how to secure your files with dlp and fam
DESCRIPTION
A single gigabyte of data in your data center contains thousands of folders and a massive amount of files. Which files contain sensitive data? Who owns and has access to these files? How do you protect this data? When faced with an audit or forensic investigation, most organizations are left scrambling for answers to these questions. Learn how the unique combination of File Activity Monitoring (FAM) and Data Loss Prevention (DLP) technologies simplify and accelerate these processes, reducing the time to remediate and protect sensitive data. Our five step plan includes automating processes to: 1. Discover sensitive data 2. Identify data owners 3. Communicate with business owners 4. Implement policy controls 5. Remediate excessive accessTRANSCRIPT
![Page 1: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/1.jpg)
Presented by,
Ash Devata, Sr. Manager, DLP Products, RSA
Raphael Reich, Director of Product Marketing, Imperva
5 Ways to Lockdown Your Sensitive Files with DLP and FAM
![Page 2: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/2.jpg)
Agenda
Major Trends
5 Steps to Regain Control
Conclusion And Q&A
![Page 3: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/3.jpg)
Today’s Presenter
Ash Devata, Sr. Manager, DLP Products, RSA
Expertise
+ DLP, data security, information classification
+ Presented at RSA, ISC2 sessions, EMC World, etc.
Worked at
+ RSA, EMC, Startups
+ Chaired sustainable development projects in Boston
Academics
+ Degrees in MBA and Electronics and Instrumentation Engineering
+ Co-author of books/journals on BPO
![Page 4: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/4.jpg)
Today’s Presenter
Raphael Reich, Dir. Product Marketing, Imperva
Expertise
+ 20+ years in product marketing, product management, and software engineering
Professional Experience
+ Cisco, Check Point, Digital Equipment Corp.
Academics
+ Bachelor’s degree in Computer Science from UC Santa Cruz
+ MBA from UCLA
![Page 5: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/5.jpg)
CONFIDENTIAL
Major Trends 5 Steps to Regain Control
Conclusion And Q&A
![Page 6: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/6.jpg)
Data is Growing & Constantly Changing
Constant growthIDC: 11/09
0
100
200
300
400
500
1 2 3 4 5 6 7 8 9
Vo
lum
e
Time
60%
80%
20%
Unstructured (file data)
Structured (DB, Apps)
Substantial volumeIDC: 2009 File-Based Storage Taxonomy, 11/09
Enterprise data volume
• As data grows, so does the volume of user access rights• Rights are also very dynamic
• Employees, contractors, consultants, etc., join/leave the organization, start/finish projects, change job roles, etc.
![Page 7: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/7.jpg)
Two Types of Sensitive Data
• Credit card data
• Privacy data (PII)
• Health care information
Data You
Collect
• Intellectual property
• Financial information
• Trade secrets
Data You
Create
![Page 8: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/8.jpg)
And Companies Are Losing Data
Non-malicious end user trying to get the
job done
IT and Business managing data
without total visibility
Malicious user stealing data using
authorized tools
Three Main Threat Vectors
1 2 3
![Page 9: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/9.jpg)
Regulation Scope Example Requirement Control measure
PCI-DSS Credit card dataRequirement 7: “Restrict access to cardholder data by business need to know”
Audit and review user rights
HIPAA Healthcare-related PIISection 164.312(b): “Implement…mechanisms that record and examine activity…”
Activity monitoring
FERC-NERC
US energy industryRequirement 5.1.2: “…create historical audit trails of individual user account access activity.”
