Upload
infolock-technologies
View
392
Download
1
Tags:
Embed Size (px)
Citation preview
WEBCAST: WHAT’S YOURS IS MINE
Agenda
About infoLock Technologies
What Is the Insider Threat?
Symantec Data Loss Prevention
Symantec Data Insight
Q&A
2
WEBCAST: WHAT’S YOURS IS MINE
About infoLock Technologies
3
• Information security consulting & integration services
• Symantec Security Focus Partner & DLP Master Specialist
• DLP Managed Services & INSIGHT DLP Appliance
• 100+ DLP implementations and engagements; customers range from 100 to 40,000+ users
• Customers in all industry verticals – financial services, healthcare, insurance, government, technology, legal, manufacturing, and telecommunications
WEBCAST: WHAT’S YOURS IS MINE 4
“Insider threats are not necessarily the result of rogue employees driven by malicious intent. Any employee with a device that stores information can be at risk of inadvertently compromising data security.”Quentyn Taylor, Director of Information Security, Canon
WEBCAST: WHAT’S YOURS IS MINE 5
Well-meaning Insiders Malicious Insiders Malicious Outsiders
What do we mean by “Insider Threat”?
WEBCAST: WHAT’S YOURS IS MINE 6
Malicious Attack, 37%
Employee Negligence, 35%
System or Process Error,
28%
Causes of Data Breaches
Source: 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute
“Insiders” are the leading cause of data breaches
WEBCAST: WHAT’S YOURS IS MINE 7
“Insiders” agree that they are a risk!
SourceCorporate Data: A Protected Asset or a Ticking Time Bomb? Ponemon Institute, December 2014
•71% report having access to company data they should not be able to see
•54% characterize that access as frequent or very frequent
Employees have frequent access to sensitive data
they believe they should not be able to see
•47% say their organization does not strictly enforce data security policies
•45% say they are more careful with company data than their supervisors or managers
•Only 22% say their organization is able to tell them what happened to lost data, files or email
Employees believe data protection oversight and
controls are weak
•64% of employees and 59% of IT practitioners believe that insiders are unknowingly the most likely to be the cause of leakage of company data.
•Only 46% of IT practitioners say employees in their organizations take appropriate steps to protect the company data they access.
Employees and IT staff agree that employees are
unknowingly the most likely to be responsible for the loss of company
data
WEBCAST: WHAT’S YOURS IS MINE 8
58% of employees store company-sensitive information on their personal devices
40% of employees use sensitive business data they have taken with them when they changed companies
More than 50% of employees send business documents to their personal email and don’t delete them after use
One-third of employees move work files to file sharing apps without permission
Sources:What’s Yours Is Mine: How Employees are Putting Your Intellectual Property at Risk, Symantec & Ponemon InstituteSecurity Awareness Training: It's Not Just for Compliance, Enterprise Management Associates
Risky behavior leads to data loss
Credit Suisse Says VP Stole Secrets
WEBCAST: WHAT’S YOURS IS MINE 9
Introducing Symantec DLP
Symantec Data Loss Prevention enables you to discover, monitor and protect confidential information wherever it is stored or used
• Email, web, and other network-based communications• Servers, databases and other document repositories• Laptops, desktops, and removable storage• Mobile devices• Cloud applications
WEBCAST: WHAT’S YOURS IS MINE
MANAGE
MANAGE
DISCOVER
• Identify scan targets
• Run scan to find sensitive data on network & endpoint
• Enable or customize policy templates
• Remediate and report on risk reduction
MONITOR
1
2 3
PROTECT
4
5
• Inspect data being sent
• Monitor network & endpoint events
• Block, remove or encrypt
• Quarantine or copy files
• Notify employee & manager
10
How Does It Work?
