Technology Blueprint. Protecting Intellectual Property in Email. Guarding against information-stealing malware and outbound data loss

Similar documents
Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

V1.4. Spambrella Continuity SaaS. August 2

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

WEBSENSE SECURITY SOLUTIONS OVERVIEW

Encryption Made Simple

Encryption Made Simple

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

McAfee Security Architectures for the Public Sector

McAfee Web Reporter Turning volumes of data into actionable intelligence

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Top 10 Features: Clearswift SECURE Gateway

MESSAGING SECURITY GATEWAY. Detect attacks before they enter your network

Symantec Messaging Gateway 10.5

How To Protect Your Data From Attack

Solutions Brochure. Security that. Security Connected for Financial Services

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

anomaly, thus reported to our central servers.

Stop advanced targeted attacks, identify high risk users and control Insider Threats

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Symantec Messaging Gateway 10.6

AVG AntiVirus. How does this benefit you?

Symantec Protection Suite Add-On for Hosted and Web Security

How To Buy Nitro Security

Mimecast Security

Trend Micro Hosted Security Stop Spam. Save Time.

Spear Phishing Attacks Why They are Successful and How to Stop Them

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Symantec Messaging Gateway powered by Brightmail

Trend Micro Hosted Security Stop Spam. Save Time.

Technology Blueprint. Secure Cloud-based Communications. Manage risk while embracing cloud services

Trend Micro Encryption (TMEE) Delivering Secure . Veli-Pekka Kusmin Pre-Sales Engineer

Migration Project Plan for Cisco Cloud Security

Evaluation Guide. eprism Messaging Security Suite V8.200

Intelligent, Scalable Web Security

Data Protection McAfee s Endpoint and Network Data Loss Prevention

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

European developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules

Comprehensive Anti-Spam Service

Endpoint protection for physical and virtual desktops

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

Reviewer s Guide. PureMessage for Windows/Exchange Product tour 1

Configuration Information

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

Websense Security Transition Guide

Stop Spam. Save Time.

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

ENABLING FAST RESPONSES THREAT MONITORING

ZSCALER SECURITY CLOUD FOR LARGE AND MEDIUM ENTERPRISE

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Securing enterprise collaboration through and file sharing on a unified platform

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Securing enterprise collaboration through and file sharing on a unified platform

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

FortiMail Filtering. Course 221 (for FortiMail v5.0) Course Overview

10 Quick Tips to Mobile Security

Unified Threat Management, Managed Security, and the Cloud Services Model

A Buyer's Guide to Data Loss Protection Solutions

Achieve Deeper Network Security and Application Control

AntiVirus and AntiSpam scanning The Axigen-Kaspersky solution

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Barracuda Security Service

McAfee Total Protection Reduce the Complexity of Managing Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Total Protection for Compliance: Unified IT Policy Auditing

Technology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption

Proven LANDesk Solutions

10 easy steps to secure your retail network

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

How To Secure Mail Delivery

Solution Brief: Enterprise Security

A NATURAL FIT. Microsoft Office 365 TM and Zix TM Encryption. By ZixCorp

End-to-End Application Security from the Cloud

Comprehensive protection. Streamlined administration console

WildFire. Preparing for Modern Network Attacks

Trend Micro Hosted Security. Best Practice Guide

Correlation and Phishing

Transcription:

Technology Blueprint Protecting Intellectual Property in Email Guarding against information-stealing malware and outbound data loss

LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security Connected The Security Connected framework from McAfee enables integration of multiple products, services, and partnerships for SECURITY CONNECTED centralized, efficient, and REFERENCE ARCHITECTURE effective risk mitigation. Built on LEVEL more than two 1decades 2 3 of 4 5 proven security practices, the Security Connected approach helps organizations of all sizes and segments across all geographies improve security postures, optimize security for greater cost effectiveness, and align security strategically SECURITY with business CONNECTED initiatives. The REFERENCE Security Connected ARCHITECTURE Reference Architecture provides a concrete LEVEL path from 1 ideas 2 3 to 4 5 implementation. Use it to adapt the Security Connected concepts to your unique risks, infrastructure, and business objectives. McAfee is relentlessly focused on finding new ways to keep our customers safe. Guarding against information-stealing malware and outbound data loss The Situation Your company s Intellectual Property (IP) source code, blueprints, design diagrams, and planning documents is usually more valuable than your company s physical assets. Shouldn t this property be as closely guarded as your building? One of the most prevalent paths of IP loss and theft is your company s email system. Whether the loss comes from someone accidentally sending data unencrypted, intentionally sending out company information just prior to resigning, or falling prey to a targeted spear phishing campaign, the email vector is one of the most important to protect. Many businesses scan email for spam, viruses, and malicious attachments and some restrict release of personally identifiable information in compliance with privacy regulations. However, most do nothing to restrict the loss of crucial and unique intellectual property assets through email. Driving Concerns The majority of valuable and confidential intellectual property is emailed at some point packaged in notes, design files, spreadsheets, presentations, and reports. Typical enterprise users think that email is a protected form of communication and simply do not understand what data should or should not be sent over email. To these users, encryption seems like a needless hassle. At the same time that honest employees are placing IP at risk, thieves and disgruntled employees are embracing email as a tool for penetrating defenses and exfiltrating valuables. An email is the first salvo in spear phishing and other targeted attacks. Today s complex and mission-critical email environment requires extra attention to protect IP. Enterprises must equip themselves to handle these IP-specific challenges: Identifying the correct information. IP is usually unstructured data without the simple strings or signature patterns that enable filtering of personally identifiable information (PII) and malware Enforcement of policies based on content. Why is someone in customer service sending out information about payroll? Some users should not be allowed to send out sensitive information. Some information can be sent if it is processed correctly. Enterprises need an automated enforcement system they can count on to apply policies consistently. Protecting the business without impeding the business. Corporate information should be prevented from getting into the wrong hands without slowing down or unduly hindering normal business processes Protection against malicious outsiders. Custom and targeted phishing attacks known as spear phishing use email and social engineering to infect systems belonging to privileged users. Ideally, your users should never receive these emails. If they receive the malicious message, they should be blocked from responding to (or having an infected system respond to) that phishing message with an email containing confidential data. Integration with DLP, encryption, and security management tools. To minimize operational costs as well as user and policy management effort, IP protection should supplement and team with other software systems already in place 2 Protecting Intellectual Property in Email

Solution Description To protect against IP loss through email, your solution will need to detect and protect IP sent outside the company and also inspect inbound messages for phishing content and malware. Linked together, these outbound and inbound filtering systems can dramatically reduce your exposure to IP theft and loss, without driving up operational costs. By building on existing email security infrastructure, they can also be deployed without disruption of this critical communication system. An effective solution will address each of the concerns described earlier: Identifying the correct information. All outbound email must be inspected for intellectual property. Since IP is different in each business, the system needs flexibility and rich tools for detecting both structured strings and custom unstructured data. The solution must be able to scan and identify such data in both the body and the attachment of an email. Policies for IP property should work easily alongside or integrate with DLP and other systems that filter for personally identifiable information (PII) and regulated data. Enforcement of policies based on content. The system should use rules to make a decision on what to do in the event it identifies an email containing IP. Resulting actions should include options to encrypt, block, allow, and quarantine. It is helpful to have notifications so that the administrator and the end user understand that a policy was enforced. Rules should match action to risks and roles to ensure the system performs the right action. Imagine a scenario where a backup tape operator has access to sensitive data but does not have the authority to email this data outside of the company. Silent and automated encryption of this mail would simply aid in the employee theft of this data. Instead, an appropriate enforcement action would have been to quarantine and notify a security officer. The solution should allow a range of actions triggered by policies and content detected: Decision Elements These factors could influence your architecture: What regulations for content security apply to your company? How can these be enforced for email? Does your email need to be archived for compliance? How many email egress points do you have today? How many mail exchanger (MX) records do you have? Each MX record needs to have at least one device. Do you currently use a cloud-based email protection service? Do you require distributed or centralized management? Do you already have a DLP solution today? What are your requirements for encryption? Encrypting a message only when the sender/recipient is authorized to read the email Blocking or quarantining a message when the sender/recipient is not authorized to read the email, while simultaneously notifying a security officer Rerouting a message to an archival system for long term storage Detection of desktop encryption. Users determined to bypass security checks will encrypt the message at the desktop. The system should detect, prevent, and notify of any unauthorized use of desktop encryption. Protecting the business without impeding the business. Encryption provides a simple way to preserve the confidentiality of documents sent through email. Organizations should adapt encryption controls to their business requirements: Gateway to gateway encryption. Basic S/MIME, OpenPGP, and TLS encryption are standards in the email world, but sender and recipient gateways may not support the same techniques. For guaranteed encryption, email security must enforce encryption using any of these protocols, based on sender or recipient or combination of the two. Gateway to end user encryption. There are situations when the receiving party often a business partner simply cannot receive an encrypted message using standard gateway encryption. The email gateway device must be intelligent enough to realize gateway to gateway encryption will not work and be able to automatically encrypt the data in a manner that can be accepted by the recipient of the email message. This automation ensures end users will not opt out of required encryption. One option, push encryption, sends recipients a secure message as an attachment to an otherwise standard email. The recipient can view and respond to the message using any web browser. Alternatively, pull encryption uses a secure staging server and notifies the recipient to collect the message from a secure web-based mailbox. The recipient logs into a secure web page to retrieve, view, and reply to any encrypted messages. Both pull and push encryption have uses in the email world and should be supported. Protecting Intellectual Property in Email 3

