Tools For Successful Data Loss Prevention Final

TOOLS FOR SUCCESSFUL DATA LOSS PREVENTION
Allen Schmidt
CCIE 4860, CISSP, CISA Security Solution Architect allen.schmidt@cdw.com
800.800.4239 | CDW.com/peoplewhogetit
AGENDA
Threats to Data Data Loss Prevention Methods
Symantec DLP
DLP Examples Why CDW for Security
CDW PROPRIETARY AND CONFIDENTIAL. COPYING RESTRICTED. FOR INTERNAL USE ONLY.
2 2
THREATS TO DATA
3 3
RISK IS A COST
4 4
RISK ANALYSIS
Risk Analysis Is Tricky
The Allies in WWII wanted to improve pilot return rates from
bombing raids over Europe Abraham Wald (statistician) studied the problem of adding armor to planes to protect the pilots and the planes Bullet holes on planes returning to base were observed Distribution of new armor seemed obvious Taking data at face value can be misleading
5 5
THREAT ECONOMY: PAST
Writers
Tool and Toolkit Writers
Asset
Compromise Individual Host or Application
End Value
Fame
Theft Malware Writers

Worms Viruses Trojans
Compromise Environment
Espionage
Corporate Government
6 6
THREAT ECONOMY: TODAY

Writers
First Stage Abusers

Hacker/Direct Attack
Middle Men
Compromised Host and Application
Second Stage Abusers

Extortionist/ DDoS-for-Hire
End Value
Fame Theft
Tool and Toolkit Writers Machine Harvesting
Bot-Net Creation Spammer Bot-Net Management Phisher
Espionage
Corporate Government
Extorted Pay-Offs Commercial Sales Pharmer/DNS Poisoning Fraudulent Sales Click-Through Revenue Identity Theft Financial Fraud
Malware Writers Worms Viruses Trojans Spyware
Information Harvesting
Personal Information
Internal Theft
Abuse of Privilege
Information Brokerage
Electronic IP Leakage
$$$ Flow of Money $$$

7 7
DLP IS IMPERATIVE
Insiders and partners cause most breaches

Insiders make mistakes handling data Broken business processes increase risk
41%
of breaches
Malicious or criminal attacks on the rise

Most expensive cause of breaches Per record average rose 48%
31%
of breaches
Data breach costs continue to rise

Grown every year since 2006 Average of $214 per record
million average cost of a breach
$7.2
2010 Annual Study: US Cost of a Data Breach; Ponemon Institute; March 2011
8 8
DATA BREACH EXAMPLES
Source: http://datalossdb.org
9 9
DATA BREACH LEGISLATION

(815 ILCS 530/) Personal Information Protection Act (815 ILCS 530/1) Sec. 1. Short title. This Act may be cited as the Personal Information Protection Act. (Source: P.A. 94-36, eff. 1-1-06.) (815 ILCS 530/5) Sec. 5. Definitions. In this Act: ... "Personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted: (1) Social Security number. (2) Driver's license number or State identification card number. (3) Account number or credit or debit card number, or an account number or credit card number in combination with any required security code, access code, or password that would permit access to an individual's financial account. (815 ILCS 530/20) Sec. 20. Violation. A violation of this Act constitutes an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. (Source: P.A. 94-36, eff. 1-1-06.)
http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=2702&ChapAct=815 ILCS 530/&ChapterID=67&ChapterName=BUSINESS+TRANSACTIONS&ActName=Personal+Infor mation+Protection+Act.
10 10
DLP METHODS
11 11
WHAT IS DLP?
Where is your confidential data? How is it being used?
How best to prevent its loss?
DISCOVER
MONITOR
PROTECT
DATA LOSS PREVENTION (DLP)

12 12
KEY DLP CAPABILITIES
WHAT IS DLP?
DISCOVER
Find data wherever it is stored
Create inventory of sensitive data Manage data clean up
MONITOR
Understand how data is being used
Understand content and context
PROTECT
Proactively secure data Prevent confidential data loss Enforce data protection policies
Gain visibility into policy violations
MANAGE
Define unified policy across enterprise Remediate and report on incidents Detect content accurately
13 13
KEY DLP CAPABILITIES
HOW IT WORKS
DISCOVER
2
MONITOR
3
4
PROTECT
Identify scan targets Run scan to find sensitive data on network & endpoint
Inspect data being sent Monitor network & endpoint events
Block-remove-encrypt Quarantine or copy files Notify employee & manager
MANAGE
1
Enable or customize policy templates
Remediate and report on risk reduction
14 14
MEASURABLE RISK REDUCTION

Financial Services
Healthcare
Insurance
Business Services
Manufacturing
70% risk reduction due to employee education
80% risk reduction in 20 days with automated notification
95% reduction in new incidents within one year due to automated protection
97% risk reduction due to structured data detection of every U.S. citizens SSN and identify information
98% reduction in unauthorized sharing of design specs with fingerprinted detection
15 15
SYMANTEC DLP OVERVIEW
16 16
DLP SOLUTION LANDSCAPE

challengers leaders
Source: Gartner, Inc., Magic Quadrant for Content-Aware Data Loss Prevention, Paul Proctor, Eric Ouellet, June 2, 2010.
ability to execute
Symantec McAfee Websense RSA (EMC) Trustwave CA Verdasys Fidelis Security Systems Palisade Systems Trend Micro Code Green Networks
The Magic Quadrant is copyrighted 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Symantec.
GTB Technologies
niche players
visionaries
completeness of vision
As of June2010
17 17
SYMANTEC DLP ARCHITECTURE
MTA or Proxy
SPAN Port or Tap
Disconnected
SECURED CORPORATE LAN
DMZ
18 18
SYMANTEC DLP ARCHITECTURE

DISCOVER MONITOR PROTECT MANAGE
Storage
Network Network Discover Discover Network Protect
Endpoint
Endpoint Discover Endpoint Prevent
Network
Network Network Monitor Monitor Network Network Prevent Prevent
Management Platform
Enforce Platform
19 19
COMMON DLP DEPLOYMENTS
DLP % of Capabilities Market
Sponsor
Data in Motion
Data at Rest End Point
Ease to Deploy
DLP "Lite
70%
IT or Email Admin
E-mail
Simple
DLP "Full"
30%
CSO or Compliance Officer
E-mail, FTP, HTTP
Servers, Databases
off Network USB, Complex CD/DVD
20 20
CONTINUOUS RISK REDUCTION

Visibility
1000
Remediation
800
Notification
600
400
Incidents Per Week
Prevention
200
Risk Reduction Over Time
21 21
DLP EXAMPLES
22 22
Fix Broken Business Processes 500k Personal Records on Open Share
Find it. Fix it. Remove from open share and leave a file marker.
23 23 23
Protect Competitive Advantage Unencrypted product design documents sent to a partner
24 24
Protect Competitive Advantage Unencrypted product design documents sent to a partner
Educate users with automated email. Protect intellectual property.
25 25
Fix Exposed Data on a Desktop Call center records improperly stored on an Endpoint
26 26
Clean Up Exposed Data on a Desktop Call center records improperly stored on an Endpoint
Notify user via automated email. Empower users to self remediate.
27 27
Protect Competitive Advantage Pricing copied to USB
28 28
Protect Competitive Advantage Pricing copied to USB
Stop it from being copied to USB. Notify User. Launch investigation.
29 29 29
Prevent Breach of Customer Data Sensitive data sent via personal webmail
Block the email. On or off the corporate network.
30 30
WHY CDW FOR SECURITY
31 31
WHY CDW?
CDW is a recognized security leader. Our ability to help you protect your diverse assets is backed up by:
The Best Engineers in the Industry
Assessment
Firewall and Perimeter Design Endpoint Protection Data Loss Prevention
1000s of Successful Assessments and Deployments
Network Admission Control Video Surveillance and Physical Access
Industry Certifications and Awards
and More
32 32
CDW SECURITY TEAM
CDWs Security team is:

SAS-70 Type-II Certified Operations
Microsoft Security Competency Ciscos first Security Master partner Symantec DLP Specialization
Our people and our experience have earned us these top-notch qualifications.
33 33
THE CDW DLP RISK ASSESSMENT

