Tools for Successful Data Loss Prevention Final

8/6/2019 Tools for Successful Data Loss Prevention Final

1/38

800.800.4239 | CDW.com/peoplewhogetit

TOOLS FOR SUCCESSFUL DATA LOSSPREVENTION

Allen Schmidt

CCIE 4860, CISSP, CISASecurity Solution Architect

[email protected]


2/38


3/38

3

3CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.

THREATS TO DATA


4/38

4


RISK IS A COST


5/38

5


Risk Analysis Is Tricky

The Allies in WWII wanted to improve pilot return rates frombombing raids over Europe

Abraham Wald (statistician) studied the problem of addingarmor to planes to protect the pilots and the planes

Bullet holes on planes returning to base were observed

Distribution of new armor seemed obvious

Taking data at face value can be misleading

RISK ANALYSIS


6/38

6


Writers

Tool and

ToolkitWriters

MalwareWriters

Worms

Viruses

Trojans

Asset

Compromise

IndividualHost orApplication

Compromise

Environment

EndValue

Fame

Theft

Espionage

Corporate

Government

THREAT ECONOMY: PAST


7/3877CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.

Writers

Tool and Toolkit

Writers

Malware Writers

Worms

Viruses

Trojans

Spyware

First

StageAbusers

Hacker/DirectAttack

MachineHarvesting

InformationHarvesting

Internal Theft

Abuse of Privilege

MiddleMen

CompromisedHost and

Application

Bot-Net Creation

Bot-NetManagement

PersonalInformation

InformationBrokerage

Electronic IPLeakage

Second

StageAbusers

Extortionist/DDoS-for-Hire

Spammer

Phisher

Pharmer/DNSPoisoning

Identity Theft

End Value

Fame

Theft

EspionageCorporate

Government

Extorted Pay-Offs

Commercial Sales

Fraudulent Sales

Click-ThroughRevenue

Financial Fraud

$$$ Flow of Money $$$

THREAT ECONOMY: TODAY



DLP IS IMPERATIVE

Insiders and partners cause most breaches

Insiders make mistakes handling data

Broken business processes increase risk

Malicious or criminal attacks on the rise Most expensive cause of breaches

Per record average rose 48%

Data breach costs continue to rise Grown every year since 2006

Average of $214 per record

41%of breaches

31%of breaches

$7.2million average

cost of a breach

2010 Annual Study: US Cost of a Data Breach; Ponemon Institute; March 2011



Source: http://datalossdb.org

DATA BREACH EXAMPLES



(815 ILCS 530/) Personal Information Protection Act

(815 ILCS 530/1)

Sec. 1. Short title. This Act may be cited as the Personal InformationProtection Act.(Source: P.A. 94-36, eff. 1-1-06.)

(815 ILCS 530/5)Sec. 5. Definitions. In this Act:..."Personal information" means an individual's first name or first

initial and last name in combination with any one or more of the followingdata elements, when either the name or the data elements are not encryptedor redacted:

(1) Social Security number.(2) Driver's license number or State identification

card number.

(3) Account number or credit or debit card number, or

an account number or credit card number in combination with any required

security code, access code, or password that would permit access to anindividual's financial account.

(815 ILCS 530/20)Sec. 20. Violation. A violation of this Act constitutes an unlawful

practice under the Consumer Fraud and Deceptive Business Practices Act.(Source: P.A. 94-36, eff. 1-1-06.)

http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=2702&ChapAct=815 ILCS 530/&ChapterID=67&ChapterName=BUSINESS+TRANSACTIONS&ActName=Personal+Infor

mation+Protection+Act.

DATA BREACH LEGISLATION



DLP METHODS



WHAT IS DLP?

DATA LOSS PREVENTION (DLP)

DISCOVER PROTECTMONITOR

How best toprevent its loss?

How is itbeing used?

Where is yourconfidential data?

KEY DLP CAPABILITIES



MANAGE

Find data whereverit is stored

Create inventory of

sensitive data

Manage data cleanup

Understand howdata is being used

Understand

content andcontext

Gain visibility intopolicy violations

Proactively securedata

Prevent

confidential dataloss

Enforce dataprotection policies

DISCOVER PROTECTMONITOR

Define unifiedpolicy acrossenterprise

Detect contentaccurately

Remediate andreport onincidents


WHAT IS DLP?





HOW IT WORKS

MANAGE

DISCOVER

Identify scan targets Run scan to findsensitive data onnetwork & endpoint

Enable orcustomizepolicytemplates

Remediate andreport on riskreduction

MONITOR

1

2 3

PROTECT

4

5

Inspect data beingsent

Monitor network &endpoint events

Block-remove-encrypt Quarantine or copy files

Notify employee &manager



MEASURABLE RISK REDUCTION

80% risk

reduction in20 days withautomatednotification

70% risk

reductiondue toemployeeeducation

95%

reduction innewincidentswithin oneyear due toautomated

protection

98%

reduction inunauthorizedsharing ofdesign specswithfingerprinted

detection

97% risk

reduction dueto structureddata detectionof every U.S.citizens SSNand identify

information

Healthcare Insurance FinancialServices BusinessServices Manufacturing



SYMANTEC DLP OVERVIEW



DLP SOLUTION LANDSCAPE

Source: Gartner, Inc., Magic Quadrant forContent-Aware Data Loss Prevention, PaulProctor, Eric Ouellet, June 2, 2010.