Protection against malicious outsiders, including spammers and phishing attacks. Signaturebased inbound screening must be enhanced to deal with malicious emails containing custom-crafted attachments and using multiple stages. Reputation-based defenses, both inbound and outbound. Any technology you consider must include both inbound and outbound protection that has been enriched to combat modern blended and targeted attacks. Inbound protection should include a reputation-based technology for antivirus, antispam, and antiphishing. Antiphishing is especially valuable since Advanced Persistent Threats (APTs) quite frequently start as an inbound phishing email. Reputation technology assesses the risk and intent of the email based on historical information where history could be the email sender s actions as recently as a minute ago. As a security professional, you must research and understand the data sources underlying this reputation-based protection. Is the data source looking at just one vector (email for example), or is the data source looking at all aspects of an attack (email, web, network, file level, message level, even country level)? If a reputation is deemed risky, then the system should enforce the appropriate action (usually block or quarantine). Enforcement of corporate executable, file, and media policies. To minimize damage from malware and spear phishing, policies should specify that certain users not be allowed to receive and run executable files. However, this control requires effective policies for the restriction of executable content downloaded via email, coupled with tools that look beyond basic file extension. The latter feature is important because attackers anticipate basic blocking of.exe files and simply rename executables to something that is likely to be allowed at the gateway, such as JPG or GIF file extensions. Tools must validate that a file is true to its type and then enforce the appropriate action. Integration with DLP, encryption, and security management tools. Intellectual property protection may start with email, but it certainly should not stop there. Policy-based enforcement in email should strengthen other gateway tools, including data loss prevention and encryption gateways. Tight integration eliminates enforcement loopholes and minimizes integration and maintenance costs. For example, if there is already a DLP policy in place to protect against printing or copying information, do you have to duplicate the policy again when trying to integrate with email? Integrated systems will share policies, avoiding the errors and loopholes introduced by replication and helping to ensure consistent policy enforcement (one policy to maintain). 4 Protecting Intellectual Property in Email

