Data Leak Protection THE NEED, IMPLEMENTATION AND RESULTS

Transcription

1 Data Leak Protection THE NEED, IMPLEMENTATION AND RESULTS

2 Table Of Contents Our Introduction Introduction To Data Leak Organisation structures Data leak areas Data leak solutions Suggested data leak solution DL strategies DL products Implementation Expected results Results challenges Ongoing DL solutions Support

3 MIBM Introduction MUNSHIRAM INTERNATIONAL BUSINESS MACHINES LIMITED (MIBM Ltd) Established in 1980 with a mission to provide customers with efficient office solutions through in-house developed products and technical capabilities and capacity. The preferred choice in delivery of office furniture, business equipment's, ICT equipment's, ICT services and solutions. Designed and developed MyCBOMS, CSM, ASAH EDMS, Retail Management System(POS), Biometric Access Control System and NHIF CRV Software among others. Has elaborate distribution and support network in Kenya(Nairobi, Kisumu, Mombasa and Meru), Uganda(Kampala), Rwanda(Kigali) and Tanzania(Dar Es Salam). Other group companies are; Punchlines, Secura, Kengrow and Bracon.

4 Introduction To Data Leaks Data loss/leak prevention solution is a system that is designed to detect potential data breach, data ex-filtration transmissions and prevent them by monitoring, detecting & blocking sensitive data while; 1. In-use. Data in laptops, PCs, PDAs (endpoint actions), 2. In-motion. Data being sent (network traffic), 3. At-rest. Data stored in servers, PCs (data storage) Sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake.

5 The Many Faces of Data Leaks Accidental Disclosure Insider Threats Improper Access Control Social Engineering Customer information, Credit-card details Other Acronyms Data Loss Protection Data Leak Prevention/Protection Information Loss Prevention/Protection Information Leak Prevention/Protection Extrusion Prevention System Content Monitoring and Filtering Content Monitoring and Protection

6 Risk Of Loosing Sensitive Data 3:5 firms experience a data loss or theft event 1 9:10 data loss or theft events go unreported 1 1:5 employees have ed confidential data from their corporate account to a personal one 2 1:2 business travellers carry sensitive corporate data on their laptops or PDAs 1:2 workers have lost portable devices containing work-related data4 Consequences Of Loosing Sensitive Data Band media and brand damage Regulatory penalties Liability and lawsuits

7 Sensitive Data That Can Be Leaked Intellectual property (IP), Financial or Employee Information Customer information, Credit-card details Method of Data Leaks

8 Data Leak Protection Solution Data is transferred to/from, processed in the workstations and can be easily shared with outside world using the following options. Internet Cloud Tablets s Flash Drives Mobile Phones External Hard Disks Web s CD/DVD Internet Link Corporate Servers (File servers, Mail Servers, Network Servers, Database Servers, Application Servers) Internet Access Instant Chat Room Workstation/PC Printin g Memory Cards Twitter Facebo ok Network Folders

9 Real Examples Of Data Leaks Laptop Stolen in Home Burglary: 2006 In May 2006, a thief broke into the home of a U.S. Veterans Affairs employee and took a laptop with the personal information of 17.5 million Veterans. This story had a rare happy ending, as the FBI recovered the laptop a month later and found that no one accessed the information Bradley Manning. a United States Army soldier who was arrested in May 2010 in Iraq on suspicion of having passed classified material to the website WikiLeaks. Swiss to US& Britain Alert. Swiss news reports and the sources close to the investigation said that investigators believe the technician downloaded terabytes, running into hundreds of thousands or even millions of printed pages, of classified material from the Swiss intelligence service's servers onto portable hard drives. He then carried them out of government buildings in a backpack.

10 Data Loss Solutions User training and sensitisation Use of dumb end workstations with no local data storage Disallow use of portable devices(pda) Disable s and internet Only shareholders access and work on sensitive data Implement data leak protection solution. Deploy security guards to inspect add data carrying devices in and out of company premises. Assume all will be well.

11 Data Leak Protection Solution Data leaving the workstation to other points is filtered for content and also leaving the organisation servers. Internet Cloud Tablets s Flash Drives Mobile Phones External Hard Disks Internet Link Firewall jj Corporate Servers (File servers, Mail Servers, Network Servers, Database Servers, Application Servers) Web s Internet Access Workstation/PC CD/DVD Memory Cards Provide DLP Protection Layer Instant Chat Room Twitter Facebo ok Network Folders Printin g Provide DLP Protection Layer Data Leak Protection Server

12 Data Leak Protection Background Key Technical Features: Centralized Management Central policy creation for distributed deployments Predefined and customizable ready to use policies Context-aware information analysis, monitoring and prevention Identification and blocking capability Ease of integration Support for directory services (MS AD, LDAP etc) Ability to integrate with all popular SQL databases Support for all kind of printers independent from brand, model and connection type Doing all these without extra agent deployment. Business Alignment: Aligning with business needs Designed and preconfigured to satisfy business needs Customizable policies, messages etc. Market Position Should be used by several institutions and companies Further, should be assessed and evaluated by thousands of experts

13 Data Leak Protection Strategy DLP Focus: Data

14 MyDLP Solution Components MyDLP Management Console MyDLP Network Protection MyDLP Information Discovery MyDLP Endpoint Protection MyDLP Printer Protection MyDLP Information Discovery

15 MyDLP High Availability MyDLP can run on both physical and virtual servers. You can distribute and scale MyDLP almost linearly. MyDLP is fault tolerant. ( active-active )

16 MyDLP Integration And Network Protection Should be integrated with mail server to protect SMTP traffic. Supports all popular mail servers. Should be integrated with directory server to use directory users & groups in policies. Does not require any agent installation. Should intercept Web traffic to protect it. Can be integrated with your proxy server using ICAP protocol or bundled Squid 3.x can be used.