Search for Critical, Confidential, and Sensitive Data
Customer/Employee NPI including CCN, SSN Source code, competitive intelligence, product plans Financials and confidential documents
Risk Assessment Objectives

Quantify exposure of data loss
Prove DLP software meets customer requirements

Prove support for compliance initiatives
Risk Assessment Initiation

SoW with detailed overview of the process
Agreement on duration and equipment return terms
34 34

Enforce Platform
(Management Software)
35
Data in Motion
Data at Rest
Endpoint Software
Network Monitor Network Prevent
Network Discover Network Protect
Endpoint Monitor
(Agent Software)
Endpoint Prevent
(Agent Software)
The Risk Assessment is based on the detection elements

35 35

Start
Kickoff Meeting
Finish
Customer erases/ships server back to CDW
Pre-configure/ Ship CDW Server
Closeout meeting
Customer connects server
Monitor for 21 days
Collect Stats/Prod uce report
36 36
Report of Findings
Summary information related to risk Detailed findings and analysis No confidential information in document
Findings from Previous Assessments

Tens of thousands of SSNs found in emails Pricing Data sent it clear text Credit card numbers sent to personal email accounts Personal federal tax return as an email attachment
Complete client list sent to personal email account

Username and password sent to private email account
37 37
THANK YOU
800.800.4239 | CDW.com/peoplewhogetit

Tools For Successful Data Loss Prevention Final

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tools For Successful Data Loss Prevention Final

Uploaded by

Copyright:

Available Formats

TOOLS FOR SUCCESSFUL DATA LOSS PREVENTION

THREAT ECONOMY: PAST

Theft Malware Writers

THREAT ECONOMY: TODAY

First Stage Abusers

Second Stage Abusers

Tool and Toolkit Writers Machine Harvesting

Bot-Net Creation Spammer Bot-Net Management Phisher

Malware Writers Worms Viruses Trojans Spyware

$$$ Flow of Money $$$

Insiders and partners cause most breaches

Malicious or criminal attacks on the rise

Data breach costs continue to rise

million average cost of a breach

DATA BREACH EXAMPLES

DATA BREACH LEGISLATION

DATA LOSS PREVENTION (DLP)

KEY DLP CAPABILITIES

Gain visibility into policy violations

KEY DLP CAPABILITIES

Inspect data being sent Monitor network & endpoint events

Block-remove-encrypt Quarantine or copy files Notify employee & manager

Remediate and report on risk reduction

MEASURABLE RISK REDUCTION

70% risk reduction due to employee education

80% risk reduction in 20 days with automated notification

98% reduction in unauthorized sharing of design specs with fingerprinted detection

SYMANTEC DLP OVERVIEW

DLP SOLUTION LANDSCAPE

SYMANTEC DLP ARCHITECTURE

SPAN Port or Tap

SECURED CORPORATE LAN

SYMANTEC DLP ARCHITECTURE

COMMON DLP DEPLOYMENTS

DLP % of Capabilities Market

Data at Rest End Point

CSO or Compliance Officer

E-mail, FTP, HTTP

off Network USB, Complex CD/DVD

CONTINUOUS RISK REDUCTION

Incidents Per Week

Risk Reduction Over Time

Fix Broken Business Processes 500k Personal Records on Open Share

Protect Competitive Advantage Unencrypted product design documents sent to a partner

Protect Competitive Advantage Unencrypted product design documents sent to a partner

Educate users with automated email. Protect intellectual property.

Notify user via automated email. Empower users to self remediate.

Protect Competitive Advantage Pricing copied to USB

Protect Competitive Advantage Pricing copied to USB

Stop it from being copied to USB. Notify User. Launch investigation.

Block the email. On or off the corporate network.

WHY CDW FOR SECURITY

1000s of Successful Assessments and Deployments

Network Admission Control Video Surveillance and Physical Access

Industry Certifications and Awards

CDW SECURITY TEAM

CDWs Security team is:

THE CDW DLP RISK ASSESSMENT

Risk Assessment Objectives

Prove DLP software meets customer requirements

Risk Assessment Initiation

THE CDW DLP RISK ASSESSMENT