be aware webinar symantec-maxímice su prevención hacia la fuga de la información
Post on 15-Apr-2017
223 Views
Preview:
TRANSCRIPT
Be Aware Webinar # 50:Maximice su Prevención Hacia la Fuga de InformaciónNueva Versión Symantec DLP v14.5
Jairo Pantoja MoncayoCISSP, CISM, CGEIT, CRISC, ABCP, ISO27001 LA, PCIP, AWSP, CobIT Found. Sec+ Senior SE, Symantec MCLAC RegionJune 8, 2016
Safe Harbor Disclaimer
This information is about pre-release software. Any
unreleased update to the product or other planned
modification is subject to ongoing evaluation by Symantec
and therefore subject to change. This information is
provided without warranty of any kind, express or
implied. Customers who purchase Symantec products
should make their purchase decision based upon features
that are currently available.
2Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Symantec Enterprise Security | ESTRATEGIA DE SOLUCIONES
3
Protección de Amenazas
ENDPOINTS DATA CENTER GATEWAYS
• Protección contra Amenazas Avanzadas a través de los Puntos de Control• Forensia incluida y Remediación dentro de cada Punto de Control• Protección Integrada para servidores Físicos, Virtuales y en la Nube• Administración en la nube para Endpoints, Datacenter y Gateways
Plataforma Unificada de Seguridad
Colección de Registros y Telemetría
AdministraciónUnificada de Incidentes y Hub
Integración en Líneade InteligenciaProcesable
EvaluacióncomparativaRegional e Industrial
Análisis de Amenazas y Comportamiento
Protección de Información
DATOS IDENTIDADES
• Protección integral para Datos e Identidades• Cloud Security Broker para Aplicaciones en la Nube y
Moviles• Análisis de Usuarios y Comportamiento• Cifrado y Administración de llaves en la Nube
Users
Data
Apps
Cloud
Endpoints
Gateways
Data Center
Servicios de Ciber SeguridadMonitoreo, Respuesta a Incidentes, Simulación, Inteligencia contra Amenazas
Copyright © 2015 Symantec Corporation
Copyright 2016, Symantec Corporation Informe sobre las Amenazas a la Seguridad en Internet 2016 - Volumen 21
Fugas de Datos 2015Reporte ISTR v.21
6
Copyright 2016, Symantec Corporation Informe sobre las Amenazas a la Seguridad en Internet 2016 - Volumen 21
232
93
552
348
429
0
100
200
300
400
500
600
2011 2012 2013 2014 2015
MIL
LON
ES
7
Total de Registros Expuestos, 2015
+23%
500
+30%
ESTIMADO
Copyright 2016, Symantec Corporation Informe sobre las Amenazas a la Seguridad en Internet 2016 - Volumen 21
Megafugas 2015
8
11
Seguridad de la Información y Cumplimientoregulatorio…..
• Sudeban (Venezuela)
• Resol. JB 3066:2014 (Ecuador)
• Circular 042 SF (Colombia)
• Ley 1581 Protección de datos (Colombia) -DI
• Ley LFPDPPP (México) -DI
• Ley 19.628 Protección de datos (Chile)
Algunas Amenazas
Copyright © 2014 Symantec Corporation12
Source: APT1: Exposing one of China’s Cyber Espionage Units, Mandiant®, 2013
A corporate black eye
2016 Gartner Magic Quadrant for Enterprise Data Loss Prevention: 9 Años líder indiscutible del Mercado
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Symantec. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose
Source: Magic Quadrant for Enterprise Data Loss Prevention, Brian Reed, Neil Wynne 28 January 2016, Gartner, Inc.
Copyright © 2016 Symantec Corporation16
DATA LOSS PREVENTION (DLP)
DESCUBRIR PROTEGERMONITOREAR
¿Cómo la protejo?¿Cómo esta siendo utilizada?
¿Dónde esta la información
confidencial?
Symantec - DLP
Copyright © 2016 Symantec Corporation17
Symantec - DLP
Evitar que personas maliciosas roben propiedad intelectual valiosa.
Educar y proteger a empleados.
Evitar la fuga o pérdida de datos confidenciales.
Cumplir con las leyes globales de privacidad.
Proteger su reputación.
Capacidad de Detección en DLP
Copyright © 2015 Symantec Corporation18
Unified ManagementExtending Data Protection for the Cloud
BoxOffice 365iOSAndroid
EmailWebFTPIM
USBHard Drives
Removable StorageNetwork Shares
Print/FaxCloud & Web Apps
File ServersExchange, Lotus
SharePointDatabases
Web Servers
Tecnologías en la detección de archivos
DescribedContent Matching
Indexed Document Matching IDM
Vector Learning Machine
DATOS DESCRITO
Datos No Indexables
Léxicos
Data identifiers
DATOS ESTRUCTURADOS
Datos de Clientes / Empleados / Personas
Partial row matching
Precisión casi perfecta
DATOS NO ESTRUCTURADOS PROPIEDAD INTELECTUAL
Diseños / código fuente / Finanzas
Derivative match
Precisión casi perfecta
300M+ docs por servidor 5M+ docs por servidor
Exact Data Matching
DATOS NO ESTRUCTURADOS PROPIEDAD INTELECTUAL
Diseños / código fuente / Finanzas
Derivative match
Precisión perfecta
DLP 14.5 Algunas Novedades
• Principales Características:
– Cloud Storage: Cuarentena de Incidentes en Box.
