Data Leak Protection THE NEED, IMPLEMENTATION AND RESULTS

Data Leak Protection THE NEED, IMPLEMENTATION AND RESULTS

Table Of Contents Our Introduction Introduction To Data Leak Organisation structures Data leak areas Data leak solutions Suggested data leak solution DL strategies DL products Implementation Expected results Results challenges Ongoing DL solutions Support

MIBM Introduction MUNSHIRAM INTERNATIONAL BUSINESS MACHINES LIMITED (MIBM Ltd) Established in 1980 with a mission to provide customers with efficient office solutions through in-house developed products and technical capabilities and capacity. The preferred choice in delivery of office furniture, business equipment's, ICT equipment's, ICT services and solutions. Designed and developed MyCBOMS, CSM, ASAH EDMS, Retail Management System(POS), Biometric Access Control System and NHIF CRV Software among others. Has elaborate distribution and support network in Kenya(Nairobi, Kisumu, Mombasa and Meru), Uganda(Kampala), Rwanda(Kigali) and Tanzania(Dar Es Salam). Other group companies are; Punchlines, Secura, Kengrow and Bracon.

Introduction To Data Leaks Data loss/leak prevention solution is a system that is designed to detect potential data breach, data ex-filtration transmissions and prevent them by monitoring, detecting & blocking sensitive data while; 1. In-use. Data in laptops, PCs, PDAs (endpoint actions), 2. In-motion. Data being sent (network traffic), 3. At-rest. Data stored in servers, PCs (data storage) Sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake.

The Many Faces of Data Leaks Accidental Disclosure Insider Threats Improper Access Control Social Engineering Customer information, Credit-card details Other Acronyms Data Loss Protection Data Leak Prevention/Protection Information Loss Prevention/Protection Information Leak Prevention/Protection Extrusion Prevention System Content Monitoring and Filtering Content Monitoring and Protection

Risk Of Loosing Sensitive Data 3:5 firms experience a data loss or theft event 1 9:10 data loss or theft events go unreported 1 1:5 employees have emailed confidential data from their corporate account to a personal one 2 1:2 business travellers carry sensitive corporate data on their laptops or PDAs 1:2 workers have lost portable devices containing work-related data4 Consequences Of Loosing Sensitive Data Band media and brand damage Regulatory penalties Liability and lawsuits

Sensitive Data That Can Be Leaked Intellectual property (IP), Financial or Employee Information Customer information, Credit-card details Method of Data Leaks

Data Leak Protection Solution Data is transferred to/from, processed in the workstations and can be easily shared with outside world using the following options. Internet Cloud Tablets Email s Flash Drives Mobile Phones External Hard Disks Web Email s CD/DVD Internet Link Corporate Servers (File servers, Mail Servers, Network Servers, Database Servers, Application Servers) Internet Access Instant Chat Room Workstation/PC Printin g Memory Cards Twitter Facebo ok Network Folders

Real Examples Of Data Leaks Laptop Stolen in Home Burglary: 2006 In May 2006, a thief broke into the home of a U.S. Veterans Affairs employee and took a laptop with the personal information of 17.5 million Veterans. This story had a rare happy ending, as the FBI recovered the laptop a month later and found that no one accessed the information Bradley Manning. a United States Army soldier who was arrested in May 2010 in Iraq on suspicion of having passed classified material to the website WikiLeaks. Swiss to US& Britain Alert. Swiss news reports and the sources close to the investigation said that investigators believe the technician downloaded terabytes, running into hundreds of thousands or even millions of printed pages, of classified material from the Swiss intelligence service's servers onto portable hard drives. He then carried them out of government buildings in a backpack.

Data Loss Solutions User training and sensitisation Use of dumb end workstations with no local data storage Disallow use of portable devices(pda) Disable emails and internet Only shareholders access and work on sensitive data Implement data leak protection solution. Deploy security guards to inspect add data carrying devices in and out of company premises. Assume all will be well.

Data Leak Protection Solution Data leaving the workstation to other points is filtered for content and also leaving the organisation servers. Internet Cloud Tablets Email s Flash Drives Mobile Phones External Hard Disks Internet Link Firewall jj Corporate Servers (File servers, Mail Servers, Network Servers, Database Servers, Application Servers) Web Email s Internet Access Workstation/PC CD/DVD Memory Cards Provide DLP Protection Layer Instant Chat Room Twitter Facebo ok Network Folders Printin g Provide DLP Protection Layer Data Leak Protection Server

Data Leak Protection Background Key Technical Features: Centralized Management Central policy creation for distributed deployments Predefined and customizable ready to use policies Context-aware information analysis, monitoring and prevention Identification and blocking capability Ease of integration Support for directory services (MS AD, LDAP etc) Ability to integrate with all popular SQL databases Support for all kind of printers independent from brand, model and connection type Doing all these without extra agent deployment. Business Alignment: Aligning with business needs Designed and preconfigured to satisfy business needs Customizable policies, messages etc. Market Position Should be used by several institutions and companies Further, should be assessed and evaluated by thousands of experts

Data Leak Protection Strategy DLP Focus: Data

MyDLP Solution Components MyDLP Management Console MyDLP Network Protection MyDLP Information Discovery MyDLP Endpoint Protection MyDLP Printer Protection MyDLP Information Discovery

MyDLP High Availability MyDLP can run on both physical and virtual servers. You can distribute and scale MyDLP almost linearly. MyDLP is fault tolerant. ( active-active )

MyDLP Integration And Network Protection Should be integrated with mail server to protect SMTP traffic. Supports all popular mail servers. Should be integrated with directory server to use directory users & groups in policies. Does not require any agent installation. Should intercept Web traffic to protect it. Can be integrated with your proxy server using ICAP protocol or bundled Squid 3.x can be used.

