DATA LOSS PREVENTION OVERVIEW

CYBER SECURITY
DATA LOSS PREVENTION
OVERVIEW
VERSION: 1.3
DATE: 24/07/2019
AUTHOR: SYLVAIN MARTINEZ
REFERENCE: ES-IDLP
CLASSIFICATION: PUBLIC

2
• Cyber Security Risk
context;
• Data breach statistics;
• Data breach cost;
• DLP dependencies;
• Data protection
lifecycle;
• DLP definition;
• DLP Overview;
• Define DLP objectives;
• Define DLP scope;
• Define DLP policy;
• Overview;
• Technology
deployment;
• Policy setup;
• Data discovery and
classification;
• DLP monitoring and
tuning;
• DLP reporting and
protection;
CONTENTS
CONCLUSIONIMPLEMENTATIONPREPARATIONCONCEPTCONTEXT
• Core DLP benefits
• Take away to
remember
PUBLIC

CYBER SECURITY RISK CONTEXT
3
PAST FUTURE
100%
0%
TIME
GROWTH
PAST FUTURE
100%
0%
TIME
GROWTH
PAST FUTURE
100%
0%
TIME
GROWTH
CYBER SECURITY RISKS’ PROBABILITY AND IMPACT ARE INCREASING.
THEIR ABILITY TO DISRUPT COMPANIES BUSINESS OPERATION HAVE GROWING
FINANCIAL, REPUTATIONAL AND LEGAL NEGATIVE CONSEQUENCES
+ =
PUBLIC

DATA BREACH STATISTICS
4
EVERY DAY
6,313,865
RECORDS
EVERY HOUR
263,078
RECORDS
EVERY MINUTE
4,385
RECORDS
EVERY SECONDS
73
RECORDS
DATA RECORDS ARE LOST OR STOLEN AT THE FOLLOWING FREQUENCY
DATA RECORDS LOST OR STOLEN SINCE 2013
Source: Breach Level Index - May 2019
4 7 1 7 6 1 8 2 8 6, ,,1
PUBLIC

INCIDENT AND DATA BREACH COST
5
PUBLIC
80% FINANCIAL FRAUDS
ELYSIUMSECURITY
INVESTIGATIONS
MAURITIUS
2018-2019
20% RANSOMWARE
100% PHISHING
JAN 2018 - $0.5M
AUG 2018 - $2M
MAY 2019 - $1M
JULY 2019 - $0M
MAY 2018 - $1M
APR 2019 - $0.5M
JUNE 2019 - $0.5M
$3.86M AVERAGE COST PER DATA BREACH
$1.6M AVERAGE COST PER PHISHING ATTACK
95% OF ALL DATA BREACHES COME FROM PHISHING ATTACKS
24% OF ALL DATA BREACHES COME FROM HEALTHCARE ORGANISATIONS
197 DAYS AVERAGE INCIDENT DETECTION TIME
WORLDWIDE
STATISTICS
WORLDWIDE STATS FROM SAFEATLAST.CO AND RETRUSTER.COM – JUNE 2019

DLP DEPENDENCIES
6
ORGANIZATION RISK PROFILE
REVIEWED
DOCUMENTED
COMMUNICATED
1
DATA CLASSIFICATION
DEFINED
COMMUNICATED
ENFORCED
2
TYPE OF DATA TO PROTECT
IDENTIFIED
LOCATED
COMPATIBLE
3
PUBLIC

DATA PROTECTION LIFECYCLE
7
WHEN THE DATA IS
TRANSMITED
IN TRANSITAT REST IN USE
WHEN THE DATA IS
CREATED & CONSUMED
LOCAL DISK
FILE SERVER
CLOUD STORAGE
REMOVABLE MEDIA
…
DOCUMENT READ
DOCUMENT MODIFICATION
DOCUMENT DELETION
DATABASE QUERY
…
DATA SENT IN EMAIL
DATA SAVED TO CLOUD
DATA SENT TO SERVER
REMOVABLE MEDIA
…
WHERE THE DATA IS
STORED
PUBLIC

DLP DEFINITION
8
DATA LOSS PREVENTION (DLP) IS A SOLUTION TO MONITOR,
DETECT AND PREVENT POTENTIAL DATA LOSSES (BREACHES/EX-
FILTRATION) WHILST DATA IS IN USE, IN TRANSIT AND/OR AT REST.
PUBLIC

