Beskyttelse af data i bevægelse: Hvordan man forhindrer tab af fortrolig data. Præsenteret af: Mads Christiansen Salgsingeniør for WatchGuard i Norden

Transcription

1 Velkommen

2 Beskyttelse af data i bevægelse: Hvordan man forhindrer tab af fortrolig data. Præsenteret af: Mads Christiansen Salgsingeniør for WatchGuard i Norden

3 Spam: A Worry of the Past?

4 Myth: Spam Will Soon Be Extinct

5 Key Trend: Spam is Changing Latest news used to lure users to spam Low volume spam attacks will increase and will specifically target a particular user Phishing attacks will continue to increase in complexity and detection Spam volumes decreased in 2010, but don t be misguided - Spammers will not die!

6 What is all the reputation hype about? Reputation services: a way to determine if a source IP, domain, or URL is a threat or not There is no black or white: a good source today can be a bad source tomorrow A truly effective reputation service is a rating service, and not a blacklist service It is a way to express, in a metric, how risky it is to connect to a specific source

7 Why are reputation services important? With more than 93% of all s containing spam or threats can you afford to scan every ? By blocking the majority of definite spam and threats at the connection level, you can: Block upwards of 98% of traffic at the perimeter Eliminate unwanted spam and false positives Keep your network free of threats process only clean, safe traffic Reduce the on-premise footprint required to scan traffic

8 All Reputation Systems are NOT Created Equal! WatchGuard Reputation Enabled Defense is the ONLY Next- Generation reputation service!

9 Multiple Layers of Spam Prevention One man s spam is another man s valued The key is to employ a solution such as WatchGuard XCS that includes multiple integrated spam technologies to protect you from unwanted messages or malicious spam attacks: Anti-Spam Engine: Knowledge-based learning system learns from your unique messaging environment to effectively determine what is, and is not spam for your organization Spam Rules: A list of signatures/content rules generated by WatchGuard Helps detect low-volume spam campaigns from reputable senders (e.g. Hotmail and Gmail) and proactively respond to spam outbreaks Pushed to XCS devices via Security Connection Ensures customers are always protected from the latest spam and phishing variants

10 Data Loss Prevention: Ignorance Breeds Avoidance

11 Key Trend: DLP Is A Top Security Priority Risks 3:5 firms experience a data loss or theft event 1 9:10 data loss or theft events go unreported 1 1:5 employees have ed confidential data from their corporate account to a personal one Dell + PonemonSurvey

12 Key Trend: Insider Threats Will Increase More job losses = more disgruntled employees Malicious data loss will increase as employees want to take info with them to new jobs, or as an act of revenge to pass on to competitors

13 Key Trend: Convergence of Regulations Across Countries Globalization will drive the need for standardization of regulations There will be a push to converge regulations amongst the OECD (Organization for Economic Co-operation and Development) countries Result will be standardization of laws on data security and privacy FTC has already reached out to the EU to begin the process of investigating where both sides of the Atlantic can unify data security laws

14 Key Trend: Encryption Market Is Growing Demand for encryption is growing High profile data loss incidents driving demand for data privacy More regulations today require encryption encryption has become a best practice in many industries encryption will continue to become easier to implement and less confusing for users

15 Common Objections to DLP We don t have regulatory compliance mandates. We don t need it. It is disruptive to business. It s too expensive. I don t know where to start.

16 Data-In-Motion Accounts for 80% of Data Leakage has become the de facto filing system for nearly all corporate information, making it even more critical to protect the outbound flow of messages. 80% of all DLP issues relate to sensitive data being lost across SMTP ( ) and HTTP (Web).

17 Insider Threats: Potential for Leaks is Vast

18 Data Loss Resulting From Internal Sources Source: DatalossDB

19 Every department transmits sensitive information Execs/ Mgmt. PR & Investor Relations Engineering R&D Product Mgmt. Marketing Sales, Support, Customer Service Legal IT/IS Human Resources Accounting /Finance

20 What our customers are telling us about their data loss concerns Loss of Sensitive Information I don t know how we can control data from being sent in or uploaded to the Web. Inadvertent Misuse Most of our policy violations and information breaches are accidental! Protect Critical Data We need the ability to protect known confidential documents from leaving the organization. Collaboration Risk I think some of my employees are sending confidential information via the Web. Granular Compliance Requirements The auditors are not just checking infrastructure controls anymore; they want to see more specific data-in-motion controls over my sensitive data.

