Be Aware Webinar Symantec
Maxímice su prevención hacia la fuga de la información
Nueva Versión Symantec DLP v 14.5
Únete a nuestra comunidad en Facebook y sigue nuestro calendario
Unblocking The Main Thread Solving ANRs and Frozen Frames
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la información
1. Be Aware Webinar # 50:
Maximice su Prevención Hacia la Fuga de Información
Nueva Versión Symantec DLP v14.5
Jairo Pantoja Moncayo
CISSP, CISM, CGEIT, CRISC, ABCP, ISO27001 LA, PCIP, AWSP, CobIT Found. Sec+
Senior SE, Symantec MCLAC Region
June 8, 2016
2. Safe Harbor Disclaimer
This information is about pre-release software. Any
unreleased update to the product or other planned
modification is subject to ongoing evaluation by Symantec
and therefore subject to change. This information is
provided without warranty of any kind, express or
implied. Customers who purchase Symantec products
should make their purchase decision based upon features
that are currently available.
2
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
6. Copyright 2016, Symantec CorporationInforme sobre las Amenazas a la Seguridad en Internet 2016 - Volumen 21
Fugas de Datos 2015
Reporte ISTR v.21
6
7. Copyright 2016, Symantec CorporationInforme sobre las Amenazas a la Seguridad en Internet 2016 - Volumen 21
232
93
552
348
429
0
100
200
300
400
500
600
2011 2012 2013 2014 2015
MILLONES
7
Total de Registros Expuestos, 2015
+23%
500
+30%
ESTIMADO
8. Copyright 2016, Symantec CorporationInforme sobre las Amenazas a la Seguridad en Internet 2016 - Volumen 21
Megafugas 2015
8
15. 2016 Gartner Magic Quadrant for Enterprise Data Loss Prevention:
9 Años líder indiscutible del Mercado
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger
research note and should be evaluated in the context of the entire report. The
Gartner report is available upon request from Symantec. Gartner does not
endorse any vendor, product or service depicted in our research publications,
and does not advise technology users to select only those vendors with the
highest ratings or other designation. Gartner research publications consist of the
opinions of Gartner's research organization and should not be construed as
statements of fact. Gartner disclaims all warranties, expressed or implied, with
respect to this research, including any warranties of merchantability or fitness for
a particular purpose
Source: Magic Quadrant for Enterprise Data Loss
Prevention, Brian Reed, Neil Wynne 28 January
2016, Gartner, Inc.
19. Tecnologías en la detección de archivos
Described
Content Matching
Indexed Document
Matching IDM
Vector Learning
Machine
DATOS DESCRITO
Datos No Indexables
Léxicos
Data identifiers
DATOS ESTRUCTURADOS
Datos de Clientes / Empleados
/ Personas
Partial row matching
Precisión casi perfecta
DATOS NO ESTRUCTURADOS
PROPIEDAD INTELECTUAL
Diseños / código fuente /
Finanzas
Derivative match
Precisión casi perfecta
300M+ docs por servidor 5M+ docs por servidor
Exact Data Matching
DATOS NO ESTRUCTURADOS
PROPIEDAD INTELECTUAL
Diseños / código fuente /
Finanzas
Derivative match
Precisión perfecta
21. DLP 14.5 Algunas Novedades
• Principales Características:
– Cloud Storage: Cuarentena de Incidentes en Box.
– Enforce Platform : Importar, Exportar y Clonar Políticas, Soporte de Red Hat Enterprise Linux 7.1,
correlacionamiento entre Incidentes en Network Prevent con un usuario final.
– Detection: Nueva tecnología de Detección: Reconocimiento de Formatos, nuevos data
identifiers.
– Endpoint: Monitoreo de operaciones en Box con Cloud Storage: Save As en documentos de
Office, Soporte en Windows 10 (HTTP and FTP aplicaciones de almacenamiento), Monitoreo
complete en Safari, Chrome y Firefox para endpointsMac, Monitoreo de Outlook 2011 en
endpointsMac, Monitoreo de carpetas compartidas en endpoints Mac, Clipboard (Paste) en
Mac, entre otras.
