Simon K. Carvalho - Paramount Assure · A USB memory stick containing classified NATO information was found in a library in Stockholm. ... endpoint etc. • Structured and ... •

Simon K. Carvalho

Technology Solution Consulting Service Outsourcing

Data Protection Strategy

http://www.paramountassure.com/index.php

Workshop Agenda

Why data protection?

What is data protection?

Data Protection vs DLP

DLP strategy

Data Classification

Methodology

Comparison

Q&A


Data Breach - The escalation of a serious threat

3

“TJX’s $1 billion

data breach”

“DuPont scientist downloaded

22,000 sensitive documents as he

got ready to take a job with a

competitor…”

“ChoicePoint to pay $15

million over data breach—

Data broker sold info on

163,000 people”

The FSA has fined

Nationwide £980,000 for a

stolen laptop

NATO

A USB memory stick containing

classified NATO information was

found in a library in Stockholm


Is Your Data in the Wild?

Survey: Dark Reading/InformationWeek (2009)Survey: MIS Training Institute at CISO Summit (2009)

McAfee Datagate Report. Produced by DataMonitor (survey of 1400 IT professionals across UK, US, DR, DE, and Australia)

77%unable to audit or quantify loss after a data breach

73%of data breaches come from internal sources

80%of CISOs see employees as the greatest data threat


The Problem is Rapidly Escalating

CIO Weblog: Scott Wilson – Sept 30 2009

2008 - 2009Security Breach Increase

300%


Accidental Data Loss is the Biggest Threat

"Through 2010 we expect 80-90% of sensitive information leaks to be unintentional, accidental or the result of poor business

processes."

- Gartner Group


Paradigm Shift

Legitimate access to

information does not

necessarily grant the user

the right to remove it from

the enterprise

Access Control Data Loss Prevention


What data are we talking about?

April 15, 2014 8

Compliance Intellectual Property

• Customer Lists

• Price/Cost Lists

• Target Customer Lists

• New Designs

• Company Logo

• Source Code

• Formulas

• Process Advantages

• Pending Patents

High Business Impact (HBI) Information

• Board Minutes

• Financial Reports

• Merger/Acquisitions

• Product Plans

• Hiring/Firing/RIF Plans

• Salary Information

• Acceptable Use

J-SOX

Sarbanes-Oxley Basel II

PIPEDA EUDPD

GLBA

HIPAA

PCI

MITS

FISMA

DPA

DPA

DTO-93

CPCArt. 43

FFIEC

CPA

Solvency IIDPA

SA-PL

R-DPL

J-SOX


PIPEDA EUDPD

GLBA

HIPAA

PCI

MITS

FISMA

DPA

DPA

DTO-93

CPCArt. 43

FFIEC

CPA

Solvency IIDPA

SA-PL

J-SOX


PIPEDA EUDPD

GLBA

HIPAA

PCI

MITS

FISMA

DPA

DPA

DTO-93

CPCArt. 43

FFIEC

CPA

Solvency IIDPA

SA-PL

R-DPL

• SOX

• HIPAA

• PCI

• Credit Card numbers

• GLBA

• FISMA

• ITAR

• SB 1386

• Others

…and Importantly:

• Review of Key Employee actions before they announced departure

• Unreported but Important Memos/Reports

• Code names of projects not reported to Security department

What you did not know needed protection


Major Data Loss/Leak vectors

Physical loss or theft of laptops and mobile devices

1Unauthorized

transfer of data to external devices

2

Unintentional distribution via e-mail, web, etc.

3

Privileged users breach the data

4

Information escapes via print, CD-ROM,

DVD, etc.

5

User applications hacked

6

Trojans/key

loggers/malware

7


Keep security costs low and

reduce impact on end users

Employee & customer data

(PII), corporate secrets,

intellectual property

PCI, HIPAA, GLBA, PIPEDA,

EU Data Directive, etc.

