Upload
vishnu-prasad
View
223
Download
0
Embed Size (px)
Citation preview
8/6/2019 Tools for Successful Data Loss Prevention Final
1/38
800.800.4239 | CDW.com/peoplewhogetit
TOOLS FOR SUCCESSFUL DATA LOSSPREVENTION
Allen Schmidt
CCIE 4860, CISSP, CISASecurity Solution Architect
8/6/2019 Tools for Successful Data Loss Prevention Final
2/38
8/6/2019 Tools for Successful Data Loss Prevention Final
3/38
3
3CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
THREATS TO DATA
8/6/2019 Tools for Successful Data Loss Prevention Final
4/38
4
4CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
RISK IS A COST
8/6/2019 Tools for Successful Data Loss Prevention Final
5/38
5
5CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
Risk Analysis Is Tricky
The Allies in WWII wanted to improve pilot return rates frombombing raids over Europe
Abraham Wald (statistician) studied the problem of addingarmor to planes to protect the pilots and the planes
Bullet holes on planes returning to base were observed
Distribution of new armor seemed obvious
Taking data at face value can be misleading
RISK ANALYSIS
8/6/2019 Tools for Successful Data Loss Prevention Final
6/38
6
6CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
Writers
Tool and
ToolkitWriters
MalwareWriters
Worms
Viruses
Trojans
Asset
Compromise
IndividualHost orApplication
Compromise
Environment
EndValue
Fame
Theft
Espionage
Corporate
Government
THREAT ECONOMY: PAST
8/6/2019 Tools for Successful Data Loss Prevention Final
7/3877CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
Writers
Tool and Toolkit
Writers
Malware Writers
Worms
Viruses
Trojans
Spyware
First
StageAbusers
Hacker/DirectAttack
MachineHarvesting
InformationHarvesting
Internal Theft
Abuse of Privilege
MiddleMen
CompromisedHost and
Application
Bot-Net Creation
Bot-NetManagement
PersonalInformation
InformationBrokerage
Electronic IPLeakage
Second
StageAbusers
Extortionist/DDoS-for-Hire
Spammer
Phisher
Pharmer/DNSPoisoning
Identity Theft
End Value
Fame
Theft
EspionageCorporate
Government
Extorted Pay-Offs
Commercial Sales
Fraudulent Sales
Click-ThroughRevenue
Financial Fraud
$$$ Flow of Money $$$
THREAT ECONOMY: TODAY
8/6/2019 Tools for Successful Data Loss Prevention Final
8/3888CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
DLP IS IMPERATIVE
Insiders and partners cause most breaches
Insiders make mistakes handling data
Broken business processes increase risk
Malicious or criminal attacks on the rise Most expensive cause of breaches
Per record average rose 48%
Data breach costs continue to rise Grown every year since 2006
Average of $214 per record
41%of breaches
31%of breaches
$7.2million average
cost of a breach
2010 Annual Study: US Cost of a Data Breach; Ponemon Institute; March 2011
8/6/2019 Tools for Successful Data Loss Prevention Final
9/3899CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
Source: http://datalossdb.org
DATA BREACH EXAMPLES
8/6/2019 Tools for Successful Data Loss Prevention Final
10/381010CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
(815 ILCS 530/) Personal Information Protection Act
(815 ILCS 530/1)
Sec. 1. Short title. This Act may be cited as the Personal InformationProtection Act.(Source: P.A. 94-36, eff. 1-1-06.)
(815 ILCS 530/5)Sec. 5. Definitions. In this Act:..."Personal information" means an individual's first name or first
initial and last name in combination with any one or more of the followingdata elements, when either the name or the data elements are not encryptedor redacted:
(1) Social Security number.(2) Driver's license number or State identification
card number.
(3) Account number or credit or debit card number, or
an account number or credit card number in combination with any required
security code, access code, or password that would permit access to anindividual's financial account.
(815 ILCS 530/20)Sec. 20. Violation. A violation of this Act constitutes an unlawful
practice under the Consumer Fraud and Deceptive Business Practices Act.(Source: P.A. 94-36, eff. 1-1-06.)
http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=2702&ChapAct=815 ILCS 530/&ChapterID=67&ChapterName=BUSINESS+TRANSACTIONS&ActName=Personal+Infor
mation+Protection+Act.
DATA BREACH LEGISLATION
8/6/2019 Tools for Successful Data Loss Prevention Final
11/381111CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
DLP METHODS
8/6/2019 Tools for Successful Data Loss Prevention Final
12/381212CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
WHAT IS DLP?
DATA LOSS PREVENTION (DLP)
DISCOVER PROTECTMONITOR
How best toprevent its loss?
How is itbeing used?
Where is yourconfidential data?
