dlp data leak prevention
DESCRIPTION
RT May 2014TRANSCRIPT
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
What are you getting:
2
1 2 3 4
5 6
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
Symantec DLP News
3
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
It’s about People
4
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
Customers need more than a technology solution
5
Source: http://www.slideshare.net/ArrowECSMarketing/data-loss-prevention-from-symantec
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
Variety of Misuse Actions
6
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
What is DLP?• DLP means different things to different people
* Data Loss Prevention
* Data Leakage Prevention
* Data Loss Protection
• DLP is always about protecting organization sensitive information.
• DLP technology is content aware
referred to as deep packet inspection, analyzes the payload
contained within a file or session.
• DLP references data in one of three states
* Data in motion
* Data at rest
* Data in use7
Source: http://www.slideshare.net/technetbelux/data-leakage-prevention-22804526
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
Defense In Depth: Encryption + DLP
8
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
Sensitive organization dataLack of familiarity with the types of information
that exist in organizations and processes related to use.
• What is confidential information?
• Where is it stored?
• What are the channels through which
information may leak ?
• What actions will be taken if and
when the event occurs leaked
confidential information?
9
Source: http://searchsecurity.techtarget.com/feature/IT-Security-Trends-2013-Mobile-security-concerns-tops-the-list
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
Round table Insights 2010
10
This project includes: Legal dep. , IT, HR.
50% organization culture, 50%
technology tools.
Data classification should include all
Department managers and management.
You can not get 100% coverage of Data
Leakage, even with three systems.
Not all organizations covering the issue of data leakage from all
views.
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
DLP ProjectI. Analysis of the business environment and existing threats
(internal / external ).
II. Data classification - Definition of Confidential Information / sensitive and classified according to the level of sensitivity. For example, Financial info, medical info, customers info etc.
III. Identification and mapping of confidential / sensitive data storage. For example: USB drives, Data Bases, file servers, mobile, PC etc.
11
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
DLP ProjectV. Mapping and analysis of business processes and information
lifecycle organization: create data, distribution data (email), backup, update a file server etc.
VI. Mapping and assessment of potential leakage channels. For example: Interfaces and external web links, third-party authors or temporary workers, faxes and printers etc.
VII. Characterization requirements- product selection and implementation, including compliance and design policies, procedures, processes Reply and complementary measures.
12
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
13
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
Recommendations
14
Work Procedures and Guidelines
Processing of events - depending on organization nature and information security team.capabilities
Responsibilities and new roles
Life cycle processes of organization information- Determining the classification tags each document creation stage.
Audit logging and connection to SIEM systems
Lifelong learning and improving the quality of monitoring depending on the events and the number of false alarms produced by the system.
Sigal Russin’s work/ Copyright@2014Do not remove source or attribution from any slide, graph or portion of graph
Thank You!