By The Wanderers

Securing Cision’s Securing Cision’s Confidential Data with Data Confidential Data with Data

Loss Prevention SystemsLoss Prevention Systems

Outline of contentsOutline of contents

Business Problem and Requirements [Scott] Data Loss Prevention (DLP) Solutions [Angel] Proposed Solution [Koonal] Vendor Comparisons and Architecture [Wander] Company implementation & Conclusion [Scott]

Business ProblemBusiness ProblemProblem

Cision needs the capability to exchange confidential information securely and easily.

Cision 1200 Employees, 30+ offices, 8 countries Confidential Data

Credit Card / Client Information Customer privileged data Employee personal data Business Confidential data

Secure data from Employee Error, Employee Theft

Business Solution RequirementsBusiness Solution RequirementsRequired

Meet the Payment Card Industry (PCI) requirements for credit card handling

Prevent client, business or employee data from being incorrectly disclosed internally and externally

Global capabilities with central configuration and enforcement

Out of Scope Anti Virus, Firewall, Intrusion Detection Systems, Email Spam Filtering Limited Other legal requirements: No HIPPA or SOX requirements

Source: http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2008-04-techlinks/data-protection.jpg

DLP BackgroundDLP BackgroundDefinition of Data Loss Prevention

Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use, through deep content analysis.

-Rich Mogull of Securosis

Other TLAs Data Loss Protection Data Leak Prevention/Protection Information Loss Prevention/Protection Information Leak Prevention/Protection Extrusion Prevention System Content Monitoring and Filtering Content Monitoring and Protection

DLP BackgroundDLP BackgroundIdentify where holes or exit points where leaks may occur

Instant messaging (Yahoo Instant Messaging, Windows Live) P2P file sharing (e.g. LimeWire case as reported by LA Times) Media streaming Web mail (Yahoo mail, Gmail, Hotmail) USB storage devices (ZDNet story from UK) Removable drives Devices connected through external ports (Firewire, serial, parallel) FTP server Printouts

DLP BackgroundDLP Background

Source: Securosis.com http://securosis.com/images/uploads/Pragmatic_Data_Security-_Data_Protection_DecisiionsV2.006_.png

How data are flagged and identified Initial predefined policies

Social security numbers Prescribed in HIPAA, SOX, GLBA, etc. (Bank account numbers, Credit card

numbers) Customized categories based on client needs

Data Discovery Looks into the content and not just the file type Examine context considerations (factor in parent directories, user group

matching) Structured data matching (SSN, credit card numbers, etc) Unstructured data matching (diagrams, source codes, media files)

Fingerprint the data by using one way hash and saved in the database Information can then be used to identify confidential data elsewhere

DLP BackgroundDLP Background

Three different levels of DLP solution

Data in Motion Data which uses HTTP,

FTP, IM, P2P and SMTP protocols are mirrored in the DLP server for inspection where visibility is enhanced

Data at Rest Data in file servers,

databases, hosts computers set for file sharing, etc.

Data at End Points Data which sits on end

user hosts (workstations and notebooks)

DLP BackgroundDLP Background

Technical Feature Considerations Deep content analysis, monitoring and prevention

Identification and blocking capability Centralized Management

Central policy setting, dashboard features Broad content management across platforms and ease of Integration

Review of information infrastructure including software for requirement and compatibility issues

Automated remediation Transfer confidential files, LDAP lookup, secure purging of sensitive data

Business Environment Considerations Matching with Business Need

Matches defined business need over feature allure Market Presence

Major presence in the market, financial industry experience Staffing Needs

Staffing considerations to handle additional responsibilities

DLP BackgroundDLP Background

 The Selection

Given that the business problem of to be able to exchange confidential information securely and easily,

We believe that a DLP solution have the ability to address such need by identifying and securing confidential data in a comprehensive and efficient manner as described in the guidelines above,

We select Websense as a representative of such DLP solution which has met all criteria mentioned above.

