This document discusses Enterprise Data Loss Prevention solutions from GTB. It provides examples of sample customers ranging from large companies like Apple with 60,000 users to smaller credit unions. The core components of GTB's DLP solution include a content-aware reverse firewall, endpoint device control and eDiscovery tools. Deployment options include an out-of-line "Inspector" appliance or virtual machine image that can integrate with mail servers and scan all network traffic including HTTPS using various techniques.
DATA LOSS PREVENTION ENSURES CRITICAL INFORMATION ARE KEPT SAFELY AT THE CORPORATE NETWORK AND HELPS ADMINISTRATOR CONTROL THE DATA WHAT
END-USERS WISH TO TRANSFER.
DATA LOSS PREVENTION ENSURES CRITICAL INFORMATION ARE KEPT SAFELY AT THE CORPORATE NETWORK AND HELPS ADMINISTRATOR CONTROL THE DATA WHAT
END-USERS WISH TO TRANSFER.
Data Leakage is an important concern for the business organizations in this increasingly networked world these days. Unauthorized disclosure may have serious consequences for an organization in both long term and short term. Risks include losing clients and stakeholder confidence, tarnishing of brand image, landing in unwanted lawsuits, and overall losing goodwill and market share in the industry.
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
DLP is a technology that detects potential data breach incidents in timely manner and prevents them by monitoring data in-use (endpoints), in-motion (network traffic), and at-rest (data storage). It has been driven by regulatory compliances and intellectual property protection. This talk will introduce DLP models that describe the capabilities and scope that a DLP system should cover. A few system categories will be discussed accordingly with high-level system architecture. DLP is an interesting technology in that it provides advanced content inspection techniques. As such, a few content inspection techniques will be proposed and investigated in rigorous terms.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
DLP (Data Loss Protection) is NOT dead, but needs to be revisited in the context of new methodologies and threats. Here are some practical steps to improve your cybersecurity awareness and response to data loss.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
Secure your network - Segmentation and segregationMagnus Jansson
The defense in depth value of segmenting your network into different security zones is widely recognized and should be a part of every company’s security strategy. A properly segmented network will reduce the attack surface, limit an attacker’s potential to move laterally in the network, and strongly limiting the potential damage of a cyber-attack. However, segmenting your network is a major project and will change how you are managing your network.
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
SplunkLive is a global series of events showcasing Splunk customer success. These events also feature an afternoon technical workshop.
The advanced session assumes:
• You have developed advanced searches with Splunk to manipulate and present data
• You have mastered sourcetyping and extracting fields
• You have built reports beyond | timechart count
• You have created dashboards of some kind
• You have bookmarked http://www.splunk.com/base/Documentation
• You have seen all of the Splunk Ninja videos
For more, see www.splunk.com
Next Generation of Data Leakage & Loss Prevention Technologies.
GTB Technologies provides products for data loss prevention in corporate networks and endpoints, in motion and at rest. Its flagship product, the GTB Inspector is a winner of multiple awards and rave reviews in the press .
alon@gttb.com
Data Leakage is an important concern for the business organizations in this increasingly networked world these days. Unauthorized disclosure may have serious consequences for an organization in both long term and short term. Risks include losing clients and stakeholder confidence, tarnishing of brand image, landing in unwanted lawsuits, and overall losing goodwill and market share in the industry.
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
DLP is a technology that detects potential data breach incidents in timely manner and prevents them by monitoring data in-use (endpoints), in-motion (network traffic), and at-rest (data storage). It has been driven by regulatory compliances and intellectual property protection. This talk will introduce DLP models that describe the capabilities and scope that a DLP system should cover. A few system categories will be discussed accordingly with high-level system architecture. DLP is an interesting technology in that it provides advanced content inspection techniques. As such, a few content inspection techniques will be proposed and investigated in rigorous terms.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
DLP (Data Loss Protection) is NOT dead, but needs to be revisited in the context of new methodologies and threats. Here are some practical steps to improve your cybersecurity awareness and response to data loss.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
Secure your network - Segmentation and segregationMagnus Jansson
The defense in depth value of segmenting your network into different security zones is widely recognized and should be a part of every company’s security strategy. A properly segmented network will reduce the attack surface, limit an attacker’s potential to move laterally in the network, and strongly limiting the potential damage of a cyber-attack. However, segmenting your network is a major project and will change how you are managing your network.
