Data Loss Prevention

Data Loss Prevention: Protecting Your
Information and Reputation
April 2016
Reza Kopaee, Frank Coburn, Omid Esfandiari - RiskView
Neil Greenberg – Bell Canada

Agenda
Data Loss Prevention Presentation
• Introduction
• RiskView - Threatview
• Conceptual Understanding
• Technical Demo
• Bell Case Study
Suite 281, 3044 Bloor
Street West, Toronto, On,
M8X 2Y8

Trends, News and What’s at Stake
64% of data
loss caused by
well-meaning
insiders
50% of
employees
leave with
data
$3.5 million
average cost
of a breach
Legal and
compliance
penalties
A corporate
black eye

Well-meaning Insiders Malicious Insiders Malicious Outsiders
The Faces of Data Loss Prevention
It’s about people.

Symantec Solutions Protect What’s Important
Customer Information Company Information
Financials
SSNs and
Government IDs
Medical Records
Credit Card Info
HR Records
Internal Auditing
M&A and Strategy
Intellectual
Property

You need more than technology.
A Non-Transparent Solution
Where is my
confidential data?
DISCOVER
How is it
being used?
MONITOR
How do I
prevent loss and theft?
PROTECT

How Data Loss Prevention Works
DATA LOSS POLICY
Content
Credit Cards
SSNs
Intellectual
Property
Context
Who?
What?
Where?
Action
Notify
Justify
Encrypt
Prevent
Notification
User
Manager
Security
Escalate
RESPONSEDETECTION
Find it. Fix it.

DLP is About People
Action
Detection and
Response
Problem
Betty attempts to
email confidential
employee data
without knowing it
DLP Response
Network: DLP inspects
content and context
for policy match as
email leaves server
Endpoint: DLP
inspects the mail
when user hits “send”
Network: Monitor,
notify user, encrypt or
block
Endpoint: Display pop-
up, justify, block
email, remove content
Result
Help users understand
and justify risk
transparently
Block or encrypt data
in some cases
Betty G. Well Meaning Insider
Asst. HR Manager | Midwestern Insurance Company
SITUATION: Sending sensitive data over email
Symantec Advantage
Detection High-performance
Off Network Coverage Flexible Response

DLP is About People
Sanjay V. Well Meaning Insider
Assistant Controller | Manufacturing Company
SITUATION: Copying sensitive data to removable storage devices
ActionProblem
Sanjay copies pre-
released financial data
to removable media
DLP Response
Endpoint agent
analyzes content
based on policies
Monitor, record or
notify
Automatically encrypt
files using SEE
Result
Automatically encrypt
content
Higher visibility into
where data is going
Change users’
behavior
Symantec Advantage
Lightweight agent Trusted devices
Group based policies Automatic encryption
Detection and
Response

DLP is About People
ActionProblem
Charles inadvertently
stores source code on
an unprotected share
DLP Response
Network Discover
scan finds the exposed
source code, Data
Insight IDs Charles as
the file owner
Network Protect can:
• Notify Charles
• Encrypt the data
• Move the file
• Apply rights
management
policies
Result
Secure your most
sensitive assets – keep
the malicious outsider
from finding them
Charles N. Well Meaning Insider
Software Developer | Investment Banking Firm
SITUATION: Discovering data “spills” and cleaning them up
Detection and
Response
Symantec Advantage
Broad scan coverage Data owner ID
Encryption Data owner remediation

DLP is About People
ActionProblem
Unhappy or departing
employees copy or
share sensitive data
via email or
removable storage
DLP Response
DLP monitors desktop
and network activity
Notify (warn) the user
of their actions
Inform manager,
security and/or HR
Stop the transmission
or copy
Result
Information assets
don’t leave with the
employee
People know they are
being monitored
Mimi L. Malicious Insider
Soon-to-be-former Account Executive | Staffing Firm
SITUATION: Attempting to copy customer records and resumes
Detection and
Response
Symantec Advantage
Continuous coverage on PCs Custom pop-ups
Incident escalation Content removal

Products – Architecture
Symantec Data Loss
Prevention Solution

Symantec Data Loss Prevention Scope
Office 365
iOS
Android
Email
Web
FTP
IM
USB
Hard Drives
Removable Storage
Network Shares
Print/Fax
Cloud & Web Apps
File Servers
Exchange, Lotus
SharePoint
Databases
Web Servers
Unified
Management

Symantec Data Loss Prevention Products
MANAGEMENT AND REPORTING
Symantec Data Loss Prevention Enforce Platform & IT Analytics
NETWORK ENDPOINT STORAGE CLOUD & MOBILE
Network Monitor
Network Prevent
for Email
Network Prevent
for Web
Endpoint Discover
Endpoint Prevent
Network Discover
Data Insight
Data Insight Self-
Service Portal
Network Protect
Cloud Prevent for
Office 365
Mobile Email
Monitor
Mobile Prevent