KEY DLP CAPABILITIES
8/6/2019 Tools for Successful Data Loss Prevention Final
13/381313CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
MANAGE
Find data whereverit is stored
Create inventory of
sensitive data
Manage data cleanup
Understand howdata is being used
Understand
content andcontext
Gain visibility intopolicy violations
Proactively securedata
Prevent
confidential dataloss
Enforce dataprotection policies
DISCOVER PROTECTMONITOR
Define unifiedpolicy acrossenterprise
Detect contentaccurately
Remediate andreport onincidents
KEY DLP CAPABILITIES
WHAT IS DLP?
KEY DLP CAPABILITIES
8/6/2019 Tools for Successful Data Loss Prevention Final
14/381414CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
KEY DLP CAPABILITIES
HOW IT WORKS
MANAGE
DISCOVER
Identify scan targets Run scan to findsensitive data onnetwork & endpoint
Enable orcustomizepolicytemplates
Remediate andreport on riskreduction
MONITOR
1
2 3
PROTECT
4
5
Inspect data beingsent
Monitor network &endpoint events
Block-remove-encrypt Quarantine or copy files
Notify employee &manager
8/6/2019 Tools for Successful Data Loss Prevention Final
15/381515CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
MEASURABLE RISK REDUCTION
80% risk
reduction in20 days withautomatednotification
70% risk
reductiondue toemployeeeducation
95%
reduction innewincidentswithin oneyear due toautomated
protection
98%
reduction inunauthorizedsharing ofdesign specswithfingerprinted
detection
97% risk
reduction dueto structureddata detectionof every U.S.citizens SSNand identify
information
Healthcare Insurance FinancialServices BusinessServices Manufacturing
8/6/2019 Tools for Successful Data Loss Prevention Final
16/381616CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
SYMANTEC DLP OVERVIEW
8/6/2019 Tools for Successful Data Loss Prevention Final
17/381717CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
DLP SOLUTION LANDSCAPE
Source: Gartner, Inc., Magic Quadrant forContent-Aware Data Loss Prevention, PaulProctor, Eric Ouellet, June 2, 2010.
The Magic Quadrant is copyrighted 2010 by Gartner, Inc. andis reused with permission. The Magic Quadrant is a graphicalrepresentation of a marketplace at and for a specific timeperiod. It depicts Gartner's analysis of how certain vendorsmeasure against criteria for that marketplace, as defined byGartner. Gartner does not endorse any vendor, product orservice depicted in the Magic Quadrant, and does not advise
technology users to select only those vendors placed in the"Leaders" quadrant. The Magic Quadrant is intended solely as aresearch tool, and is not meant to be a specific guide to action.Gartner disclaims all warranties, express or implied, withrespect to this research, including any warranties ofmerchantability or fitness for a particular purpose.
This Magic Quadrant graphic was published by Gartner, Inc. aspart of a larger research note and should be evaluated in thecontext of the entire report. The Gartner report is availableupon request from Symantec.
challengers leaders
niche players visionaries
completeness of vision
ability
to
execute
As of June2010
SymantecMcAfee
Websense
RSA (EMC)
CA
Code Green Networks
GTB Technologies
Trend Micro
VerdasysFidelis Security Systems
Palisade Systems
Trustwave
8/6/2019 Tools for Successful Data Loss Prevention Final
18/381818CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
SYMANTEC DLP ARCHITECTURE
SECURED CORPORATE LAN DMZDisconnected
SPAN Port or Tap
MTA or Proxy
8/6/2019 Tools for Successful Data Loss Prevention Final
19/38
1919CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
SYMANTEC DLP ARCHITECTURE
Storage Endpoint Network
Management Platform
Enforce Platform
DISCOVER MONITOR PROTECT MANAGE
Network
Discover
NetworkProtect
Endpoint
Discover
EndpointPrevent
Network
Monitor
NetworkPrevent
Endpoint
Discover
EndpointPrevent
Network Monitor
Network Prevent
Network
Discover
NetworkProtect
EndpointPrevent
8/6/2019 Tools for Successful Data Loss Prevention Final
20/38
2020CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
COMMON DLP DEPLOYMENTS
DLPCapabilities
% ofMarket
SponsorData inMotion
Data at Rest End PointEase toDeploy
DLP "Lite 70%IT or Email
AdminE-mail Simple
DLP "Full" 30%CSO or
ComplianceOfficer
E-mail, FTP,HTTP
Servers,Databases
off NetworkUSB,
CD/DVDComplex
8/6/2019 Tools for Successful Data Loss Prevention Final
21/38
2121CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
CONTINUOUS RISK REDUCTION
1000
800
600
400
200
0
IncidentsPerW
eek
Remediation
Notification
Prevention
Risk Reduction Over Time
Visibility
8/6/2019 Tools for Successful Data Loss Prevention Final
22/38
2222CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
DLP EXAMPLES
8/6/2019 Tools for Successful Data Loss Prevention Final
23/38
2323CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. 2
Fix Broken Business Processes500k Personal Records on Open Share
Find it. Fix it.