DLP OVERVIEW
9
DISCOVER MONITOR PROTECT
SUPPORT AND REPORT
DATA
HOST BASED
PROTECTION
APP BASED
PROTECTION
NETWORK BASED
PROTECTION
DLP SERVICE
DLP SOLUTION
PUBLIC

DEFINE DLP OBJECTIVES
10
WHY
DEFINE THE REASONS FOR
IMPLEMENTING DLP
THREATS, REGULATION, ETC
WHAT
DEFINE THE TYPE AND FORM OF DATA IN
SCOPE FOR DLP
CONTRACTS, PII, ETC.
DOCS, RAW DATA, ETC.
WHERE
DEFINE THE TYPE OF LOCATIONS IN
SCOPE FOR DLP
FILE SERVER, CLOUD,
APPLICATION, DB, ETC.
WHEN DEFINE THE TIME DLP WILL BE NEEDED
IMMEDIATELY AS DATA IS
CREATED, DURATION, ETC.
PUBLIC

DEFINE DLP SCOPE
11
DEFINE THE EXACT LOCATION OF DATA IN SCOPE
FOR DLP
FILE SERVER NAMES/IP, APP NAME,
CLOUD PROVIDER, ETC.
DEFINE THE INFRASTRUCTURE DIAGRAM IN SCOPE
FOR DLP
SYSTEM AND NETWORK DIAGRAMS
DEFINE THE DATA FLOW IN SCOPE FOR DLP
BUSINESS AND OPERATION LOGIC,
DATA FLOW DIAGRAMS, ETC.
PUBLIC

DEFINE DLP POLICY
12
DEFINE DATA CLASSIFICATION MAPPING
NOMENCLATURE,
KEYWORDS, ETC.
DEFINE THE DIFFERENT ROLES
OWNER, CUSTODIAN,
CONSUMER, ETC.
DEFINE THE DIFFERENT RESTRICTIONS REQUIRED
EXPORT/SAVE AS, PRINT, EDIT,
READ, COPY, ETC.
DEFINE THE ALERT AND REPORTING PROCESS
TEAM, PRIORITIES,
COMMUNICATION, ETC.
PUBLIC

OVERVIEW
13
TECHNICAL DEPLOYMENT
DISCOVERY &
CLASSIFICATION
ENFORCE DLP POLICY
MONITOR DLP EVENTS
REPORTING & TUNING
POLICY SETUP
BASIC
PARTIAL
FULL
DISCOVER MONITOR PROTECT
SUPPORT AND REPORT
DLP SERVICE
PUBLIC

TECHNOLOGY DEPLOYMENT
14
DATA
HOST BASED
PROTECTION
COVERAGE
FEATURE
OPERATIONAL IMPACT
NETWORK BASED
PROTECTION
EGRESS POINTS
VISIBILITY
OPERATIONAL IMPACT
APP BASED
PROTECTION
COMPATIBILITY
CONFLICT
VISIBILITY
PUBLIC
DLP IMPLEMENTATION

POLICY SETUP
15
LIMITED ALERTS GENERATED
LIMITED SCOPE, SOME DATA IDENTIFIED AND CLASSIFIED
NO RESTRICTION ENFORCED
BASIC
ALERTS GENERATED
MOST DATA IDENTIFIED AND CLASSIFIED
SOME RESTRICTIONS ENFORCED
PARTIAL
ALERTS GENERATED
ALL DATA IDENTIFIED AND CLASSIFIED
FULL RESTRICTIONS ENFORCED
FULL
PUBLIC
DLP IMPLEMENTATION

DATA DISCOVERY AND CLASSIFICATION
16
DISCOVERY CLASSIFICATION
BASIC
QUICK WINS
KEY EGRESS POINTS
KEY FILE SHARES
SOME DATA TYPES
CRITICAL DATA ONLY IN SCOPE
SIMPLE DETECTION (KEYWORDS)
REPORTING ONLY
PARTIAL
ALL EGRESS POINTS
SOME HOSTS/SERVERS
SOME APPS
MOST DATA TYPES
ALL DATA CLASSIFICATION IN SCOPE
COMPLEX DETECTION
AUTO LABELLING
FULL
ALL EGRESS POINTS
ALL HOSTS/SERVERS
ALL APPS
ALL DATA TYPES
ALL DATA CLASSIFICATION IN SCOPE
MACHINE LEARNING DETECTION
AUTO LABELLING ALL DATA
PUBLIC
DLP IMPLEMENTATION