Activity monitoring
ITAR US weapons exportSection 120.17: Restricts “Disclosing…or transferring technical data to a foreign person…”
Audit and review user rights
MA 201 CMR 17
PII of state residents
Section 17.04 (1d): “…restrict access to active users and active user accounts…" Section 17.04 (2a) "restrict access...to those who need…to perform their job duties"
Audit and review user rights, plus Activity
monitoring to identify dormant users
And There Are Regulations to Prevent Data Loss
Regulations: sensitive data must be protected
Summary
Requirements Controls
Business need-to-know access
User rights auditing and reviews
Historical audit trails Audit file access activity
Restrict access to active users Correlate file rights with file accessactivity
![Page 10: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/10.jpg)
Personal Information Breach Notification Laws
46
3214
75%
States have PII breach notification laws
Number of notified incidents since Jan 2006
PII breaches are a result of insider actions
States with No PII Breach Notification LawsAlabama, Kentucky, New Mexico, and South Dakota
![Page 11: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/11.jpg)
Highly Prescriptive Regulations for Managing PII
Proactive
Prescriptive
Auditable
![Page 12: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/12.jpg)
Source: 2010, Annual Study: Cost of a Data Breach, Ponemon Institute
or $214 per record
What does a data breach
cost? US$7.2 Million
End of The Day, Data Loss is Very Expensive
![Page 13: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/13.jpg)
The Second Type of Sensitive Data Is Import Too
“Secrets comprise two-thirds of the value of firms’ information portfolios”
Forrester 2009: Securing Sensitive IP Survey
Source Code Blue PrintsFinancial Results
Contracts M&A InitiativesStrategic Plans
Patent Filings
BiddingRoad Maps
Programming
Partnership Plans Portfolio ModelsInvestment Details Competitive IntelPartnership Plans
Research Results Raw R&D DataUn-Published Docs Business PlansProduct Docs
Competitive
Advantage
Brand
Equity
Employee
Morale
![Page 14: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/14.jpg)
Taking Data With Them When They Go
70% of employees plan to take something with them when they leave the job
+ Intellectual Property: 27%
+ Customer data: 17%
Over 50% feel they own it
Source: November 2010 London Street Survey of 1026 people, Imperva
Insiders
![Page 15: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/15.jpg)
Example breach: $50M+ in automotive designs
Xiang Dong Yu
• Worked at Ford 10 years• Took 4,000 design documents• Estimated $50-100 Million in value• Went to work for Beijing Automotive Co.
![Page 16: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/16.jpg)
CONFIDENTIAL
Major Trends
5 Steps to Regain Control Conclusion And Q&A
![Page 17: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/17.jpg)
5-Steps To Regain Control
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy
controls
Remediate
![Page 18: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/18.jpg)
Discover Sensitive Data
SharePoint
Databases
Endpoints
NAS/SAN
File Servers
RSA DLP Datacenter
Agents
Temp Agents
Grid
Virtual Grid
• File extension
• File type, size, etc.
Attributes & Identity Analysis
• General keywords
• Specialized keywords
• Patterns and strings
• Proximity analysis
• “negative” rules
Content in File
![Page 19: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/19.jpg)
Data Discovery Is Part of RSA Data Loss Prevention
RSA DLP Network
RSA DLP Endpoint
Email WebConnected
PCs
RSA DLP Enterprise Manager
Disconnected PCs
RSA DLP Datacenter
File shares SharePoint Databases
![Page 20: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/20.jpg)
When You Find Sensitive Data…
• Who to contact?• What to ask?• How to track responses?• How to follow up?• How to orchestrate?• How to manage the process?
ResultSensitive files discovered by DLP
IT decides on remediation
Involve end-user in remediation
• IT does not have business context• Potential of disruption to business
![Page 21: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/21.jpg)
Step 2 In Regaining Control
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy
controls
Remediate
![Page 22: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/22.jpg)
How Owners Are Identified Today
See who created the file/folder
Examine ACLs
Mass e-mails
Phone calls
Keep notes
22
Finding an owner: 1 hour per folder on average
![Page 23: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/23.jpg)
Who Owns It? Ask The People Who Know Best…
23
?