The Magic Quadrant is copyrighted 2010 by Gartner, Inc. andis reused with permission. The Magic Quadrant is a graphicalrepresentation of a marketplace at and for a specific timeperiod. It depicts Gartner's analysis of how certain vendorsmeasure against criteria for that marketplace, as defined byGartner. Gartner does not endorse any vendor, product orservice depicted in the Magic Quadrant, and does not advise

technology users to select only those vendors placed in the"Leaders" quadrant. The Magic Quadrant is intended solely as aresearch tool, and is not meant to be a specific guide to action.Gartner disclaims all warranties, express or implied, withrespect to this research, including any warranties ofmerchantability or fitness for a particular purpose.

This Magic Quadrant graphic was published by Gartner, Inc. aspart of a larger research note and should be evaluated in thecontext of the entire report. The Gartner report is availableupon request from Symantec.

challengers leaders

niche players visionaries

completeness of vision

ability

to

execute

As of June2010

SymantecMcAfee

Websense

RSA (EMC)

CA

Code Green Networks

GTB Technologies

Trend Micro

VerdasysFidelis Security Systems

Palisade Systems

Trustwave



SYMANTEC DLP ARCHITECTURE

SECURED CORPORATE LAN DMZDisconnected

SPAN Port or Tap

MTA or Proxy


19/38


SYMANTEC DLP ARCHITECTURE

Storage Endpoint Network

Management Platform

Enforce Platform

DISCOVER MONITOR PROTECT MANAGE

Network

Discover

NetworkProtect

Endpoint

Discover

EndpointPrevent

Network

Monitor

NetworkPrevent

Endpoint

Discover

EndpointPrevent

Network Monitor

Network Prevent

Network

Discover

NetworkProtect

EndpointPrevent


20/38


COMMON DLP DEPLOYMENTS

DLPCapabilities

% ofMarket

SponsorData inMotion

Data at Rest End PointEase toDeploy

DLP "Lite 70%IT or Email

AdminE-mail Simple

DLP "Full" 30%CSO or

ComplianceOfficer

E-mail, FTP,HTTP

Servers,Databases

off NetworkUSB,

CD/DVDComplex


21/38


CONTINUOUS RISK REDUCTION

1000

800

600

400

200

0

IncidentsPerW

eek

Remediation

Notification

Prevention

Risk Reduction Over Time

Visibility


22/38


DLP EXAMPLES


23/38

2323CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. 2

Fix Broken Business Processes500k Personal Records on Open Share

Find it. Fix it.

Remove from open share and leave a file marker.

C i i d


24/38


Protect Competitive AdvantageUnencrypted product design documents sent to apartner

P t t C titi Ad t


25/38


Educate users with automated email.

Protect intellectual property.

Protect Competitive AdvantageUnencrypted product design documents sent to a partner

Fi E d D t D kt


26/38


Fix Exposed Data on a DesktopCall center records improperly stored on an Endpoint

Cl U E d D t D kt


27/38


Notify user via automated email.

Empower users to self remediate.

Clean Up Exposed Data on a DesktopCall center records improperly stored on an Endpoint


28/38

P t t C titi Ad t


29/38


Stop it from being copied to USB.

Notify User. Launch investigation.

Protect Competitive AdvantagePricing copied to USB

Prevent Breach of Customer Data


30/38


Prevent Breach of Customer DataSensitive data sent via personal webmail

Block the email.

On or off the corporate network.


31/38


WHY CDW FOR SECURITY


32/38


WHY CDW?

CDW is a recognized security leader. Ourability to help you protect your diverseassets is backed up by:

Assessment

Firewall andPerimeter Design

Endpoint Protection

Data Loss Prevention

Network AdmissionControl

Video Surveillanceand Physical Access

and More

The Best Engineers in the Industry

1000s of Successful Assessments and Deployments

Industry Certifications and Awards


33/38


CDW SECURITY TEAM

CDWs Security team is:

SAS-70 Type-II Certified Operations

Microsoft Security Competency

Ciscos firstSecurity Master partner

Symantec DLP Specialization

Our people and our experience haveearned us these top-notch qualifications.


34/38


THE CDW DLP RISK ASSESSMENT

Search for Critical, Confidential, and Sensitive Data Customer/Employee NPI including CCN, SSN

Source code, competitive intelligence, product plans

Financials and confidential documents

Risk Assessment Objectives Quantify exposure of data loss

Prove DLP software meets customer requirements

Prove support for compliance initiatives

Risk Assessment Initiation SoW with detailed overview of the process

Agreement on duration and equipment return terms


35/38



35

Data in Motion

NetworkMonitor

EndpointMonitor(Agent Software)

Data at Rest Endpoint Software

Network

Prevent

NetworkDiscover

Network

Protect

Endpoint

Prevent(Agent Software)

Enforce Platform(Management Software)

The Risk Assessment is based on the detection elements


36/38



Start

Finish

KickoffMeeting

Pre-configure/Ship

CDW Server

Customerconnects

server

Monitorfor 21days

CollectStats/Produce report

Customererases/shipsserver back

to CDW

Closeoutmeeting


37/38



Report of Findings Summary information related to risk

Detailed findings and analysis

No confidential information in document

Findings from Previous Assessments Tens of thousands of SSNs found in emails

Pricing Data sent it clear text

Credit card numbers sent to personal email accounts

Personal federal tax return as an email attachment

Complete client list sent to personal email account

Username and password sent to private email account


38/38

800.800.4239 | CDW.com/peoplewhogetit

THANK YOU

Documents

Tools for Successful Data Loss Prevention Final