RSA 2010 Kevin Rowney
•
0 likes•950 views
Kevin Rowney's presentation at RSA 2010. Session ID: TUT-M51
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to RSA 2010 Kevin Rowney
Similar to RSA 2010 Kevin Rowney (20)
More from Symantec
More from Symantec (20)
Recently uploaded
Recently uploaded (20)
RSA 2010 Kevin Rowney
- 1. SECURITY BASICS BOOT CAMP: Intrusion Title of Presentation detection and data loss prevention Kevin Rowney Symantec Corporation. Session ID: TUT-M51
- 2. Agenda What are the challenges today around data loss? What is Data Loss Prevention (DLP)? How does DLP address key challenges? How does DLP work? 2
- 3. • What are the challenges today around data loss? 3
- 4. Data Loss Prevention is a 285 million records were stolen in 2008, which is more than the top 3 security project in 2010. last 3 years combined - Gartner Top 10 Security Priorities for 2010 - PrivacyRights.org Cyber crime has surpassed illegal drug trafficking as a criminal moneymaker.
- 5. Cost of a Data Breach is Increasing 83 Million The total number of consumer records in publicly reported data breaches in 2008 $6.75 Million The average cost to remediate a data breach for US companies in 2009 $200 Billion Losses from IP theft from US companies every year Source: “Cost of a Data Breach Survey,” Ponemon Institute, 2009 5
- 6. Primary Threat Agents Behind Data Loss Well-Meaning Malicious Insiders Hackers Insiders 6 6
- 7. Methods Used in Current Hacks DLP Risk Management Relevancy 7 7
- 8. Methods Used in Current Hacks 1 2 3 4 INCURSION DISCOVERY CAPTURE EXFILTRATION Attacker breaks into the Hacker then maps Accesses data on Confidential data sent to network by targeting organization’s defenses unprotected systems back to enemy’s “home vulnerable system or from the inside base” for exploitation naïve employees Installs malware to and fraud Creates a battle plan secretly acquire crucial data 8 8
- 9. Intrusion Detection Act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. Manual Automatic intrusion intrusion log file detection prevention review system (IDS) system (IPS) 9
- 10. DLP Answers 3 Questions About Risk of Breach Where is your How is it How best to confidential data? being used? prevent its loss? 10
- 11. Key DLP Capabilities DISCOVER MONITOR PROTECT • Find data wherever it is • Understand how data is • Proactively secure data stored being used • Prevent confidential data • Create inventory of • Understand content and loss sensitive data context • Enforce data protection • Manage data clean up • Gain visibility into policy policies violations MANAGE • Define unified policy • Remediate and • Detect content accurately across enterprise report on incidents 11
- 12. How It Works DISCOVER MONITOR PROTECT 2 3 4 • Identify scan targets • Inspect data being sent • Block, remove or encrypt • Run scan to find sensitive • Monitor network & endpoint • Quarantine or copy files data on network & endpoint events • Notify employee & manager MANAGE MANAGE • Enable or customize 5 • Remediate and report 1 policy templates on risk reduction 1
- 13. Data Loss Prevention Architecture MTA or Proxy SPAN Port or Tap Disconnected SECURED CORPORATE LAN DMZ 13
- 14. • Use cases: • How DLP manages risk of breach 14
- 15. DLP for Storage – Use Cases DISCOVER MTA or Proxy PROTECT SPAN Port or Tap Disconnected SECURED CORPORATE LAN DMZ 15
- 16. Fix Broken Business Processes 500k Personal Records on Open Share Find it. Fix it. Remove from open share and leave a file marker. 1616
- 17. DLP for Network – Use Cases MTA or Proxy MONITOR PROTECT SPAN Port or Tap DMZ Disconnected SECURED CORPORATE LAN 17
- 18. Protect Competitive Advantage Unencrypted product design documents sent to a partner 1 18
- 19. Protect Competitive Advantage Unencrypted product design documents sent to a partner Educate users with automated email. Protect intellectual property. 1 19
- 20. DLP for Endpoint – Use Cases MTA or Proxy DISCOVER SPAN Port or Tap MONITOR PROTECT Disconnected SECURED CORPORATE LAN DMZ 20
- 21. Fix Exposed Data on a Desktop Call center records improperly stored on an Endpoint 2 21
- 22. Clean Up Exposed Data on a Desktop Call center records improperly stored on an Endpoint Notify user via automated email. Empower users to self remediate. 2 22
- 23. Protect Competitive Advantage Pricing copied to USB 23
- 24. Protect Competitive Advantage Pricing copied to USB Stop it from being copied to USB. Notify User. Launch investigation. 2424
- 25. Prevent Breach of Customer Data Sensitive data sent via personal webmail Block the email. On or off the corporate network. 25
- 26. Continuous Risk Reduction Visibility 1000 Remediation 800 Notification Incidents Per Week 600 400 Prevention 200 0 Risk Reduction Over Time
- 27. Expected Measurable Risk Reduction Financial Business Healthcare Insurance Manufacturing Services Services 70% risk 80% risk 95% reduction 97% risk 98% reduction reduction due reduction in 20 in new reduction due to in unauthorized to employee days with incidents within structured data sharing of education automated one year due to detection of design specs notification automated every U.S. with protection citizen’s SSN and fingerprinted identify detection information
- 28. How Most Enterprises Get Started with DLP Define your • In your enterprise, is exposure likely to translate to breach? requirements: Is • Do these threat models make sense to the “C-level” DLP for you? execs? • DLP risk-assessments are an easy way to measure How big is your exposure company’s risk? • In many cases, risk-assessments catch live breaches on site Explore initial discussions with • Who’s solution is the best fit for your requirements? vendors 2
- 29. Thank You! Presentation Title of Kevin Rowney Symantec Corporation.