– Enforce Platform : Importar, Exportar y Clonar Políticas, Soporte de Red Hat Enterprise Linux 7.1, correlacionamiento entre Incidentes en Network Prevent con un usuario final.
– Detection: Nueva tecnología de Detección: Reconocimiento de Formatos, nuevos data identifiers.
– Endpoint: Monitoreo de operaciones en Box con Cloud Storage: Save As en documentos deOffice, Soporte en Windows 10 (HTTP and FTP aplicaciones de almacenamiento), Monitoreocomplete en Safari, Chrome y Firefox para endpointsMac, Monitoreo de Outlook 2011 enendpointsMac, Monitoreo de carpetas compartidas en endpoints Mac, Clipboard (Paste) enMac, entre otras.
21Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Resúmen y Casos de Uso
• Las organizaciones nos solicitan constantemente la necesidad de proteger informaciónque se encuentra diligenciada a mano en formatos pre-establecidos escaneados y que en su mayoría, contiene Información de Datos Personales.
x ej: Formatos de regístros de visitas, registros médicos, encuestas, bitácoras…
• Nueva Tecnología de reconocimiento de imágenes.
• Se pueden habilitar todas las capacidades de detección y prevención de DLP.
23Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Ejemplo
The algorithm looks for “key-points” or “regions” and analyses the images being detected against those previously indexed.
It is not based on Optical Character Recognition.
24Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Arquitectura básica
25Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Form Recognition
Engine
Capacidades Adicionales en los Incidentes
Filled sections are highlighted.
Confidence and Fill Score results.
Additional improvements have been made in XML Export, Web Archive and to the Reporting and Update API.
26Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Controls to Zoom and Rotate the image.
Nuevos Identificadores de Datos Disponibles
International Securities Identification Number (ISIN)Mobile Identity Numbers - IMEI Number
Japanese My Number – Corporate
Japanese My Number - Personal
Australian Company Number Mexico CLABE Number
Australian Passport Number New Zealand Ministry of Health Number (NHI)
Australian Tax File Number South Korea Resident Registration Number
Colombian Addresses Spanish DNI ID
Colombian Cell Phone Number Ley 1581 DatosPersonales
Turkey Citizenship Number / Turkish Identification Number
Colombian Personal Identification Number Ley 1581 Drug Enforcement Agency (DEA) Number
Colombian Tax Identification Number Ley 1581 National Provider Identifier (NPI)
Finland National ID Number Washington State Driver’s License Number
30Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Resúmen y Casos de Uso
• Exportar, Importar y clonar políticas
• Dentro del mismo Enforce Server o entre diferentes Consolas Enforce
– Estrategias de Recuperación ante desastres
– Minimizar la administración
– Asistencia en la resolución de problemas disponible
Symantec DLP 14.5 Differences Training: Storage, Platform and Reporting32
Nuevas Opciones disponibles en la GUI
Policies are imported one at a time.
All the existent policies can be exported. XML files are contained in a Zip file [ENFORCEHOSTNAME]-policies-DATE-TIME.ZIP.
Policies can be exported individually as an XML file[ENFORCEHOSTNAME]-[POLICYNAME]-DATE-TIME.XML.
Symantec DLP 14.5 Differences Training: Storage, Platform and Reporting33
Overview
• Cloud Sync was first introduced in DLP 14.
• Improvements and new features (for Box ®)
– Identity aware protection, allowing organizations to use cloud applications through Enterprise accounts.
– Prevent upload of corporate sensitive information to personal Box account through Sync and Office clients by applying detection policies.
– Identity based ignore filtering is applicable to Box only and not for other cloud storage applications.
35Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Requirements and Prerequisites
• Below applications should be installed on endpoint
– Box Sync.
– MS office.
– Box for Office Add-in.
• Supported Versions of Office
– Office 2016 (x86, x64).
– Office 2013 (x86, x64).
– Office 2010 (x86, x64).
36Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Configuración
Enable Cloud Storage channel under Configured Applications.
Accounts or domains whose content will be ignored by DLP Agent for Box operations.
37Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Ejemplo Prevención de Fuga - Excel
When the user clicks on Share, this windows is
displayed before triggering the upload
operation. Quarantine location.
Box for Office ribbon.
38Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Ejemplo Prevención de Fuga Office
Corporate accounts or domains can be excluded from detection at Agent Configuration level. Box for Office user logged with an enterprise account.
39Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Ejemplo Prevención de Fuga - Outlook
40Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Resúmen
• Mejoras Disponibles en DLP v14.5
– New Form Recognition detection technology.
– IDMv3 improving index and detection performance and extending support to Endpoint (Windows and Mac).
– New detection rule to protect email based on the number and size of attachments.
– Endpoint Cloud Sync identity-based usability and protection.
– New international data identifiers.
– Out-of-the-Box quarantine response rule for Cloud Storage.
– New Policy Export and Import process.
– Improved IP Address to Username resolution configuration.
– Red Hat Enterprise Linux 7.1 and 7.2 support.
45Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting
Thank you!
Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Jairo Pantoja
Jairo_pantoja@symantec.com
top related