Practical DLP Deployment



Similar documents
McAfee Data Protection Solutions

Five Tips to Ensure Data Loss Prevention Success

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively

Symantec DLP Overview. Jonathan Jesse ITS Partners

A Buyer's Guide to Data Loss Protection Solutions

Information Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC

Data Protection McAfee s Endpoint and Network Data Loss Prevention

CA Technologies Data Protection

Websense Data Security Solutions

Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

Understanding and Selecting a DLP Solution. Rich Mogull Securosis

McAfee Data Loss Prevention 9.3.0

: RSA 050-V60X-CSEDLPS. : CSE RSA Data Loss Prevention 6.0. Version : R6.1

THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

Websense Web Security Gateway: Integrating the Content Gateway component with Third Party Data Loss Prevention Applications

Vulnerability management lifecycle: defining vulnerability management

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas

D. Grzetich 6/26/2013. The Problem We Face Today

Best Practices for DLP Implementation in Healthcare Organizations

McAfee Network Data Loss Prevention Administration Intel Security Education Services Administration Course

TRITON - Data Security Help

The Impact of HIPAA and HITECH

Data Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide

Data Loss Prevention. Keeping sensitive data out of the wrong hands*

Data Loss Prevention Leading Vendors Review

Data Classification Technical Assessment

Guide to Successful Data Loss Prevention Risk Reduction: Part 1

Enterprise Security Solutions

The Importance of Information Delivery in IT Operations

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Best of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye

Netwrix Auditor. Administrator's Guide. Version: /30/2015

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Deployment Guide. Websense TRITON AP-DATA Gateway and Discover. v8.0.x

A CPA recounts exponential growth in Compliance. Mary Ellen McLaughlin

Web App Security Audit Services

Preventing credit card numbers from escaping your network

Using Data Loss Prevention for Financial Institutions Banks, Credit Unions, Payments

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

Protecting Data-at-Rest with SecureZIP for DLP

DIR Contract Number DIR-TSO-2621 Appendix C Pricing Index

Web. Anti- Spam. Disk. Mail DNS. Server. Backup

ThreatSpike Dome: A New Approach To Security Monitoring

Information & Asset Protection with SIEM and DLP

Secunia Vulnerability Intelligence Manager

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Security Services. 30 years of experience in IT business

DLP Content Discovery: Best Practices for Stored Data Discovery and Protection

Managing PHI in the Cloud Best Practices

Identifying Broken Business Processes

Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)

ITAR Compliance Best Practices Guide

Netzwerkvirtualisierung? Aber mit Sicherheit!

Day 1 - Technology Introduction & Digital Asset Management

SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:

Administrator's Guide

Martin Plesner-Jacobsen Preben Berg

ISB13 Web security deployment options - which is really best for you? Duncan Mills, Piero DePaoli, Stuart Jones

Monitoring SharePoint 2007/2010/2013 Server Using Event Tracker

Security Compliance Manager (SCM) v2.0

Ensuring Security and Compliance of Your EMC Documentum Enterprise Content Management System: A Collaborative Effort of EMC Documentum and RSA

Top Four Considerations for Securing Microsoft SharePoint

Atrium Discovery for Storage. solution white paper

SANS Top 20 Critical Controls for Effective Cyber Defense

CommVault Backup Appliance with NetApp

Owner of the content within this article is Written by Marc Grote

Continuous Network Monitoring

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Firewall Testing Methodology W H I T E P A P E R

ORACLE ENTERPRISE MANAGER 10 g CONFIGURATION MANAGEMENT PACK FOR ORACLE DATABASE

ENABLING FAST RESPONSES THREAT MONITORING

RSA Event Source Configuration Guide. RSA Data Loss Prevention Suite

Application Security Manager ASM. David Perodin F5 Engineer

Monitoring with Optimize for Infrastructure. Stewart Loewen Chief Solution Architect, Software AG

Data Security What are you waiting for? Lior Arbel General Manager Europe Performanta

Mod 08: Exchange Online FOPE

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

MatriXay WEB Application Vulnerability Scanner V Overview. (DAS- WEBScan ) The best WEB application assessment tool

FIVE PRACTICAL STEPS

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

AppWall SIEM Integration Guide

Data Loss Prevention Best Practices for Healthcare

Transcription:

Practical DLP Deployment Practical DLP Deployment for your Organization Jon Damratoski, DLP Architect

DLP Basics Overview A few items discussed today What is DLP? Define a DLP program using business driven approach DIM, DIU and DAR details DLP incident triage, reporting and remediation DLP use cases