21
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
23. Resúmen y Casos de Uso
• Las organizaciones nos solicitan constantemente la necesidad de proteger información
que se encuentra diligenciada a mano en formatos pre-establecidos escaneados y que
en su mayoría, contiene Información de Datos Personales.
x ej: Formatos de regístros de visitas, registros médicos, encuestas, bitácoras…
• Nueva Tecnología de reconocimiento de imágenes.
• Se pueden habilitar todas las capacidades de detección y prevención de DLP.
23
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
24. Ejemplo
The algorithm looks
for “key-points” or
“regions” and
analyses the images
being detected
against those
previously indexed.
It is not based on
Optical Character
Recognition.
24
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
26. Capacidades Adicionales en los Incidentes
Filled sections are highlighted.
Confidence and Fill Score results.
Additional improvements have
been made in XML Export, Web
Archive and to the Reporting and
Update API.
26
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Controls to Zoom and Rotate the
image.
30. Nuevos Identificadores de Datos Disponibles
International Securities Identification Number (ISIN)
Mobile Identity Numbers - IMEI Number
Japanese My Number – Corporate
Japanese My Number - Personal
Australian Company Number Mexico CLABE Number
Australian Passport Number New Zealand Ministry of Health Number (NHI)
Australian Tax File Number South Korea Resident Registration Number
Colombian Addresses Spanish DNI ID
Colombian Cell Phone Number Ley 1581 Datos
Personales
Turkey Citizenship Number / Turkish Identification Number
Colombian Personal Identification Number Ley 1581 Drug Enforcement Agency (DEA) Number
Colombian Tax Identification Number Ley 1581 National Provider Identifier (NPI)
Finland National ID Number Washington State Driver’s License Number
30
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
32. Resúmen y Casos de Uso
• Exportar, Importar y clonar políticas
• Dentro del mismo Enforce Server o entre diferentes Consolas Enforce
– Estrategias de Recuperación ante desastres
– Minimizar la administración
– Asistencia en la resolución de problemas disponible
Symantec DLP 14.5 Differences Training: Storage, Platform and Reporting
32
33. Nuevas Opciones disponibles en la GUI
Policies are imported
one at a time.
All the existent policies can be exported. XML files are contained in a Zip file
[ENFORCEHOSTNAME]-policies-DATE-TIME.ZIP.
Policies can be exported individually as an XML file
[ENFORCEHOSTNAME]-[POLICYNAME]-DATE-TIME.XML.
Symantec DLP 14.5 Differences Training: Storage, Platform and Reporting
33
35. Overview
• Cloud Sync was first introduced in DLP 14.
• Improvements and new features (for Box ®)
– Identity aware protection, allowing organizations to use cloud applications through Enterprise
accounts.
– Prevent upload of corporate sensitive information to personal Box account through Sync and Office
clients by applying detection policies.
– Identity based ignore filtering is applicable to Box only and not for other cloud storage applications.
35
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
36. Requirements and Prerequisites
• Below applications should be installed on endpoint
– Box Sync.
– MS office.
– Box for Office Add-in.
• Supported Versions of Office
– Office 2016 (x86, x64).
– Office 2013 (x86, x64).
– Office 2010 (x86, x64).
36
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
37. Configuración
Enable Cloud Storage channel
under Configured Applications.
Accounts or domains whose
content will be ignored by DLP
Agent for Box operations.
37
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
38. Ejemplo Prevención de Fuga - Excel
When the user clicks on
Share, this windows is
displayed before
triggering the upload
operation. Quarantine location.
Box for Office ribbon.
38
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
39. Ejemplo Prevención de Fuga Office
Corporate accounts or domains
can be excluded from detection
at Agent Configuration level.
Box for Office user logged with
an enterprise account.
39
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
40. Ejemplo Prevención de Fuga - Outlook
40
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
45. Resúmen
• Mejoras Disponibles en DLP v14.5
– New Form Recognition detection technology.
– IDMv3 improving index and detection performance and extending support to Endpoint (Windows
and Mac).
– New detection rule to protect email based on the number and size of attachments.
– Endpoint Cloud Sync identity-based usability and protection.
– New international data identifiers.
– Out-of-the-Box quarantine response rule for Cloud Storage.
– New Policy Export and Import process.
– Improved IP Address to Username resolution configuration.
– Red Hat Enterprise Linux 7.1 and 7.2 support.
45
Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting