DLP

1

Agenda

AgendaInformation Risk Management and the Data Security SystemIP and DLP

22

Why DLP…because sensitive information is always moving and transforming

EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork

Partners

Business Analytics

Replica

Outsourced Dev.

Staging

DiskArrays

DiskArrays

DiskArrays

BackupDisk

BackupTape

BackupSystem

EnterpriseApplications

ProductionDatabase

InternalEmployees

RemoteEmployees

WAN

LAN

WWW

EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork

File Server

File Server

33

Growing Costs without Results

EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork

EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork

CostBreach Remediation

Regulatory FinesCompliance Efforts

Brand ErosionCustomer Churn

More sensitive information More sharing More credentialed users More markets for stolen data More sophisticated threats More regulations More complex environments

44

Sensitive Information

EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork

Partners

WAN

LAN

Business Analytics

EnterpriseApplications

Outsourced Dev.

Replica

Staging

BackupDisk

BackupTape

Collaboration &Content Mgmt

Systems

File Server DiskArrays

DiskArrays

DiskArrays

BackupSystem

ProductionDatabase

InternalEmployees

RemoteEmployees

WWW

High ImpactMedium ImpactLow Impact

Data stored on disk

Tape backupApp Data

Replicated DB for DR, bulk

analysis

Data in transit over WAN

Data sent/stored on public

infrastructure

IP shared with partner

Transformed data on

endpoints

Removable and printed media

Transformed data e-mailed

EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork

Database Data

File Server

Transformed data on FS

Data in CMS

Transformed Data on eRoom or

SharePoint sites

5

Why DLP – Case Study

Global retailer announces security breach, Jan. 2007

Brand Impact

Page 1 news: the most widely publicized breach ever

Millions of customers affected, globally

Major customer inconvenience e.g. Registry of Motor Vehicle

phone lines crash with customers rushing to remove Social

Security Numbers from Drivers Licenses

Customer Alert becomes “permanent” real estate on web

landing page

Earnings Impact Company records $196m charge for compromised customer cardholder records Discloses additional $21m charge to be recorded in 2009

Litigation 27 Putative Class Action lawsuits filed in over a dozen different jurisdictions Litigants include cardholders, card issuers, merchants and pension funds

6

What is Data Loss Prevention ?

Technology to Identify the important or business sensitive

information

Determine the IP

Identify the Critical Information stores

Monitor the flow of Information

Prevent the loss or unauthorized use of data

7

Security IncidentsSecurity Incidents

EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork

Revenue Growth Customer Retention ComplianceCost Reduction Business Continuity

Sensitive InformationSensitive Information

Data Security: Apply Policy Based on Drivers

Classification

High BizImpact

Medium BizImpact

Low BizImpact

Classification Policy: Description of sensitive data

Classification Policy: Description of sensitive data

Usage Policy: Appropriate handling in different contexts

Usage Policy: Appropriate handling in different contexts

PolicyPolicy

88

DLP Phases

EndpointEndpoint Apps/DBApps/DB StorageStorageFS/CMSFS/CMSNetworkNetwork

Discover & MonitorRisk Advisor Services

Data Loss Prevention Suite – Discover Modules

Enforce

Data Loss Prevention Suite – Enforcement Modules

Encryption SuiteEMC IRM Suite

Report & Audit

RSA enVision + DSS Audit Modules

PolicyPolicy

Policy & Strategy

Assessment Services

Security Architecture Services

Security Program & Policy Development Services

9

DLP Product Suite

DLP Datacenter

Monitor

Enforce

Discover

Enforce

DLP Endpoint

DLP Network

Discover and Remediate

ENTERPRISE

MANAGER

Discover and Remediate data at rest in the Datacenter

Monitor sensitive data in motion as it leaves the Network

Enforce sensitive data in motion as it leaves the Network

Discover sensitive data at rest on corporate endpoints including laptops

Enforce sensitive data in use on corporate endpoints including laptops

10

DLP Datacenter

Discovery Use Cases

Discover and remediate

sensitive data and help

put into categories

based on content and

context Segment High, Medium, Low

Impact

Remediate sensitive data by

deleting, quarantining, or

moving

Highlight areas in need

of additional

enforcement Encryption

Access Control solutions

eDRM enforcement products

Prove no sensitive

data existed prior to a

Laptop theft

11

Datacenter – Two Approaches

12

DLP Network – Monitor and Enforce

DLP Network Use

Cases Passively monitor data

leaving the network to

understand IT process

improvement areas and

identify key risk areas

Pass regulatory audits by

proving sensitive

information is being

blocked and or encrypted

as it leaves the network

Protect Intellectual

Property or Strategy and

operations data from

leaving the network

13

DLP Network - Distributed Network Approach

1414

DLP Endpoint - Enforce

DLP Endpoint - Enforce Use Cases• Protect sensitive

data on endpoints from being copied, printed, or saved to a unsecure file system or off to a mobile device

15

Discovery Technical Deployment Specs

End point Agent Support

Grid Worker / Agent

32 BIT OS 64 BIT OS

Windows 2000/

Windows XP/

Windows 2003/

Windows Vista

Windows 2003Windows

Vista

Enterprise or Site Coordinator

32 BIT OS

Windows 2000

Y N N

Windows 2003

Y N N

64 BIT OSWindows

2003Y Y Y*

16

Strategy---Vendor Selection

Define the requirements

Evaluating vendors against requirements

Vendor Presentations

Proof Of Concept against the self evaluated ratings

Product Check

Customer references

17

Gartner Magic Quadrant

18

Project Schedule

July 08 Discussion on the Project Need

Understanding the solution

Define the requirement for risk assessment

Define the DLP requirement criteria’s

August 08 Discussion with Vendors

Securing the Budget?

September – December 08 POC

Q2-09 Starting the Phase I

19

Security Posture

Security Event Monitoring in Bad Shape

Sensitive information flowing across egress and ingress

points

Phishing and malware Attacks

Internal and external threats

Security Framework

20

ISO 27001

Security Framework

Event Correlation

HIPS

DLP

NAC

21

Roadmap Framework

Define the Security Framework

ISO 27001

Identify and prevent against external threats

Monitoring tools

Protection from Phishing and Malware attacks

HIPS

Prevention from Internal threats

NAC

Protect IP

DLP

22

Technology Roadmap

Monitoring Event Aggregation

Event Correlation

HIPS End Point Security

Buffer Over flow and DOS attacks

Behavior based analyses

NAC Security Posture Checking

Pilot for Vendor Network

DLP Risk Analysis

Identify and control the Sensitive information

Protecting IP