Improve Operational Efficiencies (security)

Comply With Regulations

Why DLP Is Important For You

Secure Your Sensitive Data

Fines: More than $500K in fines

Burden: Quarterly audits

Legal: Lawsuits, privacy notices

Damage: Corporate brand equity

Churn: Customer & employee

Loss: Competitive advantage

Burden: More FTEs for security

Capital: Additional HW & SW

Cost: Higher TCO


A Complete Data Protection Project

5. Content aware Data

leak Prevention (Host DLP)

4. File and Folder

encryption

2. Laptop /device

encryption

1. Removable Media

Control

6. Content aware Data

leak Prevention

(Network DLP)

7. Digital Rights

Management (DRM/ERM)

Control data beforeit leaves your organization

Complexity

3. Do Data

Classification

Control data afterit has left your organization

BeyondOrganization

Data Loss Prevention Data Leak Prevention


• Credit card data

• Privacy data (PII)

• Health care information

Knowing The “D” In DLP: Sensitive Data

Regulatory

Data

• Intellectual property

• Financial information

• Trade secrets

Corporate

Secrets


Data classification tips

• Think twice about tagging and categorizing everything -the costs are high

• Consider the confidentiality ( sensitivity) and availability (criticality) of the data to be classified

• Consider its integrity, as low-quality data cannot be trusted

• Use an effective metadata strategy to tag the data well• Get the support of the management and employees who

will use the system – Involve data owners• Use Discovery tools to aid in Data classification• Monitor and maintain the data classification system over

time, tweaking as necessary


Classification Maturity Stages

• 0 - No information assets are classified or assets are randomly classified.

• 1- Assets are classified at a high level or organizational level, assets are unidentified.

• 2- Processes are developed and implemented allowing assets to be classified in detail.

• 3- New assets are classified in detail.

• 4 – Legacy assets are classified in detail.

• 5 - Assets are classified, and processes exist that allow for asset reassessment and new asset classification.


What is DLP?

DataSources

UserActions

PolicyActions

Enforced toDestination

At rest

In use

In motion

Copy todevice

Burn todisc

Cut, copy,paste

Print

Upload

Encrypt

Educate

Monitor

Take home

Post to web

Send via net


How Does DLP Work?

PolicyApplication

Enforcement

PolicyIntelligence

AtRest

InUse

InMotion

Encrypt Block Monitor Educate Move

UserAction

Inspection/Discovery Capture

Sou

rce

An

aly

zeE

valu

ate

Pro

tect

AdminAction


Sensitive Data

DLP Methodology

DISCOVER

User Actions

MONITOR

End Users

EDUCATE

Security Controls

ENFORCE

Policy Framework Based on Governance, Risk & Compliance

?RISK

TIME

Understand Risk

Reduce Risk


Discover Your Sensitive Data

StructuredSemi-StructuredUnstructured

Credit Card DataPersonally Identifiable

Information (PII)

Personal Health

Information (PHI)Corporate Secret Data

Comply With RegulationsProtect Corporate

Competitive Advantage

Reduce uncertainty and understand risk from the data you own


Monitor Your User Actions

Regulatory Data

Corporate Secrets

Compliance

Objectives

Governance & Risk

Objectives

Understand how your user actions impact your corporate objectives


Augment Standard Policy

Education With

“Just-In-Time Education”

Emphasized Education Program

Educate End Users About Corporate Policies

Educate end users on policies and violations to reduce risk

Top Violators(Identified through

Discover and Monitor)

Rest of the users

!

user performs actions

DLP educates on violation

user acts responsibly1 2 3

Just-In-Time Education


Enforce Controls to Prevent Data Loss

BLOCK

AUDIT

ENCRYPTQUARANTINE

JUSTIFY

MOVE

DELETE

SHRED

RMS (DRM)COPY

NOTIFY

ALLOW

User Action Data Sensitivity User Identity

LOW HIGH

Enforce security controls based on the risk of a violation

Defined in DLP Policy

Manual or

Automated

RISK


Conduct a technology requirement assessment

Identify current technology you can leverage

Evaluate fit with IT roadmap (cloud, virtualization, etc.)

Do not “boil the ocean”. Deploy in phases.

Prioritize deployment phases by risk (data, group, etc.)