Technologies Used in the McAfee Solution The McAfee Email Protection solution defends against the latest email-borne threats and helps guard against data loss. It integrates data loss prevention technology, content-based policies, encryption, and email continuity services with advanced antivirus and antispam. Your choice of deployment options lets you focus on implementing the security where you need it without deployment restrictions. For the most rigorous protection of intellectual property, McAfee Email Protection can be used with McAfee Data Loss Prevention. We provide a direct integration with McAfee Network DLP Prevent, offering fine-grained fingerprinting integrated with email policy enforcement. The broader set of McAfee Data Loss Prevention functions is also available for comprehensive protection of data at rest, data in motion, and data in use. McAfee Global Threat Intelligence (GTI) McAfee Email Protection Remote User Cloud-based threat and spam protection McAfee Email Protection Firewall Fine-tuned security and Email Server LAN User policy enforcement Continuity Services McAfee Network Data Loss Prevention McAfee email and data loss prevention solutions integrate for strong inbound and outbound IP controls McAfee Email Protection McAfee Email Protection provides two tiers (on-premises and in the cloud) of antimalware and antispam for inbound traffic, to guard against data stealing malware, phishing, and other email threats. These layers both reduce the chance of infection by malicious content and free the resources of your onpremises security for other tasks. For outbound email traffic, McAfee Email Protection integrates content filtering for structured and regulated data, as well as some forms of intellectual property. Before traffic leaves your site, fingerprinting, lexical analysis, and clustering techniques supplement keyword and pattern matching to reliably detect and enforce data usage policies on regulated data (such as credit card and social security numbers) and certain unstructured data that you have fingerprinted, or which has searchable words, phrases, or regular expressions. Advanced document fingerprinting technology enables you to train your email security to determine which documents are policy controlled. By creating and storing digital fingerprints of selected documents, the solution learns what kind of content needs to be controlled by policy. Policies can be enforced for whole or partial content matches in email and attachments. Policy enforcement can include quarantining, blocking, or encryption. In addition, operating in the cloud, McAfee SaaS offers templates for outbound screening of structured and regulated data. This service helps you protect remote users and ensure your content policies cover your entire user community. Protecting Intellectual Property in Email 5

At your site, policy-based email encryption uses a combination of B2B (TLS, S/MIME, and OpenPGP) and B2C (push and pull) technologies to ensure that even recipients without encryption capabilities can receive and reply to secure email. Optional McAfee SaaS Email Encryption can help enforce encryption policies as well. To block information-stealing malware hidden inside legitimate seeming files, McAfee performs full file type and media verification. Reputation scrutiny also enables McAfee Email Protection to block or quarantine email more efficiently and accurately, making the solution extremely effective with maximized performance. McAfee uses cloud-based network reputation provided by McAfee Global Threat Intelligence. Reputational analysis applies intelligence from sensors in more than 100 countries and thousands of devices around the globe. Correlated web, email, and network reputation scores of the message sender enable the solution to make rapid decisions about the email, dropping unwanted email at the connection level, saving bandwidth, and consuming minimal system resources. In addition to the network information, the message headers and content itself is inspected by reputation. This enables known spam and other unwanted email to be instantly identified, even if comes from a reputable source, such as an infected system within a whitelisted company (such as Yahoo! Mail or Gmail). McAfee Global Threat Intelligence also provides real-time, cloud-based file reputation services. File reputation enables McAfee Email Protection to protect customers against both known and emerging malware-based threats attached to email. File reputation is compiled based on billions of file queries each month. McAfee Global Threat Intelligence file reputation responds with a score that reflects the likelihood that the file in question is malware, enabling the identification of malicious files, even if a signature is not available. McAfee Email Protection integrates with McAfee epolicy Orchestrator (McAfee epo ), as well as Splunk and ArcSight, for better enterprise visibility and streamlined reporting. McAfee Data Loss Prevention For detection, inspection, and enforcement actions on unstructured intellectual property, the McAfee solution integrates with McAfee DLP Prevent. The idea is to identify the intellectual property once, then simply turn on the rules of protection. DLP Prevent is not required for McAfee Email Protection to perform content policy enforcement, but if an existing DLP policy is already in use, then leveraging DLP Prevent can remove the need to rewrite existing DLP policies for use by email. Also, DLP Prevent can be used when expanding DLP policy from structured data to unstructured data. Supplementing the content dictionaries built into McAfee Email Protection, McAfee Data Loss Prevention provides templates covering a broad range of intellectual property types, such as CAD files. You can customize these formats easily. Once you have defined policies and fingerprinted the IP you want to protect, you direct your email traffic through McAfee DLP Prevent. When sensitive data is found, the DLP system instructs the McAfee Email Gateway to take the appropriate enforcement action. Many organizations are not sure what specific data and files they should consider to be intellectual property. You can choose to adopt the full McAfee Data Loss Prevention product set to discover, monitor, and protect your IP throughout your network. For example, McAfee DLP Discover offers crawling of data at rest throughout your network, including your email servers, endpoints, and file shares. It creates a historical database of data usage with business context. This system can help you decide what data is in use, by whom, and build unique rules for filtering and enforcement that align with how data is really used in your business. McAfee DLP includes other advantages for intellectual property protection. Automated tagging and classifications can apply policies based on the source application, the storage location, group and organizational data, and business-specific triggers, such as a finite number of customer names. For example, any data created by a software development application or stored on a software development file server could be marked as company confidential, internal only, or for access only by members of the development team. These controlled classifications help companies protect data and can be adjusted over time. 6 Protecting Intellectual Property in Email