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
SplunkLive is a global series of events showcasing Splunk customer success. These events also feature an afternoon technical workshop.
The advanced session assumes:
• You have developed advanced searches with Splunk to manipulate and present data
• You have mastered sourcetyping and extracting fields
• You have built reports beyond | timechart count
• You have created dashboards of some kind
• You have bookmarked http://www.splunk.com/base/Documentation
• You have seen all of the Splunk Ninja videos
For more, see www.splunk.com
Next Generation of Data Leakage & Loss Prevention Technologies.
GTB Technologies provides products for data loss prevention in corporate networks and endpoints, in motion and at rest. Its flagship product, the GTB Inspector is a winner of multiple awards and rave reviews in the press .
alon@gttb.com
This Presentation addresses the following questions:
Who we are?
What is DLP?
Why say we are next generation?
Enterprise configuration?
How to prevent your data loss?
Dudi Matot - CEO at Seculert spoke at AGC 2013 in San Francisco about how security vendors are still trying to sell the old 90s technology,
and are looking under the flashlight instead of using the new technologies that help us to better find advanced persistent threats.
Using Hard Disk Encryption and Novell SecureLoginNovell
Laptop theft is one of the most common crimes in industrial countries. Therefore, the demand for laptop security and the need to protect confidential data on hard disks is increasing. Several products on the market address this issue by offering hard disk encryption combined with login security. This session will show how these solutions can be integrated into a Novell environment.
A typical scenario might look like the following: The digital certificates used for encryption are generated in Novell eDirectory; the certificates are used with smartcards, which are also managed in eDirectory. The configuration of the hard disk encryption solution is deployed to clients with Novell ZENworks (no user interaction is necessary during installation and configuration). The hard disk encryption registration is combined with Novell SecureLogin, which results in a single sign-on.
This session will describe in detail what the configuration of hard disk encryption in such a scenario looks like, and will feature a live demonstration. The presenters are independent consultants with no interest in marketing a particular hard disk encryption solution.
These days the SAML standard is well known and widely deployed, most
often with a minimal standard set of interoperable SSO features. This
session will explore lessons learned from implementing SAML beyond the
ordinary, based on first-hand experience from working on a handful of
SAML products, architecting 100s of SAML deployments and setting up
1000s of connections. We will take a look at non-standard features,
exotic deployments, and custom implementations of SAML and how to avoid
some of the common and less common pitfalls. Topics include:
- the worst mistakes found in SAML implementations & deployments
- advanced SAML features and how they apply in real life
- how to deal with thousands of SAML connections
- a peek in to the future and evolution of SAML
Slides of a talk given to the Seattle Chapter of the Cloud Security Alliance. Looks briefly at Architectures, Sources of Log Data, and behavioral signatures in the data and issues and observations around using Big Data products for security.
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
The ForgeRock Identity Platform and Edge security solution can turn any IoT device into a secure, trusted active subject enrolled and on-boarded from a hardware based root of trust to become an autonomous entity in your business relationship eco system represented by a digital twin.
2. Sample Customers
Apple, Inc. 60,000 users
American Greetings 8,000 users
Bureau of Indian Affairs (US
7,500 users
Government DOI)
Citgo Oil Company 4,500 users
ESL Federal Credit Union 1,200 users
SAFE Credit Union 750 users
San Mateo Credit Union 650 users
GTB DLP Suite-Confidential Slide 2
3. What the analysts say:
Copyright 2010 GTB DLP Suite-Confidential Slide 3
4. GTB Patent Pending
1. DLP and DLD for inspecting all outbound content and
comparing it to stored data
2. DLP and DLD for inspecting all outbound content using
search index of confidential data
3. DLP and DLD for inspecting all outbound content
using multiple fingerprints of confidential data
Copyright 2010 GTB DLP Suite-Confidential Slide 4
5. The GTB DLP Components
Cloud Enabled – Any VM
GTB Inspector GTB Endpoint DLP eDiscovery
Reverse Firewall Device Control Search & Classification
• Scans all outbound • Discovers devices • Scan Desktops
traffic • Protects devices • Scans file shares
• Highest accuracy • Audits devices • Reports on
• Able to block • Controls devices vulnerable files
without a proxy • Content-Aware • Enforces IRM
server • Automatic batch
• File format • Monitors shares
agnostic and PC’s
Supports all languages
Centralized policy, reporting and workflow
Copyright 2010 GTB DLP Suite-Confidential Slide 5
6. In the Development Pipeline
• Protection for sites such as: https://use.cloudshare.com
• Mobile devices DLP
• Network traffic analysis/protection
• Network Recorder
• Detection of additional encrypted content and protocols
• IPv6 support
• IDS/IPS + Virus, SPAM and Malware protection
Copyright 2010 GTB DLP Suite-Confidential Slide 6
7. DLP answers 4 questions:
1. Where is my 2. Who is sending 3. What data is 4. Who is receiving
data? my data? being sent? my data?