Establish a process for remediation and reporting

Gain support from executives and business managers

Make sure employee education is part of the plan

Establish SLAs and MOUs with group heads

DLP Deployment Playbook

PEOPLE

PROCESS

TECHNOLOGY


DLP Project Process & Check List

DLP champion (team)

Support from groups beyond IT

Top 3-5 drivers & corporate policies

Education process & resources

Remediation process & resources

Technology provisioning

DLP administration hours

Project Timeline and next phase

Your DLP Pre-Deployment Check List

Pre-Deployment

Discover & Monitor

Educate

Enforce

Next Phase

(New policies / groups)


Choosing the right DLP solution

April 15, 2014 27


A DLP solution must cover all data loss channels

IM

Peer to Peer

Email

Hello, how are you?

Printer

Copy & Paste

USB

HTTPS

FTP

Wi-Fi

Network

ConfidentialData


Important DLP Capabilities

• Data Discovery capabilities –can it discover and identify confidential data residing on servers, databases, document management systems, Sharepoint, NAS/SAN, endpoint etc.

• Structured and unstructured data support

• Policy templates for automated identification and Protection

• Endpoint encryption – prevent data loss due to loss/theft of laptops/PDAs

• File & Folder encryption

• Centralized Management for all pieces- endpoint, network and discovery.

• Reporting and forensics


Important DLP Capabilities

• Port control/device control/application control

• Integration with existing directories (user aware) i.e. Microsoft AD

• Linux/Mac support

• Port/protocol agnostic DIM

• Monitor, Capture and protect the unknown data

• Robust inbuilt incident management and workflow capabilities

• Content-aware encryption enforcement

• Online / offline enforcement

• Integration with DRM/ERM/RMS

• Scalability


Gartner Magic Quadrant 2010


Forrester wave Q4 2010


McAfee, RSA & Websense DLP

McAfee DLP RSA DLP Websense DLP

Host DLP• Data leak prevention• Laptop / device Encryption• File and Folder encryption• Device Control (removable media)

Host DLP• Data leak prevention• Basic device control

Host DLP• Data leak prevention• Removable media encryption (USB)

Network DLP• PREVENT - Email and web DLP• Data DISCOVERY• MONITOR

Network DLP• PREVENT - Email and web DLP• Data DISCOVERY• MONITOR

Network DLPSingle server which cando Prevent, Discover and Monitor

Single appliance based centralized DISCOVERY

Grid based distributedDISCOVERY

Single server based centralized Discovery

Stronger Policy Management engine

Strong Policy Management (example: schedules)April 15, 2014 33



No (expected soon) •Discover data within databases

Discover data within databases

No Data Masking Data Masking

Four appliances and 1 server based architecture

Multiple appliances and servers based solution

Two-server architecture

Mix of Appliances and server

Mix of Appliances and servers (also as VMs)

Servers only

Endpoint DLP has application controlfeatures

Two Management consoles (DLP Manager and EPO)

Single Management console

Single management console to manage Websense Web Security as well as DLP (adv.forexisting Websense customers) April 15, 2014 34




“replay” or “historicaldata storage”

No No

Capture database No No

Discover data within Documentum

No ??

Arabic support Arabic support ??

Integration with Adobe LiveCycle RMS

Integration with Microsoft RMS

??

DLP inserted in VirtualFabric

April 15, 2014 35



Strong

Central Auditing & compliance reporting

Port / Device control / Application Control

Central management, “all in one”

Full disk encryption

File and folderencryption

Removable Media /Mobile / Encrypted USBs

Integration to existing directories, e.g. ADS

Footprint minimization

Tokens /Smart Cards / BioMetric Support

Certifications

MAC/Linux Support

Integrated Endpoint Content Aware DLP

OEMGE

OEM Separate Product

PnP Only

Separate Product

EFS

Weak / None

Road mapped 2010

Endpoint Data Protection Average MinimalPartial

Separate Product

R72 and R73

140-1 L1140-2 L1BITSEAL4

140-2 L1EAL 3

FIPS 140-1 L1FIPS 140-2 L1BITSEAL 4

140-2 L1EAL 4+

140-1 L2140-2 L1

140-2 L1 OEM

GuardianEdge

140-2 L1140-1 L2140-2 L2EAL 4

OEM Product - GE

R72 and R73

OEMTrend DLP

Relieson Altiris

Requires separate Consoles

NO LAN Support

Planned For 6.0


Central Auditing & compliance reporting

Robust case management and workflow

Central Deployment & Management

Unified Policy definition & enforcement

Unstructured Data Discovery (Network & Endpoint)

