Data Protection Strategy Simon K. Carvalho

Technology Solution Consulting Service Outsourcing Data Protection Strategy Simon K. Carvalho

Workshop Agenda Why data protection? What is data protection? Data Protection vs DLP DLP strategy Data Classification Methodology Comparison Q&A

Data Breach - The escalation of a serious threat NATO A USB memory stick containing classified NATO information was found in a library in Stockholm The FSA has fined Nationwide 980,000 for a stolen laptop TJX s $1 billion data breach DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor ChoicePoint to pay $15 million over data breach Data broker sold info on 163,000 people 3

Is Your Data in the Wild? 80% of CISOs see employees as the greatest data threat 73% of data breaches come from internal sources 77% unable to audit or quantify loss after a data breach Survey: Dark Reading/InformationWeek (2009) Survey: MIS Training Institute at CISO Summit (2009) McAfee Datagate Report. Produced by DataMonitor (survey of 1400 IT professionals across UK, US, DR, DE, and Australia)

The Problem is Rapidly Escalating 300% Security Breach Increase 2008-2009 CIO Weblog: Scott Wilson Sept 30 2009

Accidental Data Loss is the Biggest Threat "Through 2010 we expect 80-90% of sensitive information leaks to be unintentional, accidental or the result of poor business processes." - Gartner Group

Paradigm Shift Access Control Data Loss Prevention Legitimate access to information does not necessarily grant the user the right to remove it from the enterprise

What data are we talking about? Compliance Intellectual Property High Business Impact (HBI) Information SOX MITS HIPAA PIPEDA EUDPD FFIEC Sarbanes- DPA Solvency II GLBA PCI Oxley Basel II HIPAA FISMA DPA Credit Card numbers GLBA CPC Art. 43 DTO-93 DPA FISMA SA-PL ITAR SB 1386 Others R-DPL J-SOX CPA Customer Lists Price/Cost Lists Target Customer Lists New Designs Company Logo Source Code Formulas Process Advantages Pending Patents Board Minutes Financial Reports Merger/Acquisitions Product Plans Hiring/Firing/RIF Plans Salary Information Acceptable Use and Importantly: What you did not know needed protection Review of Key Employee actions before they announced departure Unreported but Important Memos/Reports Code names of projects not reported to Security department April 15, 2014 8

Major Data Loss/Leak vectors 1 Physical loss or theft of laptops and mobile devices 2 Unauthorized transfer of data to external devices 3 Unintentional distribution via e-mail, web, etc. 4 Privileged users breach the data 5 Information escapes via print, CD-ROM, DVD, etc. 7 Trojans/key loggers/malware 6 User applications hacked

Why DLP Is Important For You Comply With Regulations Secure Your Sensitive Data Improve Operational Efficiencies (security) PCI, HIPAA, GLBA, PIPEDA, EU Data Directive, etc. Employee & customer data (PII), corporate secrets, intellectual property Keep security costs low and reduce impact on end users Fines: More than $500K in fines Burden: Quarterly audits Legal: Lawsuits, privacy notices Damage: Corporate brand equity Churn: Customer & employee Loss: Competitive advantage Burden: More FTEs for security Capital: Additional HW & SW Cost: Higher TCO

A Complete Data Protection Project Complexity Control data before it leaves your organization Organization Control data after it has left your organization Beyond 1. Removable Media Control 2. Laptop /device encryption 4. File and Folder encryption 5. Content aware Data leak Prevention (Host DLP) 6. Content aware Data leak Prevention (Network DLP) 7. Digital Rights Management (DRM/ERM) 3. Do Data Classification Data Loss Prevention Data Leak Prevention

Knowing The D In DLP: Sensitive Data Regulatory Data Corporate Secrets Credit card data Privacy data (PII) Health care information Intellectual property Financial information Trade secrets

Data classification tips Think twice about tagging and categorizing everything - the costs are high Consider the confidentiality ( sensitivity) and availability (criticality) of the data to be classified Consider its integrity, as low-quality data cannot be trusted Use an effective metadata strategy to tag the data well Get the support of the management and employees who will use the system Involve data owners Use Discovery tools to aid in Data classification Monitor and maintain the data classification system over time, tweaking as necessary

Classification Maturity Stages 0 - No information assets are classified or assets are randomly classified. 1- Assets are classified at a high level or organizational level, assets are unidentified. 2- Processes are developed and implemented allowing assets to be classified in detail. 3- New assets are classified in detail. 4 Legacy assets are classified in detail. 5 - Assets are classified, and processes exist that allow for asset reassessment and new asset classification.