![Page 24: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/24.jpg)
Step 3 In Regaining Control
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy
controls
Remediate
![Page 25: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/25.jpg)
Communicate With Data Owners
RSA DLP Datacenter
SharePoint
Databases
Endpoints
NAS/SAN
Agents
Temp Agents
Grid
Virtual Grid
File Servers
RSA DLPRisk Remediation Manager
Imperva FAM
Business Users
Discover Sensitive DataManage Remediation
Workflow
![Page 26: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/26.jpg)
Step 4 In Regaining Control
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy
controls
Protect files
![Page 27: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/27.jpg)
Real Time Policy Enforcement Through FAM
Block and alert when users outside Finance access Finance data
Drill down for details on “who, what , when, where”
See triggered alerts
![Page 28: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/28.jpg)
Leverage DLP Data Discovery in FAM
Click to import CSV
![Page 29: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/29.jpg)
Leverage DLP Data Discovery in FAM
-29
View classification in SecureSphere and
use in policy building
![Page 30: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/30.jpg)
Step 5 In Regaining Control
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy
controls
Remediate
![Page 31: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/31.jpg)
Apply Controls to Protect Data
RSA DLP Datacenter
SharePoint
Databases
Endpoints
NAS/SAN
Agents
Temp Agents
Grid
Virtual Grid
File Servers
RSA DLPRisk Remediation Manager
Imperva FAM
Apply DRM
Encrypt
Delete / Shred
Change Permissions
Policy Exception
Business Users
Discover Sensitive DataManage Remediation
WorkflowApply
Controls
![Page 32: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/32.jpg)
Remediate Excessive Access
Are there dormant users?• May want to revoke rights of inactive users
What rights are not used?• Users with access they appear not to need
Should “Everyone” have access to sensitive data?• “Everyone” group in Active Directory literally means all users
![Page 33: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/33.jpg)
Understand Access Rights And Their Origins
See what a user can access
…and how they got access to data
![Page 34: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/34.jpg)
Traditional Approach – The Old Way
Day 130K files discovered
by DLP
Day 150Spreadsheet consolidation
into an access database -
Attempt to deliver metrics
Day 180No consistent data.
Contractor funding extensions have ended.
Internal resources left with no repeatable process.
Day 4Minimal context
for file
ownership.
Let the e-mail
exchange begin.
![Page 35: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/35.jpg)
With The Solution: Reduce Time Up To 85%
Day T30K files discovered by RSA DLP
Day T + 15DLP RRM sends initial questionnaire to data owners
Data owners and IT agree on remediation controls
Day T + 6090% of files remediated
Repeatable and continuously monitored
Analyst work space and executive metrics in DLP RRM.
Day T + 5 1200 Owners in 10 Countries Identified by RSA DLP
Imperva identifies file owners based on access to files
![Page 36: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/36.jpg)
CONFIDENTIAL
Major Trends
5 Steps to Regain Control
Conclusion And Q&A
![Page 37: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/37.jpg)
To Wrap Up…
Discover sensitive data
Identify data owners
Communicate with data owners
Implement policy controls
Protect files
• Data protection is essential
• Data protection goes beyond IT
• Focus on people & process
• Look for more complete solutions
• Involve all stake holders in planning
![Page 38: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/38.jpg)
About RSA, The Security Division of EMC
Prove Compliance Secure Virtualization
& Cloud
Secure AccessManage Risk and Threats
SIEM DLPNetwork
MonitoringAuthentication
Web Fraud
DetectioneGRC IT GRC Encryption
![Page 39: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/39.jpg)
Usage
Audit
Access
Control
Rights
Management
Attack
Protection
Reputation
Controls
Virtual
Patching
Imperva: Our Story in 60 Seconds
![Page 40: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/40.jpg)
Webinar Materials
Post-Webinar Discussions
Answers to Attendee Questions
Webinar Recording Link
Much more…
Get LinkedIn to Imperva Data Security Direct for…
![Page 41: How to Secure Your Files with DLP and FAM](https://reader033.vdocument.in/reader033/viewer/2022050907/5580b33bd8b42ac6088b48e4/html5/thumbnails/41.jpg)
Questions and AnswersQuestions and Answers