Integrated Content aware Encryption enforcement DIU, DIM, DAR

Offline / Online Endpoint Policy Enforcement

Integration with RMS / DRM

Structured Data Discovery

Discover, Monitor and Protect the Unknown (Capture)

Native DB Support Dec 2009

Port / protocol agnostic DIM

Real-time Rule tuning DIM , DAR

Data Loss Prevention

RequiresAltiris or 3rd party

Requires3rd Party

RequiresenVision

For NDLP

SeparateSol Packrequired

Email ONLY from RSA

Email ONLY from RSA

RequiresenVision

Requires 3rd party

Requires 3rd party

Requires 3rd party

Strong Weak / NoneAverage MinimalPartial


• DLP RFP Templates

• DLP POC

• Consideration Metrics

• Risk Assessment

• DLP Workshop

• DLP Demo

• DLP Workshop

• EDLP TCO Tool

• DLP Sizing Guide

Next steps

Considering DLP Scoping DLP Project Evaluating DLP Vendors

What stage are you in today? We can help you:• Better understand DLP

• Develop a DLP project internally

• Develop a framework to evaluate and select the right DLP vendor


Summary

• Pre-deployment preparation is very important

• Data classification is critical

• Involvement of business managers and data owners

• Phased approach –

– Identify top 3 or 5 top risk areas – PCI or IP of some kind, etc

– Apply policies to top risk groups – HR or Finance

– Enterprise wide rollout


Questions / Discussion

April 15, 2014 40


Thank you!!!

April 15, 2014 41


Supplementary slides

April 15, 2014 42


RSA DLP solution

April 15, 2014 43


RSA DLP Product Covers all Aspects of DLP

DISCOVER

MONITOR

EDUCATE

ENFORCE

RSA DLP Network

RSA DLP Datacenter

RSA DLP Endpoint

email web datacenter laptops & PCs

RSA DLP Enterprise Manager

*

* Through a partner

RSA DLP

Suite

RSA DLP Network

April 15, 201445

RSA DLP Datacenter

April 15, 201446

Five Critical Factors For DLP Solutions: RSA’s Take

Policy &

Classification

Enterprise

Scalability

EIdentity

Aware

Incident

Workflow

Built-In vs.

Bolt-On

Policies covering a

broad range of

regulations and

topics. Developed

by an expert team

Identity awareness

for classification,

controls and

remediation

Consolidated alerts

with the right

information to the

right people for the

right actions

Scan more data

faster with lesser

hardware and

resources

Common policies

across the

infrastructure -

EMC, Cisco and

Microsoft

Policies: Broad Range of Expert Policies

Dedicated Knowledge Engineering

team develops and maintains DLP

policies

Work Exp: 12 years

Certifications: 18 regulations

Languages : Four

Background: Linguistics, artificial

intelligence, search

technologies

Education: Library sciences,

Computer science

Sample Profile of

a Knowledge

Engineer

150+ built-in policies you can use

• PCI DSS

• MA CMR 201

• CA AB 1298

Retail

• HIPAA

• Caldicott (UK)

• PIPEDA

Healthcare

• ITAR

• Patent Apps

• EAR

Manufacturing

• GLBA

• FCRA

• NASD

Financial Serv

• CPNI

• Source Code

• Design Docs

Telecom/Tech

• NERC

• Global PII

• 401k & 403b

Other

Knowledge Engineering

Classification: Flexible Framework

Detection Rules

Context Rules

Exceptions

Described Content

Full & partial match

Databases

Files

Fingerprinting

Transmission metadata

File size, type, etc.