MyDLP Information Discovery MyDLP can crawl through your data stores, file servers and SQL servers to learn your sensitive data from them. Saves your time and keeps itself always up-to-date. If a sensitive information appears is in a place where it shouldn t be, MyDLP finds out, remediates and reports.

MyDLP Endpoint And Printer Protection If a sensitive information appears is in a place where it shouldn t be, MyDLP finds out, remediates and reports. On endpoints, too MyDLP will protect all kind of removable storage devices connected to your computers through USB (1.0, 1.1, 2.0, 3.0), Firewire (400, 800, 1600, 3200 and S types) and more. MyDLP support all printer models and all connection ports. Does not require print server or any other agent installation.

Management And Administration Enterprise manager has an easy to use web administration interface Predefined and customizable ready to use policies User roles with hierarchical authority scopes Automatically revisions policies. You can turn back to any state at any time. Advanced incident log searching including full text searches.

DLP Solution Server Implementation DLP Server with Active Directories Content Filtering Outgoing Emails Outgoing web content(text/multipart) End-Point Workstations Data Encryption Find and authenticate content Mobile Devices Data encryption Data wipe on device loss

Communications Control Policy Functions Port-independent application/protocol detection and filtering Message/session reconstruction with file/data/parameter extraction Content filtering Event/audit logging data shadowing Network-related parameters controlled IP address, range, subnet, masking Network ports and network ranges Protocols and network application types Identity-based parameters controlled User IDs and groups, email and IP addresses, Instant Messaging ID, URI/URL LDAP identities

Copying to external storage e.g flash disk, external disk Plain and SSL-tunneled SMTP emails Messages and attachments separately HTTP/HTTPS-based web access, Popular webmail & social networking applications Gmail, Yahoo! Mail, Hotmail, Windows Live Mail Facebook, Twitter, LinkedIn, MySpace Instant Messaging ICQ/AOL, MSN Messenger, Jabber, IRC, Yahoo Messenger, Mail.ru Agent IPTelephony and remote administration Skype, Teamviewer, Mikogo etc File transfer via FTP and FTP-SSL FileZilla, WinSCP, IIS etc Telnet sessions Screen shot prevention

Implementation Corporate overview Hardware and softwares delivery DLP Server Installation and configuration End-point DLP software installation Include group policies Technical training Management training Other employees training

MyDLP Implementation Schedule

MyDLP Licencing And Support Community Licences Enterprise Annual Maintenance Contracts Site Visits Email, chat support Remote support Troubleshoot server Local MyDLP forum and international forum

Justifying Costs To The Management Leakage of personally identifiable information (PII) and personal health information (PHI), direct costs: The average cost per record associated with a leak to make affected parties whole Fees for legal representation Engaging a PR firm to minimize damage and restore reputation to the extent possible Consumer credit monitoring for all customers (not necessarily only those affected by the leak) Up to five years of system and process audits conducted by an independent third party

Justifying Costs To The Management Intellectual property, direct costs: Fees for legal recourse to address who leaked the data and discover if it is being used inappropriately Short-term impact to R&D cost recuperation Long-term impact to profitability/revenue projections System and process audits to identify and correct the source of the leak

Justifying Costs To The management Total economic impact in one lost laptop: $49,256 (incl. replacement cost, detection, forensics, data breach, lost intellectual property costs, lost productivity and legal, consulting and regulatory expenses) Occurrence of data breach represents 80 % of cost; intellectual property loss is 59% of cost If the company discovers the loss in one day, it is $8,950. After one week, it is $115,849 Average cost for senior management is $28,449. For a manager or director it is about $61,000 Productivity loss is only about 1% of the cost Loss if laptop is encrypted: $29,256 (> $20,000 less) Loss varies by industry financial services: $112, 853, healthcare: $67,873, manufacturing: $2,184 Loss of intellectual property for healthcare is quite high - $17,999

MyDLP Customer Support Framework Customer Enquires Help Allocate Support Assistant Supported Phone Call Call Support Phone support data Record And Identify Support Nature Chat Allocate Support Assistant SMS Support Supported Copy Chat Logs Is Hardware Or Software Software Issues Hardware Issues Supported Hardware Email Email Suport Email logs Allocate Technician Allocate Technician SMS SMS Auto Response service Unavailable Reponse? Consolidate Auto Response & Queries Solves Issues Software Developm ent Internet Trouble shoot server Send Relevant Local Technician To Site No Issue Resolved? Yes, resolved remotely, or by assistance Customer Response Server

MyDLP International Support

Questions Questions Questions Questions Questions Questions Questions Questions

Punch Towers, East-Gate National Park Road, Off Mombasa Road P.O. Box 46667 00100 GPO Nairobi 020-534719/530936 http://www.munshiram.com http://www.misoo.co.ke Simon Kagara, kagara@munshiram.com 0722-674562/0733-674562 Abdul Ali, abdula@munshiram.com 0722-950575/0733-950575

Notes