What is DLP? Data Sources User Actions Policy Actions Enforced to Destination At rest Copy to device Encrypt Send via net Burn to disc In use Cut, copy, paste Educate Post to web Print In motion Upload Monitor Take home

Protect Evaluate Analyze Source How Does DLP Work? At Rest In Use In Motion Inspection/ Discovery Capture Policy Intelligence Admin Action Policy Application Enforcement User Action Encrypt Block Monitor Educate Move

DLP Methodology Policy Framework Based on Governance, Risk & Compliance DISCOVER MONITOR EDUCATE ENFORCE Sensitive Data User Actions End Users Security Controls RISK? Understand Risk Reduce Risk TIME

Discover Your Sensitive Data Reduce uncertainty and understand risk from the data you own Comply With Regulations Protect Corporate Competitive Advantage Credit Card Data Personally Identifiable Information (PII) Personal Health Information (PHI) Corporate Secret Data Unstructured Semi-Structured Structured

Monitor Your User Actions Understand how your user actions impact your corporate objectives Regulatory Data Compliance Objectives Corporate Secrets Governance & Risk Objectives

Educate End Users About Corporate Policies Educate end users on policies and violations to reduce risk Emphasized Education Program Augment Standard Policy Education With Just-In-Time Education Top Violators (Identified through Discover and Monitor) Rest of the users Just-In-Time Education! 1 2 3 user performs actions DLP educates on violation user acts responsibly

Enforce Controls to Prevent Data Loss Enforce security controls based on the risk of a violation User Action Data Sensitivity User Identity Defined in DLP Policy LOW ALLOW NOTIFY QUARANTINE JUSTIFY RISK MOVE BLOCK HIGH ENCRYPT SHRED Manual or Automated AUDIT COPY DELETE RMS (DRM)

DLP Deployment Playbook PEOPLE Gain support from executives and business managers Make sure employee education is part of the plan Establish SLAs and MOUs with group heads PROCESS Do not boil the ocean. Deploy in phases. Prioritize deployment phases by risk (data, group, etc.) Establish a process for remediation and reporting TECHNOLOGY Conduct a technology requirement assessment Identify current technology you can leverage Evaluate fit with IT roadmap (cloud, virtualization, etc.)

DLP Project Process & Check List Pre-Deployment Your DLP Pre-Deployment Check List Discover & Monitor Educate Enforce Next Phase (New policies / groups) DLP champion (team) Support from groups beyond IT Top 3-5 drivers & corporate policies Education process & resources Remediation process & resources Technology provisioning DLP administration hours Project Timeline and next phase

Choosing the right DLP solution April 15, 2014 27

A DLP solution must cover all data loss channels IM Hello, how are you? USB Peer to Peer Email Confidential Data Copy & Paste Printer Wi-Fi HTTPS FTP Network

Important DLP Capabilities Data Discovery capabilities can it discover and identify confidential data residing on servers, databases, document management systems, Sharepoint, NAS/SAN, endpoint etc. Structured and unstructured data support Policy templates for automated identification and Protection Endpoint encryption prevent data loss due to loss/theft of laptops/pdas File & Folder encryption Centralized Management for all pieces- endpoint, network and discovery. Reporting and forensics

Important DLP Capabilities Port control/device control/application control Integration with existing directories (user aware) i.e. Microsoft AD Linux/Mac support Port/protocol agnostic DIM Monitor, Capture and protect the unknown data Robust inbuilt incident management and workflow capabilities Content-aware encryption enforcement Online / offline enforcement Integration with DRM/ERM/RMS Scalability