Remove from open share and leave a file marker.
C i i d
8/6/2019 Tools for Successful Data Loss Prevention Final
24/38
2424CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. 2
Protect Competitive AdvantageUnencrypted product design documents sent to apartner
P t t C titi Ad t
8/6/2019 Tools for Successful Data Loss Prevention Final
25/38
2525CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. 2
Educate users with automated email.
Protect intellectual property.
Protect Competitive AdvantageUnencrypted product design documents sent to a partner
Fi E d D t D kt
8/6/2019 Tools for Successful Data Loss Prevention Final
26/38
2626CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. 2
Fix Exposed Data on a DesktopCall center records improperly stored on an Endpoint
Cl U E d D t D kt
8/6/2019 Tools for Successful Data Loss Prevention Final
27/38
2727CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. 2
Notify user via automated email.
Empower users to self remediate.
Clean Up Exposed Data on a DesktopCall center records improperly stored on an Endpoint
8/6/2019 Tools for Successful Data Loss Prevention Final
28/38
P t t C titi Ad t
8/6/2019 Tools for Successful Data Loss Prevention Final
29/38
2929CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY. 2
Stop it from being copied to USB.
Notify User. Launch investigation.
Protect Competitive AdvantagePricing copied to USB
Prevent Breach of Customer Data
8/6/2019 Tools for Successful Data Loss Prevention Final
30/38
3030CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
Prevent Breach of Customer DataSensitive data sent via personal webmail
Block the email.
On or off the corporate network.
8/6/2019 Tools for Successful Data Loss Prevention Final
31/38
3131CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
WHY CDW FOR SECURITY
8/6/2019 Tools for Successful Data Loss Prevention Final
32/38
3232CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
WHY CDW?
CDW is a recognized security leader. Ourability to help you protect your diverseassets is backed up by:
Assessment
Firewall andPerimeter Design
Endpoint Protection
Data Loss Prevention
Network AdmissionControl
Video Surveillanceand Physical Access
and More
The Best Engineers in the Industry
1000s of Successful Assessments and Deployments
Industry Certifications and Awards
8/6/2019 Tools for Successful Data Loss Prevention Final
33/38
3333CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
CDW SECURITY TEAM
CDWs Security team is:
SAS-70 Type-II Certified Operations
Microsoft Security Competency
Ciscos firstSecurity Master partner
Symantec DLP Specialization
Our people and our experience haveearned us these top-notch qualifications.
8/6/2019 Tools for Successful Data Loss Prevention Final
34/38
3434CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
THE CDW DLP RISK ASSESSMENT
Search for Critical, Confidential, and Sensitive Data Customer/Employee NPI including CCN, SSN
Source code, competitive intelligence, product plans
Financials and confidential documents
Risk Assessment Objectives Quantify exposure of data loss
Prove DLP software meets customer requirements
Prove support for compliance initiatives
Risk Assessment Initiation SoW with detailed overview of the process
Agreement on duration and equipment return terms
8/6/2019 Tools for Successful Data Loss Prevention Final
35/38
3535CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
THE CDW DLP RISK ASSESSMENT
35
Data in Motion
NetworkMonitor
EndpointMonitor(Agent Software)
Data at Rest Endpoint Software
Network
Prevent
NetworkDiscover
Network
Protect
Endpoint
Prevent(Agent Software)
Enforce Platform(Management Software)
The Risk Assessment is based on the detection elements
8/6/2019 Tools for Successful Data Loss Prevention Final
36/38
3636CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
THE CDW DLP RISK ASSESSMENT
Start
Finish
KickoffMeeting
Pre-configure/Ship
CDW Server
Customerconnects
server
Monitorfor 21days
CollectStats/Produce report
Customererases/shipsserver back
to CDW
Closeoutmeeting
8/6/2019 Tools for Successful Data Loss Prevention Final
37/38
3737CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
THE CDW DLP RISK ASSESSMENT
Report of Findings Summary information related to risk
Detailed findings and analysis
No confidential information in document
Findings from Previous Assessments Tens of thousands of SSNs found in emails
Pricing Data sent it clear text
Credit card numbers sent to personal email accounts
Personal federal tax return as an email attachment
Complete client list sent to personal email account
Username and password sent to private email account
8/6/2019 Tools for Successful Data Loss Prevention Final
38/38
800.800.4239 | CDW.com/peoplewhogetit
THANK YOU