HOW TO KEEP A SECRET SECRET ERM AND DLP WORKING TOGETHER



Similar documents
Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

SecureAge SecureDs Data Breach Prevention Solution

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Data Loss Prevention Program

Stay ahead of insiderthreats with predictive,intelligent security

Information Security Policy

How To Manage Security On A Networked Computer System

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

RightsWATCH. Data-centric Security.

Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

Data Protection Act Bring your own device (BYOD)

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Websense Data Security Solutions

A Buyer's Guide to Data Loss Protection Solutions

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

10 Building Blocks for Securing File Data

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

KEEPING UNSTRUCTURED DATA SECURE IN AN UNSTRUCTURED WORLD

How to Secure Your Environment

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Enterprise Data Protection

Sample Data Security Policies

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Estate Agents Authority

ITAR Compliance Best Practices Guide

Don't Be The Next Data Loss Story

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Teradata and Protegrity High-Value Protection for High-Value Data

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

Information Security Basic Concepts

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Vs Encryption Suites

White paper. Five Key Considerations for Selecting a Data Loss Prevention Solution

Grayteq DLP Data. Loss. Prevention.

Newcastle University Information Security Procedures Version 3

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

University System of Maryland University of Maryland, College Park Division of Information Technology

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Computer Security at Columbia College. Barak Zahavy April 2010

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Central Agency for Information Technology

THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

User Driven Security. 5 Critical Reasons Why It's Needed for DLP. TITUS White Paper

Top tips for improved network security

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Managing IT Security with Penetration Testing

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

ISO COMPLIANCE WITH OBSERVEIT

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Password Management Evaluation Guide for Businesses

PEER-TO-PEER NETWORK

Leveraging Privileged Identity Governance to Improve Security Posture

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Inspection of Encrypted HTTPS Traffic

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

AB 1149 Compliance: Data Security Best Practices

Identifying Broken Business Processes

Protecting Point-of-Sale Environments Against Multi-Stage Attacks

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK

Protecting Patient Data in the Cloud With DLP An Executive Whitepaper

Always Worry About Cyber Security. Always. Track 4 Session 8

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Brainloop Cloud Security

Maruleng Local Municipality

Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science

Securing and protecting the organization s most sensitive data

Safeguarding the cloud with IBM Dynamic Cloud Security

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE

e-governance Password Management Guidelines Draft 0.1

BRING YOUR OWN DEVICE

The Impact of HIPAA and HITECH

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN Siskiyou Boulevard Ashland OR 97520

Supplier Information Security Addendum for GE Restricted Data

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

With Great Power comes Great Responsibility: Managing Privileged Users

SCADA SYSTEMS AND SECURITY WHITEPAPER

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

DATA LEAKAGE PREVENTION IMPLEMENTATION AND CHALLENGES

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

CA Technologies Data Protection

The Ministry of Information & Communication Technology MICT

TOP 3. Reasons to Give Insiders a Unified Identity

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Transcription:

HOW TO KEEP A SECRET SECRET ERM AND DLP WORKING TOGETHER

2 ABSTRACT / EXECUTIVE SUMMARY The need for information protection is present in the mind of every security professional. Recent history (WikiLeaks, information leakage of personal client data, etc.) teaches us that confidential information is not secure in its traditional form and access to information is not controlled at all. Common security tools in place are typically network and/or computer centric, protecting information from external attacks (hacking, virus, trojans, etc.) but fail to secure companies against information leakage. According to recent studies by IDC 1, information leakage is mainly accidental (>50%) and in the majority of known cases implies a direct cost higher than 100.000 US$. The most promising techniques for controlling information leakage are ERM (Enterprise Rights Management) and DLP (Data Loss Prevention). ERM assures that data is protected regardless of its state (at rest, in transit or in use) while enforcing detailed rights over the information (right to print, edit, copy data, export to other formats, reply, forward, etc.). DLP ensures that company policies for handling digital information are enforced for all users, defining rules on how information may be handled and stored (pen drives, e-mail, corporate servers, etc.). As detailed further in this paper, the drawbacks of the ERM solutions (User dependency, Lack of automatic classification and administration complexity) and the strengths of DLP products combined, would reap the benefits of ERM and DLP, resulting in an innovative approach within the information security field. RightsWATCH is a combined ERM and DLP solution, based on the Multilevel security concept (explained further in this white-paper) that effectively protects your organization against information leakage, while maintaining control over corporate data, and monitoring the actions that users perform over the information produced, providing total life-cycle traceability! Visit us at http:// for further Contact us for a live demo or try it for free on your organization! INTRODUCTION Information leakage is a real and evermore common problem. Almost every month, news about a company leaking confidential information becomes public. These are the cases that are known to the general public and have a more visible impact on the organizations. Thousands of companies information is being leaked daily, and mostly by accident! Figure 1 - Distribuition of security incidents According to recent studies, the vast majority of information leakages have an accidental nature: IDC believes the majority of information leaks will continue to be accidental, but we expect a rising number of carefully managed attacks by sophisticated crime syndicates. We also believe that the financial impacts of deliberate incidents of data loss are often much greater than accidental incidents Source: IDC, 2010 This means that information leakage is not solely the result of intentional actions, but also unintentional actions that workers of your organization may indulge. The unintentional data loss is perhaps the most dangerous one because the user is not (at least immediately) aware of the data leakage and does not act upon it. Besides being an actual problem, information loss may represent a very high cost for organizations. When quantified, the most significant part of information loss events had a cost of more than $100,000! Figure 2 - Information loss costs 1 International Data Corporation (IDC) http://www.idc.com Information loss has a direct cost; the intellectual property or industrial information lost in the leakage, as well as handling

