Data Protection Strategy Simon K. Carvalho
|
|
- Kevin Paul
- 8 years ago
- Views:
Transcription
1 Technology Solution Consulting Service Outsourcing Data Protection Strategy Simon K. Carvalho
2 Workshop Agenda Why data protection? What is data protection? Data Protection vs DLP DLP strategy Data Classification Methodology Comparison Q&A
3 Data Breach - The escalation of a serious threat NATO A USB memory stick containing classified NATO information was found in a library in Stockholm The FSA has fined Nationwide 980,000 for a stolen laptop TJX s $1 billion data breach DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor ChoicePoint to pay $15 million over data breach Data broker sold info on 163,000 people 3
4 Is Your Data in the Wild? 80% of CISOs see employees as the greatest data threat 73% of data breaches come from internal sources 77% unable to audit or quantify loss after a data breach Survey: Dark Reading/InformationWeek (2009) Survey: MIS Training Institute at CISO Summit (2009) McAfee Datagate Report. Produced by DataMonitor (survey of 1400 IT professionals across UK, US, DR, DE, and Australia)
5 The Problem is Rapidly Escalating 300% Security Breach Increase CIO Weblog: Scott Wilson Sept
6 Accidental Data Loss is the Biggest Threat "Through 2010 we expect 80-90% of sensitive information leaks to be unintentional, accidental or the result of poor business processes." - Gartner Group
7 Paradigm Shift Access Control Data Loss Prevention Legitimate access to information does not necessarily grant the user the right to remove it from the enterprise
8 What data are we talking about? Compliance Intellectual Property High Business Impact (HBI) Information SOX MITS HIPAA PIPEDA EUDPD FFIEC Sarbanes- DPA Solvency II GLBA PCI Oxley Basel II HIPAA FISMA DPA Credit Card numbers GLBA CPC Art. 43 DTO-93 DPA FISMA SA-PL ITAR SB 1386 Others R-DPL J-SOX CPA Customer Lists Price/Cost Lists Target Customer Lists New Designs Company Logo Source Code Formulas Process Advantages Pending Patents Board Minutes Financial Reports Merger/Acquisitions Product Plans Hiring/Firing/RIF Plans Salary Information Acceptable Use and Importantly: What you did not know needed protection Review of Key Employee actions before they announced departure Unreported but Important Memos/Reports Code names of projects not reported to Security department April 15,
9 Major Data Loss/Leak vectors 1 Physical loss or theft of laptops and mobile devices 2 Unauthorized transfer of data to external devices 3 Unintentional distribution via , web, etc. 4 Privileged users breach the data 5 Information escapes via print, CD-ROM, DVD, etc. 7 Trojans/key loggers/malware 6 User applications hacked
10 Why DLP Is Important For You Comply With Regulations Secure Your Sensitive Data Improve Operational Efficiencies (security) PCI, HIPAA, GLBA, PIPEDA, EU Data Directive, etc. Employee & customer data (PII), corporate secrets, intellectual property Keep security costs low and reduce impact on end users Fines: More than $500K in fines Burden: Quarterly audits Legal: Lawsuits, privacy notices Damage: Corporate brand equity Churn: Customer & employee Loss: Competitive advantage Burden: More FTEs for security Capital: Additional HW & SW Cost: Higher TCO
11 A Complete Data Protection Project Complexity Control data before it leaves your organization Organization Control data after it has left your organization Beyond 1. Removable Media Control 2. Laptop /device encryption 4. File and Folder encryption 5. Content aware Data leak Prevention (Host DLP) 6. Content aware Data leak Prevention (Network DLP) 7. Digital Rights Management (DRM/ERM) 3. Do Data Classification Data Loss Prevention Data Leak Prevention
12 Knowing The D In DLP: Sensitive Data Regulatory Data Corporate Secrets Credit card data Privacy data (PII) Health care information Intellectual property Financial information Trade secrets
13 Data classification tips Think twice about tagging and categorizing everything - the costs are high Consider the confidentiality ( sensitivity) and availability (criticality) of the data to be classified Consider its integrity, as low-quality data cannot be trusted Use an effective metadata strategy to tag the data well Get the support of the management and employees who will use the system Involve data owners Use Discovery tools to aid in Data classification Monitor and maintain the data classification system over time, tweaking as necessary
14 Classification Maturity Stages 0 - No information assets are classified or assets are randomly classified. 1- Assets are classified at a high level or organizational level, assets are unidentified. 2- Processes are developed and implemented allowing assets to be classified in detail. 3- New assets are classified in detail. 4 Legacy assets are classified in detail. 5 - Assets are classified, and processes exist that allow for asset reassessment and new asset classification.