WEBCAST: WHAT’S YOURS IS MINE 11
Action
Use case: Data-in-Motion
Detection and Response
Problem
Betty attempts to email confidential employee data without knowing it
DLP Response
Network: DLP inspects content and context for policy match as email leaves server
Endpoint: DLP inspects the mail when user hits “send”
Network: Monitor, notify user, encrypt or block
Endpoint: Display pop-up, justify, block email, remove content
Result
Help users understand and justify risk transparently
Block or encrypt data in some cases
Symantec Advantage
Betty G. | Well-meaning Insider
Asst. HR Manager | Insurance Company
SITUATION: Sending sensitive data over email
WEBCAST: WHAT’S YOURS IS MINE 12
Sanjay V. | Well-meaning Insider
Assistant Controller | Manufacturing Company
SITUATION: Copying sensitive data to removable storage devices
ActionProblem
Sanjay copies pre-released financial data to removable media
DLP Response
Endpoint agent analyzes content based on policies
Monitor, record or notify
Automatically encrypt files using SEE
Result
Automatically encrypt content
Higher visibility into where data is going
Change users’ behavior
Detection and Response
Use case: Data-on-the-Endpoint
WEBCAST: WHAT’S YOURS IS MINE 13
ActionProblem
Charles inadvertently stores source code on an unprotected share
DLP Response
Network Discover scan finds the exposed source code, Data Insight IDs Charles as the file owner
Network Protect can:• Notify Charles • Encrypt the data• Move the file• Apply rights
management policies
Result
Secure your most sensitive assets – keep the malicious outsider from finding them
Competitive Advantage
Charles N. | Well-meaning Insider
Software Developer | Investment Banking Firm
SITUATION: Discovering data “spills” and cleaning them up
Detection and Response
Use case: Data-at-Rest
WEBCAST: WHAT’S YOURS IS MINE 14
ActionProblem
Unhappy or departing employees copy or share sensitive data via email or removable storage
DLP Response
DLP monitors desktop and network activity
Notify (warn) the user of their actions
Inform manager, security and/or HR
Stop the transmission or copy
Result
Information assets don’t leave with the employee
People know they are being monitored
Mimi L. | Malicious Insider
Soon-to-be-former Account Executive | Staffing Firm
SITUATION: Attempting to copy customer records and resumes
Detection and Response
Use case: Data-in-Motion
WEBCAST: WHAT’S YOURS IS MINE
Gartner Magic Quadrant Leader for 8 straight years
This Magic Quadrant graphic was published by Gartner, Inc. as part of a
larger research note and should be evaluated in the context of the entire
report. The Gartner report is available upon request from
Symantec. Gartner does not endorse any vendor, product or service
depicted in our research publications, and does not advise technology
users to select only those vendors with the highest ratings. Gartner
research publications consist of the opinions of Gartner's research
organization and should not be construed as statements of fact. Gartner
disclaims all warranties, expressed or implied, with respect to this
research, including any warranties of merchantability or fitness for a
particular purpose
16
Source: Gartner, Inc., Magic Quadrant for Content-
Aware Data Loss Prevention, Eric Ouellet, January 3,
2013
WEBCAST: WHAT’S YOURS IS MINE
Symantec Difference - Threat Coverage
USB/CD/DVD
Stored data
Instant Message
FTP
SharePoint / Lotus Notes / Exchange
Databases
File Servers
Print/Fax
DLP PolicyMonitoring & PreventionDiscovery & Protection
Webmail
Web servers
Untrusted networks
17
WEBCAST: WHAT’S YOURS IS MINE
Symantec Difference – Detection Technology
DescribedContent Matching
Indexed Document Matching
DESCRIBED DATA
Non-indexable data
Lexicons
Regular Expressions
Data Identifiers
STRUCTURED DATACUSTOMER DATA
Customer / EmployeeData
Partial row matching
Near perfect accuracy
UNSTRUCTURED DATAINTELLECTUAL PROPERTY
Designs / Source / Financials
Derivative match
Near perfect accuracy
300M+ rows per server 5M+ docs per server
Exact Data Matching
18
WEBCAST: WHAT’S YOURS IS MINE
Symantec Difference – Granular Policies & Workflow
• Notifications
• Emails to sender/manager/IT Security, on-screen pop-up, marker file, SysLog alert, etc.
• Blocking
• SMTP, HTTP/S, FTP, IM, USB/CD/DVD, print/fax, copy/paste, etc.
• Modification
• For conditional encryption
• Relocate or copy file at rest
• Network Protect or Endpoint Discover
• FlexResponse for custom actions
• Two main ways of detection
1. Described data (DCM)
• Keywords, data identifiers, regular expressions, file type, etc.
