Guide to Successful Data Loss Prevention Risk Reduction: Part 1

Similar documents
Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

Cyber Security Services: Data Loss Prevention Monitoring Overview

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Symantec Client Management Suite 7.6 powered by Altiris technology

Leveraging a Maturity Model to Achieve Proactive Compliance

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Simplify Your Windows Server Migration

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas

Symantec Mobile Management 7.2

Payment Card Industry Data Security Standard

CA Service Desk Manager

Symantec Enterprise Vault for Microsoft Exchange

Symantec Asset Management Suite 7.5 powered by Altiris technology

Web Protection for Your Business, Customers and Data

The Impact of HIPAA and HITECH

Symantec Encryption Solutions for , Powered by PGP Technology

Protecting Data-at-Rest with SecureZIP for DLP

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Symantec Control Compliance Suite. Overview

Symantec Asset Management Suite 7.6 powered by Altiris technology

Symantec Messaging Gateway 10.5

Closing the Vulnerability Gap of Third- Party Patching

Symantec Mobile Management for Configuration Manager 7.2

8 Key Requirements of an IT Governance, Risk and Compliance Solution

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

How To Monitor Your Entire It Environment

Altiris IT Management Suite 7.1 from Symantec

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

Scalability in Log Management

Altiris IT Management Suite 7.1 from Symantec

Data Classification Technical Assessment

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

INFORMATION PROTECTED

Five Tips to Ensure Data Loss Prevention Success

Altiris Asset Management Suite 7.1 from Symantec

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Symantec ServiceDesk 7.1

Symantec DLP Overview. Jonathan Jesse ITS Partners

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Symantec Workspace Virtualization 7.6

Endpoint Management and Mobility Solutions from Symantec. Adapting traditional IT operations for new end-user environments

Symantec Enterprise Vault for Microsoft Exchange

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Symantec Mobile Management 7.1

Symantec Mobile Security

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

DATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1

Cisco Network Optimization Service

Symantec Client Management Suite 7.5 powered by Altiris

Symantec Protection Suite Add-On for Hosted and Web Security

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Solution Brief: Enterprise Security

Symantec Mobile Management 7.1

Athena Mobile Device Management from Symantec

Symantec Messaging Gateway 10.6

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Symantec Enterprise Vault Discovery.cloud

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements

FireScope + ServiceNow: CMDB Integration Use Cases

Vistara Lifecycle Management

Symantec Enterprise Vault for Microsoft Exchange Server

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

can you improve service quality and availability while optimizing operations on VCE Vblock Systems?

Best Practices for DLP Implementation in Healthcare Organizations

Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Data Loss Prevention and HIPAA. Kit Robinson Director

Symantec IT Management Suite 7.5 powered by Altiris

How To Create A Help Desk For A System Center System Manager

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Practical DLP Deployment

RSA ARCHER OPERATIONAL RISK MANAGEMENT

10 Building Blocks for Securing File Data

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

Information Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC

WHITE PAPER. Automated IT Asset Management Maximize Organizational Value Using Numara Track-It! p: f:

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

Achieving Business Agility Through An Agile Data Center

Improving. Summary. gathered from. research, and. Burnout of. Whitepaper

A Buyer's Guide to Data Loss Protection Solutions

Cisco Security Optimization Service

Total Protection for Compliance: Unified IT Policy Auditing

Enterprise Security Tactical Plan

Symantec Server Management Suite 7.6 powered by Altiris technology

Information Technology Services

Symantec Control Compliance Suite Standards Manager

A CPA recounts exponential growth in Compliance. Mary Ellen McLaughlin

Altiris Server Management Suite 7.1 from Symantec

CORE Security and GLBA

Self-Service SOX Auditing With S3 Control

Data Sheet: Archiving Symantec Enterprise Vault for Microsoft Exchange Store, Manage, and Discover Critical Business Information

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Transcription:

WHITE PAPER: GETTING STARTED WITH SYMANTEC DATA LOSS..... PREVENTION................................... Guide to Successful Data Loss Prevention Risk Reduction: Part 1 Who should read this paper Symantec Data Loss Prevention customers who are in the process of deploying or have already deployed the solution in their organization, and are ready to begin the Risk Reduction process.