15 What is DLP? Data Sources User Actions Policy Actions Enforced to Destination At rest Copy to device Encrypt Send via net Burn to disc In use Cut, copy, paste Educate Post to web Print In motion Upload Monitor Take home
16 Protect Evaluate Analyze Source How Does DLP Work? At Rest In Use In Motion Inspection/ Discovery Capture Policy Intelligence Admin Action Policy Application Enforcement User Action Encrypt Block Monitor Educate Move
17 DLP Methodology Policy Framework Based on Governance, Risk & Compliance DISCOVER MONITOR EDUCATE ENFORCE Sensitive Data User Actions End Users Security Controls RISK? Understand Risk Reduce Risk TIME
18 Discover Your Sensitive Data Reduce uncertainty and understand risk from the data you own Comply With Regulations Protect Corporate Competitive Advantage Credit Card Data Personally Identifiable Information (PII) Personal Health Information (PHI) Corporate Secret Data Unstructured Semi-Structured Structured
19 Monitor Your User Actions Understand how your user actions impact your corporate objectives Regulatory Data Compliance Objectives Corporate Secrets Governance & Risk Objectives
20 Educate End Users About Corporate Policies Educate end users on policies and violations to reduce risk Emphasized Education Program Augment Standard Policy Education With Just-In-Time Education Top Violators (Identified through Discover and Monitor) Rest of the users Just-In-Time Education! user performs actions DLP educates on violation user acts responsibly
21 Enforce Controls to Prevent Data Loss Enforce security controls based on the risk of a violation User Action Data Sensitivity User Identity Defined in DLP Policy LOW ALLOW NOTIFY QUARANTINE JUSTIFY RISK MOVE BLOCK HIGH ENCRYPT SHRED Manual or Automated AUDIT COPY DELETE RMS (DRM)
22 DLP Deployment Playbook PEOPLE Gain support from executives and business managers Make sure employee education is part of the plan Establish SLAs and MOUs with group heads PROCESS Do not boil the ocean. Deploy in phases. Prioritize deployment phases by risk (data, group, etc.) Establish a process for remediation and reporting TECHNOLOGY Conduct a technology requirement assessment Identify current technology you can leverage Evaluate fit with IT roadmap (cloud, virtualization, etc.)
23 DLP Project Process & Check List Pre-Deployment Your DLP Pre-Deployment Check List Discover & Monitor Educate Enforce Next Phase (New policies / groups) DLP champion (team) Support from groups beyond IT Top 3-5 drivers & corporate policies Education process & resources Remediation process & resources Technology provisioning DLP administration hours Project Timeline and next phase
24 Choosing the right DLP solution April 15,
25 A DLP solution must cover all data loss channels IM Hello, how are you? USB Peer to Peer Confidential Data Copy & Paste Printer Wi-Fi HTTPS FTP Network
26 Important DLP Capabilities Data Discovery capabilities can it discover and identify confidential data residing on servers, databases, document management systems, Sharepoint, NAS/SAN, endpoint etc. Structured and unstructured data support Policy templates for automated identification and Protection Endpoint encryption prevent data loss due to loss/theft of laptops/pdas File & Folder encryption Centralized Management for all pieces- endpoint, network and discovery. Reporting and forensics
27 Important DLP Capabilities Port control/device control/application control Integration with existing directories (user aware) i.e. Microsoft AD Linux/Mac support Port/protocol agnostic DIM Monitor, Capture and protect the unknown data Robust inbuilt incident management and workflow capabilities Content-aware encryption enforcement Online / offline enforcement Integration with DRM/ERM/RMS Scalability
28 Gartner Magic Quadrant 2010
29 Forrester wave Q4 2010
30 McAfee, RSA & Websense DLP McAfee DLP RSA DLP Websense DLP Host DLP Data leak prevention Laptop / device Encryption File and Folder encryption Device Control (removable media) Network DLP PREVENT - and web DLP Data DISCOVERY MONITOR Single appliance based centralized DISCOVERY Host DLP Data leak prevention Basic device control Network DLP PREVENT - and web DLP Data DISCOVERY MONITOR Grid based distributed DISCOVERY Stronger Policy Management engine Host DLP Data leak prevention Removable media encryption (USB) Network DLP Single server which can do Prevent, Discover and Monitor Single server based centralized Discovery Strong Policy Management (example: schedules) April 15,
31 McAfee, RSA & Websense DLP McAfee DLP RSA DLP Websense DLP No (expected soon) Discover data within databases Discover data within databases No Data Masking Data Masking Four appliances and 1 server based architecture Mix of Appliances and server Two Management consoles (DLP Manager and EPO) Multiple appliances and servers based solution Mix of Appliances and servers (also as VMs) Single Management console Two-server architecture Servers only Endpoint DLP has application control features Single management console to manage Websense Web Security as well as DLP (adv.for existing Websense customers) April 15,
32 McAfee, RSA & Websense DLP McAfee DLP RSA DLP Websense DLP replay or historical data storage No Capture database No No Discover data within Documentum No No?? Arabic support Arabic support?? Integration with Adobe LiveCycle RMS Integration with Microsoft RMS DLP inserted in Virtual Fabric?? April 15,
33 OEM Product - GE Central Auditing & compliance reporting Full disk encryption OEM GE File and folder encryption NO LAN Support Planned For 6.0 EFS Port / Device control / Application Control Separate Product OEM PnP Only Separate Product Integrated Endpoint Content Aware DLP OEM Trend DLP Separate Product Central management, all in one R72 and R73 Relies on Altiris Requires separate Consoles Integration to existing directories, e.g. ADS MAC/Linux Support Road mapped 2010 Removable Media / Mobile / Encrypted USBs Footprint minimization R72 and R73 Tokens /Smart Cards / BioMetric Support Certifications FIPS L1 FIPS L1 BITS EAL L L1 BITS EAL L1 EAL L1 EAL L L L L L1 OEM L2 EAL 4 GuardianEdge Strong Average Partial Minimal Weak / None Endpoint Data Protection