3 the consequences. It also has a number of indirect costs, such as: loss of credibility in the market, loss of Intellectual Property leading to erosion of competitive advantage and failure to comply with legislation. PROBLEM DEFINITION Nowadays little or no paperwork is involved in core business processes. Critical business information is increasingly in the digital format. Recent studies show that the trend of growth of digital format information is exponential and shall reach 35 Zettabytes 2 in 2020. The growing awareness of the risks of information leakage was sparked by a series of corporate scandals in which confidential information was disclosed. As the majority of those cases demonstrate, such breaches are often not the result of malicious wrongdoing, but rather employees who unknowingly put their companies at risk. This may occur as employees send out email messages that contain files or content that they are not aware is confidential. Another example is employees delivering confidential files to their Web-based email boxes, or copying files to mobile devices, and thus exposing them to un-trusted environments. As seen in recent studies, about 60% of Information Leaks are related to Intellectual Property, which constitutes to most organizations, their most valuable asset. Deutsche Bank Loses Hertz IPO Role Because of E-Mails Nov. 8 (Bloomberg) - Deutsche Bank AG, Germany s largest bank, lost its spot among the underwriters of Hertz Global Holdings Inc. s initial public offering after an employee sent unauthorized e-mails to about 175 institutional accounts. Figure 4 - Examples of information leakage Protecting systems, infrastructures and processes is no longer enough. Organizations must protect Information itself and assure that it is safeguarded from undue accesses independently of its state or location! HIGH-LEVEL SOLUTION MoD loses more laptops, USBs and 'secret files (UK) The Ministry of Defence has revealed that 658 laptops have been stolen over the past four years. The department also disclosed 121 of its USB memory sticks, some containing sensitive information, have been lost or stolen since 2004. In order to prevent information leakage, the information itself should be safeguarded from undue accesses. The only way to ensure this is to use a solution that is able to apply persistent protection to information that travels with it; ensuring data is protected regardless of its state or location. These solutions are data-centric security solutions. Analysing the taxonomy of the most relevant information security techniques (presented in the following figure) it is easily perceptible that most technologies focus on the protection of data in a specific state: At Rest while it is stored in a computer or network hard drive; In Motion While traveling through the network between two users or machines; and In Usage, while being accessed (read, edited, printed, etc.) by the users. Figure 3 - Types of information leaks: IDC Survey Information security has been faced as a task that involves the protection of information from external attacks to organizations infrastructure and processes. Security standards and best-practices (e.g. ISO/IEC 27002:2005) are mainly focused on the protection of an information system from external sources and events, involving processes and infrastructure security. Figure 5 - Security technologies taxonomy 2 1 Zettabyte = 1 Trillion Gigabytes