Content Introduction and Purpose............................................................................................... 1 Phase 1: Planning...................................................................................................... 2 Assign the Right Staff................................................................................................ 2 Target Areas of Highest Risk.......................................................................................... 3 Targeting Confidential Information.................................................................................... 4 Targeting High-Risk/Exposure Points................................................................................... 5 Define the Incident Response Process.................................................................................. 5 Enabling the Initial Response Structure................................................................................ 6 How Initial Incident Response Works................................................................................... 7 Establish Success Metrics and Milestones for the First 90 Days............................................................ 8 Tracking Risk-Reduction Metrics....................................................................................... 8 Tracking Operational Metrics......................................................................................... 9 Develop Employee Outreach and Communication Plans................................................................... 9 Assess Current Program.............................................................................................. 9 Plan for Communication at Key Points................................................................................. 10 Phase 2: Deployment.................................................................................................. 10 Confirm Hardware Sizing and Deployment Topology..................................................................... 10 Determine Integration with Existing Infrastructure...................................................................... 10 Prepare to Leverage Exact Data Match (EDM), Indexed Document Match (IDM), and Directory Group Match (DGM)................ 11 Deploy and Optimize Performance.................................................................................... 11 Conclusion........................................................................................................... 11

Introduction and Purpose Organizations everywhere rely on high-speed networks and mobile computing to easily share and access information at all levels. Unfortunately, this wide open world also presents new challenges for data protection. Whether those challenges are related to maintaining compliance in the tightly regulated financial services, insurance and retail industries, or protecting intellectual property in the highly competitive high-tech and manufacturing industries, companies need to know where their confidential information is stored, how it is being used, and how best to prevent its loss. The first step to long-term, sustainable data protection is recognizing these challenges, and committing to an enterprise-wide initiative, involving people, processes and technology, to address this risk head-on. Once the decision is made to address this risk, organizations need a clearly defined plan for success, with specific steps, tasks, resources, and objectives to reach their short and long term goals. Comprehensive, clearly-defined, business-focused DLP programs achieve greater risk reduction, faster and with fewer resources, by integrating Symantec Data Loss Prevention into their existing security program and leveraging the software to promote enterprise-wide initiatives that drive change across the organization. These successful programs share five common attributes: Executive-level involvement. Support to protect data and change business processes and employee behavior must come from the top. A prioritized approach. Confidential data can take many forms and be anywhere in an organization, targeting the most critical data first proves value immediately. Business owner involvement. The information needed to identify new threats, keep policies current, and fix broken business processes must come from those closest to the data. A trained Incident Response Team (IRT). Clearly defined roles, responsibilities, and procedures drive consistency and organizational buy-in. Employee education. Visibility into employee behavior allows focused training on primary risk areas, and real-time enforcement of company data protection policies promotes a culture of security. The two companion documents, (Part 1) and Symantec Data Loss Prevention Risk Reduction Approach (Part 2) walk you through how to design your DLP program to incorporate these five characteristics. Together, both documents collect the best practices developed through 150+ Symantec Data Loss Prevention deployments across a wide variety of customer environments and industry verticals. They illustrate how to create the right mix of people, processes, and technology, and apply that mix across six project phases. Companies that have followed this methodology and leveraged the expertise and best practices outlined in these documents have consistently achieved measurable risk reduction within 90 days. In the first two phases Planning and Deployment your goal is to lay the groundwork and infrastructure for long term success. This is the most critical period in your DLP rollout, because your success in the future will depend on the work completed here. In the first two phases you will ensure that: Your most critical data is identified and protected Your system is deployed, operational, and providing maximum coverage based on your goals Policies are correctly configured to capture incidents of interest and minimize false positives Incident responders are trained, and fully prepared to address policy violations Employees are aware of their data protection responsibilities 1