Owner, sender, etc.

Attributes

A classification framework to suit your unique needs

Highly accurate results in identifying sensitive data

User Identity Analysis

Name

Title

Business group

Organization hierarchy

Special privileges

What policies to apply

Define the risk of actions

What controls to enforce

Who to notify

Real-time data from your Windows Active Directory

Used across all phases of DLP

Incident Workflow to Effectively Manage Violations

HIGH

MEDIUM

LOW

Security Incident

Alert Manager

Alert Security

Officer

No Alerts. Audit

Only

Violation Event 1

Violation Event 2

Violation Event 3

Violation Event 4

Violation

Event “n”

Policy Based

Logical Grouping

Security Incident

DLP + enVision = More intelligent alerts and prioritization

Consolidate Violations Send Alerts Based on Risk

Reduce noise, prioritize incidents and manage workflow

Amount of data

Sources of data

Number of office sites

Types of office sites

Number of users

Types of users

Scalability For Enterprise Deployments

PEOPLE PLACES DATA

Flexible “policy framework” to

support a million plus users

and 100’s of user types

Expandable “site” and “agent”

architecture to support 1000s

of sites

Unique “grid” technology to

scan large amounts of data

most cost effectively

Built-in DLP for the Infrastructure: DLP Ecosystem

Your DLP

Strategy

Leverage your current

infrastructure for DLP

Faster and cost

effective deployments

Centralize policies and

management

What’s in it for you

RSA DLP Technology

McAfee DLP solution

54 April 15, 2014

Confidential McAfee Internal Use Only55 Confidential McAfee Internal Use Only

Evolution of McAfee Data Loss Prevention

• October 2006: McAfee acquires Onigma, early stage endpoint DLP company

• September 2007: McAfee launches Host DLP with ePO management

• Throughout 2008: McAfee Host DLP selected as enterprise wide DLP solution

for hundreds of customers, including Bank of America, Wal-Mart, Merrill

Lynch, Visa, Dept of Defense, Israel Defense Forces, etc.

• August 2008: McAfee acquires Reconnex, industry analyst recognized

technology leader in Network DLP and Forensics

• April 2009: Network DLP v8.5 launched with integrated incident reporting and

workflow between Network DLP, Host DLP and ePO. Discovery remediation

and other enhancements.

• June 2009: Host DLP v3.0 launched with data discovery, integrated File &

Folder Encryption, improved content classification and Lotus Notes support

• Sept 2009: Further enterprise enhancements to Network DLP

• Early 2010: Unified DLP with joint policy creation for all elements; further

enhancements to Network & Host DLP

• 2010: Embedding of DLP engine into Web Gateway & Email Gateway

• 2010: Final infrastructure updates for Unified DLP

Confidential McAfee Internal Use Only56

The McAfee Data Protection platform

Data-at-

Rest

Data-in-

Motion

Data-in-

Use

Monitor, Notify,

Prevent

Enforce, Audit

and RespondIdentify, Classify

and Protect

Incident and case management

Workflow and reporting

DLP Manager

McAfee ePO

Full endpoint management

and deployment

DLP

Discover

Endpoint

Encryption

Encrypted

Media

Network DLP

Monitor

Network DLP

Prevent

DLP Host

DLP Host

Device

Control

Encrypted

Media

Confidential McAfee Internal Use Only

Data at Rest

ProblemWhere is all the data?

ChallengeNeed to find the data and categorize it to enable the organization to apply protections

Best Practice

• Data-at-rest products crawl the organization based on taxonomy of content and can provide analysis of what servers, endpoints and repositories have what content

• Use inventory scans to discover what is available and delegate reviews of materials (where possible)

• Once the data distribution model is understood, automated remediation can be used (move, delete, encrypt, quarantine, etc.)


Data in Motion

ProblemWho is sending what to whom?

ChallengeAll information leaving must be analyzed

from both managed and unmanaged

machines. Solution must be transparent.

Best Practice

• Network-based data-in-motion products passively analyze all communications: webmail, IM, blogs, email, etc.