Gartner Magic Quadrant 2010

Forrester wave Q4 2010

McAfee, RSA & Websense DLP McAfee DLP RSA DLP Websense DLP Host DLP Data leak prevention Laptop / device Encryption File and Folder encryption Device Control (removable media) Network DLP PREVENT - Email and web DLP Data DISCOVERY MONITOR Single appliance based centralized DISCOVERY Host DLP Data leak prevention Basic device control Network DLP PREVENT - Email and web DLP Data DISCOVERY MONITOR Grid based distributed DISCOVERY Stronger Policy Management engine Host DLP Data leak prevention Removable media encryption (USB) Network DLP Single server which can do Prevent, Discover and Monitor Single server based centralized Discovery Strong Policy Management (example: schedules) April 15, 2014 33

McAfee, RSA & Websense DLP McAfee DLP RSA DLP Websense DLP No (expected soon) Discover data within databases Discover data within databases No Data Masking Data Masking Four appliances and 1 server based architecture Mix of Appliances and server Two Management consoles (DLP Manager and EPO) Multiple appliances and servers based solution Mix of Appliances and servers (also as VMs) Single Management console Two-server architecture Servers only Endpoint DLP has application control features Single management console to manage Websense Web Security as well as DLP (adv.for existing Websense customers) April 15, 2014 34

McAfee, RSA & Websense DLP McAfee DLP RSA DLP Websense DLP replay or historical data storage No Capture database No No Discover data within Documentum No No?? Arabic support Arabic support?? Integration with Adobe LiveCycle RMS Integration with Microsoft RMS DLP inserted in Virtual Fabric?? April 15, 2014 35

OEM Product - GE Central Auditing & compliance reporting Full disk encryption OEM GE File and folder encryption NO LAN Support Planned For 6.0 EFS Port / Device control / Application Control Separate Product OEM PnP Only Separate Product Integrated Endpoint Content Aware DLP OEM Trend DLP Separate Product Central management, all in one R72 and R73 Relies on Altiris Requires separate Consoles Integration to existing directories, e.g. ADS MAC/Linux Support Road mapped 2010 Removable Media / Mobile / Encrypted USBs Footprint minimization R72 and R73 Tokens /Smart Cards / BioMetric Support Certifications FIPS 140-1 L1 FIPS 140-2 L1 BITS EAL 4 140-1 L1 140-2 L1 BITS EAL4 140-2 L1 EAL 3 140-2 L1 EAL 4+ 140-1 L2 140-2 L1 140-2 L1 140-1 L2 140-2 L1 OEM 140-2 L2 EAL 4 GuardianEdge Strong Average Partial Minimal Weak / None Endpoint Data Protection

Central Auditing & compliance reporting Requires envision Separate Sol Pack required Email ONLY from RSA Central Deployment & Management Requires Altiris or 3 rd party Requires 3 rd Party Unified Policy definition & enforcement For NDLP Port / protocol agnostic DIM Email ONLY from RSA Discover, Monitor and Protect the Unknown (Capture) Robust case management and workflow Requires envision Unstructured Data Discovery (Network & Endpoint) Structured Data Discovery Native DB Support Dec 2009 Real-time Rule tuning DIM, DAR Integrated Content aware Encryption enforcement DIU, DIM, DAR Requires 3 rd party Requires 3 rd party Requires 3 rd party Offline / Online Endpoint Policy Enforcement Integration with RMS / DRM Strong Average Partial Minimal Weak / None Data Loss Prevention

Next steps What stage are you in today? We can help you: Better understand DLP Develop a DLP project internally Develop a framework to evaluate and select the right DLP vendor Considering DLP Scoping DLP Project Evaluating DLP Vendors Risk Assessment DLP Workshop DLP Demo DLP Workshop EDLP TCO Tool DLP Sizing Guide DLP RFP Templates DLP POC Consideration Metrics

Summary Pre-deployment preparation is very important Data classification is critical Involvement of business managers and data owners Phased approach Identify top 3 or 5 top risk areas PCI or IP of some kind, etc Apply policies to top risk groups HR or Finance Enterprise wide rollout

Questions / Discussion April 15, 2014 40

Thank you!!! April 15, 2014 41

Supplementary slides April 15, 2014 42

RSA DLP solution April 15, 2014 43

RSA DLP Product Covers all Aspects of DLP DISCOVER MONITOR EDUCATE ENFORCE email web datacenter laptops & PCs * RSA DLP Network RSA DLP Datacenter RSA DLP Endpoint RSA DLP Suite RSA DLP Enterprise Manager * Through a partner