Impact of the Solution Many companies are exploring controls for the intellectual property that distinguishes and supports each business. Deploying McAfee Email Protection and McAfee Data Loss Prevention will enable you to protect your business without impeding your business. Policy-based controls and advanced fingerprinting help ensure accurate rules enforcement without false positives that get in the way of the smooth flow of email communications. Important processes such as sensitive data identification and encryption of data happen automatically, without burdening the end user. Since most email is safe to transmit without encryption, accurate application of this technology provides a good balance of security and user convenience. Integration between controls and with other enterprise infrastructure helps you gain visibility and efficiencies throughout your security and compliance environment. To block outsiders attempting to steal your valuables, McAfee offers robust antispam and antimalware, with real-time threat assessments by McAfee Global Threat Intelligence, minimizing the chance that your users will receive or click on phishing emails or malicious attachments that could open your infrastructure to a targeted attack. Protecting from these threats is one more line of defense for protecting your intellectual property. McAfee solutions match the requirements of business today. Flexible, scalable deployment options allow you to implement the right controls for each user community, while consolidating systems to reduce hardware and maintenance costs. By having the proper checks and balances in place, McAfee helps ensure proper security controls, significantly reduces your attack surface, and minimizes the chance your competitive advantage will disappear because of email communications. Q&A If I m using McAfee Email Gateway, do I still need to have a separate McAfee DLP Component? It depends on the format of your IP. McAfee Email Gateway has built in tools for searching for structured data such as social security numbers, credit card numbers, as well as word/phrases and regular expressions (regex). McAfee DLP Prevent can be added to look for unstructured data such as diagrams, blueprints, and source code. McAfee DLP Prevent can also be used for centralizing DLP across multiple platforms, email, web, host, and network, without rewriting policy for each platform. Does the SaaS component of McAfee Email Protection also include antispam, antivirus, and DLP? Yes it does. This extra layer provides screening and flexibility to support more users and more email implementation models, depending on your business. Do I need a separate management appliance to manage multiple email gateways? No, you do not. Centralized management is included in the appliance, including enterprise class features such as centralized AV updates and policy changes. If you wish to deploy an appliance in a separate VLAN or management section, this implementation can be facilitated with either a virtual or physical appliance. Am I required to deploy any agents to leverage Active Directory authentication for the McAfee Email Gateway? McAfee Email Gateway can query any LDAP-compatible system, including Active Directory. Do I need a separate encryption server? No, the ability to encrypt email is built right into the product at no extra charge. Do I have to manage external accounts for my customers to retrieve encrypted messages? No, McAfee Email Gateway allows the end user to be completely self sufficient with self registration and password management. Protecting Intellectual Property in Email 7

Additional Resources www.mcafee.com/emailsecurity www.mcafee.com/data-loss-prevention www.mcafee.com/saas-email-web-protection www.mcafee.com/kb For more information about the Security Connected Reference Architecture, visit: www.mcafee.com/securityconnected About the Author Gene Moore is a McAfee Systems Engineer with 15 years of IT experience, primarily working with email and web security products. After several years with large enterprises including Pepsi, MCI Systemhouse, and CompUSA, he joined CipherTrust, which became Secure Computing, which was later acquired by McAfee. Moore attended the University of North Texas and is based in Plano, Texas, today. The information in this document is provided only for educational purposes and for the convenience of McAfee customers. The information contained herein is subject to change without notice, and is provided AS IS without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee, McAfee Data Loss Prevention, McAfee epolicy Orchestrator, McAfee epo, McAfee Email Gateway, McAfee Email Protection, McAfee Global Threat Intelligence, and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications, and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2011 McAfee, Inc. 38501bp_protecting-ip-email-L3_1011

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information