The goal of this document is to prepare you to achieve these objectives. Your Symantec Data Loss Prevention Solution Specialist will guide you through the process. The four Risk Reduction phases Baseline/Visibility, Remediation, Notification, and Prevent/Protect are where you achieve and measure results. In these phases you will: Fine-tune policies Identify and change business processes contributing to risk Expand, modify, and automate remediation efforts to achieve the greatest impact with the fewest resources Begin real-time notification to employees when their actions cause risk Prevent and protect critical data from leaving the organization without impacting business as usual Collect specific metrics to demonstrate and document risk reduction over time. The Risk Reduction Approach covers the four phases of risk reduction, describes the key tasks in each phase, and prepares you to achieve the objectives listed above. Depending on the services you purchased, Symantec Data Loss Prevention consultants may provide support on site or on an advisory basis. Phase 1: Planning The focus of the Planning Phase is establishing the framework for the long-term DLP program, including the following key tasks: Assign the right staff Target areas of highest risk Define the incident response approach Establish success metrics and milestones for the first 90 days Develop employee outreach and communication plans Customers who incorporate these key elements at the very beginning of the implementation, instead of after the software is deployed, develop a comprehensive, organization-wide DLP program that results in rapid achievement of their risk reduction goals. Assign the Right Staff Developing a comprehensive DLP program requires solid leadership and input from key stakeholders across the organization. A strong, dedicated Project Manager is critical. When supported by an executive-level sponsor, and appropriately-staffed Technical and Business Enablement Teams, the Project Manager can drive the cross-functional and cross-organizational involvement needed to define and prioritize the data and policies to be protected, identify the most appropriate staff to review and respond to incidents, determine the proper remedial actions, promote business-unit level responsibility for reducing organization-wide risk, and encourage a culture of security. Table 1, below, outlines the key roles and responsibilities required for a successful implementation. Table 1: Staffing for a Successful Deployment Key Role Description 2

Executive Sponsor DLP champion; involved in Risk Assessment and Symantec Data Loss Prevention purchase CISO, CIO Help get the right people involved and committed; drive Incident Response Team and Steering Committee formation; lead Steering Committee Project Manager Drive project plan, achieve product roll-out goals and objectives Preferred: Risk, Privacy, Information Security; Second Choice: Project Management Office, Business, IT Make sure the right people stay involved; priorities are correctly set; involves Executive Sponsor as needed Technical Team Responsible for technical tasks (system architecture design and implementation) Representatives from Messaging, Network Infrastructure, Information Security, System Administration, Web Proxy, Server Management, Desktop Management, Audit, DBA, LDAP Administrator Technical Team Lead (Technical Architect) should be assigned to make sure the right people stay involved and the milestones are achieved Business Enablement Team Responsible for business enablement tasks (policies, employee communication, incident response, metrics and reporting) Representatives from Human Resources, Legal, Compliance, Privacy, Risk, Investigations, Forensics, key business stakeholders Business Team Lead should be assigned to make sure the right people stay involved and the milestones are achieved Target Areas of Highest t Risk Confidential data can take many forms and exist anywhere in an organization. Taking the time up front to identify what is most critical to protect as well as the riskiest exit or exposure points and focusing on those will prove value immediately. By prioritizing confidential information and exit/exposure points, you can structure your roll-out to address the most critical risks first, and then expand from there to full coverage, as indicated in the graphic below. 3