RSA DLP Network 45 April 15, 2014

RSA DLP Datacenter 46 April 15, 2014

Five Critical Factors For DLP Solutions: RSA s Take E Policy & Classification Identity Aware Incident Workflow Enterprise Scalability Built-In vs. Bolt-On Policies covering a broad range of regulations and topics. Developed by an expert team Identity awareness for classification, controls and remediation Consolidated alerts with the right information to the right people for the right actions Scan more data faster with lesser hardware and resources Common policies across the infrastructure - EMC, Cisco and Microsoft

Policies: Broad Range of Expert Policies 150+ built-in policies you can use Knowledge Engineering Retail PCI DSS Healthcare HIPAA Telecom/Tech CPNI Sample Profile of a Knowledge Engineer MA CMR 201 Caldicott (UK) Source Code CA AB 1298 PIPEDA Design Docs Work Exp: 12 years Certifications: 18 regulations Manufacturing ITAR Financial Serv GLBA Other NERC Languages : Background: Four Linguistics, artificial intelligence, search technologies Patent Apps EAR FCRA NASD Global PII 401k & 403b Education: Library sciences, Computer science Dedicated Knowledge Engineering team develops and maintains DLP policies

Classification: Flexible Framework A classification framework to suit your unique needs Attributes Transmission metadata File size, type, etc. Owner, sender, etc. Described Content Detection Rules Context Rules Exceptions Fingerprinting Full & partial match Databases Files Highly accurate results in identifying sensitive data

User Identity Analysis Name Title Business group Organization hierarchy Special privileges What policies to apply Define the risk of actions What controls to enforce Who to notify Real-time data from your Windows Active Directory Used across all phases of DLP

Incident Workflow to Effectively Manage Violations Reduce noise, prioritize incidents and manage workflow Consolidate Violations Send Alerts Based on Risk Violation Event 1 Violation Event 2 Violation Event 3 Policy Based Logical Grouping Security Incident Security Incident HIGH MEDIUM Alert Security Officer Alert Manager Violation Event 4 Violation Event n LOW No Alerts. Audit Only DLP + envision = More intelligent alerts and prioritization

Scalability For Enterprise Deployments PEOPLE PLACES DATA Number of users Types of users Number of office sites Types of office sites Amount of data Sources of data Flexible policy framework to support a million plus users and 100 s of user types Expandable site and agent architecture to support 1000s of sites Unique grid technology to scan large amounts of data most cost effectively

Built-in DLP for the Infrastructure: DLP Ecosystem What s in it for you Your DLP Strategy Leverage your current infrastructure for DLP Faster and cost effective deployments Centralize policies and management RSA DLP Technology

McAfee DLP solution 54 April 15, 2014

Evolution of McAfee Data Loss Prevention October 2006: McAfee acquires Onigma, early stage endpoint DLP company September 2007: McAfee launches Host DLP with epo management Throughout 2008: McAfee Host DLP selected as enterprise wide DLP solution for hundreds of customers, including Bank of America, Wal-Mart, Merrill Lynch, Visa, Dept of Defense, Israel Defense Forces, etc. August 2008: McAfee acquires Reconnex, industry analyst recognized technology leader in Network DLP and Forensics April 2009: Network DLP v8.5 launched with integrated incident reporting and workflow between Network DLP, Host DLP and epo. Discovery remediation and other enhancements. June 2009: Host DLP v3.0 launched with data discovery, integrated File & Folder Encryption, improved content classification and Lotus Notes support Sept 2009: Further enterprise enhancements to Network DLP Early 2010: Unified DLP with joint policy creation for all elements; further enhancements to Network & Host DLP 2010: Embedding of DLP engine into Web Gateway & Email Gateway 2010: Final infrastructure updates for Unified DLP Confidential Confidential McAfee McAfee 55 Internal Internal Use Use Only Only

The McAfee Data Protection platform DLP Discover Endpoint Encryption Encrypted Media Network DLP Monitor Network DLP Prevent DLP Host DLP Host Device Control Encrypted Media Data-at- Rest Data-in- Motion Data-in- Use Identify, Classify and Protect Full endpoint management and deployment Monitor, Notify, Prevent DLP Manager McAfee epo Enforce, Audit and Respond Incident and case management Workflow and reporting 56 Confidential McAfee Internal Use Only