34 Central Auditing & compliance reporting Requires envision Separate Sol Pack required ONLY from RSA Central Deployment & Management Requires Altiris or 3 rd party Requires 3 rd Party Unified Policy definition & enforcement For NDLP Port / protocol agnostic DIM ONLY from RSA Discover, Monitor and Protect the Unknown (Capture) Robust case management and workflow Requires envision Unstructured Data Discovery (Network & Endpoint) Structured Data Discovery Native DB Support Dec 2009 Real-time Rule tuning DIM, DAR Integrated Content aware Encryption enforcement DIU, DIM, DAR Requires 3 rd party Requires 3 rd party Requires 3 rd party Offline / Online Endpoint Policy Enforcement Integration with RMS / DRM Strong Average Partial Minimal Weak / None Data Loss Prevention
35 Next steps What stage are you in today? We can help you: Better understand DLP Develop a DLP project internally Develop a framework to evaluate and select the right DLP vendor Considering DLP Scoping DLP Project Evaluating DLP Vendors Risk Assessment DLP Workshop DLP Demo DLP Workshop EDLP TCO Tool DLP Sizing Guide DLP RFP Templates DLP POC Consideration Metrics
36 Summary Pre-deployment preparation is very important Data classification is critical Involvement of business managers and data owners Phased approach Identify top 3 or 5 top risk areas PCI or IP of some kind, etc Apply policies to top risk groups HR or Finance Enterprise wide rollout
37 Questions / Discussion April 15,
38 Thank you!!! April 15,
39 Supplementary slides April 15,
40 RSA DLP solution April 15,
41 RSA DLP Product Covers all Aspects of DLP DISCOVER MONITOR EDUCATE ENFORCE web datacenter laptops & PCs * RSA DLP Network RSA DLP Datacenter RSA DLP Endpoint RSA DLP Suite RSA DLP Enterprise Manager * Through a partner
42 RSA DLP Network 45 April 15, 2014
43 RSA DLP Datacenter 46 April 15, 2014
44 Five Critical Factors For DLP Solutions: RSA s Take E Policy & Classification Identity Aware Incident Workflow Enterprise Scalability Built-In vs. Bolt-On Policies covering a broad range of regulations and topics. Developed by an expert team Identity awareness for classification, controls and remediation Consolidated alerts with the right information to the right people for the right actions Scan more data faster with lesser hardware and resources Common policies across the infrastructure - EMC, Cisco and Microsoft
45 Policies: Broad Range of Expert Policies 150+ built-in policies you can use Knowledge Engineering Retail PCI DSS Healthcare HIPAA Telecom/Tech CPNI Sample Profile of a Knowledge Engineer MA CMR 201 Caldicott (UK) Source Code CA AB 1298 PIPEDA Design Docs Work Exp: 12 years Certifications: 18 regulations Manufacturing ITAR Financial Serv GLBA Other NERC Languages : Background: Four Linguistics, artificial intelligence, search technologies Patent Apps EAR FCRA NASD Global PII 401k & 403b Education: Library sciences, Computer science Dedicated Knowledge Engineering team develops and maintains DLP policies
46 Classification: Flexible Framework A classification framework to suit your unique needs Attributes Transmission metadata File size, type, etc. Owner, sender, etc. Described Content Detection Rules Context Rules Exceptions Fingerprinting Full & partial match Databases Files Highly accurate results in identifying sensitive data
47 User Identity Analysis Name Title Business group Organization hierarchy Special privileges What policies to apply Define the risk of actions What controls to enforce Who to notify Real-time data from your Windows Active Directory Used across all phases of DLP
48 Incident Workflow to Effectively Manage Violations Reduce noise, prioritize incidents and manage workflow Consolidate Violations Send Alerts Based on Risk Violation Event 1 Violation Event 2 Violation Event 3 Policy Based Logical Grouping Security Incident Security Incident HIGH MEDIUM Alert Security Officer Alert Manager Violation Event 4 Violation Event n LOW No Alerts. Audit Only DLP + envision = More intelligent alerts and prioritization
49 Scalability For Enterprise Deployments PEOPLE PLACES DATA Number of users Types of users Number of office sites Types of office sites Amount of data Sources of data Flexible policy framework to support a million plus users and 100 s of user types Expandable site and agent architecture to support 1000s of sites Unique grid technology to scan large amounts of data most cost effectively
50 Built-in DLP for the Infrastructure: DLP Ecosystem What s in it for you Your DLP Strategy Leverage your current infrastructure for DLP Faster and cost effective deployments Centralize policies and management RSA DLP Technology
51 McAfee DLP solution 54 April 15, 2014
52 Evolution of McAfee Data Loss Prevention October 2006: McAfee acquires Onigma, early stage endpoint DLP company September 2007: McAfee launches Host DLP with epo management Throughout 2008: McAfee Host DLP selected as enterprise wide DLP solution for hundreds of customers, including Bank of America, Wal-Mart, Merrill Lynch, Visa, Dept of Defense, Israel Defense Forces, etc. August 2008: McAfee acquires Reconnex, industry analyst recognized technology leader in Network DLP and Forensics April 2009: Network DLP v8.5 launched with integrated incident reporting and workflow between Network DLP, Host DLP and epo. Discovery remediation and other enhancements. June 2009: Host DLP v3.0 launched with data discovery, integrated File & Folder Encryption, improved content classification and Lotus Notes support Sept 2009: Further enterprise enhancements to Network DLP Early 2010: Unified DLP with joint policy creation for all elements; further enhancements to Network & Host DLP 2010: Embedding of DLP engine into Web Gateway & Gateway 2010: Final infrastructure updates for Unified DLP Confidential Confidential McAfee McAfee 55 Internal Internal Use Use Only Only
