Keep it secret, Keep it safe - Data Loss Prevention at ... · •86% Loss of Sensitive Information...

Keep it secret, Keep it safe - Data Loss Prevention at your gateways

Sr Product Manager Security Practice Director at CDW

George Maculley Amanda Grady Sadik Al-Abdulla Sr Product Manager

Keep it secret, Keep it safe - Data Loss Prevention at your gateways 1

SYMANTEC VISION 2014

This Isn’t Our Biggest Threat…



Or This…



It’s THIS.


Source: APT1: Exposing one of China’s Cyber Espionage Units, Mandiant®, 2013


AND This.


Ref: http://www.baselinemag.com/c/a/Security/10-Notorious-Cyber-Gangs/


APT1 Resume

• 141 compromises in 20 industries

• Maintain victim access average 356 days

– Longest compromise 4 years 10 months

• Haul approaching one petabyte of data

– 1,000,000,000,000,000

– $16,814,747,000,000 = est. US Nat’l Debt

• 87% targets English speaking

– 97% attack boxes registered to China

• Attack infrastructure over 1,000 servers


Source: APT1: Exposing one of China’s Cyber Espionage Units, Mandiant®, 2013


Cybercrime Economy

• Bulk Purchase of Stolen Credit Cards in 2013:

• Bulk Purchase of Stolen Credit Cards in 2014:

• Bulk Purchase of Social Security Numbers in 2013:

• Bulk Purchase of Social Security Numbers in 2014:

• Organizations Reported Data Loss in the last 30 days:

• Records Reported Lost in the last 30 days:

17/20 Malicious Data Breaches

2/20 Insider Fraud

1/20 Lost Hard Drive


Source: datalossdb.org

$25

$8

$15

$3

20

700,000+


But What Do We See Directly?

• 300+ DLP Risk Assessments

• 100% Discovery of Sensitive Information Outside Approved Areas

• 86% Loss of Sensitive Information DURING ASSESSMENT PERIOD

• 95% Accidental Exposure

• 1/20 NOT Accidental Exposure

• Over 80% Email Incidents

• Over 12% Web Incidents



Symantec DLP



Introducing Symantec Data Loss Prevention

• Organizations need to protect confidential data to demonstrate compliance and safeguard their brand, reputation, and IP

• Symantec Data Loss Prevention

– Locates and protects confidential data

– Makes sure confidential data does not leave the organization inappropriately

– Automatically enforces data loss policies

• 12th generation product, 2000+ customers, 50%+ of the F100, 9M+ covered employees, 7 years leading the Gartner Magic Quadrant



DLP Threat Coverage

USB/DVD

Hard Drives

Email

HTTP/HTTPS

IM

Exchange, Lotus Notes Databases

File Servers

Print/Fax

DLP Policy Discover, monitor, protect, and manage

Webmail

Web Servers

Network Shares

Mobile Devices


FTP

SharePoint


Symantec DLP Architecture Secured Corporate LAN

SPAN Port or Tap

Network Discover - Data Insight - Network Protect

STORAGE

ENDPOINT

MGMT PLATFORM NETWORK

DMZ

Network Monitor - Network Prevent –

Mobile Email Monitor – Mobile Prevent

MTA or Proxy

Enforce

Endpoint Discover - Endpoint Prevent



Symantec DLP for Network Solution

Management Platform Symantec Data Loss Prevention Enforce Platform

Network Monitor

Network Prevent for Email

Network Prevent for Web

NETWORK

Keep it secret, Keep it safe - Data Loss Prevention at your gateways

• Inspects network traffic over high-risk protocols: email, web (HTTP/HTTPS), IM, and FTP

• Take action: redirects, quarantines, or blocks outbound messages containing sensitive data

• Take action: blocks or removes sensitive data from outbound web communications , including cloud and social media

13


Internet

Symantec Messaging Gateway

How Network Prevent for Web Works

In case of violation, Network Prevent tells Messaging Gateway to quarantine the message for review

End user tries to send sensitive data over email

Symantec Messaging Gateway sends messages to Network Prevent for inspection

A range of actions can be taken on the message from either Messaging Gateway or Enforce Platform

DMZ Corporate LAN



Demo Video



The Challenge

• 99% of data leakages are accidental

– But what to do about malicious insiders?

• How will malicious insiders exfiltrate sensitive data from your network?

– Encrypt files

– Web-based email

– Social media sites

– File shares, drop boxes

17 Keep it secret, Keep it safe - Data Loss Prevention at your gateways


Defense against the malicious insider

• Requires HTTP/HTTPS/FTP proxy

– Firewall must block non-proxied traffic

– Authorized man-in-the-middle

• Decryption is expensive

– Use URL categories to be selective

• User experience impact

– Non-browser apps

• Non-user impact

– Effective for blocking outbound malware communications!



How Network Prevent for Web Works

Network Prevent inspects data and, in case of violation, tells proxy to terminate or modify transmission.

End user initiates data transmission.

Proxy submits transmission to Network Prevent via ICAP.

If no violation, proxy forwards transmission downstream.

DMZ Corporate LAN

Internet


Web Proxy



Demo Video



Data Protection in the Cloud


SYMANTEC VISION 2014 22

• Intuitive, powerful data protection functionality

• Common policy elements across Email and Web channels

• Leverages policy resources of SYMC DLP

Solving the Challenges: Information Protection Data Protection for Email and Web Security.cloud



Web Security.cloud Data Protection, provides control of:

• Messages posted to blogs and message boards

• Interactions with social networking sites

• Entering text into search engines

• Uploading files to file hosting sites

• Sending email using a web-based email service

Solving the Challenges: Information Protection Data Protection for Web

HTTPS inspection

• Essential for Web Data Protection & general policy enforcement

• Helps combat web threats hosted on https sites

• No-charge enhancement for Web Security.cloud customers



Solving the Challenges: Information Protection Data Protection for Web

NEW – Enhanced Reporting

• Matched-content available within detailed reports

• Include surrounding content to provide context

• Choose to redact sensitive content on a per-policy basis

Securing internet use on and off network

• Policy templates including HIPPA, PCI, ITAR

• Policy resources shared across Email and Web**

• Managed policy resources, over 100 lists

• Granular control – multiple rules in a single policy

• Detect unique matches, set thresholds, case sensitivity

**Hosted Email & Web services



Conclusion



Take-aways

• I don’t have the staff for this!

– DLP Risk assessment

• Start enforcing at the gateway!

• Lab sessions available!

– 1523 - Protecting Email with DLP and Encryption

• Monday, May 5, 3:30 PM - 4:30 PM – MILANO 6

• Wednesday, May 7, 10:15 AM - 11:15 AM – MILANO 6

– 1545 - Encryption and DLP: The Power of Integration

• Tuesday, May 6, 1:30 PM - 2:30 PM – MILANO 3


Thank you!

27

Please take a few minutes to fill out the short session survey available on the mobile app—the survey will be available in the mobile app shortly after the session ends. And then watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference.

To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the iTunes or Android stores.

https://vision2014.quickmobile.com/

https://vision2014.quickmobile.com/

Keep it secret, Keep it safe - Data Loss Prevention at ... · •86% Loss of Sensitive Information...

Documents

Transcript of Keep it secret, Keep it safe - Data Loss Prevention at ... · •86% Loss of Sensitive Information...