4 At least two types of security solutions have greater visibility noticeable due to coverage in terms of data state and features: ERM and DLP. Enterprise Rights Management Enterprise Rights Management ERM is a security technology that applies persistent encryption to data, ensuring that information is protected regardless of being At Rest, In Motion or In Usage. Even while being used, the information is only decrypted to the computer s memory and made available to the application using it. While ERMprotected information is In Usage, ERM also applies detailed rights over the usage (e.g. block certain actions like: print, copy to clipboard, export data to another format, forwarding the e-mail, etc.). Data Loss Prevention Data Loss Prevention DLP technologies include a broad range of solutions designed to discover, monitor, and protect confidential data wherever it is stored or used. DLP includes solutions that discover, protect, and control sensitive information found in data at rest, data in motion, and data in use. The systems are designed to detect and prevent the unauthorized use and transmission of confidential Network-based DLP solutions are typically installed at the corporate gateway. These solutions scan network traffic such as email, instant messaging, FTP, Web-based tools (HTTP or HTTPS), and peer-to-peer applications for leaks of sensitive Host-based DLP solutions are typically installed on desktops, laptops, mobile devices, USB drives, file/storage servers, and other types of data repositories. Host-based DLP also includes solutions that provide data discovery and classification capabilities. Discovery DLP solutions are designed to discover sensitive information on desktops, laptops, file servers, databases, document and records management, email repositories, and Web content and applications. Figure 6 - ERM vs. DLP for data-centric features Watchful has developed a joint solution that provides ERM and DLP features, taking advantage of the strong points of each security technology: RightsWATCH (http://). RightsWATCH A Data-Centric Security Solution RightsWATCH is an integrated and transparent information protection solution, implementing the multilevel model, which allows the users to protect the information generated with the most common productivity tools (Office, E-mail, Mobile Devices, Content Servers, etc.). Information is protected through a permanent cypher algorithm and the rights that each user has upon the information are controlled during access. Information is continuously protected. Actions like opening, printing, edit, copy, export, reply, forward are enabled or disabled according to user s rights upon that ERM vs. DLP In the following table, the strengths and weaknesses of each technology are presented. A quick analysis reveals that DLP weaknesses are exactly the strengths of ERM and vice-versa.

5 or otherwise. An example of the security policies on the RightsWATCH solution is presented in the following picture. Figure 7 - RightsWATCH e-mail support range RightsWATCH is based on the Multilevel security model. Multilevel security model was developed in the military world and states the following essential premises: All produced information in an organization is classified according to its confidentiality level (e.g. Internal, Reserved, Confidential, Secret, ); A security credential is granted to every user in the organization; Access to information classified at a certain level is only granted to users with at least a specific credential (e.g. Information classified with Confidential is only accessible by users with the credential Confidential or above). The RightsWATCH system extends this base concept to a new level by adding two new derivatives: When a user is granted access to information, only certain rights are available to handle the data (e.g. the user may be able to read and edit the information, but have the printing or copying capabilities disabled); Information classification levels may be grouped into Information Scopes and Scopes into Organizational Units (e.g. the fictional organization Critical House may contain two scopes [which Financial and Management], the Financial scope may contain three security levels Secret, Confidential and Reserved ). This allows for user roles to have different accesses to information depending on the scope of the information (e.g. a user may be able to access information up to Confidential in one scope and only access Reserved information in other scopes). RightsWATCH allows the definition and implementation of information security policies to manage user rights to manipulate and access It mitigates the risk of access of unauthorized actions upon information, intentional Figure 8 - Multilevel security example Monitoring Capabilities RightsWATCH protected information is subject to logging of user actions. This allows for the security auditor to know, for instance, which files or e-mails were produced by each user and when and how these were accessed by others. For every file or e-mail protected with RightsWATCH, the system generates a unique identifier. This unique identifier may be used to track the lifecycle of a specific document, obtaining every logged action upon that document. The unique identifier may also be used to manage a document blacklist for which, documents added to it shall be revoked of all future access. This is particularly useful for managing identified security breaches within the organization and containing undue information access. As information is permanently encrypted, its access depends on a server validation process. Since RightsWATCH is directly coupled with the ERM system, it is possible to control or deny access to individual documents. Since RightsWATCH is an information security tool, the configuration of the system itself might represent a security breach. A RightsWATCH administrator is able to grant specific users rights to access information on the organization or revoke those rights. To prevent and monitor administration errors, all administration tasks are logged centrally for future audit. Advanced Identity and Access Management RightsWATCH is a product that prevents data loss by applying data-centric security techniques to information produced within an organization. As most security products, the digital identity of the users on the system is represented by the user s login. The strength of any security system is directly related to the strength of the bond between the users and their digital identity. If an illegitimate user assumes the digital identity of a user, it gains access to all information that

