Cyber Security Services: Data Loss Prevention Monitoring Overview



Similar documents
SYMANTEC DATA CENTER SECURITY: MONITORING EDITION 6.5

Symantec Cyber Security Services: DeepSight Intelligence

Host-based Protection for ATM's

Backup Exec 15: Protecting Microsoft SQL

Symantec Control Compliance Suite Standards Manager

Partner Technical Support Benefits Quick Guide

Backup Exec 2014: Protecting Microsoft SQL

Microsoft Office 365 Migrations with Symantec Enterprise Vault.cloud

How to Unlock Agility by Backing up to, from, and in the Cloud

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

DATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1

Asset Discovery with Symantec Control Compliance Suite

Symantec Messaging Gateway 10.6

Symantec Endpoint Protection

SYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Delivering Performance and Value through Multiple Deduplication Pools

Backup Exec 2014: Protecting Microsoft SharePoint

Symantec Advanced Threat Protection: Network

The Symantec Approach to Defeating Advanced Threats

Finding Security in the Cloud

Top 5 Reasons to Choose User-Friendly Strong Authentication

Symantec Mobile Security

Symantec Enterprise Vault for Microsoft Exchange Server

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Achieving Business Agility Through An Agile Data Center

Backup Exec 15: Protecting Microsoft Hyper-V

Payment Card Industry Data Security Standard

How To Monitor Your Entire It Environment

Symantec Enterprise Vault and Symantec Enterprise Vault.cloud

The Impact of HIPAA and HITECH

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Keeping GE Healthcare Universal Viewer Highly Available with Symantec ApplicationHA

Symantec RuleSpace Data Sheet

Securing Mobile App Data - Comparing Containers and App Wrappers

Symantec Server Management Suite 7.6 powered by Altiris technology

Leveraging a Maturity Model to Achieve Proactive Compliance

5 Must-Haves for an Enterprise Mobility Management (EMM) Solution

Realizing the True Potential of Software-Defined Storage

Securing Office 365 with Symantec

INFORMATION PROTECTED

Capstone Compliance Using Symantec Archiving and ediscovery Solutions

Web Protection for Your Business, Customers and Data

Symantec Client Management Suite 8.0

Unified Security, ATP and more

Confidently Virtualize Business-critical Applications in Microsoft Hyper-V with Symantec ApplicationHA

Guide to Successful Data Loss Prevention Risk Reduction: Part 1

Symantec Mobile Management for Configuration Manager 7.2

Symantec Endpoint Protection

Managed Security Services D e l i vering real-time protection to help organizations st r e n g t h e n their security posture in the face of today s

Incident Response. Summary of Expertise and Experience

Delivering a New Level of Data Protection Resiliency with Appliances

Closing the Vulnerability Gap of Third- Party Patching

Symantec Messaging Gateway 10.5

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

2012 Endpoint Security Best Practices Survey

Symantec Endpoint Protection

Symantec Security Information Manager 4.8 Release Notes

Symantec Enterprise Vault for Microsoft Exchange

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

#ITtrends #ITTRENDS SYMANTEC VISION

Backup Exec 15: Deduplication Option

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Symantec Protection Suite Add-On for Hosted and Web Security

Medicaid MITA: Innovative COTS solutions for IT Risk Management

Symantec Mobile Management 7.2

Simplify SSL Certificate Management Across the Enterprise

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Symantec Enterprise Vault for Microsoft Exchange

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Enterprise Vault 10 Feature Briefing

Endpoint Protection Small Business Edition 2013?

Enterprise Vault 11 Feature Briefing

Backup Exec 2014: Deduplication Option

Data Sheet: Archiving Symantec Enterprise Vault for Microsoft Exchange Store, Manage, and Discover Critical Business Information

Enterprise Vault Whitepaper

IBM QRadar Security Intelligence April 2013

Symantec Backup Exec.cloud Customer Pricing and Licensing Guide

8 Key Requirements of an IT Governance, Risk and Compliance Solution

Symantec Encryption Solutions for , Powered by PGP Technology

Datacane - When the bits hit the fan!

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Solution Brief: Enterprise Security

Symantec Managed Security Services The Power To Protect

Confidence in the Cloud Five Ways to Capitalize with Symantec

Symantec Backup Exec.cloud

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

Transcription:

WHITE PAPER: DLP MONITORING OVERVIEW........................................ Cyber Security Services: Data Loss Prevention Monitoring Overview Who should read this paper Customers who are interested in using Symantec's Managed Security Services to monitor their Data Loss Prevention solution

Content Overview............................................................................................................. 1 Data Loss Prevention Architecture....................................................................................... 2 How DLP Monitoring helps to protect customers sensitive data............................................................ 2 Defining a role and creating a user account............................................................................... 3 Symantec provides true Edge to Endpoint Visibility........................................................................ 6