Websense Global leader in integrated Web security, data security, and email

security solutions. Protects approximately 40 million employees at more than 40,000

organizations worldwide Core strength in Web filtering, discovery and classification of content

Source: http://www.websense.com/content/aboutus.aspx

Solution SelectionSolution Selection

Websense Data Security Suite Data Discovery Data Protect Data Monitor Data Endpoint

DLP Solution:DLP Solution:

Data Discovery Software-based solution that remotely scans specified network file

shares, databases, email servers, data repositories, and desktops to discover and classify confidential data on these systems

Automated remediation of unsecured confidential data on data repositories, such as encryption, file removal, etc

370 different types of file definitions

DLP Solution:DLP Solution:

Data Protection Protects data with policy-based controls that map to business

processes Automated, policy-based enforcement options including block,

quarantine, file removal, encrypt, audit and log, user notification in real time.

DLP Solution:DLP Solution:

Data Monitor Monitors and identifies what customer data is at risk; who is using

the data in real time; and where this data is going Precise ID technology

DLP Solution:DLP Solution:

Data Endpoint Provides endpoint security and control over what confidential data

is and should be stored (through local discovery) Who is using it How it is being used (with what applications) Where it is being transferred (USB storage, printer)

DLP Solution:DLP Solution:

Websense Data Security Suitein Action

(Case: Miss Bea Haven)

DLP Solution:DLP Solution:

Alternative Vendors (Considerations)Alternative Vendors (Considerations)

Vendor Strengths Weaknesses

Symantec Industry-leading network discovery and endpoint protectionSupports localization in 16 languagesMature deployment methodology

Most expensive enterprise license costsAdmin Console is not localized (English only)

Websense Robust on network discovery and endpoint protectionSupports localization in multiple languages and already has global presenceSubscription based or perpetual licensing

Most appealing to current WebSense clients wishing to leverage existing products

RSA(EMC) Robust on network discoveryProviding a broad range of DLP inspection capabilitiesDocument fingerprinting content-inspection capabilities.

Weak on endpoint protectionLimited localized detection and support

Alternative Vendors (Comparison)Alternative Vendors (Comparison)

Deployment Architecture Windows Enterprise Network 500 – 2,500 Users

DLP SolutionDLP Solution

Deployment Architecture Windows Enterprise Network 500 – 2,500 Users

DLP SolutionDLP Solution

Project Implementation Cost Estimates1st Year Fees / Component Qty Price TotalWebsense Data Security Suites 1200 $65 $78,300

Estimated Discount (25% of list) 1200 -$16 -$19,575

Implementation Consulting 80 $175 $14,000

Hardware $18,000

Totals $90,725

Ongoing Fees / Component (Yearly) Qty Price Total

Websense Data Security Suites 1200 $65 $78,300

Estimated Discount (25% of list) 1200 -$16 -$19,575

Totals $58,725

Company ImplementationCompany Implementation

Requirements Support

RequirementWebsense Supported Notes

Legal Requirements X PCIRegional / Language Requirements X 8 countries

Centralized Administration XAuto Identify Confidential Data XLimit End Point data actions XIndustry Recognized Leader X

Other ConsiderationsLimitations / Concerns

Software sold as subscription software (yearly ongoing costs)Websense cannot detect data within image

Will users be able to easily create new controlled data sets

Data Privacy rules are regional and may conflict

Company FeasibilityCompany Feasibility

Cision needs to add DLP capabilities to their current security solutions to meet the business needs.

Websense meets the requirements Websense is well positioned to grow with

Cision’s future needs. Your mileage may vary

ConclusionConclusion

Questions? Preguntas? Pangutana?Questions? Preguntas? Pangutana?

Tanong? Perguntas? Tanong? Perguntas? क्वे�स्चन्सक्वे�स्चन्स??

DON’T BE A MISS BEA HAVIN!