17 MyDLP Information Discovery MyDLP can crawl through your data stores, file servers and SQL servers to learn your sensitive data from them. Saves your time and keeps itself always up-to-date. If a sensitive information appears is in a place where it shouldn t be, MyDLP finds out, remediates and reports.

18 MyDLP Endpoint And Printer Protection If a sensitive information appears is in a place where it shouldn t be, MyDLP finds out, remediates and reports. On endpoints, too MyDLP will protect all kind of removable storage devices connected to your computers through USB (1.0, 1.1, 2.0, 3.0), Firewire (400, 800, 1600, 3200 and S types) and more. MyDLP support all printer models and all connection ports. Does not require print server or any other agent installation.

19 Management And Administration Enterprise manager has an easy to use web administration interface Predefined and customizable ready to use policies User roles with hierarchical authority scopes Automatically revisions policies. You can turn back to any state at any time. Advanced incident log searching including full text searches.

20 DLP Solution Server Implementation DLP Server with Active Directories Content Filtering Outgoing s Outgoing web content(text/multipart) End-Point Workstations Data Encryption Find and authenticate content Mobile Devices Data encryption Data wipe on device loss

21 Communications Control Policy Functions Port-independent application/protocol detection and filtering Message/session reconstruction with file/data/parameter extraction Content filtering Event/audit logging data shadowing Network-related parameters controlled IP address, range, subnet, masking Network ports and network ranges Protocols and network application types Identity-based parameters controlled User IDs and groups, and IP addresses, Instant Messaging ID, URI/URL LDAP identities

22 Copying to external storage e.g flash disk, external disk Plain and SSL-tunneled SMTP s Messages and attachments separately HTTP/HTTPS-based web access, Popular webmail & social networking applications Gmail, Yahoo! Mail, Hotmail, Windows Live Mail Facebook, Twitter, LinkedIn, MySpace Instant Messaging ICQ/AOL, MSN Messenger, Jabber, IRC, Yahoo Messenger, Mail.ru Agent IPTelephony and remote administration Skype, Teamviewer, Mikogo etc File transfer via FTP and FTP-SSL FileZilla, WinSCP, IIS etc Telnet sessions Screen shot prevention

23 Implementation Corporate overview Hardware and softwares delivery DLP Server Installation and configuration End-point DLP software installation Include group policies Technical training Management training Other employees training

24 MyDLP Implementation Schedule

25 MyDLP Licencing And Support Community Licences Enterprise Annual Maintenance Contracts Site Visits , chat support Remote support Troubleshoot server Local MyDLP forum and international forum

26 Justifying Costs To The Management Leakage of personally identifiable information (PII) and personal health information (PHI), direct costs: The average cost per record associated with a leak to make affected parties whole Fees for legal representation Engaging a PR firm to minimize damage and restore reputation to the extent possible Consumer credit monitoring for all customers (not necessarily only those affected by the leak) Up to five years of system and process audits conducted by an independent third party

27 Justifying Costs To The Management Intellectual property, direct costs: Fees for legal recourse to address who leaked the data and discover if it is being used inappropriately Short-term impact to R&D cost recuperation Long-term impact to profitability/revenue projections System and process audits to identify and correct the source of the leak

28 Justifying Costs To The management Total economic impact in one lost laptop: $49,256 (incl. replacement cost, detection, forensics, data breach, lost intellectual property costs, lost productivity and legal, consulting and regulatory expenses) Occurrence of data breach represents 80 % of cost; intellectual property loss is 59% of cost If the company discovers the loss in one day, it is $8,950. After one week, it is $115,849 Average cost for senior management is $28,449. For a manager or director it is about $61,000 Productivity loss is only about 1% of the cost Loss if laptop is encrypted: $29,256 (> $20,000 less) Loss varies by industry financial services: $112, 853, healthcare: $67,873, manufacturing: $2,184 Loss of intellectual property for healthcare is quite high - $17,999

29 MyDLP Customer Support Framework Customer Enquires Help Allocate Support Assistant Supported Phone Call Call Support Phone support data Record And Identify Support Nature Chat Allocate Support Assistant SMS Support Supported Copy Chat Logs Is Hardware Or Software Software Issues Hardware Issues Supported Hardware Suport logs Allocate Technician Allocate Technician SMS SMS Auto Response service Unavailable Reponse? Consolidate Auto Response & Queries Solves Issues Software Developm ent Internet Trouble shoot server Send Relevant Local Technician To Site No Issue Resolved? Yes, resolved remotely, or by assistance Customer Response Server

30 MyDLP International Support

31 Questions Questions Questions Questions Questions Questions Questions Questions

32 Punch Towers, East-Gate National Park Road, Off Mombasa Road P.O. Box GPO Nairobi / Simon Kagara, / Abdul Ali, /

33 Notes