Data Security What are you waiting for? Lior Arbel General Manager Europe Performanta
So, what is a DLP solution? DLP = Data Leakage (loss) Prevention Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis. Rich Mogull (securosis.com) former Gartner analyst for DLP 2
How Data leakage happens Internal Non Malicious Bad business process Internal Malicious External attacker
Some numbers Source : Skyhigh Cloud Adoption & Risk Report 2015
Some numbers Breakdown of Sharing Actions Source : Skyhigh Cloud Adoption & Risk Report 2015
Solutions to the different attack vectors External to Internal Internal Spreading
Solutions to the different attack vectors Stages 2-7: Web/Email Security Gateway and Data Leakage Prevention Stages 1-6: IDS\IPS Solution External to Internal Internal Spreading
Internal Spreading Stages 1-7: Internal Malware Trap Stages 1-7: Client Based Forensic Tool Stage 4: Privilege Account Management Stages 6-7: Web Gateway and DLP
DATA PROTECTION PROJECT METHODOLOGY
Data Protection Project Data Classification Access Control FAM DRM GRC/SOC Encryption Financial data, SMTP, UK/Finance Business unit/ country DLP PROJECT
Data Protection Project VS.
roject Implementation Phased Approach Phase 7 Phase 1 Phase 6 Awareness & Training Management & Reporting Project Life-cycle Scope Freezing and Project initiation User Profile Identification Phase 2 Phase 5 Actionable Auditing and Policy Fine tuning Policy Development Sensitive Information & business requirement identification Phase 3 Phase 4 12
Business Co-operation Executive Sponsorship for the Project required. Business function need to actively participate for Identifying sensitive data Deriving policies Managing incidents Start with pre-defined patterns, conduct RA, trigger interest with Business heads. Pre-defined patterns reduce the risk exposure.
Interview Questions 1. What information does you/your department own, which if lost, stolen, damaged or compromised would have a severe impact on your business? 2. On a scale of 1 5, what would the impact be if that data was lost/stolen? 3. How comfortable are you today with your ability to demonstrate due care in the event of an accidental or malicious incident that resulted in data loss/theft? 4. Is there anyone else that you can think of who would also be impacted by this? 14
Create End user awareness through DLP tool DLP solutions can be extremely powerful in educating users, help them to treat sensitive data with more care, e.g. This email contains customer sensitive information Are you sure? Copying Intelctual property data to this type of USB is not recommended Please choose your action and the justification for it This is an unauthorized recipient Your manager have been notified for approval This content must be encrypted do you want to release it and automatically encrypt it? 15
Some War Stories Vertical Manufacture Protected content Document fingerprint, patterns Incidents Marketing information was sent out by a user that was about to leave the company to work for a competitor. Finance Telecom Document fingerprint, patterns, keywords, file types Document fingerprint, patterns Next year business plan was sent by a VP to her son in order to shape the graphics and animation inside Customer reported that in 3 months he found 50 wrong business Processes which he wasn t aware off before installing the system Manufacture Manufacture Manufacture Retail Document fingerprint, patterns Document fingerprint, Keywords, Patterns Keywords, patterns, Document fingerprint Patterns, DB, Document fingerprint Customer discovered that Intellectual property leaves their Asia office to a 3rd party, including product designs and source codes. Product source code was uploaded to a public drive Employee stated that they have tight deadline to achieve and wanted to work on it from home Employee send out an excel sheet protected by password with financial details the password attached in the body of the mail was 123456 A log of cash registers system sent out to the supplier of the software found to contain enormous amount of customers credit cards
Data Classification You have to do it right I can t decide let s leave it to the default Everything is classified False Positives Everything is unclassified False Negatives
Classification Challenges Source : Microsoft
QUESTIONS?