21 Control What Enters & Exits Your Messaging Network Attachment control Size DOES matter Control what types of files and mime types allowed to enter and exit your network Limit size of attachments allowed into and out of your network Content scanning Scan over 400 different file types Document fingerprinting Protect known confidential documents

22 The Solution: Seamless, Integrated, Policy-Driven Data Loss Prevention

23 I ve Got DLP Now What?

24 As Private As Sending a Postcard in the Mail

25 Risks of Unencrypted Eavesdropping Message Modification Identity Theft False Messages Message Replay Unprotected Backups

26 Transparent, Policy-Based Encryption With XCS Secur Encryption Automates encryption Encrypt based on policies: Content Header Subject Line Trigger Sender / Recipient User, Group or Domain Keywords/RegEx Attachment Type Attachment Content Senders do not need to make policy decisions. Encryption is handled consistently. Accelerates compliance initiatives.

27 Every Element is Fully Brandable This is a secure, encrypted message. To view this secure message: Desktop users Open the attachment (message_zdm.html) and follow the instructions. BlackBerry users Install the Voltage Secur for BlackBerry application. Other mobile users Forward this message to: read@watchguard.comand check your inbox for a link to view the message. Allows for unique brand reinforcement of encrypted , ZDM pages, and notifications Subscribers can use their own corporate logo WatchGuard logo is the default if the customer does not purchase a branding subscription Ability to customize graphics, borders, fonts, colors, text and links Promotes corporate brand recognition. Reinforces trust and goodwill with recipients.

28 Simplest Mobile Experience Reader app to decrypt Auto decrypt on open Secure replies and forwards Usability optimized for smart phone Download link in secure message envelope App freely available for external recipients Simpler decryption for external mobile recipients. Business will not be disrupted. Recipients will not become frustrated.

29 WatchGuard XCS Secur Encryption Flow

30 Key XCS Data Loss Prevention Features Single policy administration for DLP across and web: o Eliminates gaps through which data can escape Seamless integrated remediation process o Provides flexibility for policy enforcement without administrator intervention Context scanning is different from content scanning o You need and want both Attachment Scanning and Control o Ability to scan and control over 400 attachment types Document fingerprinting o Trains the system on types of data to search for Envelope-based encryption o Provides affordable protection Compliance o Policy violation logging and reporting for compliance

31 Web Threats Are Exploding

32 Understanding Web 2.0 Web 2.0 is Interactive and collaborative The primary infection point for malicious code Massive and grows 40% annually

33 Web 2.0 Security is Content-Driven

34 Malware Has Reached Epic Proportions 60% increase in new malware Over 20,000 new malicious URLs blocked each day by Reputation Enabled Defense 80% of those URLs are legitimate websites that were hacked or compromised

35 Key Trend: AV & URL Filtering Not Enough URL shortening services have become the phisher s best friend 2009: 9.3% of spam included some form of shortened hyperlink from a free online URL shortening service 2010: 18% of spam contains a shortened hyperlink Explosive use of disposable and hijacked URLs is on the rise

36 Key Trend: Fake AV Software & SEO Poisoning Two of the most common and persistent web threats today: 1. Fake antivirus security software trick people into buying fraudulent software recently, a cybergang lured nearly a million people into buying its fraudulent software; sold at price point ranging from $50 to $130, the scam netted more than $72 million 2. Search Engine Optimization (SEO) poisoning malicious sites ranked highly on SEO results to get users to click on the link use search terms likely to generate a lot of traffic (e.g. breaking news stories, popular trending topics) Cybercriminals can use these attack techniques separately or combined to take over your machine

37 Key Trend: Boutique Websites Will Become Increasingly Dangerous Virtualization will cause smaller companies to move to web hosting environments If attackers can get into the web hosting environment, they can infect many websites with malware at any given time, making internet usage more dangerous

38 Nearly one quarter of organizations still lack a Web 2.0 usage policy 40% of IT Security groups act as Web 2.0 roadblocks Which of the following best describes your firm s official IT policy for acceptable use of consumer-oriented collaboration tools and Web 2.0 applications?

39 The Threat, Defined In 2009, malicious web sites increased by 200% or more 55% of disclosed vulnerabilities affect web apps 77% of web sites with malcode are hijacked legitimate sites. 57% of data-stealing happens over the web 76% of breaches target web apps Sources: X-Force, Websense, Whitehat Security, Imperva, & 7Scan

40 Extending Data-In-Motion Protection to Web Traffic Who? What? Where? How? Verdict? Bob Smith CFO Financials.xlsx Webmail.com HTTPS Bob Smith CFO Financials.xlsx AuditFirm.com HTTP

41 Spørgsmål?