This Presentation addresses the following questions:
Who we are?
What is DLP?
Why say we are next generation?
Enterprise configuration?
How to prevent your data loss?
Data Processing - data privacy and sensitive dataOpenAIRE
Data Processing - data privacy and sensitive data- Elli Papadopoulou (Librarian at Athena R.C. / OpenAIRE NOAD for Greece)
Presented : at OpenAIRE - EOSC-hub webinar “Data Privacy and Sensitive Data Services” https://www.openaire.eu/item/openaire-eosc-hub-webinar-data-privacy-and-sensitive-data-services https://www.openaire.eu/item/openaire-eosc-hub-webinar-data-privacy-and-sensitive-data-services
This Presentation addresses the following questions:
Who we are?
What is DLP?
Why say we are next generation?
Enterprise configuration?
How to prevent your data loss?
Data Processing - data privacy and sensitive dataOpenAIRE
Data Processing - data privacy and sensitive data- Elli Papadopoulou (Librarian at Athena R.C. / OpenAIRE NOAD for Greece)
Presented : at OpenAIRE - EOSC-hub webinar “Data Privacy and Sensitive Data Services” https://www.openaire.eu/item/openaire-eosc-hub-webinar-data-privacy-and-sensitive-data-services https://www.openaire.eu/item/openaire-eosc-hub-webinar-data-privacy-and-sensitive-data-services
When money is the at the top of the mind of cybercriminals, where do they turn their heads to? The Banking Sector. With countless operations including Wealth Management, Trading, and Revenue Management, Investor Accounting, it is no light matter when we say that cybersecurity threats keep banks up at night. With data breaches rampantly hitting all types of organizations across the world, the banking sector, for obvious reasons, stays under a constant and increased pressure for safekeeping of their customer's data and more importantly, their money.
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
From ATT&CKcon 4.0
By Andrew Northern, Proofpoint and Michael August Raggi, Google
"Join us for an enthralling exploration of Defense Evasion (TA0005) within the captivating realm of Hyrule. Prepare to immerse yourself in the intriguing history of shortcut (.lnk) abuse and its associated procedures, as we unveil and demonstrate an innovative and previously undisclosed sub-technique (proposed) of T1027 (Obfuscated Files or Information).
During this talk, we will go beyond theory and share real-world insights. Discover firsthand how publicly attributed APT actors have leveraged this new sub-technique in their attacks against government entities. Through captivating stories and in-depth observations, we will shed light on the techniques and procedures employed by these adversaries.
Levity and entertainment will be courtesy of timely and relevant bespoke Legend of Zelda memes playing upon the concept of the ""master hand ability"" gluing together bizarre elements to create surprisingly effective weapons, a concept that runs parallel to the discussion of abusing known Windows file types in unconventional ways.
Join us as we embark on this fascinating journey filled with knowledge, entertainment, and a touch of Legend of Zelda magic!"
When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
Next Generation of Data Leakage & Loss Prevention Technologies.
GTB Technologies provides products for data loss prevention in corporate networks and endpoints, in motion and at rest. Its flagship product, the GTB Inspector is a winner of multiple awards and rave reviews in the press .
alon@gttb.com
When money is the at the top of the mind of cybercriminals, where do they turn their heads to? The Banking Sector. With countless operations including Wealth Management, Trading, and Revenue Management, Investor Accounting, it is no light matter when we say that cybersecurity threats keep banks up at night. With data breaches rampantly hitting all types of organizations across the world, the banking sector, for obvious reasons, stays under a constant and increased pressure for safekeeping of their customer's data and more importantly, their money.
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
From ATT&CKcon 4.0
By Andrew Northern, Proofpoint and Michael August Raggi, Google
"Join us for an enthralling exploration of Defense Evasion (TA0005) within the captivating realm of Hyrule. Prepare to immerse yourself in the intriguing history of shortcut (.lnk) abuse and its associated procedures, as we unveil and demonstrate an innovative and previously undisclosed sub-technique (proposed) of T1027 (Obfuscated Files or Information).
During this talk, we will go beyond theory and share real-world insights. Discover firsthand how publicly attributed APT actors have leveraged this new sub-technique in their attacks against government entities. Through captivating stories and in-depth observations, we will shed light on the techniques and procedures employed by these adversaries.
