selecting data security technology
DESCRIPTION
n this Security technology workshop for IT and network security practitioners, we will teach you a three step process you can use for selecting the right data security technology for your business at the best price. In this session we’ll have a free discission of the do’s and don’ts and the pros and cons of different technologies such as agent DLP, network DLP and DRM.TRANSCRIPT
Licensed under the Creative Commons Attribution LicenseDanny Lieberman
[email protected] http://www.controlpolicy.com/
Selecting Data security Technology
Agenda
• Introduction and welcome
• What is data security?
• Defining the problem
• Select by threat
• Building threat cases
• Three threat cases
• Data security taxonomy
• Selection process
Introduction
• Our mission today– Tools to help make your work easier– Share ideas
What the heck is data security?
• Security– Ensure we can survive & add value
• Physical, information, systems, people
• Data security– Protect data directly in all realms
Defining the problem
• You can't improve what you can't measure(*)
– Little or no monitoring of data flows• Perimeter protection, access control
– Firewall/IPS/AV/Content/AD
– Disconnect between HR, IT
(*) Lord Kelvin
We're not in Transylvania anymore
• Threat scenario circa 1993– Bad guys outside– Lots of proprietary protocols
• Threat scenario circa 2009– Bad guys inside– Everything runs on HTTP– Vendors decide threats
Model of a crime
• Means– Access rights
• Opportunity– With rights, insider can exploit
vulnerabilities in people, systems
• Intent– Uncontrollable
Enterprise integrationDiscoveryRegulatorsGartner
Building a threat case
MetricsAsset value, Threat damage to asset,Threat probability
Value at Risk=Threat Damage to Asset x Asset Value x Threat Probability
(*)PTA Practical threat analysis risk model
M&A threat case
Asset has value, fixed over time or variablePlans to privatize, sell 50% of equity
Threat exploits vulnerabilities & damages assets. IT staff read emails and files of management board
Employee leaks plans to pressBuyer sues for breach of contract.
Vulnerability is a state of weakness mitigated by a
countermeasure.IT staff
have accessto mail/file servers
Countermeasure has a costfixed over time or recurring.
Monitor abuse of privilege & Prevent leakage of
management board documentson all channels.
Service provider threat case
Asset has value, fixed over time or variableInternal pricing of service packages
Threat exploits vulnerabilities & damages assets.Outsourcing DBA has SQL access to pricing schema.
Competitor gets pricing and undercuts company.
Company loses reputation and revenue.
Vulnerability is a state of weakness mitigated by a
countermeasure.Outsource DBA
may gain accessduring end of month close
Countermeasure has a costfixed over time or recurring.Monitor abuse of privilege &
Prevent internal data leakageon Oracle database.
Media threat case – Israeli Trojan
Asset has value, fixed over time or variableNew product marketing campaign
Threat exploits vulnerabilities & damages assets.Competitors distributed custom attack on a CDROM
Got terms of new productundercut company.
Company loses revenue > $20M
Vulnerability is a state of weakness mitigated by a
countermeasure.Employees
may take a CDROMand insert it in their PC
Countermeasure has a costfixed over time or recurring.
Prevent leakage of datato unauthorized channels
Data Warehouse
Document Server
Session
Detection point
Decoders
Policies
Interception
Countermeasures
Received: from [172.16.1.35] (80230224 Message ID:<437C5FDE.9080>
“Send me morefiles today.
Management
Provisioning
Events
Reporting
Policies
Forensics
Data security taxonomy
Selecting a data security technology
• Prove 2 hypotheses:– Data loss is currently happening.– A cost effective solution exists that
reduces risk to acceptable levels.
H1: Data loss is happening
• What data types and volumes of data leave the network?
• Who is sending sensitive information out of the company?
• Where is the data going?
• What network protocols have the most events?
• What are the current violations of company AUP?
H2: A cost-effective solution exists
• What keeps you awake at night?
• Value of information assets on PCs, servers & mobile devices?
• What is the value at risk?
• Are security controls supporting the information behavior you want (sensitive assets stay inside, public assets flow freely, controlled assets flow quickly)
• How much do your current security controls cost?
• How do you compare with other companies in your industry?
• How would risk change if you added, modified or dropped security controls?
Match technology to threat case
Threat case Agent DLP Network DLP DRM
The Israeli Trojan
Install agent on every PC Install appliance at gateway None
Intercept Win32 calls Intercept Layer 2 traffic
Content, context and organizational policy
Content, channel and organizational policy
Monitor, block, prompt Monitor, block, quarantine
Execute policy even when PC is off network
Execute policy for endpointson network
Coming attractions
• Sep 17: Selling data security technology• Sep 24: Write a 2 page procedure• Oct 1: Home(land) security• Oct 8: SME data security
http://www.controlpolicy.com/workshops
Learn more
• Presentation materials and resources
http://www.controlpolicy.com/data-security-workshops