Figure 1: Risk-Based Targeting Targeting Confidential Information There are common types of confidential data that companies prioritize for protection, based on the company type. For example, financial services, insurance, and retail companies put a premium on compliance with key regulations, such as Gramm-Leach-Bliley (GLBA), and Payment Card Industry (PCI) standards. These companies choose to protect structured data such as credit card numbers, social security numbers, etc. Manufacturing and High Tech companies typically focus on protecting intellectual property such as unstructured formulas, technical designs, source code, and manufacturing procedures, etc. When identifying critical intellectual property, consider what provides your competitive edge as well as new products and services about to be launched. Companies can usually come up with a long list of all the different types of confidential data that they need to protect. To help prioritize which data to focus on first, Symantec recommends detailing the impact of data loss for each scenario you are considering. Examples include: heavy fines, loss of customer confidence, loss of trade secrets, loss of competitive advantage, negative impact to brand, customer attrition, etc. Some types of data loss will have multiple consequences. Then rate the severity of each consequence on a scale of one to five, with one indicating low severity (little overall business impact) and five indicating high severity (significant financial or competitive advantage impact). Input from business units and executive-level sponsors is critical during this exercise. With the input of those closest to the data and those guiding the business, this exercise should provide the perspective needed to select the three to five policies to implement first, as well as an idea of the subsequent policies and order of deployment. 4

Targeting High-Risk/Exposure Points Customers who purchase multiple Symantec Data Loss Prevention products must decide how to approach their overall solution rollout. Each product addresses a different risk, and how you target your high risk exit and exposure points will be determined by which products are being deployed and when they will be deployed. A key guideline is high volume + high access = high risk, and we recommend addressing the areas of highest risk first. Those who purchase Symantec Data Loss Prevention Network Monitor and Symantec Data Loss Prevention Network Prevent for Email and/ or Web will need to target high risk exit points, where large volumes of email messages and web traffic leave the company. Network Monitor and Prevent servers are typically deployed close to the outbound edge of the network to capture all traffic, and before the encryption gateway or the proxy/nat device to ensure that Symantec Data Loss Prevention is able to both detect the violation and reconcile the original sender of the message. Symantec Data Loss Prevention Network Discover purchasers will need to identify their high risk data repositories, again determined by assessing which have higher volume and higher access. Our recommended prioritization approach is to address your high-volume centralized fileshares and centralized data repositories (e.g. Windows File Servers, Lotus Notes, Sharepoint, Documentum, etc) first. Because the Symantec Data Loss Prevention Agent, a key part of both the Endpoint Discover and Endpoint Prevent products, is deployed via standard agent deployment software (e.g., Altiris or SMS), customer size (e.g. number of endpoints) determines the way the rollout is targeted. Smaller customers, those with up to 10,000 users, can easily deploy to all endpoints within two to three months, usually less. However, targeting users is key for very large Endpoint Discover and/or Endpoint Prevent roll-outs. One approach is to target Endpoint deployments to staff with access to highly sensitive data (e.g. Finance or Human Resources department) or at-risk employees (e.g. staff with high turnover, as in a call center, or about to be terminated) first, before expanding to the remaining endpoints. Another option is to target a pilot group of users that is a representative cross-section of all business units and workstation images (Windows desktops) within the company. Global rollouts are typically phased. Financial services, insurance, and retail companies, seeking compliance with key regulations, typically deploy in the US first, to allow fine tuning of policies and processes, before expansion to countries with more stringent privacy requirements, as well as language considerations. High tech and manufacturing companies, focused on intellectual property protection, typically deploy in the US, followed shortly thereafter to international manufacturing locations. This targeted approach allows companies to break down the problem of protecting confidential data into manageable pieces and focus on the ones that most directly impact the business. Define the Incident Response Process 90 percent of DLP is incident response. Symantec Data Loss Prevention's highly customizable workflow and manual and automated incident remediation options allow companies to quickly route incidents to the right people at the right time for the right response. By determining the initial incident response structure, and training the Incident Response Team (IRT) members on the system prior to software deployment, companies can take advantage of the natural momentum that typically happens at the beginning of the project. Table 2, below, describes Symantec's four-day instructor-led Symantec Data Loss Prevention Administration course, which covers policy management and detection, response management, user and role administration, reporting, workflow, and incident response. 5