Data at Rest Problem Where is all the data? Challenge Need to find the data and categorize it to enable the organization to apply protections Best Practice Data-at-rest products crawl the organization based on taxonomy of content and can provide analysis of what servers, endpoints and repositories have what content Use inventory scans to discover what is available and delegate reviews of materials (where possible) Once the data distribution model is understood, automated remediation can be used (move, delete, encrypt, quarantine, etc.) Confidential McAfee Internal Use Only

Data in Motion Best Practice Network-based data-in-motion products passively analyze all communications: webmail, IM, blogs, email, etc. Pre-built rules can be run to determine what information violates policy Problem Who is sending what to whom? Challenge All information leaving must be analyzed from both managed and unmanaged machines. Solution must be transparent. Rules and policies are mapped to business stakeholders to ensure incident review and remediation are not an information security challenge Mining of incidents allows for rule tuning and refinement Confidential McAfee Internal Use Only

Data in Use Best Practice Identify high-risk machines for sensitive information disclosure, such as Legal, HR, Management, Sales, Engineering and Development Deploy monitoring capabilities initially to identify the use of removable media Problem How are employees using my data? What is being printed, copied and removed from my organization? Challenge Users interact with data while connected and disconnected from my network. Authorized users have access to sensitive information. Define rules and policies by department and group requirements Use automated protection mechanisms (block, monitor, log, store evidence, encrypt, etc) Notify users to increase security awareness Confidential McAfee Internal Use Only

From the Network PREVENT - Protect against email & web data leaks Perimeter DISCOVER - Identify sensitive information in storage repositories Network Layers MONITOR - Protect data as it moves across the network Data Storage & Management MANAGE - Centralized administration Incident/case management Admin & Management 60Title of presentation February 10, 2009 Confidential McAfee Internal Use Only Confidential McAfee Internal Use Only

to the Host Network Based Protection from the endpoint Send over Email Post to the web Transmit over to network Copy to a network file share Application Based Protection Extract using the clipboard Extract using screen capture General application file-access Device Based Protection Send to a printer Send to a removable storage device Confidential McAfee Internal Use Only

McAfee Data Loss Prevention (Today) Data-in-Motion Data-at-Rest Data-in-Use McAfee HDLP McAfee HDLP Disconnected & Mobile McAfee NDLP Discover McAfee Web Gateway Databases or Repositories Data-at-Rest McAfee Email Gateway SMTP integrated Unified incident reporting and case mgmt workflow McAfee NDLP Prevent Data-in-Motion McAfee epo McAfee DLP Manager McAfee NDLP Monitor w/ Capture Database McAfee NDLP Prevent ICAP integrated Data-in-Motion Switch McAfee Firewall McAfee IPS Confidential McAfee Internal Use Only

McAfee Data Protection Solution Architecture DLP Endpoint Device Control DLP Endpoint Device Control DLP Discover DLP Monitor SPAN Port or Tap DLP Prevent Disconnected Central Management epolicy Orchestrator (epo) DLP Manager Secured Corporate LAN MTA or Proxy Network Egress/DMZ Confidential McAfee Internal Use Only

McAfee DLP Topology MANAGE Flexible and scalable administration & case management epo Agent Host DLP DISCOVER Find sensitive information in storage repositories PREVENT Protect against email & web data leaks MONITOR Protect data as it moves on the network Plug n play appliances Pre-integrated & hardened components Single, integrated epo desktop agent Confidential McAfee Internal Use Only

McAfee DLP Core Differentiators Industry s most comprehensive Data Protection portfolio Eliminates point product and multi-vendor fatigue Provides integrated management and intelligent data sharing capabilities Capture Facilitates accurate-first-time policies and comprehensive forensics investigation Time to Value See value in days, Capture removes the need for months of rule tuning Deploys in days not months, easy drop in appliances, no servers to build Industry s most widely deployed endpoint DLP agent Proven scalability and ease of deployment Full security functionality whether on the LAN or offline Custom built classification engine allows for high flexibility Unique capabilities for environments where non-standard file formats are prevalent Intellectual Property protection 65 April 15, 2014 Confidential McAfee Internal Use Only