53 The McAfee Data Protection platform DLP Discover Endpoint Encryption Encrypted Media Network DLP Monitor Network DLP Prevent DLP Host DLP Host Device Control Encrypted Media Data-at- Rest Data-in- Motion Data-in- Use Identify, Classify and Protect Full endpoint management and deployment Monitor, Notify, Prevent DLP Manager McAfee epo Enforce, Audit and Respond Incident and case management Workflow and reporting 56 Confidential McAfee Internal Use Only
54 Data at Rest Problem Where is all the data? Challenge Need to find the data and categorize it to enable the organization to apply protections Best Practice Data-at-rest products crawl the organization based on taxonomy of content and can provide analysis of what servers, endpoints and repositories have what content Use inventory scans to discover what is available and delegate reviews of materials (where possible) Once the data distribution model is understood, automated remediation can be used (move, delete, encrypt, quarantine, etc.) Confidential McAfee Internal Use Only
55 Data in Motion Best Practice Network-based data-in-motion products passively analyze all communications: webmail, IM, blogs, , etc. Pre-built rules can be run to determine what information violates policy Problem Who is sending what to whom? Challenge All information leaving must be analyzed from both managed and unmanaged machines. Solution must be transparent. Rules and policies are mapped to business stakeholders to ensure incident review and remediation are not an information security challenge Mining of incidents allows for rule tuning and refinement Confidential McAfee Internal Use Only
56 Data in Use Best Practice Identify high-risk machines for sensitive information disclosure, such as Legal, HR, Management, Sales, Engineering and Development Deploy monitoring capabilities initially to identify the use of removable media Problem How are employees using my data? What is being printed, copied and removed from my organization? Challenge Users interact with data while connected and disconnected from my network. Authorized users have access to sensitive information. Define rules and policies by department and group requirements Use automated protection mechanisms (block, monitor, log, store evidence, encrypt, etc) Notify users to increase security awareness Confidential McAfee Internal Use Only
57 From the Network PREVENT - Protect against & web data leaks Perimeter DISCOVER - Identify sensitive information in storage repositories Network Layers MONITOR - Protect data as it moves across the network Data Storage & Management MANAGE - Centralized administration Incident/case management Admin & Management 60Title of presentation February 10, 2009 Confidential McAfee Internal Use Only Confidential McAfee Internal Use Only
58 to the Host Network Based Protection from the endpoint Send over Post to the web Transmit over to network Copy to a network file share Application Based Protection Extract using the clipboard Extract using screen capture General application file-access Device Based Protection Send to a printer Send to a removable storage device Confidential McAfee Internal Use Only
59 McAfee Data Loss Prevention (Today) Data-in-Motion Data-at-Rest Data-in-Use McAfee HDLP McAfee HDLP Disconnected & Mobile McAfee NDLP Discover McAfee Web Gateway Databases or Repositories Data-at-Rest McAfee Gateway SMTP integrated Unified incident reporting and case mgmt workflow McAfee NDLP Prevent Data-in-Motion McAfee epo McAfee DLP Manager McAfee NDLP Monitor w/ Capture Database McAfee NDLP Prevent ICAP integrated Data-in-Motion Switch McAfee Firewall McAfee IPS Confidential McAfee Internal Use Only
60 McAfee Data Protection Solution Architecture DLP Endpoint Device Control DLP Endpoint Device Control DLP Discover DLP Monitor SPAN Port or Tap DLP Prevent Disconnected Central Management epolicy Orchestrator (epo) DLP Manager Secured Corporate LAN MTA or Proxy Network Egress/DMZ Confidential McAfee Internal Use Only
61 McAfee DLP Topology MANAGE Flexible and scalable administration & case management epo Agent Host DLP DISCOVER Find sensitive information in storage repositories PREVENT Protect against & web data leaks MONITOR Protect data as it moves on the network Plug n play appliances Pre-integrated & hardened components Single, integrated epo desktop agent Confidential McAfee Internal Use Only
62 McAfee DLP Core Differentiators Industry s most comprehensive Data Protection portfolio Eliminates point product and multi-vendor fatigue Provides integrated management and intelligent data sharing capabilities Capture Facilitates accurate-first-time policies and comprehensive forensics investigation Time to Value See value in days, Capture removes the need for months of rule tuning Deploys in days not months, easy drop in appliances, no servers to build Industry s most widely deployed endpoint DLP agent Proven scalability and ease of deployment Full security functionality whether on the LAN or offline Custom built classification engine allows for high flexibility Unique capabilities for environments where non-standard file formats are prevalent Intellectual Property protection 65 April 15, 2014 Confidential McAfee Internal Use Only
63 Anti-Virus Anti-Spyware Desktop FW Host IPS NAC Host Compliance Remediation DLP Endpoint Encryption for PC Endpoint Encryption for Files and Folder Solidcore SIA Partners The McAfee DLP Difference Comprehensive and Integrated One Client Manager (MA McAfee Agent) handling multiple Endpoint Security products. epo Agent (MA) Framework McAfee epo Secure McAfee Communication Channel Total Protection for Data 66 April 15, Confidential McAfee Internal Use Only