Table 2: Fan-In and Fan-Out Procedures Target Audience DLP System Administrators responsible for DLP application maintenance and operations as well as troubleshooting DLP servers Course Description Provides fundamental knowledge and hands-on lab experience to configure and administer the Symantec Data Loss Prevention Enforce platform, including policy management and detection, response management, user and role administration, reporting, workflow and incident response. Additionally, the student will be introduced to the six Symantec Data Loss Prevention detection servers: Network Monitor and Network Prevent, Network Discover and Network Protect, Endpoint Prevent and Endpoint Discover and deployment best practices. This training is strongly recommended before deployment so that the project team will be ready to begin base-lining incidents immediately, ensuring no lag between "go-live" and full system use. With proactive training, companies can immediately begin addressing their DLP risks and increasing Symantec Data Loss Prevention system automation to help keep resource needs low. Enabling the Initial Response Structure Typically, IRTs use Symantec Data Loss Prevention in one of two ways, as depicted in Figure 2. In the Fan-out Response Structure, a small group, usually Information Security personnel, serves as first responders for all incidents and escalates critical incidents through defined channels to appropriate personnel (e.g. Forensics, Legal, Compliance, Human Resources) for further investigation or resolution. The first responder pool is small and focused and the escalation responder pool is larger and more distributed. 6

In the Fan-in Response Structure, individual business units (e.g. Finance, Marketing, Product Development, etc.) appoint select staff to serve as first responders for the incidents related to their business unit and escalate critical incidents to appropriate personnel for further investigation or resolution. The first responder pool is large and distributed and the escalation responder pool is smaller and more focused. Most customers choose the Fan-out Response approach for their initial deployments. This approach allows the Information Security Team to closely monitor the configured policies, workflow, and incident response processes and modify them as needed to improve performance. How Initial Incident Response Works Within both response structures, there are typically three levels of response: first responders, escalation responders, and investigators. First responders log into Symantec Data Loss Prevention on a regular basis to review their incident queue. Initially, first responders remediate incidents manually through Symantec Data Loss Prevention or outside of it (phone call, email etc.), and then mark the incidents as closed (resolved or dismissed) within Symantec Data Loss Prevention. Escalation responders and investigators may log into Symantec Data Loss Prevention to review their incident queues, but more commonly are sent automatic email alerts or automated reports when an incident requires their attention. The escalation and investigation responders also manually remediate incidents either through Symantec Data Loss Preventionor outside of it and then mark them as closed or launch investigations outside of Symantec Data Loss Prevention. Figure 3: Incident Lifecycle Figure 3, above, depicts the incident lifecycle. Please note that most incidents will not go through all stages of the lifecycle. As depicted in Figure 4, below, Symantec Data Loss Prevention can be configured to automatically route incidents to the correct responder. This is usually driven by incident severity, which is also configurable, by policy, and by business unit. 7

Figure 4: Sample Incident Workflow As Figure 4 illustrates, Symantec Data Loss Prevention routes new, medium-severity incidents to the First Response Team and new, highseverity incidents to the Escalation Team. The responder reviews the incident, and if they determine that they cannot resolve or dismiss it, then they escalate it to the next level. For the First Responder, the next level is the Escalation Team. For the Escalation Responder, the next level the Investigation Team. In this example, the incidents are also routed by policy. The SSN incident that the First Responder reviewed was escalated to the Compliance Officer in the Escalation Team. The high severity IP incident was automatically routed to the Information Security Manager in the Escalation Team. The Information Security Manager determined that the incident needed further investigation, and escalated it to the Investigation Team to investigate and resolve. It is best to follow a similar, straightforward workflow when beginning with the product. As the deployment progresses and the IRT members become more comfortable with how the system detects and handles incidents, common manual response processes can be codified as automated responses within the Symantec Data Loss Prevention solution and workflow can be expanded. The earlier companies begin using the system for incident response, the earlier they can take advantage of automation for policy enforcement and incident resolution. Establish Success Metrics and Milestones for the First t 90 Days Defining and tracking key metrics helps quantify and demonstrate risk reduction over time, as well as identify areas needing additional attention. Setting clear goals for the first 90 days and beyond will help maintain project momentum and ensure the entire team stays focused on the same goals. Well-defined success metrics make it easier for Executive Sponsors to ensure that appropriate resources are enabled to address critical risks. Symantec recommends selecting one to three risk reduction metrics and one to three operational metrics and tracking these over the first 90 days. After 90 days, expand the metrics to cover more areas of risk reduction and system operations and continue to demonstrate success. Regular review schedules will support long-term planning for continuous improvement initiatives. Tracking Risk-Reduction Metrics Risk reduction metrics should be reported regularly to the Steering Committee, who will monitor overall, company-wide risk reduction, and to the individual business units, who will focus on risk reduction within their business unit. Configure Symantec Data Loss Prevention to automatically email these reports to the appropriate personnel on a scheduled basis. Examples of overall risk reduction metrics include: 8