Anti-Virus Anti-Spyware Desktop FW Host IPS NAC Host Compliance Remediation DLP Endpoint Encryption for PC Endpoint Encryption for Files and Folder Solidcore SIA Partners The McAfee DLP Difference Comprehensive and Integrated One Client Manager (MA McAfee Agent) handling multiple Endpoint Security products. epo Agent (MA) Framework McAfee epo Secure McAfee Communication Channel Total Protection for Data 66 April 15, 2014 66 Confidential McAfee Internal Use Only

The McAfee DLP Difference - Learning and Data Mining vs Let the technology do the heavy lifting Google changed the way we use the web. Nobody remembers URLs anymore, they Google what they need. Like Google, we index and file everything away so you don t have to know where it all is! Then you use our indexes to build policy. Simple, effective and fast! 67Title of presentation February 10, 2009 Confidential McAfee Internal Use Only Confidential McAfee Internal Use Only

The McAfee DLP difference: Capture all leakage! Egress Out POLICY FILTER PCI HIPPA Appropriate Use Trigger Words Other Policies Define policies Tune rules Mine data with Google-like search capabilities Forensic search of historical data Legacy Vendors All Matches McAfee Trash Bin Violations DB Capture DB False negatives destroyed Can t LEARN and adjust policies Assumes you know what to protect Pre-set Policies Dashboard reports Distributed notification of violations and reports Everything captured Information gap Solved Able to LEARN from the past 68 April 15, 2014 Confidential McAfee Internal Use Only

The McAfee DLP difference DLP Policy creation with traditional vendors Actual outgoing email, IM, web traffic, etc. Create Policy Implement Policy on Live Data Impact users, Help-Desk Calls, etc. Eventually Effective Protection Tweak/Edit Policy 6-12 months 69 April 15, 2014 Confidential McAfee Internal Use Only

The McAfee DLP difference - DLP policy creation with McAfee Capture Actual outgoing email, IM, web traffic, etc. Capture and index all network data Offline data Effective Protection Create Policies Edit Policy Offline Bonus = Forensics! Tweak / fast- Help catch theft of critical data by employees 1-3 weeks forward testing Confidential McAfee Internal Use Only

McAfee DLP Advantages 1 2 3 Platform Integration Deployment Velocity Data Analytics Confidential McAfee Internal Use Only

McAfee DLP Advantages 1 Platform Integration 2 3 Confidential McAfee Internal Use Only

McAfee DLP Coordinates Data Protection Web Removable Media Email DLP Device Control McAfee data protection solutions deliver additional value through DLP DLP coordinates enforcement DLP enforces consistent policies DLP provides actionable insight Encryption USB McAfee DLP provides integrated workflows, simplified processes, lower costs and consistent protection for all data Confidential McAfee Internal Use Only

DLP Increases Control Without DLP With DLP Encryption Encrypt everything Selectively encrypt Encrypt on-demand Removable Media Block USB devices Content based coaching Block based on origin Device Control Block Cut, Copy, Paste Content aware blocking Content based coaching Content aware enforcement delivers greater control & reduces costs, only applying protection where it s needed Confidential McAfee Internal Use Only

epo Integrates All Enterprise Security Increased Protection Reduced Costs Improved Agility Fast Flexible Efficient McAfee epolicy Orchestrator Confidential McAfee Internal Use Only

McAfee DLP Advantages 1 2 Deployment Velocity 3 Confidential McAfee Internal Use Only

McAfee DLP vs. Traditional DLP Compliance The longer deployment Achievedtakes, the longer your data and your company is at risk McAfee DLP delivers rapid & effective protection for your data why wait? Confidential McAfee Internal Use Only

McAfee DLP Product Line DLP Manager + epo = Central & Delegated Management Storage Network Host Perimeter DLP Discover DLP Monitor Host DLP DLP Prevent Discovery Inventory Tagging Scanning Mitigation Capture Data mining Monitor Alert Report Encrypt Device control Discover Print Cut, copy Email Web IM P2P FTP Inside Outside Confidential McAfee Internal Use Only

