Protecting PII in the EUGTB Data Leak Prevention

March 27, 2012Oxford, UK

04/10/2023 Copyright GTB Technologies, Inc. 2

Price of a valid credit card w/ CVV

Price for bank account credentials

Exposed files on the network

Contain secure content

Cost per breached record

Confidential records stolen/lost

$0.10 to $25

$10 - $1,000

2 of 50 files

1 in 75 emails

Over $150

479,072,533

Sources: epic.org, Ponemon llc., Privacy Rights Clearinghouse

Security Breach Statistics - (2005 -2011):

04/10/2023 3Copyright GTB Technologies, Inc.

All time largest reported incidents

records date organizations Known Cost

130,000,000 January 20, 2009 Heartland Payment Systems $68 mill

94,000,000 January 17, 2007 TJX Companies Inc. $64 mill

90,000,000 June 1, 1984 TRW, Sears Roebuck Unknown

77,000,000 April 26, 2011 Sony Corporation $173 mill

76,000,000 October 5, 2009 National Archives and Records Administration unknown

40,000,000 June 19, 2005 CardSystems, Visa, MasterCard, American Express unknown

32,000,000 December 14, 2009 RockYou Inc. unknown

26,500,000 May 22, 2006 U.S. Department of Veterans Affairs $20 mill

25,000,000 November 20, 2007 HM Revenue and Customs, TNT unknown

24,600,000 May 2, 2011 Sony Online Entertainment, Sony Corporation unknown

Source: http://datalossdb.org/

04/10/2023 4Copyright GTB Technologies, Inc.

EU Electronic Communications GuidanceSection 16: Offences and Penalties

Failure to comply with certain provisions of the Regulations are criminal offences:

• Data Security and Data Breaches

• Unsolicited Marketing Communications

• Requirements specified in Information and Enforcement Notices issued by the

Commissioner Requirements imposed by the Commissioner’s authorised officers.

The offences attract a fine of up to €5,000 – per message in the case of unsolicited marketing – when prosecuted by the Commissioner in the District Court.

Unsolicited marketing offences may be prosecuted on indictment and attract fines of up to €250,000 in the case of a company and €50,000 in the case of an individual. A data security offence may similarly be prosecuted on indictment and attract the same level of Penalty.

Source: http://www.dataprotection.ie/documents/guidance/Electronic_Communications_Guidance.pdf

04/10/2023 Copyright GTB Technologies, Inc. 5

A DLP system performs real-time dataclassification on Data at Rest and Data in Motion and automatically enforces security policies including PREVENTION.

Defining DLP

04/10/2023 Copyright GTB Technologies, Inc. 6

2. Who is sending my data?

• Trusted users• Intruders• Spyware• Viruses

3. What data is being sent?

• PII• PHI• Source code• Intel. Property

4. Who is receiving my data?

• IP address• Email destination• Geographic

location

1. Where is my data?

• Desktops• Laptops• File shares• SharePoint

DLP answers 4 questions:

04/10/2023 Copyright GTB Technologies, Inc. 7

1. Control a broken business process

Who is sending, what data and to whom?

2. Demonstrate Compliance

I have no way of enforcing EU data loss compliance regulation

3. Automate Email Encryption

How do I automate encrypting emails which require it?

5. Severity Blocking

Some breaches are so severe that I prefer to altogether block them!

6. Visibility to SSL

I have no visibility to SSL in general and HTTPS in particular!

7. Detect/Block TCP from non-trusted users

How do I detect transmissions from non-trusted users (Malware/Viruses/Trojans)

4. Detect or Block encrypted content

Should I allow encrypted data to leave without content inspection?

My employees are not complying with the Written Information Security Policy (WISP)

8. Employees’ Education

The 8 use-cases for Network DLP

04/10/2023 Copyright GTB Technologies, Inc. 8

Where is my data?

04/10/2023 Copyright GTB Technologies, Inc. 9

Who is sending my data?