Percentage decline in incidents by policy and business unit Percentage decline in incidents across all business units Percentage decline in incidents due to broken business processes Percentage decline in incidents due to employee oversight Top violating business units Examples of business unit-focused risk reduction metrics include: Top violating senders Top incident recipients Number of incidents per policy Percentage of incidents of "High" severity Average size of new or un-reviewed incident queue Tracking Operational Metrics The right operational metrics will provide insight into where the system is working well and where additional focus can improve performance. Examples of operational metrics include: Percentage false positives for each policy Average queue size for "new" or un-reviewed incidents for each IRT member Percentage of exit points covered (compare against plan for coverage of all exit points) Percentage of repositories covered (compare against plan for coverage of all data repositories) Percentage of end points covered (compare against plan for coverage of all end points) As part of our 90-day and 180-day Health Check and Tune-up process, we will request specific information related to key operational metrics in order to better focus the site visit. Develop Employee Outreach and Communication Plans Symantec Data Loss Prevention automates enforcement of company security policies, providing companies with an effective way to change employee behavior and extend the value of the solution. Symantec Data Loss Prevention customers have seen up to a 90 percent drop in incident volume within a week of beginning automated notifications of policy violation. However, achieving these benefits without alienating employees requires careful planning and proactive communication. It is never too early to begin thinking about what, when, and how to communicate with employees and what resources should be provided to encourage a culture of security. Companies that inform their employees proactively about the importance of a DLP solution achieve better results, more quickly, because the entire organization, not just a handful of employees, plays an active role in addressing risk and preventing exposure. Assess Current Program The first step is to review the current data protection policies and training programs and make sure the policies adequately protect confidential information and are being effectively communicated to employees. It is important to involve Legal, HR, and other appropriate departments to understand the legal rights of the company and employees within each country of operation. It is also important to assess the company culture to determine how much is appropriate to communicate and identify possible repercussions. 9