• Pre-built rules can be run to determine what information violates policy

• Rules and policies are mapped to business stakeholders to ensure incident review and remediation are not an information security challenge

• Mining of incidents allows for rule tuning and refinement


Data in Use

ProblemHow are employees using my data? What is

being printed, copied and removed from my

organization?

ChallengeUsers interact with data while connected and

disconnected from my network. Authorized

users have access to sensitive information.

Best Practice

• Identify high-risk machines for sensitive information disclosure, such as Legal, HR, Management, Sales, Engineering and Development

• Deploy monitoring capabilities initially to identify the use of removable media

• Define rules and policies by department and group requirements

• Use automated protection mechanisms (block, monitor, log, store evidence, encrypt, etc)

• Notify users to increase security awareness

Confidential McAfee Internal Use Only60 February 10, 2009Title of presentation Confidential McAfee Internal Use Only

From the Network…

60

Perimeter

PREVENT - Protect against email & web

data leaks

Admin & Management

MANAGE - Centralized administration

Incident/case management

Network Layers

DISCOVER - Identify sensitive

information in storage repositories

MONITOR - Protect data as it

moves across the network

Data Storage & Management


Network Based Protection from the endpoint

Application Based Protection

Device Based Protection

…to the Host

Send

over Email

Extract using

the clipboard

Send to

a printer

Post to

the web

Extract using

screen capture

Transmit

over to network

General

application file-access

Send to a

removable storage device

Copy to a

network file share


McAfee Data Loss Prevention (Today)

McAfee ePO

McAfee DLP

Manager

Switch

Databases or Repositories

Data-in-Use

McAfee NDLP

PreventMcAfee Firewall

McAfee IPS

McAfee

HDLP

ICAP integrated

McAfee NDLP

Prevent

McAfee NDLP Monitor

w/ Capture Database

Disconnected & Mobile Unified incident

reporting and case mgmt workflow

Data-in-Motion

Data-at-Rest

Data-in-Motion

Data-in-Motion

McAfee Web Gateway

SMTP integrated

McAfee Email Gateway

McAfee

HDLP

McAfee NDLP

Discover

Data-at-Rest


McAfee Data Protection Solution Architecture

Secured Corporate LAN Network Egress/DMZ

MTA or Proxy

SPAN Port or Tap

Disconnected

• DLP Monitor

• DLP Prevent

• DLP Discover• DLP Endpoint

• Device Control

• DLP Endpoint

• Device Control

Central Management

• ePolicy Orchestrator (ePO)

• DLP Manager


McAfee DLP Topology

PREVENTProtect against email

& web data leaks

DISCOVERFind sensitive information in

storage repositories

MONITORProtect data as it

moves on the network

MANAGEFlexible and scalable administration

& case management

ePO Agent

Host DLP

Plug’n’play appliances Pre-integrated & hardened

components

Single, integrated ePO

desktop agent

Confidential McAfee Internal Use OnlyApril 15, 201465

McAfee DLP Core Differentiators

• Industry’s most comprehensive Data Protection portfolio

– Eliminates point product and multi-vendor fatigue

– Provides integrated management and intelligent data sharing capabilities

• “Capture”

– Facilitates accurate-first-time policies and comprehensive forensics investigation

• Time to Value

– See value in days, Capture removes the need for months of rule tuning

– Deploys in days not months, easy “drop in” appliances, no servers to build

• Industry’s most widely deployed endpoint DLP agent

– Proven scalability and ease of deployment

– Full security functionality whether on the LAN or offline

• Custom built classification engine allows for high flexibility

– Unique capabilities for environments where non-standard file formats are prevalent

– Intellectual Property protection

Confidential McAfee Internal Use OnlyApril 15, 201466 66April 15, 201466

McAfee

ePO

So

lid

co

re

SIA

Pa

rtn

ers

Secure McAfee Communication

Channel

Total Protection for Data

Ho

st

Co

mp

lia

nc

e

An

ti-V

iru

s

An

ti-S

pyw

are

De

sk

top

FW

Ho

st

IPS

NA

C

Re

me

dia

tio

n

ePO Agent (MA) Framework

DL

P

En

dp

oin

t E

ncry

pti

on

for

PC

En

dp

oin

t E

ncry

pti

on

for

Fil

es

an

d F

old

er

One Client Manager (MA – McAfee Agent) handling

multiple Endpoint Security products.