Use Case: Sensitive Data Leak Scenario An internal audit shows signs of data leaking from your organization Management have given you the job of quantifying and fixing the problem - fast McAfee DLP gives you speed Pre-integrated, hardened appliances are up and running in days 79 Capture data lets you quickly identify issues and build effective policies to address them Confidential McAfee Internal Use Only

McAfee DLP Advantages 1 2 3 Data Analytics Confidential McAfee Internal Use Only

McAfee Traditional DLP DLP Leverages Leaks Data Data Violations Data Intelligence Capture 81 Bit Bucket Fast, accurate policy creation and rapid, indepth investigations Confidential McAfee Internal Use Only

Use Case: Disgruntled Employee Scenario A top sales rep leaves the company 2 weeks later your customers are getting called by a competitor Has someone leaked your customer list? McAfee DLP gives you the evidence See the timeline of employee activities and data use Discover what data the employee downloaded before they quit 82 Confidential McAfee Internal Use Only

Data Loss Happens Beyond the Organization Partners Engineering documents Risk: No control after it is sent to third parties Field technicians Service manuals Risks: Gets printed offsite, unable to revoke/update older/inaccurate versions Insurers Patient health information (PHI) records Risk: PHI record sent to the wrong patient Customers Equity research reports Risk: Uncontrolled distribution of research dilutes value 83 Extending Data Protection Beyond the Organization April 15, 2014 Confidential McAfee Internal Use Only

McAfee and Adobe to Deliver Joint Solutions Encryption Network DLP Adobe LiveCycle Rights Management Device Control Host Data Loss Prevention Document audit tracking Disconnected access Version control Access controls Revoke/change rights Central Management (McAfee epolicy Orchestrator ) Document Security Management Organization Beyond 84 Extending Data Protection Beyond the Organization April 15, 2014 Confidential McAfee Internal Use Only

Adobe DRM Complements McAfee Data Protection McAfee Data Loss Prevention Full control and absolute visibility over user behavior Adobe LiveCycle Rights Mangement Persistent enforcement anywhere, anytime McAfee Data Protection Suite for Rights Management McAfee Endpoint Encryption Full-disk, mobile device, and file and folder encryption coupled with strong authentication Enterprise Data Loss Prevention Rights Management Endpoint Encryption Device Control Encrypted USB McAfee Device Control Prevent unauthorized use of removable media devices Proactive, Automated Data Protection McAfee Encrypted USB Secure, portable external storage devices 85 Extending Data Protection Beyond the Organization 85 April 15, 2014 Confidential McAfee Internal Use Use Only Only

Protection of Data-at-Rest Server-side Client-side Adobe LiveCycle Rights Management ES2 Adobe LiveCycle RM clients 4 1 Corporate IT Administrator 2 3 End User McAfee epolicy Orchestrator 4.5 McAfee Host DLP (with LiveCycle libraries) Step 1: IT defines RM enforcement policies specifying authorization Step 2: IT defines DLP rules, specifying which documents need RM Step 3: DLP searches disk, finds sensitive data and protects that with RM Step 4: End user conducts business normally, however, documents are protected with RM, seamlessly preventing unauthorized use Confidential McAfee Internal Use Only

Protection of Data-in-Use/Data-in-Motion Server-side Client-side Adobe LiveCycle Rights Management ES2 Email, Web, USB 1 5 3 Corporate IT Administrator 2 McAfee epolicy Orchestrator 4.5 McAfee Host DLP (with LiveCycle libraries) 4 End User Step 1: IT defines RM enforcement policies specifying authorization Step 2: IT defines DLP rules, specifying which documents need RM Step 3: End user attempts to send a file (via e.g. email, web, USB) Step 4: DLP software examines if file is protected with RM Step 5: DLP software blocks action until user protects document with RM Confidential McAfee Internal Use Only

Comprehensive Alliance: Enterprise and Consumer Consumer Adobe offers McAfee consumer AV as part of Adobe Reader Windows downloads Adobe Reader 500m+ copies distributed in the past 2 years alone Enterprise McAfee integrates Adobe DRM in to data protection solution epo installed-base 65m+ endpoints Significant commitment from both sides 88 Extending Data Protection Beyond the Organization April 15, 2014 Confidential McAfee Internal Use Only