Levity and entertainment will be courtesy of timely and relevant bespoke Legend of Zelda memes playing upon the concept of the ""master hand ability"" gluing together bizarre elements to create surprisingly effective weapons, a concept that runs parallel to the discussion of abusing known Windows file types in unconventional ways.
Join us as we embark on this fascinating journey filled with knowledge, entertainment, and a touch of Legend of Zelda magic!"
When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
Next Generation of Data Leakage & Loss Prevention Technologies.
GTB Technologies provides products for data loss prevention in corporate networks and endpoints, in motion and at rest. Its flagship product, the GTB Inspector is a winner of multiple awards and rave reviews in the press .
alon@gttb.com
Dudi Matot - CEO at Seculert spoke at AGC 2013 in San Francisco about how security vendors are still trying to sell the old 90s technology,
and are looking under the flashlight instead of using the new technologies that help us to better find advanced persistent threats.
Using Hard Disk Encryption and Novell SecureLoginNovell
Laptop theft is one of the most common crimes in industrial countries. Therefore, the demand for laptop security and the need to protect confidential data on hard disks is increasing. Several products on the market address this issue by offering hard disk encryption combined with login security. This session will show how these solutions can be integrated into a Novell environment.
A typical scenario might look like the following: The digital certificates used for encryption are generated in Novell eDirectory; the certificates are used with smartcards, which are also managed in eDirectory. The configuration of the hard disk encryption solution is deployed to clients with Novell ZENworks (no user interaction is necessary during installation and configuration). The hard disk encryption registration is combined with Novell SecureLogin, which results in a single sign-on.
This session will describe in detail what the configuration of hard disk encryption in such a scenario looks like, and will feature a live demonstration. The presenters are independent consultants with no interest in marketing a particular hard disk encryption solution.
These days the SAML standard is well known and widely deployed, most
often with a minimal standard set of interoperable SSO features. This
session will explore lessons learned from implementing SAML beyond the
ordinary, based on first-hand experience from working on a handful of
SAML products, architecting 100s of SAML deployments and setting up
1000s of connections. We will take a look at non-standard features,
exotic deployments, and custom implementations of SAML and how to avoid
some of the common and less common pitfalls. Topics include:
- the worst mistakes found in SAML implementations & deployments
- advanced SAML features and how they apply in real life
- how to deal with thousands of SAML connections
- a peek in to the future and evolution of SAML
apidays LIVE London 2021 - Securing PII at runtime by Rob Dickinson, Resurfac...apidays
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
API Security
Managing API privacy and compliance at the source: Securing PII at runtime
Rob Dickinson, CTO & Co-founder of Resurface Labs Inc
Slides of a talk given to the Seattle Chapter of the Cloud Security Alliance. Looks briefly at Architectures, Sources of Log Data, and behavioral signatures in the data and issues and observations around using Big Data products for security.
The slides from thecontinuing part of Pistoia Alliance's drive to improve education and communication around new technologies to life science professionals, this webinar explored how blockchain/DLT and IoT could come together to add even more trust to the GxP domain. If you want to know more about how these new technologies could help enhance GxP compliance, then this webinar will give you much food for thought.
2. Sample Customers
Apple, Inc. 60,000 users
American Greetings 18,000 users
Bureau of Indian Affairs (US
7,500 users
Government DOI)
Citgo Oil Company 4,500 users
ESL Federal Credit Union 1,200 users
SAFE Credit Union 750 users
San Mateo Credit Union 650 users
GTB DLP Suite-Confidential Slide 2
3. What the analysts say:
Frost & Sullivan believes that GTB is on track to becoming
the dominant provider of DLP/ILP solutions in the financial
market. World dlp research September 2008
When using fingerprinted data, the catch rate is 100%. If you
have sensitive data on your enterprise you need this
device… you will sleep much better knowing your data is
protected. SC Magazine 2007
Copyright 2010 GTB DLP Suite-Confidential Slide 3
4. The GTB DLP Components
Cloud Enabled – Any VM
GTB Inspector GTB Endpoint DLP eDiscovery
Reverse Firewall
• Scans all • Discover devices • Scan Desktops
outbound traffic • Protect devices • Scans file shares
• Highest • Audit devices • Reports on
accuracy • Control devices vulnerable files
• Able to block • Content-Aware • Automatic batch
without a proxy • Monitors shares
server and PC’s
• File format
agnostic
Supports all languages
Centralized policy, reporting and workflow
Copyright 2010 GTB DLP Suite-Confidential Slide 4
5. In the Development Pipeline
• Protection for sites such as: https://use.cloudshare.com
• Mobile devices DLP
• Network traffic analysis/protection
• Network Recorder
• Detection of additional encrypted content and protocols
• IDS/IPS + Virus, SPAM and Malware protection
Copyright 2010 GTB DLP Suite-Confidential Slide 5
6. DLP answers three questions:
1. Who is sending 2. What data is 3. Who is receiving
my data? being sent? my data?
