Embed Size (px)
Citation preview
Strategies and Best Practices to Implement a Successful Data Loss Prevention Program
Sebastian Brenner, CISSPPrincipal Systems Engineer Symantec LAMC
Agenda
What DLP is and its purpose1
Challenges for a sustainable data protection program2
Common attributes in a successful implementation3
Achieve greater risk reduction4
What is Data Loss Prevention (DLP)?
Definition: “Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.” (1)
How best toprevent its loss?
How is it being used?
Where is yourconfidential data?
(1) http://whatis.techtarget.com/definition/data‐loss‐prevention‐DLP
Protect what’s Important
Customer Information Company Information
Credit Card Info
Medical Records
SSNs andGovernment IDs
Financials HR Records
Intellectual Property
Internal Auditing
M&A and Strategy
Some Data Loss Prevention Use Cases
Better Visibility
Discover Data Theft
Risk Reduction
Legal and Regulatory Compliance
Features to Consider in a Data Loss Prevention SolutionOffice 365iOSAndroid
EmailWebFTPIM
USBHard Drives
Removable StorageNetwork Shares
Print/FaxCloud & Web Apps
File ServersExchange, Lotus
SharePointDatabases
Web Servers
Unified Management
Features to Consider in a Data Loss Prevention SolutionRoute Incidents to Right ResponderHigh Severity of Incidents FirstQuick Detection & ResponseVisibility and MetricsAutomation Integration
FlexibilityMembershipGranular ManagementLimit Data and Incident Access
High Accuracy & Low False PositivesMultiple Detection Technologies
Extensive FormatsLocalization
ExceptionsDetect/Alert/Block
Built‐in policies templatesAlerts based on Risk and Severity
Unified Management
Who are the Main Players in the DLP Arena?
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Symantec. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purposed
Source: Gartner, Inc., Magic Quadrant for Content‐Aware Data Loss Prevention, Eric Ouellet, December 12, 2013
Recognize challenges for a sustainable data protection program
Typical Customer Challenges• Implementing the entire DLP suite without a plan (“I bought it all, I want to install it all; right now”)
• Not involving all affected areas of IT (“We are IT /Security and we don’t need to engage others for our projects”)
• Not anticipating changing IT environment– Database upgrades– Migrations– Email system upgrades
• Underestimating infrastructure needs and set‐ up timeframes (unrealistic goals)
Implementing the DLP Product Suite
Typical Customer Challenges
Typical Customer Challenges
• Unclear or unfocused DLP program goals
• IT centered implementation with no Business Unit involvement
• “Let’s just see what happens” approach
• Lack of knowledge about the information to protect (customer needs to define what is sensitive in their environment)
• No effort toward developing procedures for the long term
Developing the DLP Program
Typical Customer Challenges• Lack of resources
• Lack of data analysis
• No cooperation from business units
• Adhoc changes to policies and response rules
• Inability to show risk reduction progress (ROI)
Operating a DLP Program
13
Common attributes in a successful DLP implementation
Traditional Approach• Technology focused
• Incident and event centric
• Broad coverage approach
Typical Results
• Unpredictable
• Incomplete
• Inefficient
• Costly
Successful Approach• People, Process, & Technology
• Comprehensive
• Prioritized and focused
Typical Results
• Predictable
• Scalable
• Efficient
• Cost Effective
Want success? Think differently.
TechnologyTechnologyProcessPeople
Technology
Characteristics of Successful DLP Programs
Employee Education
Business Owner Involvement
Trained Incident Response Team
Prioritized Approach
Executive Level Involvement
Dedicated Experienced Resources
ProcessPeople
Technology
Implement
Install
OperateOptimize
Architect / Design
Metrics Connection
How a comprehensive, clearly‐defined, business‐focused DLP program achieve greater risk reduction
17
Three Step Implementation Approach
Begin Risk ReductionPlan for SuccessTarget Most Sensitive Data First
Begin Risk Reduction
Step 1: Plan for Success
• Determine requirements, order and configure hardware
• Set expectations with proactive communication to employees
• Schedule training for System Administrator and Incident Response Team
• Obtain executive buy‐in on initial roll‐out strategy
• Select 1‐2 key metrics for risk reporting
• Assign a dedicated team to own project success
19
Step 2: Target Most Sensitive Data First
Recommended Starting Points:Strategically add policies
Strategically add protocols and exit points
Strategically add repositories
Strategically add users and endpoints
Greatest Potential for
Loss
Endpoint:– Users with access to
highly sensitive data– At‐risk employees
Network:– High‐volume, high‐risk
protocols and exit points
Storage:– High‐access, high‐
volume repositories
20
Step 3: Begin Risk Reduction1000
800
600
400
200
0
Months 0 1 to 3 4 to 6 7 to 9 10 to 12
Employee and Business Unit Communication
Sender Auto Notification
Business Unit Risk Scorecard
Refine Policies
Enable Advanced Detection
Fix Broken Business Processes
Refine Policies
Refine Policies
Enable Lookups
Business Unit Risk Scorecard
Identify Broken Business Processes
Incide
nts Pe
r Week
Prevention/ProtectionNotificationRemediationBaseline
Risk Reduction Over Time
Visibility and Metrics Example (2)
21
(2) Screenshots from Symantec Data Loss Prevention Solution
Keys to Success – People & Process
• Engage business units and data owners to define data protection priorities
• Define and gain consensus on project goals and success metrics
• Determine awareness and communication program for DLP
• Focus initial deployment on 3‐5 key policies
– Endpoint: target users with access to highly‐sensitive data and at‐risk employees (high turnover)
– Network: target high‐volume and high‐risk protocols (SMTP, HTTP, FTP)
– Storage: target high‐access, high‐volume repositories
• Train team prior to implementation
• Configure policies and define incident response workflow based on team capacity
• Regularly report results to key stakeholders and executives
Keys to Success – DLP Technology
• Optimize system performance– Filters, server management, scheduling scans and reports
• Precisely tune policies early– Detection Technologies, Exceptions
• Automate to minimize resources– Workflow, remediation, notification, prevention, protection, encryption
• Integrate with security infrastructure– LDAP, encryption, messaging systems, forensics, SEMs
(3) Based on Symantec DLP Maturity Model
Data Loss Prevention Maturity Model(3)
Increased Automation Lower TCO Greater Risk Reduction
Time/Months
Resource/ TCO
DLP Maturity
1
2
3
4
5
3 6 9 12+1
Thank you!
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Sebastian [email protected]