• Sender or recipient attributes
2. Fingerprinted data
• Structured data (EDM)
• Unstructured data (IDM)
• Match count threshold
• And / or / if logic, including exceptions
Detection Rules Response Rules
Data Loss Policy
• Easily build from scratch or customize 60+ policy templates
19
WEBCAST: WHAT’S YOURS IS MINE
Symantec Difference – Workflow
80% of DLP is Incident Response
20
Right Automation Resolution, Enforcement, Notification
Right Person Route Incidents to Right Responder
Right Order High Severity of Incidents First
Right Information 5 Second Test
Right Action 1 Click Response
Right Metrics Prove Results to Execs and Auditors
WEBCAST: WHAT’S YOURS IS MINE
1000
800
600
400
200
0
Continuous Risk Reduction
21
Competitive Trap
Risk Reduction Over Time
Inci
den
ts P
er W
eek
Visibility
Remediation
Notification
Prevention
WEBCAST: WHAT’S YOURS IS MINE
Symantec Data Loss Prevention Products
23
Management PlatformSymantec Data Loss Prevention Enforce Platform
STORAGE ENDPOINT
Network Discover
Network Protect
Data Insight
Endpoint Discover
Endpoint Prevent
DLP for Mobile
Network Monitor
Network Prevent for Email
Network Prevent for Web
NETWORK
WEBCAST: WHAT’S YOURS IS MINE
The INSIGHT DLP Appliance
24
• Purpose-built network appliance for Symantec DLP software
• Four models offer scalability for any size network environment
• Two “Director models” are home to Enforce Management Platform, Oracle database, Data Insight, and detection servers
• Two “Sensor” models are home to additional detection servers and can be deployed in remote locations or additional network egress points
• Fully supported by infoLock Technologies
WEBCAST: WHAT’S YOURS IS MINE
• Data Insight
– Identifies data owners
– Monitors data usage
– Reviews permissions
• Integrates with Data Loss Prevention & Archiving
Symantec Data Insight Improves Data Governance
Users
Data (File Servers)
File Activity Monitoring Technology
Symantec Data Insight
Microsoft Windows • NetApp DataONTAP • Microsoft Sharepoint EMC Celerra • UNIX file servers with Veritas File System
26
WEBCAST: WHAT’S YOURS IS MINE
Data Insight Use Cases
2727
• Identify stale and orphan data and drive cleanup
• Build a consumption based chargeback model
• Understand usage and consumption patterns
• Manage custodians that need to be engaged in compliance efforts
• Automate data access reviews
• Adhere to data retention guidelines
• Remediate sensitive data through the integration with Symantec Data Loss Prevention
• Audit historical access, monitor sensitive data usage
• Find data at greatest risk of exposure and lockdown
Improved Data Management
Achieve Compliance
Protect Data from Security Risks
WEBCAST: WHAT’S YOURS IS MINE
Symantec Encryption Products
29
Management ConsoleSymantec Encryption Management Server
File Share Encryption
Drive Encryption
Removable Storage Encryption
Gateway Email Encryption
STORAGE ENDPOINT NETWORK
WEBCAST: WHAT’S YOURS IS MINE
Defense-In-Depth: Encryption + Data Loss Prevention
30
Network DLP / Email Gateway Encryption•Automatically encrypt emails containing sensitive data•Notify employees in real time/context about encryption policies and tools
Storage DLP / Shared Storage Encryption•Discover where confidential data files are stored and automatically apply encryption•Ease the burden to staff with near transparence
Endpoint DLP / Endpoint Encryption•Target high risk users by discovering what laptops contain sensitive data•Protect & enable the business by targeting encryption efforts to sensitive data moving to USB devices
WEBCAST: WHAT’S YOURS IS MINE
Symantec Enterprise Mobility Products
Mobile Management (MDM)
•Configuration, control and management of mobile devices•Policies applied to devices
App Center(MAM)
•Configuration, distribution and management of mobile apps/content•Policies applied to apps (app wrapping)•Enterprise App Store
Mobile Security(Threat Protection)
•Protect mobile devices from malware and unauthorized data access
Symantec Mobile Management Suite
31
WEBCAST: WHAT’S YOURS IS MINE
Symantec Data Loss Prevention for Mobile
Corporate Email
Web Applications
Third Party Apps
Monitor confidential data downloaded to company and employee-owned devices
Monitor and block confidential data sent from company-owned devices
Mobile Email Monitor Mobile Prevent
32
WEBCAST: WHAT’S YOURS IS MINE 33
For more information:
Chris Wargo
Thank you!