What is DLP? Context aware analysis of data at the network, endpoint and storage levels with the ability for preventative actions Key here is Data Loss Prevention Business driven the business has to work with the DLP team to identify the sensitive information that is valuable to the organization this becomes the requirements for DLP Policies

Business Driven Approach Key steps with all DLP programs Conduct DLP Workshops to identify the following: Discuss current business processes to identify sensitive content you would like to protect with DLP Discuss acceptable use cases of sensitive content Gather sample sensitive content to design and tune DLP policies Determine where to apply DLP Policies to monitor SMTP/HTTP (DIM), Endpoint USB (DIU), NAS Shares (DAR), etc. As confidence with DLP grows, slowly introduce preventative actions such as block email, modify HTTP sessions or even block copy to unapproved USB devices

DLP Policies Area of DLP where you define the sensitive data (context) to filter on - includes both out of the box and custom policies Can be combination of multiple detection technologies including keywords, regular expressions (DCM), file indexing (EDM/IDM), file type, etc. Multiple rules can be combined in policy logic to increase the accuracy and reduce the false positive rate of DLP incidents

DLP Deployment Planning Crawl, Walk then Run works best Start slow with one vector such as Network or Endpoint Pick 3-5 policies in audit only mode to assess leakage scope As DLP program matures, slowly add additional policies, vectors and proactive actions such as block or quarantine You can only protect sensitive information you have identified moving forward DLP can t look backwards!

Data in Motion (Network) Monitors SMTP, HTTP, HTTPS* and other clear text protocols SMTP is most common starting point as most organizations already have web filtering in place via proxy servers Can be inline or passive Inline is most common for SMTP DLP can connect to existing proxy servers via ICAP Passive monitoring is common for internal to internal network monitoring via network tap or spanning port Inline is required if you plan on implementing preventative actions such as block, modify, etc. * HTTPS breakdown would occur on proxy servers and not DLP servers

Data in Use (Endpoint) Monitors data at the endpoint such as local disk, copy to USB, printing, etc. Allows context driven analysis of both stored data and actions such as copy to local disk and USB storage devices, printing, application monitoring Can be configured to monitor both on and off the network Logic can be built into Endpoint policies to allow copy to approved USB devices while blocking copy to unapproved USB storage devices

Data at Rest (Storage) Monitors stored data on NAS, SharePoint, Exchange and Databases NAS is most common starting point as most organizations struggle to identify where sensitive data is stored Supports multiple vendors such as NetApp, EMC and Win NAS SharePoint is rapidly become more common in DAR Lack of user access control and organization leads to proliferation of sensitive data on SharePoint sites Database scanning supports Oracle, SQL server, DB2 and other common formats

DLP Incident Triage This is where the DLP analyst reviews each incident to verify accuracy and determine follow up actions Dedicated, full time resources here will quickly recognize broken business processes, potential security violations and provide much more ROI with DLP than shared resources Don t create an incident unless you can review and follow up in timely fashion!

DLP Reporting While DLP does a great job of explaining incident details, manual analysis of exported incident data is usually required for trending Reports detailing trending analysis of users, increase/decrease of DLP incidents over time and incidents by business units are common Consider third party tools such as IT Analytics, SIEM, etc. to improve reporting capabilities

Use Case Large Healthcare Large healthcare company providing medical services Primary goal is protection of PHI and PII custom index (IDM) policies created from PHI & PII databases, additional regular expressions/keywords (DCM) PHI & PII policies DIM for HTTP and SMTP, DAR for PII and PHI stored on unsecured network shares and external facing SharePoint sites DIU for endpoint copy to USB with exception for copy to approved USB, quarterly scans for PHI and PII data stored on local disk

Use Case Small Manufacturing Small manufacturing company with engineering designs in various file formats Custom index (EDM/IDM) policies for all design documents, additional regular expression/keywords (DCM) policies for similar design documents Unique situation with Office 365 in use for SMTP Endpoint SMTP monitoring via Outlook application monitoring*, endpoint copy to USB and printing * Verify application monitoring support with your vendor

Recap What did we cover today? What is the difference between DLP and other security tools? Context Business driven approach Deployment details on DIM, DIU and DAR Incident triage and reporting DLP use cases

Questions?

Contact Information Jon Damratoski, DLP Architect, Black Diamond Technology Jon@Blackdiamondtech.biz Office (615) 469-2468 Chris Mitchell, Senior Security Solutions Engineer, TN, Symantec Christopher_Mitchell@Symantec.com Office (901) 674-7150

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information