Symantec Data Loss Prevention Architecture
DMZCorporate LAN
Network Discover - Data Insight -
Network Protect
Enforce - IT Analytics
Endpoint Discover - Endpoint Prevent
SPAN Port or Tap
MTA or Proxy
STORAGE
MANAGEMENT
ENDPOINT
Network Monitor - Network Prevent -
Mobile Monitor - Mobile Prevent
INTERNET
Cloud Prevent for Office 365
NETWORK &
MOBILE
CLOUD

Accuracy – Workflow – Remediation
The Symantec Advantage

Symantec Advantage: Highest Detection Accuracy
Described
Content Matching
Indexed Document
Matching
Vector Machine
Learning
Exact Data
Matching
DESCRIBED DATA
Non-indexable data
Lexicons
Data Identifiers
STRUCTURED DATA
CUSTOMER DATA
Customer / Employee
Pricing
Partial row matching
Near perfect accuracy
UNSTRUCTURED DATA
IP
Designs / Source /
Financials
Derivative match
Near perfect accuracy
UNSTRUCTURED DATA
IP
Designs / Source /
Financials
Derivative match
Very High Accuracy

Symantec Advantage: Sophisticated Workflow
90% of DLP is Incident Response
Right Automation Resolution, Enforcement, Notification
Right Person Route Incidents to Right Responder
Right Order High Severity of Incidents First
Right Information 5-Second Test
Right Action 1-Click Response
Right Metrics Prove Results to Execs and Auditors

Symantec Advantage: Data Insight
Competitive
Trap

Symantec Advantage: Zero-Day Content Detection
Competitive
Trap

TRAINING

TRAINING PROFILE

Symantec Data Loss Prevention First Meeting
TRAINING POLICYPROFILE

TRAINING PROFILE POLICY
RE-TRAINING

Methodology – Technology Leadership
Why Symantec DLP?

Symantec Data Loss Prevention Methodology
Competitive
Trap
1000
800
600
400
200
0
Risk Reduction Over Time
IncidentsPerWeek
Visibility
Remediation
Notification
Prevention

Why Symantec?
8 Consecutive Years of
Technology Leadership
Used by over half of
the Fortune 100
The Global Market
Leader in DLP

Appendix:
Market & Technology
Leadership

Evolution of the DLP Market
20132010
2006 2008 20092007
20142011

Symantec is the only 8-time Leader in the Gartner
Magic Quadrant for Data Loss Prevention
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger
research note and should be evaluated in the context of the entire report. The
Gartner report is available upon request from Symantec. Gartner does not
endorse any vendor, product or service depicted in our research publications, and
does not advise technology users to select only those vendors with the highest
ratings. Gartner research publications consist of the opinions of Gartner's
research organization and should not be construed as statements of fact. Gartner
disclaims all warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a particular purposed
Source: Gartner, Inc., Magic Quadrant for Content-
Aware Data Loss Prevention, Brian Reed, Neil
Wynne

The Market Leader in Data Loss Prevention
Greater than next three competitors combined
Symantec
34.7%
McAfee
15.7%
Websense
9.4%
CA
7.2%
RSA
7.1%
Others
25.9%
Source: Worldwide Data Loss Prevention 2014 – 2018 Forecast And 2013 Vendor Shares, IDC, November 2014

Appendix:
What’s New in Data Loss
Prevention

What’s New in Data Loss Prevention 14
Unified
ManagementGreater Control, Simpler Management
Office 365
iOS
Android
Email
Web
FTP
IM
USB
Hard Drives
Removable Storage
Network Shares
Print/Fax
Cloud & Web Apps
File Servers
Exchange, Lotus
SharePoint
Databases
Web Servers

Greater Control, Simpler Management
14.0
Endpoint Agent for Mac OS
Enhanced endpoint scalability
Dynamic agent groups
Enhanced agent health status reporting
Expanded endpoint event coverage
Cloud Prevent for Microsoft Office 365
OWA & Outlook.com
Hyperlinks in pop-ups
Windows 8/8.1
Office 2013
Natural Language Processing for
Chinese, Japanese, Korean
HIPAA and Caldicott policy
template updates
Remote Desktop Protocol
(RDP) support
Data Insight Self-Service Portal
Multi-token Exact Data
Matching
Hyper-V & VMware View
Mobile email monitoring for
Android and iOS
Reusable policy rules
Endpoint Indexed Document
Matching
Randomized SSN Data
Identifier
Network monitoring for IPv6
Single-Server Installation

Data Loss Prevention

More Related Content

What's hot

Viewers also liked

Similar to Data Loss Prevention

Recently uploaded

Data Loss Prevention