Based on this understanding, develop proper messaging, frequency, and delivery channels. Many companies make their Symantec Data Loss Prevention deployment a key part of a larger communication campaign around the importance of data protection. Consider, at a minimum, developing an internal web site to post data protection policies, FAQs, scenario-based examples, and contacts for additional questions. Review and update the data protection training program on a regular basis, at least annually. Plan for Communication at Key Points Symantec recommends communication at certain key points during the Deployment, Notification and Prevent/Protect Phases. For companies choosing a big educational push, kicking off the campaign prior to Deployment is recommended to allow time to address concerns. It is also important to ensure Symantec Data Loss Prevention policies align clearly with company data protection policies at this time. Prior to enabling automated email notifications in the Notification Phase, remind employees of the previously-communicated data protection policies. Ensure the automated email notifications align with and reinforce the overall messaging around data protection. Remind employees of policies again before enabling Prevention/Protection and ensure the prevent/protect messages reflect the approved messaging. Phase 2: Deployment All of the requirements gathered in the planning phase are leveraged in the deployment phase. The deployment phase focuses on setting up the product infrastructure, including software installation and testing. It also includes configuration of the initial policies, reporting, and initial incident response workflow to allow for day-to-day system operation by the project team. Having a solid understanding of the business requirements and which products will be deployed first will help you effectively plan and execute. Key elements include: Confirm Hardware Sizing and Deployment Topology Determine Integration with Existing Infrastructure Prepare to Leverage Exact Data Match, Indexed Document Match, Directory Group Matching Deploy and Optimize Performance Confirm Hardware Sizing and Deployment Topology Scoping the proper amount of hardware to provide sufficient coverage for future and expected near-term growth is critical to project success. Whether you are deploying network monitoring, network storage, or endpoint products, provisioning the right number and configuration of servers is essential. Considerations include: Number of servers required to cover exit and exposure points Oracle database planning, including backup and recovery Business continuity requirements, including high availability and fail-over planning Use of EDM, IDM, or DGM detection technologies Planned-for employee growth, including network storage or traffic volumes Determine Integration with Existing Infrastructure Determine which aspects of your infrastructure should integrate with Symantec Data Loss Prevention. One of the most critical integrations involves configuring Symantec Data Loss Prevention to pull key information (username, phone number, department codes, etc.) from Active 10

Directory, LDAP, proxy log files, DNS systems, or other internal data sources. Information retrieved from these systems can be used to automatically route incidents to the appropriate responders, execute remediation actions, and compile and deliver effective reports. Additionally, if you are deploying Symantec Data Loss Prevention Network Prevent for Email, you will need to integrate with your messaging MTAs for blocking, and your gateway encryption engine for more secure message delivery. Prepare to Leverage Exact Data Match (EDM), Indexed ed Document Match (IDM), and Directory Group Match (DGM) Symantec Data Loss Prevention's True Match detection technologies, EDM for structured data, such as customer and employee information, IDM for unstructured data such as financial and design documents, and DGM for granular application of policies to groups within an organization, provide much higher accuracy than more common detection technologies, such as regular expressions. They are more advanced than standard keyword and/or pattern match policies, but pay off exponentially in terms of accuracy and false positive rates of close to zero. Symantec strongly encourages customers to identify data sources for the initial policies, determine how often the DLP indexes should be updated, and develop processes for making sure Symantec Data Loss Prevention automatically indexes the most recent data for optimal results. Deploy and Optimize Performance Technical deployment of the Symantec Data Loss Prevention system typically takes less than a week for most customers, depending on how many products are deployed. For those customers deploying the entire suite, Symantec recommends installing all product infrastructure up front, and then following a phased approach for enabling each of the products. After deployment, connectivity testing, and initial system set-up (policies, roles, users, reports, etc.), we recommend beginning immediate system tuning, including: Filtering (protocol and traffic filtering for data in motion, file filtering for data at rest and data at the endpoint) Server management Scan scheduling Report scheduling Alert setup Taking the time to optimize the system immediately after deployment will make sure you are focusing your efforts on what matters to the organization from day one, so you can address any issues early on. Conclusion The requirements for a successful DLP program go beyond merely deploying the software, setting up a few policies, and addressing whatever risks are identified as they come up. Customers who have taken that approach struggle to even set solid risk reduction goals, much less achieve them, do not realize the value they have purchased and, most importantly, continue to leave their organizations open to significant data loss risk. By following the process and completing the key tasks outlined in this document, you will have set the stage for long-term risk reduction and success. Be sure to read Symantec Data Loss Prevention Risk Reduction Approach (Part 2) for recommendations on achieving, measuring, and communicating your risk reduction accomplishments. 11

About Symantec Symantec protects the world s information, and is a global leader in security, backup, and availability solutions. Our innovative products and services protect people and information in any environment from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our worldrenowned expertise in protecting data, identities, and interactions gives our customers confidence in a connected world. More information is available at www.symantec.com or by connecting with Symantec at go.symantec.com/socialmedia. For specific country offices and contact numbers, please visit our website. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 1/2013 21282417

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information