64 The McAfee DLP Difference - Learning and Data Mining vs Let the technology do the heavy lifting Google changed the way we use the web. Nobody remembers URLs anymore, they Google what they need. Like Google, we index and file everything away so you don t have to know where it all is! Then you use our indexes to build policy. Simple, effective and fast! 67Title of presentation February 10, 2009 Confidential McAfee Internal Use Only Confidential McAfee Internal Use Only
65 The McAfee DLP difference: Capture all leakage! Egress Out POLICY FILTER PCI HIPPA Appropriate Use Trigger Words Other Policies Define policies Tune rules Mine data with Google-like search capabilities Forensic search of historical data Legacy Vendors All Matches McAfee Trash Bin Violations DB Capture DB False negatives destroyed Can t LEARN and adjust policies Assumes you know what to protect Pre-set Policies Dashboard reports Distributed notification of violations and reports Everything captured Information gap Solved Able to LEARN from the past 68 April 15, 2014 Confidential McAfee Internal Use Only
66 The McAfee DLP difference DLP Policy creation with traditional vendors Actual outgoing , IM, web traffic, etc. Create Policy Implement Policy on Live Data Impact users, Help-Desk Calls, etc. Eventually Effective Protection Tweak/Edit Policy 6-12 months 69 April 15, 2014 Confidential McAfee Internal Use Only
67 The McAfee DLP difference - DLP policy creation with McAfee Capture Actual outgoing , IM, web traffic, etc. Capture and index all network data Offline data Effective Protection Create Policies Edit Policy Offline Bonus = Forensics! Tweak / fast- Help catch theft of critical data by employees 1-3 weeks forward testing Confidential McAfee Internal Use Only
68 McAfee DLP Advantages Platform Integration Deployment Velocity Data Analytics Confidential McAfee Internal Use Only
69 McAfee DLP Advantages 1 Platform Integration 2 3 Confidential McAfee Internal Use Only
70 McAfee DLP Coordinates Data Protection Web Removable Media DLP Device Control McAfee data protection solutions deliver additional value through DLP DLP coordinates enforcement DLP enforces consistent policies DLP provides actionable insight Encryption USB McAfee DLP provides integrated workflows, simplified processes, lower costs and consistent protection for all data Confidential McAfee Internal Use Only
71 DLP Increases Control Without DLP With DLP Encryption Encrypt everything Selectively encrypt Encrypt on-demand Removable Media Block USB devices Content based coaching Block based on origin Device Control Block Cut, Copy, Paste Content aware blocking Content based coaching Content aware enforcement delivers greater control & reduces costs, only applying protection where it s needed Confidential McAfee Internal Use Only
72 epo Integrates All Enterprise Security Increased Protection Reduced Costs Improved Agility Fast Flexible Efficient McAfee epolicy Orchestrator Confidential McAfee Internal Use Only
73 McAfee DLP Advantages 1 2 Deployment Velocity 3 Confidential McAfee Internal Use Only
74 McAfee DLP vs. Traditional DLP Compliance The longer deployment Achievedtakes, the longer your data and your company is at risk McAfee DLP delivers rapid & effective protection for your data why wait? Confidential McAfee Internal Use Only
75 McAfee DLP Product Line DLP Manager + epo = Central & Delegated Management Storage Network Host Perimeter DLP Discover DLP Monitor Host DLP DLP Prevent Discovery Inventory Tagging Scanning Mitigation Capture Data mining Monitor Alert Report Encrypt Device control Discover Print Cut, copy Web IM P2P FTP Inside Outside Confidential McAfee Internal Use Only
76 Use Case: Sensitive Data Leak Scenario An internal audit shows signs of data leaking from your organization Management have given you the job of quantifying and fixing the problem - fast McAfee DLP gives you speed Pre-integrated, hardened appliances are up and running in days 79 Capture data lets you quickly identify issues and build effective policies to address them Confidential McAfee Internal Use Only
77 McAfee DLP Advantages Data Analytics Confidential McAfee Internal Use Only
78 McAfee Traditional DLP DLP Leverages Leaks Data Data Violations Data Intelligence Capture 81 Bit Bucket Fast, accurate policy creation and rapid, indepth investigations Confidential McAfee Internal Use Only
79 Use Case: Disgruntled Employee Scenario A top sales rep leaves the company 2 weeks later your customers are getting called by a competitor Has someone leaked your customer list? McAfee DLP gives you the evidence See the timeline of employee activities and data use Discover what data the employee downloaded before they quit 82 Confidential McAfee Internal Use Only
80 Data Loss Happens Beyond the Organization Partners Engineering documents Risk: No control after it is sent to third parties Field technicians Service manuals Risks: Gets printed offsite, unable to revoke/update older/inaccurate versions Insurers Patient health information (PHI) records Risk: PHI record sent to the wrong patient Customers Equity research reports Risk: Uncontrolled distribution of research dilutes value 83 Extending Data Protection Beyond the Organization April 15, 2014 Confidential McAfee Internal Use Only
81 McAfee and Adobe to Deliver Joint Solutions Encryption Network DLP Adobe LiveCycle Rights Management Device Control Host Data Loss Prevention Document audit tracking Disconnected access Version control Access controls Revoke/change rights Central Management (McAfee epolicy Orchestrator ) Document Security Management Organization Beyond 84 Extending Data Protection Beyond the Organization April 15, 2014 Confidential McAfee Internal Use Only