The McAfee DLP Difference – Comprehensive and

Integrated

Confidential McAfee Internal Use Only67 February 10, 2009Title of presentation Confidential McAfee Internal Use Only

The McAfee DLP Difference - Learning and Data

Mining

67

Let the technology do the heavy lifting

Google changed the way we use the web. Nobody remembers URLs anymore,

they “Google” what they need. Like Google, we index and file everything away so

you don’t have to know where it all is! Then you use our indexes to build policy.

Simple, effective and fast!

vs


Egress Out

The McAfee DLP difference: Capture all leakage!

McAfee

CaptureDB

Legacy Vendors

Trash Bin

• False negatives destroyed

• Can’t LEARN and adjust policies

• Assumes you know what to protect

• Everything captured

• “Information gap” Solved

• Able to LEARN from the past

POLICY FILTER

PCI

HIPPA

Appropriate Use

Trigger Words

Other Policies

ViolationsDB

All Matches

• Pre-set Policies

• Dashboard reports

• Distributed notification of violations and reports

• Define policies

• Tune rules

• Mine data with Google-like search capabilities

• Forensic search of historical data


Create

Policy

Implement

Policy on

Live Data

Impact

users,

Help-Desk

Calls, etc.

The McAfee DLP difference

DLP Policy creation with traditional vendors…

Actual outgoing email, IM, web traffic, etc.

6-12 monthsTweak/Edit

Policy

Eventually

Effective

Protection


Create

Policies

Capture and

index all

network data

The McAfee DLP difference - DLP policy creation

with McAfee “Capture”

Actual outgoing email, IM, web traffic, etc.

1-3 weeks

Effective

Protection

Offline data

Tweak /

Edit Policy

Offline

fast-

forward

testing

Bonus = Forensics!

Help catch theft of critical data by employees


McAfee DLP Advantages

1• Platform Integration

2• Deployment Velocity

3• Data Analytics



1• Platform Integration

2

3


McAfee DLP Coordinates Data Protection

• McAfee data protection solutions

deliver additional value through DLP

– DLP coordinates enforcement

– DLP enforces consistent policies

– DLP provides actionable insight

McAfee DLP provides integrated workflows, simplified processes, lower costs and

consistent protection for all data

Removable Media

Device Control

USBEncryption

Email

Web

DLP


DLP Increases Control

Content aware enforcement delivers greater control & reduces costs,

only applying protection where it’s needed

Without DLP With DLP

Encryption

Removable

Media

Device

Control

Encrypt everything

Selectively encrypt

Encrypt on-demand

Block USB devices

Content based coaching

Block based on origin

Block Cut, Copy, Paste

Content aware blocking

Content based coaching


ePO Integrates All Enterprise Security

McAfee ePolicy Orchestrator

Improved

AgilityReduced

CostsIncreased

Protection

Fast – Flexible – Efficient



1

2• Deployment Velocity

3


McAfee DLP vs. Traditional DLP

Compliance AchievedThe longer deployment takes,

the longer your data and your

company is at risk

McAfee DLP delivers rapid & effective protection for your data – why wait?


