Keep it secret, Keep it safe - Data Loss Prevention at ... · •86% Loss of Sensitive Information...
Transcript of Keep it secret, Keep it safe - Data Loss Prevention at ... · •86% Loss of Sensitive Information...
Keep it secret, Keep it safe - Data Loss Prevention at your gateways
Sr Product Manager Security Practice Director at CDW
George Maculley Amanda Grady Sadik Al-Abdulla Sr Product Manager
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 1
SYMANTEC VISION 2014
This Isn’t Our Biggest Threat…
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 2
SYMANTEC VISION 2014
Or This…
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 3
SYMANTEC VISION 2014
It’s THIS.
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 4
Source: APT1: Exposing one of China’s Cyber Espionage Units, Mandiant®, 2013
SYMANTEC VISION 2014
AND This.
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 5
Ref: http://www.baselinemag.com/c/a/Security/10-Notorious-Cyber-Gangs/
SYMANTEC VISION 2014
APT1 Resume
• 141 compromises in 20 industries
• Maintain victim access average 356 days
– Longest compromise 4 years 10 months
• Haul approaching one petabyte of data
– 1,000,000,000,000,000
– $16,814,747,000,000 = est. US Nat’l Debt
• 87% targets English speaking
– 97% attack boxes registered to China
• Attack infrastructure over 1,000 servers
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 6
Source: APT1: Exposing one of China’s Cyber Espionage Units, Mandiant®, 2013
SYMANTEC VISION 2014
Cybercrime Economy
• Bulk Purchase of Stolen Credit Cards in 2013:
• Bulk Purchase of Stolen Credit Cards in 2014:
• Bulk Purchase of Social Security Numbers in 2013:
• Bulk Purchase of Social Security Numbers in 2014:
• Organizations Reported Data Loss in the last 30 days:
• Records Reported Lost in the last 30 days:
17/20 Malicious Data Breaches
2/20 Insider Fraud
1/20 Lost Hard Drive
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 7
Source: datalossdb.org
$25
$8
$15
$3
20
700,000+
SYMANTEC VISION 2014
But What Do We See Directly?
• 300+ DLP Risk Assessments
• 100% Discovery of Sensitive Information Outside Approved Areas
• 86% Loss of Sensitive Information DURING ASSESSMENT PERIOD
• 95% Accidental Exposure
• 1/20 NOT Accidental Exposure
• Over 80% Email Incidents
• Over 12% Web Incidents
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 8
SYMANTEC VISION 2014
Symantec DLP
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 9
SYMANTEC VISION 2014
Introducing Symantec Data Loss Prevention
• Organizations need to protect confidential data to demonstrate compliance and safeguard their brand, reputation, and IP
• Symantec Data Loss Prevention
– Locates and protects confidential data
– Makes sure confidential data does not leave the organization inappropriately
– Automatically enforces data loss policies
• 12th generation product, 2000+ customers, 50%+ of the F100, 9M+ covered employees, 7 years leading the Gartner Magic Quadrant
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 10
SYMANTEC VISION 2014
DLP Threat Coverage
USB/DVD
Hard Drives
HTTP/HTTPS
IM
Exchange, Lotus Notes Databases
File Servers
Print/Fax
DLP Policy Discover, monitor, protect, and manage
Webmail
Web Servers
Network Shares
Mobile Devices
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 11
FTP
SharePoint
SYMANTEC VISION 2014
Symantec DLP Architecture Secured Corporate LAN
SPAN Port or Tap
Network Discover - Data Insight - Network Protect
STORAGE
ENDPOINT
MGMT PLATFORM NETWORK
DMZ
Network Monitor - Network Prevent –
Mobile Email Monitor – Mobile Prevent
MTA or Proxy
Enforce
Endpoint Discover - Endpoint Prevent
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 12
SYMANTEC VISION 2014
Symantec DLP for Network Solution
Management Platform Symantec Data Loss Prevention Enforce Platform
Network Monitor
Network Prevent for Email
Network Prevent for Web
NETWORK
Keep it secret, Keep it safe - Data Loss Prevention at your gateways
• Inspects network traffic over high-risk protocols: email, web (HTTP/HTTPS), IM, and FTP
• Take action: redirects, quarantines, or blocks outbound messages containing sensitive data
• Take action: blocks or removes sensitive data from outbound web communications , including cloud and social media
13
SYMANTEC VISION 2014
Internet
Symantec Messaging Gateway
How Network Prevent for Web Works
In case of violation, Network Prevent tells Messaging Gateway to quarantine the message for review
End user tries to send sensitive data over email
Symantec Messaging Gateway sends messages to Network Prevent for inspection
A range of actions can be taken on the message from either Messaging Gateway or Enforce Platform
DMZ Corporate LAN
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 14
SYMANTEC VISION 2014
Demo Video
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 15
SYMANTEC VISION 2014
Network Prevent for Web
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 16
SYMANTEC VISION 2014
The Challenge
• 99% of data leakages are accidental
– But what to do about malicious insiders?