82 Adobe DRM Complements McAfee Data Protection McAfee Data Loss Prevention Full control and absolute visibility over user behavior Adobe LiveCycle Rights Mangement Persistent enforcement anywhere, anytime McAfee Data Protection Suite for Rights Management McAfee Endpoint Encryption Full-disk, mobile device, and file and folder encryption coupled with strong authentication Enterprise Data Loss Prevention Rights Management Endpoint Encryption Device Control Encrypted USB McAfee Device Control Prevent unauthorized use of removable media devices Proactive, Automated Data Protection McAfee Encrypted USB Secure, portable external storage devices 85 Extending Data Protection Beyond the Organization 85 April 15, 2014 Confidential McAfee Internal Use Use Only Only
83 Protection of Data-at-Rest Server-side Client-side Adobe LiveCycle Rights Management ES2 Adobe LiveCycle RM clients 4 1 Corporate IT Administrator 2 3 End User McAfee epolicy Orchestrator 4.5 McAfee Host DLP (with LiveCycle libraries) Step 1: IT defines RM enforcement policies specifying authorization Step 2: IT defines DLP rules, specifying which documents need RM Step 3: DLP searches disk, finds sensitive data and protects that with RM Step 4: End user conducts business normally, however, documents are protected with RM, seamlessly preventing unauthorized use Confidential McAfee Internal Use Only
84 Protection of Data-in-Use/Data-in-Motion Server-side Client-side Adobe LiveCycle Rights Management ES2 , Web, USB Corporate IT Administrator 2 McAfee epolicy Orchestrator 4.5 McAfee Host DLP (with LiveCycle libraries) 4 End User Step 1: IT defines RM enforcement policies specifying authorization Step 2: IT defines DLP rules, specifying which documents need RM Step 3: End user attempts to send a file (via e.g. , web, USB) Step 4: DLP software examines if file is protected with RM Step 5: DLP software blocks action until user protects document with RM Confidential McAfee Internal Use Only
85 Comprehensive Alliance: Enterprise and Consumer Consumer Adobe offers McAfee consumer AV as part of Adobe Reader Windows downloads Adobe Reader 500m+ copies distributed in the past 2 years alone Enterprise McAfee integrates Adobe DRM in to data protection solution epo installed-base 65m+ endpoints Significant commitment from both sides 88 Extending Data Protection Beyond the Organization April 15, 2014 Confidential McAfee Internal Use Only
RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively
RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively Arrow ECS DLP workshop, Beograd September 2011 Marko Pust marko.pust@rsa.com 1 Agenda DLP in general What to expect from
More informationData Protection McAfee s Endpoint and Network Data Loss Prevention
Data Protection McAfee s Endpoint and Network Data Loss Prevention Dipl.-Inform. Rolf Haas Principal Security Engineer, S+, CISSP rolf@mcafee.com January 22, 2013 for ANSWER SA Event, Geneva Position Features
More informationMcAfee Data Protection Solutions
McAfee Data Protection Solutions Tamas Barna System Engineer CISSP, Security+ Eastern Europe The Solution: McAfee Data Protection McAfee Data Loss Prevention Full control and absolute visibility over user
More informationRSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief
RSA Solution Brief RSA Managing Data Loss the Lifecycle of Prevention Encryption Suite Keys with Uncover your risk, establish control. RSA Key Manager RSA Solution Brief 1 Executive Summary RSA Data Loss
More informationKelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan
The Truth about Data Loss Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors
More informationDon't Be The Next Data Loss Story
Don't Be The Next Data Loss Story Data Breaches Don t Discriminate DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor Royal London Mutual Insurance Society
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationTHE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements
THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION Technology Overview, Business Justification, and Resource Requirements Introduction to Data Loss Prevention Intelligent Protection for Digital Assets Although
More informationWebsense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration
Websense Data Security Suite and Cyber-Ark Inter-Business Vault The Power of Integration Websense Data Security Suite Websense Data Security Suite is a leading solution to prevent information leaks; be
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationCA Technologies Data Protection
CA Technologies Data Protection can you protect and control information? Johan Van Hove Senior Solutions Strategist Security Johan.VanHove@CA.com CA Technologies Content-Aware IAM strategy CA Technologies
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationA Buyer's Guide to Data Loss Protection Solutions
A Buyer's Guide to Data Loss Protection Solutions 2010 Websense, Inc. All rights reserved. Websense is a registered trademark of Websense, Inc. in the United States and certain international markets. Websense
More informationWhite paper. Five Key Considerations for Selecting a Data Loss Prevention Solution
White paper Five Key Considerations for Selecting a Data Loss Prevention Solution What do you need to consider before selecting a data loss prevention solution? There is a renewed awareness of the value
More informationWebsense Data Security Solutions
Data Security Suite Data Discover Data Monitor Data Protect Data Endpoint Data Security Solutions What is your confidential data and where is it stored? Who is using your confidential data and how? Protecting
More informationRSA SIEM and DLP Infrastructure and Information Monitoring in One Solution
RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution David Mateju RSA Sales Consultant, RSA CSE david.mateju@rsa.com Adding an information-centric view Infrastructure Information
More informationSymantec DLP Overview. Jonathan Jesse ITS Partners
Symantec DLP Overview Jonathan Jesse ITS Partners Today s Agenda What are the challenges? What is Data Loss Prevention (DLP)? How does DLP address key challenges? Why Symantec DLP and how does it work?
More informationDISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com
DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More information10 Building Blocks for Securing File Data
hite Paper 10 Building Blocks for Securing File Data Introduction Securing file data has never been more important or more challenging for organizations. Files dominate the data center, with analyst firm
More informationMalware and Other Malicious Threats
21 August Thailand Securing Your Endpoints from Malware and Other Malicious Threats Steven Scheurmann Sales Leader, Tivoli Endpoint Management Products, built on BigFix, IBM Software Group, Asia Pacific
More informationAn Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011
An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
More informationData Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide
Data Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide. Four steps for success Implementing a Data Loss Prevention solution to address PCI requirements may be broken into four key
More informationUnderstanding and Selecting a DLP Solution. Rich Mogull Securosis
Understanding and Selecting a DLP Solution Rich Mogull Securosis No Wonder We re Confused Data Loss Prevention Data Leak Prevention Data Loss Protection Information Leak Prevention Extrusion Prevention
More informationBuilding a Security Program that Protects an Organizations Most Critical Assets
Building a Security Program that Protects an Organizations Most Critical Assets ABOUT BEW GLOBAL WHAT WE WILL COVER TODAY What is a Critical Asset Protection Program Data Loss Prevention & Other Technology
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationAlways Worry About Cyber Security. Always. Track 4 Session 8
Always Worry About Cyber Security. Always. Track 4 Session 8 Mark Stevens SVP, Global Services and Support Digital Guardian MStevens@DigitalGuardian.com 781-902-7818 www.digitalguardian.com 2 Abstract
More informationData Loss Prevention. Keeping sensitive data out of the wrong hands*
Data Loss Prevention Keeping sensitive data out of the wrong hands* September 9, 2007 Aaron Davies-Morris, Director PwC Advisory Services Zeke Jaggernauth, Manager PwC Advisory Services Agenda Data Breaches
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationStrategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP
Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP Principal Systems Engineer Symantec LAMC Agenda 1 What DLP is and its purpose 2 Challenges
More informationProtecting Data-at-Rest with SecureZIP for DLP
Protecting Data-at-Rest with SecureZIP for DLP TABLE OF CONTENTS INTRODUCTION 3 PROTECTING DATA WITH DLP 3 FINDING INDIVIDUAL AND SHARED INFORMATION-AT-REST 4 METHODS FOR REMEDIATION 4 ENCRYPTING UNPROTECTED
More informationLeading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA
Leading The World Into Connected Security Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA History of Defining Largest Dedicated Delivering a Next Generation Architecture
More informationMcAfee Endpoint Protection Products
McAfee Total Protection Security Overview for MEEC Sumeet Gohri, CISSP Sr. Sales Engineer GovED + Healthcare McAfee, Inc. Agenda Protection Challenges McAfee Protection Products McAfee epo walkthrough
More informationInformation Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC
Information Risk Management Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC Agenda Data Breaches Required Capabilities of preventing Data Loss Information
More informationData Loss Prevention Best Practices for Healthcare
Data Loss Prevention Best Practices for Healthcare The perils of data loss Table of Contents This white paper is co authored with Siemens Healthcare First Steps to Data Loss Prevention....3 You Cannot
More informationIdentifying Broken Business Processes
Identifying Broken Business Processes A data-centric approach to defining, identifying, and enforcing protection of sensitive documents at rest, in motion, and in use 6/07 I www.vericept.com Abstract The
More informationCompliance and Security Solutions
Content-aware Compliance and Security Solutions for Microsoft SharePoint SharePoint and the ECM Challenge The numbers tell the story. According to the consulting firm Doculabs, 80 percent of the information
More information場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
More informationPractical DLP Deployment
Practical DLP Deployment Practical DLP Deployment for your Organization Jon Damratoski, DLP Architect DLP Basics Overview A few items discussed today What is DLP? Define a DLP program using business driven
More informationMcAfee Data Loss Prevention 9.3.0
Product Guide Revision E McAfee Data Loss Prevention 9.3.0 For use with epolicy Orchestrator 4.5, 4.6, 5.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS
More informationBest Practices for DLP Implementation in Healthcare Organizations
Best Practices for DLP Implementation in Healthcare Organizations Healthcare organizations should follow 4 key stages when deploying data loss prevention solutions: 1) Understand Regulations and Technology
More informationRSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief
RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information
More informationSimplified IT Compliance Frameworks to Reduce Costs and Strengthen Security
Copyright 2008 EMC Corporation. All rights reserved. Simplified IT Compliance Frameworks to Reduce Costs and Strengthen Security Dave Simmons EMC Corporation Why is Information Security So Difficult? because
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationERNW Newsletter 29 / November 2009
ERNW Newsletter 29 / November 2009 Dear Partners and Colleagues, Welcome to the ERNW Newsletter no. 29 covering the topic: Data Leakage Prevention A Practical Evaluation Version 1.0 from 19th of november
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationFive Tips to Ensure Data Loss Prevention Success
Five Tips to Ensure Data Loss Prevention Success A DLP Experts White Paper January, 2013 Author s Note The content of this white paper was developed independently of any vendor sponsors and is the sole
More informationEmpowering Your Business in the Cloud Without Compromising Security
Empowering Your Business in the Cloud Without Compromising Security Cloud Security Fabric CloudLock offers the cloud security fabric for the enterprise that helps organizations protect their sensitive
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationSecurity management solutions White paper. Extend business reach with a robust security infrastructure.
Security management solutions White paper Extend business reach with a robust security infrastructure. July 2007 2 Contents 2 Overview 3 Adapt to today s security landscape 4 Drive value from end-to-end
More informationDLP Vendors 8/8/2011. Data Loss Prevention: What We ve Learned from WikiLeaks TECH 15. A Few Good Questions
Data Loss Prevention: What We ve Learned from WikiLeaks TECH 15 Aubrey Turner Fishnet Security Pat Archbold - IntApp A Few Good Questions Do you know where your sensitive data resides and its current controls?
