acquisitions Strategy and Planning
    10. 10. Discover and Protect Confidential Data at Rest Define Confidentia l Data Policy 1 Run Scan and Discover Exposed Data 2 Enforce Policy by Automatica lly Protecting Files 3 Remediate Incidents Report on Risk and Compliance 4 5
    11. 11. Monitor and Prevent Confidential Data in Motion Employee Sends Confidentia l Data Vontu Detects or Prevents Incident 1 2 Vontu Notifies Employee 3 Vontu Workflow Automates Remediatio n 4 Report on Risk and Compliance 5
    12. 12. Secure Messaging Solution Employee sends confidentia l data 1 Vontu detects incidents 2 Vontu tags email message 3 PGP automatica lly encrypts tagged messages 4 Report on Risk and Compliance 5
    13. 13. DLP Policy
    14. 14. Symantec DLP Components
    15. 15. Data Loss Prevention Data Insight The majority of your data exists as unstructured files located on file servers. Analysts predict the growth of unstructured data to continue at over 60% per year, and in many organizations it accounts for more than 80% of all data. •content-aware discovery to scan and find the data you have identified as sensitive. •identify who owns the Data. •You also need to discover file shares that suffer from overly permissive access rights and are therefore at risk of incursion. Data Insight giving you insight into usage patterns and access permissions[2]
    16. 16. Symantec DLP Overall
    17. 17. Symantec DLP Overall • Detection a) Described Content matching b) Finger printing a) Exact data matching b) Indexed document matching c) Vector machine learning • Group • Response a) Smart response b) Automatic Response
    18. 18. [1]
    19. 19. Smart Response
    20. 20. Detecting the unstructured data
    21. 21. Vector Machine Learning
    22. 22. Alternative Vendors (Considerations)
    23. 23. Druva inSync vs. Altiris/Symantec DLO [3]
    24. 24. Alternative Vendors (Comparison) Vendor Strengths Weaknesses Symantec Industry-leading network discovery and endpoint protection Supports localization in 16 languages Mature deployment methodology Most expensive enterprise license costs Admin Console is not localized (English only) Websense Robust on network discovery and endpoint protection Supports localization in multiple languages and already has global presence Subscription based or perpetual licensing Most appealing to current WebSense clients wishing to leverage existing products RSA(EMC) Robust on network discovery Providing a broad range of DLP inspection capabilities Document fingerprinting content-inspection capabilities. Weak on endpoint protection Limited localized detection and support
    25. 25. Trust but Verify - OWASP
    26. 26. DLP Market Analysis • Growth of IT based Healthcare Systems that's $10 billion in market growth in just five years. clinical information systems, hospital information systems, electronic medical records, picture archiving and communication systems • • • • Growth of Software development industry BOYD Banking & Online payment Systems – PCI DSS Government sector
    27. 27. Alternative Endpoint Device Growth 28%
    28. 28. Employees Access Sensitive Data from Mobile Devices like Tablets
    29. 29. Mobile Data Security Technologies and Their Limitations
    30. 30. Risk Assessment Scorecard Priority Data Severity of Loss Data at Rest Frequency HIPAA Patient Data High High Data in Motion Risk High 721 incidents Frequency High Very High High 256 incidents High 2178 incidents Very High Very High Medium 78 incidents 9 incidents Very High CA 1386 High Medium High Medium Medium 939 incidents 132 incidents High Research Very High High 10,178 incidents Very High Physician Referral Risk High High High 624 incidents 24 incidents High Severity x Frequency = Risk High
    31. 31. The Bigger Truth • The iPad has seen great success, but the tablet and mobile device revolution is just getting started. Since business managers see boundless potential, CISOs need to wrap their arms around risk management and security controls as soon as possible. Many security managers believe that DLP is the best logical first step as it not only offers data security, but also aligns with security policies and regulatory compliance requirements.
    32. 32. Questions?
    33. 33. References [1] Chapter 2 - The Concept of DLP - Monitoring and Blocking Confidential Data | Symantec Connect Community. 2013. Chapter 2 - The Concept of DLP - Monitoring and Blocking Confidential Data | Symantec Connect Community. [ONLIN Available at: [Accessed 28 June 2013]. [2] 2013. . [ONLINE] Available at: [Accessed 28 June 2013]. [3] Enterprise Endpoint Backup Protection & Availability Druva inSync. 2013.Enterprise Endpoint Backup Protection & Availability Druva inSync. [ONLINE] Available at: [Accessed 28 June 2013].