DLP MONITORING AND TUNING
17
MONITORING TUNING
BASIC
DEFAULT DASHBOARD
LIMITED VISIBILITY
AD-HOC
LOT OF FALSE POSITIVES
AD-HOC
MANUAL
PARTIAL
CUSTOMISED DASHBAORD
IMPROVED VISIBILITY
REGULAR
SOME FALSE POSITIVES
REGULAR
MANUAL
FULL
FULLY CUSTOMISED DASHBOARD
FULL VISIBILITY
REGULAR
LIMITED FALSE POSITIVES
REGULAR
MANUAL AND AUTOMATED
PUBLIC
DLP IMPLEMENTATION

DLP REPORTING AND PROTECTION
18
REPORTING PROTECTION
BASIC
REACTIVE REPORTING
LIMITED REPORTING
AD-HOC REPORTING
MANUAL REPORTING
LIMITED VISIBILITY
LIMITED ALERTS
NO USER FEEDBACK
NO RESTRICTIONS
PARTIAL
SOME PRO-ACTIVE REPORTING
DETAILED REPORTING
REGULAR REPORTING
SOME AUTOMATED REPORTING
MOST DATA VISIBILITY
USEFUL ALERTS
SOME USER FEEDBACK
SOME RESTRICTIONS
FULL
PRO-ACTIVE REPORTING
COMPREHENSIVE REPORTING
REGULAR REPORTING
AUTOMATED REPORTING
FULL VISIBILITY
COMPREHENSIVE ALERTS
USER AND ADMIN FEEDBACK
RESTRICTIONS ENFORCED
PUBLIC
DLP IMPLEMENTATION

CORE DLP BENEFITS
19
VISIBILITY OF DATA
LOCATION/USAGE/SENSITIVITY
1
MONITORING AND ALERTING OF
DATA SUSPICIOUS ACTIVITIES
2
IMPROVED DATA PROTECTION3
PUBLIC

TAKE AWAY TO REMEMBER
20PUBLIC
DLP DEPENDENCIES1
IMPORTANCE OF DLP SCOPING2
IMPORTANCE OF DLP PREPARATION3
PROGRESSIVE IMPLEMENTATION4
CONTINUOUS IMPROVEMENT5

© 2015-2019 ELYSIUMSECURITY LTD
ALL RIGHTS RESERVED
HTTPS://WWW.ELYSIUMSECURITY.COM
CONSULTING@ELYSIUMSECURITY.COM
ABOUT ELYSIUMSECURITY LTD.
ELYSIUMSECURITY PROVIDES PRACTICAL EXPERTISE TO IDENTIFY
VULNERABILITIES, ASSESS THEIR RISKS AND IMPACT, REMEDIATE THOSE
RISKS, PREPARE AND RESPOND TO INCIDENTS AS WELL AS RAISE
SECURITY AWARENESS THROUGH AN ORGANIZATION.
ELYSIUMSECURITY PROVIDES HIGH LEVEL EXPERTISE GATHERED
THROUGH YEARS OF BEST PRACTICES EXPERIENCE IN LARGE
INTERNATIONAL COMPANIES ALLOWING US TO PROVIDE ADVICE BEST
SUITED TO YOUR BUSINESS OPERATIONAL MODEL AND PRIORITIES.
ELYSIUMSECURITY PROVIDES A PORTFOLIO OF STRATEGIC AND TACTICAL
SERVICES TO HELP COMPANIES PROTECT AND RESPOND AGAINST CYBER
SECURITY THREATS. WE DIFFERENTIATE OURSELVES BY OFFERING
DISCREET, TAILORED AND SPECIALIZED ENGAGEMENTS.
ELYSIUMSECURITY OPERATES IN MAURITIUS AND IN EUROPE,
A BOUTIQUE STYLE APPROACH MEANS WE CAN EASILY ADAPT TO YOUR
BUSINESS OPERATIONAL MODEL AND REQUIREMENTS TO PROVIDE A
PERSONALIZED SERVICE THAT FITS YOUR WORKING ENVIRONMENT.

DATA LOSS PREVENTION OVERVIEW

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to DATA LOSS PREVENTION OVERVIEW

Similar to DATA LOSS PREVENTION OVERVIEW (20)

More from Sylvain Martinez

More from Sylvain Martinez (20)

Recently uploaded

Recently uploaded (20)

DATA LOSS PREVENTION OVERVIEW