McAfee DLP Product Line

DLP Manager + ePO = Central & Delegated Management

Perimeter

• Email

• Web

• IM

• P2P

• FTP

DLP Prevent

Host

• Encrypt

• Device control

• Discover

• Print

• Cut, copy

Host DLP

Network

• Capture

• Data mining

• Monitor

• Alert

• Report

DLP Monitor

Storage

• Discovery

• Inventory

• Tagging

• Scanning

• Mitigation

DLP Discover

Inside Outside


Use Case: Sensitive Data Leak

79

Scenario

• An internal audit shows signs

of data leaking from your

organization

• Management have given you

the job of quantifying and fixing

the problem - fast

McAfee DLP gives you speed

• Pre-integrated, hardened appliances are up and running in days

• Capture data lets you quickly identify issues and build effective

policies to address them



1

2

3• Data Analytics


Traditional DLP Leaks Data

81

Violations

Bit Bucket

Data

Violations

Data Intelligence

Data

Capture

Fast, accurate policy creation and rapid, in-

depth investigations

McAfee DLP Leverages Data


Use Case: Disgruntled Employee

82

Scenario

• A top sales rep leaves the company

• 2 weeks later your customers are

getting called by a competitor

• Has someone leaked your customer

list?

McAfee DLP gives you the evidence

• See the timeline of employee activities and data use

• Discover what data the employee downloaded before they quit


Data Loss Happens Beyond the Organization

CustomersEquity research reports

Risk: Uncontrolled

distribution of research

dilutes value

Field techniciansService manuals

Risks: Gets printed offsite,

unable to revoke/update

older/inaccurate versions

PartnersEngineering documents

Risk: No control after it is

sent to third parties

InsurersPatient health information

(PHI) records

Risk: PHI record sent to

the wrong patient

April 15, 201483 Extending Data Protection Beyond the Organization


McAfee and Adobe to Deliver Joint Solutions

Central Management (McAfee® ePolicy Orchestrator®)

Document audit trackingDisconnected access

Version control Access controls

Revoke/change rights

Organization Beyond

Adobe LiveCycle Rights

Management

Document Security Management

Network DLP

Host Data Loss Prevention

Encryption

Device Control



85Confidential McAfee Internal Use Only

Adobe DRM Complements McAfee Data Protection

Data Loss

Prevention Device

Control

Encrypted

USB

Endpoint

Encryption

McAfee Endpoint Encryption

Full-disk, mobile device, and file

and folder encryption coupled

with strong authentication

McAfee® Data Loss PreventionFull control and absolute visibility over

user behavior

Adobe LiveCycle Rights

Mangement Persistent enforcement

anywhere, anytime

McAfee Encrypted USB

Secure, portable external

storage devices

McAfee Device Control

Prevent unauthorized use

of removable media devices

McAfee Data

Protection Suite

for Rights

Management

Proactive, Automated

Data Protection

Enterprise

Rights

Management



Protection of Data-at-Rest

Adobe LiveCycle

Rights Management ES2

McAfee ePolicy

Orchestrator 4.5

Server-side Client-side

Adobe LiveCycle

RM clients

Step 1: IT defines RM enforcement policies specifying authorization

Step 2: IT defines DLP rules, specifying which documents need RM

Step 3: DLP searches disk, finds sensitive data and protects that with RM

Step 4: End user conducts business normally, however, documents

are protected with RM, seamlessly preventing unauthorized use

Corporate IT

Administrator

End User

McAfee Host DLP

(with LiveCycle libraries)

1

2

4

3


Step 4: DLP software examines if file is protected with RM

Step 5: DLP software blocks action until user protects document with RM

Protection of Data-in-Use/Data-in-Motion

Adobe LiveCycle

Rights Management ES2

McAfee ePolicy

Orchestrator 4.5

Server-side Client-side

Step 1: IT defines RM enforcement policies specifying authorization

Step 2: IT defines DLP rules, specifying which documents need RM

Step 3: End user attempts to send a file (via e.g. email, web, USB)

Corporate IT

Administrator

End User

McAfee Host DLP

(with LiveCycle libraries)

Email, Web,

USB

1

2

5

4

3


Comprehensive Alliance: Enterprise and

Consumer

•Consumer– Adobe offers McAfee consumer AV as part of Adobe Reader

Windows downloads

– Adobe Reader– 500m+ copies distributed in the past 2 years alone

•Enterprise– McAfee integrates Adobe DRM in to data protection solution

– ePO installed-base – 65m+ endpoints

Significant commitment from both sides


Documents

Simon K. Carvalho - Paramount Assure · A USB memory stick containing classified NATO information was found in a library in Stockholm. ... endpoint etc. • Structured and ... •