04/10/2023 Copyright GTB Technologies, Inc. 10

a

What data is being sent?

04/10/2023 Copyright GTB Technologies, Inc. 11

Who is receiving my data?

04/10/2023 Copyright GTB Technologies, Inc. 12

The problem of protecting PII – Avoid false positives

Last Name Email Phone Salary SSN Bank Account Credit Card

Abel abelr@proxyconn.com 9495550002 224491.19 001010003 12345678000000002 371230000000004

Abelson Hal_Abelson@proxyconn.com 9495550003 80721.60 001010004 123000000003 6011120000000000

Abourezk James_Abourezk@uci.edu 9495550004 84170.59 001010005 123000000004 5312340000000010

Abrams CAbrams@microsoft.com 9495550005 248851.63 001010006 12345678000000005 4123400000000014

Ace Jane-Ace@msn.com 9495550006 81827.08 001010007 123000000006 371230000000012

Acton john_acton@uci.edu 9495550007 38145.58 001010008 12000000007 6011120000000018

Adams adamsa@yahoo.com 9495550008 97567.90 001010009 1234000000008 5512340000000026

Adams dadams@ucla.edu 9495550009 27973.57 001010010 1000000009 4123400000000022

Adams HAdams@ucla.edu 9495550010 168487.07 001010011 123456000000010 371230000000020

04/10/2023 Copyright GTB Technologies, Inc. 13

Solution: Fingerprint your PII

www.gttb.com

GTB DLP Suite-Confidential

GTB DLP Live Demo

Essential Elements of DLP

1. Detection accuracy2. Resiliency to data manipulation3. Comprehensive protocol support4. File format independence5. Performance – no network degradation6. Security7. Detection of encrypted content8. User remediation

GTB DLP Suite-Confidential

Detection Engine Accuracy Would you enforce blocking if you don’t trust the event is true?

Imprecise Algorithms•Data Pattern engine•Bayesian analysis•Statistical analysis•Others

GTB DLP Suite-Confidential

Detection Accuracy (continued)Would you enforce blocking if you don’t trust the event is true?

Precise Algorithms

•Whole file hash•Cyclical hashes•Rolling hashes•Watermarking/tagging•Recursive Transitional Gaps (GTB proprietary)

GTB DLP Suite-Confidential

Un-structured Data Fingerprinting

Structured Data Fingerprinting - 100% accuracy!

Resiliency to Data Manipulation

Imprecise Algorithms

GTB DLP Suite-Confidential

•Data extracting – copy and paste

•File format conversion

•Compression

•File embedding

•File extension changes

•Re-typing – secure text is re-typed

•Data representation change (069-44-4321 –

069,44,4321)

File format and protocol independence

Imprecise Algorithms

GTB DLP Suite-Confidential

•SMTP, HTTP and FTP are most commonly

used

•HTTP Server, HTTP Tunnel, NNTP, IM, POP3,

MS Networks, SSL and unknown protocols

•Secure data may reside in any file format

Performance & Security

Imprecise Algorithms

GTB DLP Suite-Confidential

• Make sure all packets are scanned without network degradation• Make sure the solution is secure• Choose a solution that does not copy secure content in order to protect it

What data must be protected?Personal identifiable information (PII)

• Credit card number• Social security number• Customer name• Address• Telephone numbers• Account numbers/Member numbers/Tax ID’s• PIN or password• Username & password • Drivers license number• Date of birth

Enterprise class DLP

GTB DLP Suite-Confidential

04/10/2023 Copyright GTB Technologies, Inc.

Scans all TCP channels on all 65,535 ports

Enforcement Actions

Network DLP configuration - OOL

Slide 25GTB DLP Suite-Confidential

Mirror port switch

•Log

•Encrypt

•Quarantine

•Severity Block

Secure mail integration

GTB DLP Suite-Confidential

04/10/2023 Copyright GTB Technologies, Inc.

HTTPS visibility

Port 443

Slide 27GTB DLP Suite-Confidential