6 should be available only to the user. Identity theft is a major drawback on every security solution. Current results of this technology assure 99.7% reliability: Current authentication mechanisms offer a reasonable layer of protection against intruders, however, password-based authentication, or even strong authentication forms are weak. After an authentication phase, no further proof of identity is required. These mechanisms allow for opportunist attacks, especially from insiders (e.g. leaving your computer logged on while grabbing a coffee or going to lunch is an attack opportunity). In order to prevent identity theft, we need a technique that passively and continuously monitors the user s interactions, searching for some proof of intrusion. Host-based Intrusion Detection Systems (HIDSs) satisfy most of these conditions; however, current HIDSs are focused on the system, rather than the user. System-safe actions are considered legal and it is still very easy to execute harmful actions and still be undetected. RightsWATCH has extended the concept of IDS to the user authentication level. RightsWATCH contains a patented technology that monitors users interactions with the computer through the identification of biometric features. Keystroke Dynamics is the behavioural biometric technique that better satisfies this goal. Keystroke dynamics consists in the analysis of typing patterns from users in order to identify a biometric feature in the typing activity. Typing patterns are continuously available after the authentication phase (providing continuous authentication) It is non-intrusive and transparent (the user s daily routine is not bothered) It is inexpensive, since it does not require any special equipment. Figure 9 - User Intrusion Detection system effectiveness BUSINESS BENEFITS The deployment of a RightsWATCH installation enhances Information Security awareness within your organization and effectively enforces the deployment of security policies, while providing business with the means to audit security breaches, identify trends and possible violations. RightsWATCH usage provides the following main business benefits: Information Data Loss Prevention - Applying security policies and rules across the organization allows for effective data loss prevention. DLP features allow the enforcement of security policies such as the automatic protection of all files sent by e-mail or transferred to external devices. Enterprise Rights Management - Detailed rights over privileged information allows the definition of fine-grained effective rights over the information, which blocks attempts to misuse or leak internal information to the outbound of the organization. Features like printing, copying, exporting to different formats or forwarding the data to third-parties. Centralized Policies Management - All security information policy management is made centrally on a webbased console. It is possible to transpose information security policies and procedures to RightsWATCH directly and import roles and profiling data directly from your company user directory. Widest Range of Applications - RightsWATCH supports a wide range of productivity applications and devices and is easily extendable. Transparently encrypted information is accessible and effectively protected in most commonly used Office applications on your organization. Information is safe, no matter where it is stored or by wherever channels it travels or where it is being accessed. Total protection: At- Rest, In-Motion and In-Use. User Intrusion Detection System - Along with RightsWATCH data protection features, the system includes a User Intrusion Detection System that assures a 99% reliability rate. This biometric behavioural method assures continuous authentication, is inexpensive (no special

7 equipment needed) and non-intrusive as it does not bother user s regular behaviour. Advanced Monitoring Capabilities - RightsWATCH allows the business to have a big picture of the utilization of the information security. Drill-down features allow the auditors to identify deviations to the company information security policies by detecting behavioural trends and setting alarms and preventive measures. Lifecycle of Protected Information - With the unique identifier of each RightsWATCH file and e-mail it is possible to trace all accesses to every protected data individually and analyse the lifecycle of the Based on this feature it is also possible to revoke all access to a specific protected file/e-mail through the management of a blacklist. Audit Trail for Administrators - Management of the RightsWATCH system may provide access to information for unauthorized users and change access policies and DLP rules. RightsWATCH includes auditing trail for all administrator s actions, thus preventing and montoring possible administration errors. SUMMARY Common security tools in place are typically network and/or computer centric, protecting information from external attacks (hacking, virus, trojans, etc.), but fail to secure companies against information leakage. According to recent studies by IDC, information leakage is mainly accidental (>50%) and in the majority of known cases implies a direct cost higher than 100.000 US$. The most promising techniques for controlling information leakage are ERM (Enterprise Rights Management) and DLP (Data Loss Prevention). ERM assures that data is protected independently of its state (at rest, in transit or in use) while enforcing detailed rights over the information (right to print, edit, copy data, export to other formats, reply, forward, etc.). DLP ensures that company policies for handling digital information are enforced for all users, defining rules on how information may be handled and stored (pen drives, e-mail, corporate servers, etc.). The drawbacks of the ERM solutions (User dependency, Lack of automatic classification and administration complexity) are precisely the strengths of DLP products. RightsWATCH is a combined ERM and DLP solution, based on the Multilevel security concept that effectively protects your organization against information leakage while maintaining control over corporate data and monitoring the actions that users perform over the information produced, providing total life-cycle traceability! Visit us at http:// for further Contact us for a live demo or try it for free on your organization!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information