• How will malicious insiders exfiltrate sensitive data from your network?
– Encrypt files
– Web-based email
– Social media sites
– File shares, drop boxes
17 Keep it secret, Keep it safe - Data Loss Prevention at your gateways
SYMANTEC VISION 2014
Defense against the malicious insider
• Requires HTTP/HTTPS/FTP proxy
– Firewall must block non-proxied traffic
– Authorized man-in-the-middle
• Decryption is expensive
– Use URL categories to be selective
• User experience impact
– Non-browser apps
• Non-user impact
– Effective for blocking outbound malware communications!
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 18
SYMANTEC VISION 2014
How Network Prevent for Web Works
Network Prevent inspects data and, in case of violation, tells proxy to terminate or modify transmission.
End user initiates data transmission.
Proxy submits transmission to Network Prevent via ICAP.
If no violation, proxy forwards transmission downstream.
DMZ Corporate LAN
Internet
Network Prevent for Web
Web Proxy
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 19
SYMANTEC VISION 2014
Demo Video
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 20
SYMANTEC VISION 2014
Data Protection in the Cloud
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 21
SYMANTEC VISION 2014 22
• Intuitive, powerful data protection functionality
• Common policy elements across Email and Web channels
• Leverages policy resources of SYMC DLP
Solving the Challenges: Information Protection Data Protection for Email and Web Security.cloud
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 22
SYMANTEC VISION 2014 23
Web Security.cloud Data Protection, provides control of:
• Messages posted to blogs and message boards
• Interactions with social networking sites
• Entering text into search engines
• Uploading files to file hosting sites
• Sending email using a web-based email service
Solving the Challenges: Information Protection Data Protection for Web
HTTPS inspection
• Essential for Web Data Protection & general policy enforcement
• Helps combat web threats hosted on https sites
• No-charge enhancement for Web Security.cloud customers
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 23
SYMANTEC VISION 2014 24
Solving the Challenges: Information Protection Data Protection for Web
NEW – Enhanced Reporting
• Matched-content available within detailed reports
• Include surrounding content to provide context
• Choose to redact sensitive content on a per-policy basis
Securing internet use on and off network
• Policy templates including HIPPA, PCI, ITAR
• Policy resources shared across Email and Web**
• Managed policy resources, over 100 lists
• Granular control – multiple rules in a single policy
• Detect unique matches, set thresholds, case sensitivity
**Hosted Email & Web services
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 24
SYMANTEC VISION 2014
Conclusion
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 25
SYMANTEC VISION 2014
Take-aways
• I don’t have the staff for this!
– DLP Risk assessment
• Start enforcing at the gateway!
• Lab sessions available!
– 1523 - Protecting Email with DLP and Encryption
• Monday, May 5, 3:30 PM - 4:30 PM – MILANO 6
• Wednesday, May 7, 10:15 AM - 11:15 AM – MILANO 6
– 1545 - Encryption and DLP: The Power of Integration
• Tuesday, May 6, 1:30 PM - 2:30 PM – MILANO 3
Keep it secret, Keep it safe - Data Loss Prevention at your gateways 26
Thank you!
27
Please take a few minutes to fill out the short session survey available on the mobile app—the survey will be available in the mobile app shortly after the session ends. And then watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference.
To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the iTunes or Android stores.