Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

Transcription

1 The Truth about Data Loss Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

2 RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors 2 2

3 What s Happening To Customer / Employee Data 355,952,497 records reported to be lost since Source: Privacy Rights Clearing House, Data Loss Database, RSA Research & Analysis

4 Information Leakage

5 Cost of Data Breaches Average Cost Per Breach Breach Costs Break Down Average Cost Per Breached Record 5 Source: Ponemon Institute 2008 Annual Study on Cost of a Data Breach Tangible financial impact Long-term damage to brand equity Total cost per breach is increasing 44 US States have notification laws EU & Australia data privacy policies MAS IBTRM Guidelines

6 Why is Information Security So Difficult? Endpoint Network/ Apps/DB FS/CMS Storage LAN Internal Enterprise Production File Server Employees Applications Database Disk Arrays Backup WAN Tape Remote Employees VPN Business Analytics Replica File Server Disk Arrays Backup System Disk Arrays Backup Disk Partners Outsourced Dev. Staging SharePoint and other Collaboration & Content Mgmt Systems 6 Endpoint Network/ Apps/DB FS/CMS Storage

7 We Are Exposed At Every Point Endpoint Network/ Apps/DB FS/CMS Storage LAN Endpoint Network Leak -IM-HTTP- Tapes lost or Internal Privileged User Privileged User theft/loss Enterprise Production File Server stolen Employees FTP-etc. Breach Breach Applications Database Disk Arrays Backup WAN Tape Endpoint Leak via print/copy Remote Employees VPN leak or packets sniffed in transit Business Analytics App, DB or Encryption Key Hack Replica File Server File Server / CMS Hack Disk Arrays Backup System Disk Arrays Backup Disk Partners IP Sent to non trusted user Public Infrastructure Access Hack Outsourced Dev. Unintentional Distribution Staging SharePoint and other Collaboration (Semi) & Content Trusted User Mgmt Misuse Systems Discarded disk exploited 7 Endpoint Network/ Apps/DB FS/CMS Storage

8 Risk Aligns Security Investments to the Business Revenue Growth Cost Reduction Customer RetentionBusiness Continuity Compliance Sensitive Information What information is important to the business? Where does it go? Risk Security Incidents What risks s are we willing to accept, what risks do we need to protect against to enable the business? What bad things can happen? 8 Endpoint Network App / DB FS/CMS Storage

9 Information Risk Management a strategy for protecting your most critical assets Information-centric Clarifies business context and reveals potential vulnerabilities Risk Endpoint Network Apps/DB FS/CMS Storage Risk-based Establishes a clear priority for making security investments Repeatable Based on foundation of broadly applicable best practices and standard frameworks 9 Reveals where to invest, why to invest, and how security investments map to critical business objectives

10 RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors 10 10

11 RSA Data Loss Prevention Suite Policy Management System Administration RSA DLP Enterprise Manager Reporting & Dashboard Incident Workflow Policies Incidents DLP Datacenter DLP Network DLP Endpoint Discover sensitive data Monitor all traffic for Discover sensitive data from everywhere sensitive data and Monitor user actions Enforce controls on Enforce controls on Enforce controls on both sensitive data sensitive transmissions data and user actions 11 Third Party Enforcement Controls

12 Reducing Your Sources of Risk: Data at Rest Discover Analyze Remediate Rescan sources to measure and manage risk File shares, Servers, Laptops 300+ File types Databases & Repositories Remediation Windows file shares Unix file shares NAS / SAN storage Windows 2000, 2003 Windows XP, Vista 12 Microsoft Office Files PDFs, PSTs Zip files CATIA files SharePoint Documentum Microsoft Access Oracle, SQL Content Mgmt systems Secure Delete Manual/Auto Move Manual/Auto Quarantine Notifications edrm

13 Protecting Data in the Network: Data in Motion Monitor Analyze Enforce Instant Messages Web Traffic Remediation SMTP Exchange, Lotus, etc. Webmail Text and attachments 13 Yahoo IM MSN Messenger AOL Messenger FTP HTTP HTTPS TCP/IP Audit Block Encrypt Log Text and attachments TCP/IP Log

14 Protecting Data at the Endpoint: Data in Use Monitor Analyze Enforce Print & Burn USB Copy and Save As Actions & Controls Local printers Network printers Burn to CDs/DVDs 14 External hard drives Memory sticks Removable media Copy to Network shares Copy to external drives Save As to external drives Allow Justify Block Audit & Log