• Desktops • Insiders • PII • IP address
• Laptops • Intruders • PHI • Email destination
• File shares • Spyware/Viruses • Source Code • Geographic
• SharePoint • IP location
Copyright 2010 GTB DLP Suite-Confidential Slide 7
8. The 8 use-cases for Network DLP
1. Control a broken 2. Demonstrate 3. Automate Email 4. Detect or Block
business process Compliance Encryption encrypted content
•Who is sending, what •I have no way of •How do I automate •Should I allow
data and to whom? enforcing data loss encrypting emails encrypted data to
compliance regulation which require it? leave without
content inspection?
7. Detect/Block TCP 8. Employees’
5. Severity Blocking 6. Visibility to SSL
from non-trusted users Education
•Some breaches are so •I have no visibility to •How do I detect •My employees are
severe that I prefer to SSL in general and transmissions from not complying with
altogether block HTTPS in particular! non-trusted users the Written
them! (Malware/Viruses/Troj Information Security
ans) Policy (WISP)
Copyright 2010 GTB DLP Suite-Confidential Slide 8
9. What data must be protected?
Personal identifiable information (PII)
• Credit card number
• Social security number
• Customer name
• Address
• Telephone number
• Account number/Member number
• PIN or password
• Username & password
• Drivers license number
• Date of birth
Copyright 2010 GTB DLP Suite-Confidential Slide 9
11. Network DLP configuration - OOL
•Log
Enforcement •Encrypt
Actions •Quarantine
•Severity Block
•Redact
Mirror/SPAN port
The GTB Inspector is an
appliance that can be deployed
in Bridge / Out of Line through
a SPAN/Mirror port and is
available as a VM image as well.
Scans all TCP channels on all 65,535 ports
Copyright 2010 GTB DLP Suite-Confidential Slide 11
15. Fingerprint Detection Engine –Structured Data
The most accurate detection engine in the DLP space
Feature Benefit
Can fingerprint any database Highest flexibility
Multi-field detection No false positives
Automatic fingerprints refresh Easy maintenance and operation
Automatically deletes fingerprints that are no longer
Options for time-based sensitive content
sensitive
Supports user-defined fields Protects your direct business data
Fingerprints 1 million fields in 10 minutes Very high performance
Copyright 2010 GTB DLP Suite-Confidential Slide 15
17. Fingerprint Detection Engine – Unstructured Data
The most accurate detection engine in the DLP space
Feature Benefit
Multiple data stream fingerprints using
Allows for partial file match
proprietary algorithm
Options for binary or text detection Detects images inside files
Options for excluded content Detects sensitive data only
Automatically deletes fingerprints that are no longer
Options for time-based sensitive content
sensitive
User defined sensitivity (in bytes) Highest possible control on what is detected
Virtual zero false positive rate Highest accuracy
Multi-language support Files in any language can be protected
Copyright 2010 GTB DLP Suite-Confidential Slide 17
18. Data Patterns Detection
• Extended REGEX templates out of the box
• Patterns defined through REGEX in PHP
• Lexicons support
• User defined severity level per pattern rule
• Multi field weights and occurrences
• Support for all languages
Copyright 2010 GTB DLP Suite-Confidential Slide 18
19. Deployment requirements
Inspector Endpoint eDiscovery
• 40 GB HD • Windows Server • Runs on any
• VMware Server • Runs on any windows OS
• 4GB RAM windows OS
The GTB Inspector is also available as an appliance
www.gttb.com
Copyright 2010 GTB DLP Suite-Confidential Slide 19