• Insiders • PII • IP address
• Intruders • PHI • Email destination
• Spyware/Viruses • Source Code • Geographic
• IP location
Copyright 2010 GTB DLP Suite-Confidential Slide 6
7. The 8 use-cases for Network DLP
1. Control a broken 2. Demonstrate 3. Automate Email 4. Detect or Block
business process Compliance Encryption encrypted content
•Who is sending, what •I have no way of •How do I automate •Should I allow
data and to whom? enforcing data loss encrypting emails encrypted data to
compliance regulation which require it? leave without
content inspection?
7. Detect/Block TCP 8. Employees’
5. Severity Blocking 6. Visibility to SSL
from non-trusted users Education
•Some breaches are so •I have no visibility to •How do I detect •My employees are
severe that I prefer to SSL in general and transmissions from not complying with
altogether block HTTPS in particular! non-trusted users the Written
them! (Malware/Viruses/Troj Information Security
ans) Policy (WISP)
Copyright 2010 GTB DLP Suite-Confidential Slide 7
8. What data must be protected?
Personal identifiable information (PII)
• Credit card number
• Social security number
• Customer name
• Address
• Telephone number
• Account number/Member number
• PIN or password
• Username & password
• Drivers license number
• Date of birth
Copyright 2010 GTB DLP Suite-Confidential Slide 8
10. Network DLP configuration - OOL
•Log
Enforcement •Encrypt
Actions •Quarantine
•Severity Block
•Redact
Mirror port switch
The GTB Inspector is an
appliance that can be deployed
in Bridge / Out of Line through
a SPAN/Mirror port and is
available as a VM image as well.
Scans all TCP channels on all 65,535 ports
Copyright 2010 GTB DLP Suite-Confidential Slide 10
14. Fingerprint Detection Engine –Structured Data
The most accurate detection engine in the DLP space
Feature Benefit
Can fingerprint any database Highest flexibility
Multi-field detection No false positives
Automatic fingerprints refresh Easy maintenance and operation
Automatically deletes fingerprints that are no longer
Options for time-based sensitive content
sensitive
Supports user-defined fields Protects your direct business data
Fingerprints 1 million fields in 10 minutes Very high performance
Copyright 2010 GTB DLP Suite-Confidential Slide 14
16. Fingerprint Detection Engine – Unstructured Data
The most accurate detection engine in the DLP space
Feature Benefit
Multiple data stream fingerprints using
Allows for partial file match
proprietary algorithm
Options for binary or text detection Detects images inside files
Options for excluded content Detects sensitive data only
Automatically deletes fingerprints that are no longer
Options for time-based sensitive content
sensitive
User defined sensitivity (in bytes) Highest possible control on what is detected
Virtual zero false positive rate Highest accuracy
Multi-language support Files in any language can be protected
Copyright 2010 GTB DLP Suite-Confidential Slide 16
17. Data Patterns Detection
• Extended REGEX templates out of the box
• Patterns defined through REGEX in PHP
• Lexicons support
• User defined severity level per pattern rule
• Multi field weights and occurrences
• Support for all languages
Copyright 2010 GTB DLP Suite-Confidential Slide 17
18. Deployment requirements
Inspector Endpoint eDiscovery
• 40 GB HD • Windows Server • Runs on any
• VMware Server • Runs on any windows OS
• 4GB RAM windows OS
The GTB Inspector is also available as an appliance
www.gttb.com
Copyright 2010 GTB DLP Suite-Confidential Slide 18