Overview Symantec Cyber Security Services: Managed Security Services (MSS) minimize the potential business impact of increasingly sophisticated and targeted attacks by reducing the time it takes to detect, assess and respond to security incidents. MSS provides proven security expertise, log retention, and real-time monitoring of network security devices and endpoint protection solutions. Partnering with Symantec an industry leader in managed security services you can build on existing investments in security technologies to create an effective, scalable information security program to improve your security posture. For customers already leveraging MSS for real-time security monitoring, we are pleased to offer monitoring for Symantec Data Loss Prevenetion (DLP). Adding MSS DLP Monitoring helps ensure enterprise-wide visibility by aggregating and correlating DLP Monitor, Protect and Prevent events with network and endpoint security detections to provide: 24x7 analysis and escalation of real-time data loss incidents, Prioritized incidents and elevated severity levels when existing network and endpoint events are correlated with detected data loss This comprehensive approach provides an unprecedented ability to detect and prevent malicious activity, and allows you to focus remediation efforts toward the most critical incidents involving data loss. 1

Data Loss Prevention Architecture Symantec DLP has a three-tier architecture: an Enforce Platform, multiple detection servers and multiple remote agents/scanners. All detection and prevention configuration is managed centrally on the Enforce Platform using an intuitive web interface. Please note, Symantec Data Insight is not part of Symantec DLP, but is available as a companion product to monitor file server read and writes as a basis to determine the true data owner. How DLP Monitoring helps to protect customers sensitive data Protecting your company's confidential data is the ultimate goal of Symantec Data Loss Prevention. To ensure the confidentiality of data contained within your DLP incidents as well as meet regulatory compliance requirements, MSS DLP device support was designed to ensure that no sensitive information will be transmitted back to the Symantec SOC for analysis. MSS retrieves DLP logs via a collector that calls the DLP manager s API. This connection requires a user account established and administered by the customer. During the onboarding process, Symantec provides DLP user account configuration recommendations that reinforce data collection control via role-based restrictions, thereby prohibiting the retrieval of sensitive session data (such as data body and attachments) associated with DLP events. Additional information on how customers can configure DLP for MSS monitoring can be found in the Customer Setup Guide for Symantec Data Loss Prevention Security Monitoring, available from your local account team or MSS Service Manager. 2

Defining a role and creating a user account Protecting your company s confidential data is the ultimate goal of Symantec Data Loss Prevention. To ensure the confidentiality of data contained within your DLP incidents, the product enforces role-based access control to restrict access for users accessing the Enforce Platform. These controls extend to the reporting API used by Symantec MSS for security monitoring. You must define a role to permit Symantec MSS access to the incidents you require monitored. This role must not permit access to the confidential data itself, only to the metadata describing the incident s business impact. You then create a user account with that role; this is the account used by the Symantec Log Collection Platform. To validate the controls, the customer can create the required role+user and use it to log-in to the DLP Enforce Server and confirm exactly the data it makes available to MSS. They will be able to see the incidents, the names of the policies and rules to which the incident relates and the high-level information about the incident (e.g. subject line of offending email, email addresses of senders and recipients, file names, etc.). Performing this validation and capturing a record will satisfy an auditor that the data access controls are in-place and tested. 3

4

View of incident from MSS portal: This screenshot shows a DLP event correlated to an incident. Note that portal users can easily drill down into the actual DLP event log data for more information. In addition, customers receive our SOC analyst's assessement of the incident. 5

Viewing the extracted DLP event data for this incident: MSS retrieves DLP logs via a collector that couples with the DLP reporting API to receive, normalize and parse the high-level event information. This model has a number of advantages: 1. Symantec MSS has full access to the incident meta-data required for analysts to handle the incident without requiring logging-on to the customer s DLP console. 2. The customer can directly control exactly what incident data they share with Symantec MSS: guaranteeing that confidential data never leaves their environment. 3. The solution is very efficient, MSS does not use any DLP resources unless there is an event to process In addition, the Symantec DLP plug-in architecture has been used to ensure that every Network Discover and Endpoint Discover incident has a custom attribute containing the IP address of the scanned system. This ensures that Discover incidents can be correlated by the file server or endpoint. Symantec provides true Edge to Endpoint Visibility By correlating network and endpoint detections with data loss events, Symantec Managed Security Services provides the Edge to Endpoint visibility needed to protect your organization from even the most persistent and sophisticated cyber attacks. For more information, visit go.symantec.com/mss 6

About Symantec Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses, and governments seeking the freedom to unlock the opportunities technology brings anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company operating one of the largest global data intelligence networks, has provided leading security, backup, and availability solutions for where vital information is stored, accessed, and shared. The company's more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2014, it recorded revenue of $6.7 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia. For specific country offices and contact numbers, please visit our website. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 10/2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information