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationBUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION S MOST CRITICAL ASSETS
BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION S MOST CRITICAL ASSETS ABOUT BEW GLOBAL Founded 2002 Global Service Delivery Focused Expertise Quality Management S O L U T I O N O F F E R I N
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationMore Expenses. Only this time the Telegraph will have to pay them after their recent data breech
More Expenses Only this time the Telegraph will have to pay them after their recent data breech What is an Identity? Wiki Definition Digital identity refers to the aspect of digital technology that is
More informationWhite paper. Four Best Practices for Secure Web Access
White paper Four Best Practices for Secure Web Access What can be done to protect web access? The Web has created a wealth of new opportunities enabling organizations to reduce costs, increase efficiency
More informationUser Driven Security. 5 Critical Reasons Why It's Needed for DLP. TITUS White Paper
User Driven Security 5 Critical Reasons Why It's Needed for DLP TITUS White Paper Information in this document is subject to change without notice. Complying with all applicable copyright laws is the responsibility
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationUnprecedented Malware Growth
McAfee epolicy Orchestrator 4.5 Best Practices Sumeet Gohri Mid-Atlantic Sales Engineer McAfee User Group meeting organized by MEEC Agenda 9:30 am 9:45 am Welcome 9:45 am - 11:00 am epo 11:00 am 11:15
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationProtecting personally identifiable information: What data is at risk and what you can do about it
Protecting personally identifiable information: What data is at risk and what you can do about it Virtually every organization acquires, uses and stores personally identifiable information (PII). Most
More informationEMC Security for Microsoft Exchange Solution: Data Loss Prevention and Secure Access Management
EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Applied Technology Abstract Securing a Microsoft Exchange e-mail environment presents a myriad of challenges and compliance issues
More informationTrend Micro Data Protection
Trend Micro Data Protection Solutions for privacy, disclosure and encryption A Trend Micro White Paper I. INTRODUCTION Enterprises are faced with addressing several common compliance requirements across
More informationMaaSter Microsoft Ecosystem Management with MaaS360. Chuck Brown Jimmy Tsang www.maas360.com
MaaSter Microsoft Ecosystem Management with MaaS360 Chuck Brown Jimmy Tsang www.maas360.com Introductions Chuck Brown Product Management IBM MaaS360 Jimmy Tsang Director of Product Marketing IBM MaaS360
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationEric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas
Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas Dallas, Texas Objectives The purpose of this presentation is to develop a general awareness of DLP/SIEM
More informationReview: McAfee Vulnerability Manager
Review: McAfee Vulnerability Manager S3KUR3, Inc. Communicating Complex Concepts in Simple Terms Tony Bradley, CISSP, Microsoft MVP September 2010 Threats and vulnerabilities are a way of life for IT admins.
More informationSymantec Endpoint Security Management Solutions Presentation and Demo for:
Symantec Endpoint Security Management Solutions Presentation and Demo for: University System of Georgia Board of Regents Information Technology Services Executive Summary Business Requirements To migrate
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationWhy Add Data Masking to Your IBM DB2 Application Environment
Why Add Data Masking to Your IBM DB2 Application Environment dataguise inc. 2010. All rights reserved. Dataguise, Inc. 2201 Walnut Ave., #260 Fremont, CA 94538 (510) 824-1036 www.dataguise.com dataguise
More informationSecuring SharePoint 101. Rob Rachwald Imperva
Securing SharePoint 101 Rob Rachwald Imperva Major SharePoint Deployment Types Internal Portal Uses include SharePoint as a file repository Only accessible by internal users Company Intranet External Portal
More informationINFORMATION PROTECTION
INFORMATION PROTECTION Johan Celis Principal Security Consultant Symantec Benelux SYMANTEC ENTERPRISE SECURITY STRATEGY Users Data Cyber Security Services Monitoring, Incident Response, Simulation, Adversary
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationManaging PHI in the Cloud Best Practices
Managing PHI in the Cloud Best Practices Executive Whitepaper Recent advances in both Cloud services and Data Loss Prevention (DLP) technology have substantially improved the ability of healthcare organizations
More informationSECURE YOUR DATA EXCHANGE WITH SAFE-T BOX
SECURE YOUR DATA EXCHANGE SAFE-T BOX WHITE PAPER Safe-T. Smart Security Made Simple. 1 The Costs of Uncontrolled Data Exchange 2 Safe-T Box Secure Data Exchange Platform 2.1 Business Applications and Data
More informationOutbound Email Security and Content Compliance in Today s Enterprise, 2005
Outbound Email Security and Content Compliance in Today s Enterprise, 2005 Results from a survey by Proofpoint, Inc. fielded by Forrester Consulting on outbound email content issues, May 2005 Proofpoint,
More informationSecuring the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC
Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service
More informationUsing Data Loss Prevention for Financial Institutions Banks, Credit Unions, Payments
Using Data Loss Prevention for Financial Institutions Banks, Credit Unions, Payments How Data Loss Prevention (DLP) Technology can Protect Sensitive Company & Customer Information and Meet Compliance Requirements,
More informationData Loss Prevention and HIPAA. Kit Robinson Director kit.robinson@vontu.com
Data Loss Prevention and HIPAA Kit Robinson Director kit.robinson@vontu.com ID Theft Tops FTC's List of Complaints For the 5 th straight year, identity theft ranked 1 st of all fraud complaints. 10 million
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationAchieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR
Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationFor your eyes only - Encryption and DLP Erkko Skantz
For your eyes only - Encryption and DLP Erkko Skantz Symantec Finland 1 USER PRODUCTIVITY INFORMATION MANAGEMENT DATA CENTER SECURITY 2 Focus on information 3 Today's System-Centric Enterprise Data Center
More informationMcAfee Host Data Loss Prevention Administration Intel Security Education Services Administration Course
McAfee Host Data Loss Prevention Administration Intel Security Education Services Administration Course The McAfee Host Data Loss Prevention (DLP) Administration course provides attendees with in-depth
More informationSECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK
SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK Whitepaper 2 Secure File Sharing and Collaboration: The Path to Increased Productivity and Reduced Risk Executive
More informationHiSoftware Policy Sheriff. SP HiSoftware Security Sheriff SP. Content-aware. Compliance and Security Solutions for. Microsoft SharePoint
HiSoftware Policy Sheriff SP HiSoftware Security Sheriff SP Content-aware Compliance and Security Solutions for Microsoft SharePoint SharePoint and the ECM Challenge The numbers tell the story. According
More informationWHITE PAPER. Stay ahead (of data leak) with Data Classification and Data Loss Prevention
WHITE PAPER Stay ahead (of leak) with Data Classification and Data Loss Prevention STAY AHEAD (OF DATA LEAK) WITH RIGHTSWATCH AND DLP 2 Executive Summary Information breaches resulting from the disclosure
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More informationAn Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009
An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success September, 2009 Changing Threats and More Demanding Regulations External attacks Malicious insiders
More information