15 How Can DLP Solutions Reduce Risk? Endpoint Network Apps/DB FS/CMS Storage Customers Privileged Users Privileged Users Privileged Users Privileged Users People Discover WWW unsafe user behavior and educate Internal ecommerce Production Applications Database Disk Employees employees on security policies Arrays Processes WAN Enterprise Production LAN File Server Disk Backup Remote Applications Database Arrays System Campuses Identify and fix broken business processes VPN Business Technology Replica Analytics Portals Disk Remote Arrays Employees Leverage technology controls more effectively to secure data Staging Partners Outsourced Dev. Collaboration & Content Mgmt Systems Disk Arrays Backup Tape Backup Disk

16 RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors 16 16

17 Top 5 Critical Factors for DLP E Policy & Classification Identity Incident Enterprise Built-In vs. Aware Workflow Scalability Bolt-On More policies and better policies for classification and risk mitigation Identity awareness for classification, controls and remediation Consolidated alerts with the right information to the right people for the right actions Scan more data faster with lesser hardware are and resources Common policies across the infrastructure re - Microsoft and Cisco 17

18 Policy & Classification More policies and better policies for classification and risk mitigation Unified policy framework Best of breed classification 150+ built in policy templates Information Policy and Classification team Higher accuracy 18

19 Identity Awareness Identity awareness for classification, controls and remediation Identity-based Policy E.g. Group x can send data y out Identity-based notification E.g. Notify the persons manager Identity-based control E.g. Lock this data so only group x can open Integration ti with Microsoft Active Directory 19

20 Incident Workflow Consolidated alerts with the right information to the right people for the right actions Intelligent correlation of events into incidents Right alerts to the right people in the right order Intuitive workflow to remediate violations Scheduled reports sent to subscribers automatically Integration with RSA envision to simplify security operations 20

21 Enterprise Scalability E Scan more data faster with lesser hardware and resources Support distributed deployments Scale to 100 s of thousands of users Unique Grid Scanning technology Scan large amounts of data faster and cheaper 21

22 Built-in Vs. Bolt-on Common policies across the infrastructure Microsoft and Cisco Leverage your existing infrastructure Microsoft: Integration with Microsoft RMS and will also integrate RSA DLP data classification engine and policies into Microsoft infrastructure Cisco: Integration with IronPort 22

23 RSA DLP Suite integration with Microsoft AD RMS 23

24 Rights Management Services Overview Persistent Protection Encryption + Access Permissions Policy: Use Right Permissions RMS provides identity-based protection for sensitive data Controls access to information across the information lifecycle Allows only authorized access based on trusted identity works online and offline, inside id and outside the firewall Secures transmission and storage of sensitive information wherever it goes policies embedded into the content; documents encrypted Embeds digital usage policies (print, view, edit, expiration etc. ) in to the content to help prevent misuse after delivery

25 RSA DLP Suite integration with Microsoft AD RMS 1. RMS admin creates RMS templates for data protection Microsoft AD RMS Legal Outside law Department firm View, Edit, Print View Others No Access Legal Contracts RMS 2. RSA DLP admin designs policies to find sensitive data and protectitusing RMS RSA DLP Find Legal Contracts Apply Legal Contracts RMS Contracts DLP Policy 3. RSA DLP discovers and classifies sensitive files 4. RSA DLP applies RMS controls based on policy Laptops/desktops Legal department Outside law firm 5. Users request files RMS provides policy based access File shares SharePoint Automate the application of AD RMS protection based on sensitive information identified by RSA DLP Datacenter and DLP Endpoint Discover Leverage AD Groups with DLP Network and Endpoint Enforce for identity or group aware data loss prevention Other s

26 Long term Microsoft and RSA Building Information Protection into Infrastructure Add-on Policies RSA DLP Enterprise Manager Microsoft Information Protection Management RSA Microsoft / Unified Endpoint Communication Network Apps FS/CMS Storage Built in DLP Classification and RMS Controls MicrosoftEnvironment and Applications Complementary Platforms and RSA DLP RSA DLP RSA DLP functionality Endpoint Network Datacenter C li i h h i f Common policies throughout infrastructure Built in approach to protect data based on content, context, identity

27 RSA and Cisco Partner to Better Secure Data

28 RSA and Cisco Partner to Better Secure Data Cisco IronPort Management Console RSA ildlp (add on) (dd 4 RSA DLP Enterprise Manager Cisco IronPort Security Products RSA DLP Endpoint RSA DLP Network RSA DLP Datacenter Prevent loss of sensitive data through with industry best accuracy Expand to DLP for datacenter, endpoints and web through RSA DLP Enterprise Manager, leveraging policy and classification framework RSA Cisco 1. Cisco IronPort Security Solutions 2. RSA Data Loss Prevention Suite 3. Cisco IronPort RSA DLP 4. Expandability of DLP to datacenter, network and endpoints

29 Thank You 29 Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) APJ