Data Leakage Prevention (DLP) Understanding The Concept. George Ntontos Partner, In.T.Trust S.A.

Transcription

1 Data Leakage Prevention (DLP) Understanding The Concept George Ntontos Partner,

2 External Threats: Viruses Hackers Blackmail Spamming Trojans Company Perimeter: Corporate Network Office Space Mobile Computers Removable Devices Internal Threats: Data Leakage Unauthorized access to information

3 70-80% of all losses from IT-incidents comes from authorized internal users, not external threats or hackers (!) The most dangerous incident possible is a DATA LEAK irreversible pursued by regulators damages reputation leads to direct financial loss

4 In 2008 the losses because of data leak contained from $400K to $32M Sources: Ponemon The 2008 Annual Study: Cost of a Data Breach

5 Biggest part of losses is lost profit: Lost clients Lost partners Lost market share Lost confidence Sources: Ponemon The 2008 Annual Study: Cost of a Data Breach

6 How much a data leak may cost? Customer Incident Possible loss, EU* Universal bank Reliable debtor registry 30 M Retail bank A list of a 1000 persons, checked by company security department 15 M IT-Company Malefactor communication 0.5 M Oil & gas company Purchase commission demands 0.2 M Oil & gas company Tender application 200 M * customer s estimations

7 Companies internal employees Temporary employees: translators, trainees, etc Outsourced employees: data-centers, call-centers Transportation companies: couriers Employees of other companies that have access to information within your company: auditing service companies, controlling units

8 Copies on removable media Forwarding and sending s Web access (web-mail, blogs, messengers, etc) Printing and carrying away the printed copy Back up copies are carried away physically

9 Channels of data leakage Source: InfoWatch Data leaks in 2008 report

10 Sources: public leaks cases for year 2008, InfoWatch

11 Only 20% of information is structured * >10% of information is changing every day ** 10% of information is zero day documents ** 30% of documents are not absolute confidential ** IT MEANS THAT IT IS IMPOSSIBLE TO PROTECT DYNAMIC INFORMATION WITH STATIC DOCUMENT-BASED METHODS ONLY *) Autonomy 2008 **) InfoWatch 2009

12 Protection is required for all major risk vectors Removable Devices Leaks: USB/Flash disks/cards Printers Bluetooth, WiFi CD/DVD Company Perimeter: Corporate Network Office Space Mobile Computers Removable Devices Network Leaks: Web Mail Instant Messages Network Printing Portable Storage: Loss Theft

13

14 INTERCEPTION ANALYSIS DECISION- MAKING STORING Agents on workstations Universal traffic interceptors Server plug-ins Formal attributes Linguistics Fingerprints Tags Allow Block Process further In file system In DB (+ full-text search)

15 All modern DLP-systems allow to: Control network traffic Control network printing Control the connection of external devices to work-station Integrate with encryption tools Not all modern DLP-systems allow to: Effectively protect both static and dynamic data Analyze the details of incidents and investigate

16 Technology Stop-words and regular expressions Features and advantages Detection of leaks of information formed by a certain pattern, for example credit cards numbers, passports numbers, SSN, bank accounts, etc. Linguistic and context analysis Digital fingerprinting and watermarks Proactive protection of confidential data right after its creation (works with dynamic data, new or changed documents) Protection of rarely changing data, which was preliminary found and indexed (works well to protect static data, for example, protection of author s rights on media-content or initial codes)

17 Digital Fingerprinting Hybrid Analysis Digital Watermarks Regular expressions Dictionaries Linguistic Analysis Context Analysis Hybrid analysis is more efficient thanks to merging of several different technologies Stop words

18 Interceptors number and quality Controlled channels Ability to block suspicious objects Analysis methods Analyzed formats Encryption detection Classification method: probabilistic (linguistics and/or hash), deterministic (tags and/or attributes) Ability to collect evidence for investigation Including full-text search

19 The money is allocated from other budget item They are required by regulations and standards Every company has experienced a security incident Information security is overbudgeted + F.U.D. The projects are continuously growing

20 Many related services except installing and configuring Audit and change of data storage and circulation methods Audit and change of juridical base High resource intensity Several servers + DBs + a system for archiving and storing Related products: URL-filters, anti-spam, print-servers, etc. The majority of the projects are first implemented Nothing to compare The project may not be successful and this will not affect anyone Low-competitive market Several market players with different technologies It is easy to bookmark the product technical specification

21 Thank you for attention! Your questions are most welcome. Learn more : us : [email protected] and [email protected]