Protecting Sensitive Information and Your Reputation with Data Loss Prevention...

Protecting Sensitive Information and Your Reputation with Data Loss [email protected]

Copyright © 2007 Code Green Networks, Inc. All rights reserved.

2

Today’s Topics

The Information Protection Challenge Best Practices for Data Loss Prevention Implementing the Solution Demo


3

Data Loss and IP Loss Are Significant Risks

“If Phil Howard's calculations prove true, by year's end the 2 billionth personal record -- some American's social-security or credit-card number, academic grades or medical history -- will become compromised, and it's corporate America, not rogue hackers, who are primarily to blame. By his reckoning, electronic records in the United States are bleeding at the rate of 6 million a month in 2007, up some 200,000 a month from last year.”

Hackers get bum rap for corporate America's digital delinquencyPeter Lewis uwnews.org

“With respect to all data categories, the loss or theft of IP is the most costly type of data breach incident.”

Dr. Larry PonemonPonemon Institute

http://uwnews.org/apps/uwnews/public/rss.aspx?q=uwnByAuthorID&AuthorID=1657&numToShow=10000


4

New Channels, Such as WebMail, Are Significant Risks

January 11, 2007

Firms Fret as Office E-Mail Jumps Security WallsBy BRAD STONE

SAN FRANCISCO, Jan. 10 — Companies spend millions on systems to keep corporate e-mail safe. If only their employees were as paranoid.

A growing number of Internet-literate workers are forwarding their office e-mail to free Web-accessible personal accounts offered by Google, Yahoo and other companies. Their employers, who envision corporate secrets leaking through the back door of otherwise well-protected computer networks, are not pleased.


5

WebMail “Bypasses” Corporate Email Systems

SMTP Email ServerEx: MSFT Exchange

SMTP Email Archiver

Email archive

SMTP Email Keyword Filtering

Internet WebMail serverEx: Gmail, Hotmail, etc.

What are your users sending?• Customer account numbers?• Trade secrets?• Source code?• Financial results?• Tonight’s grocery list?

MSFT Outlook user

WebMail browser user


6

FRCP is Focusing Executive Attention on Email Inspection & Archiving

In December, 2006, the Federal Rules of Civil Procedure (FRCP) were amended to explicitly address the role of electronically stored information in federal civil procedures

Companies need to be able to: Identify sources of electronic evidence Specify where evidence resides Know how to produce it for opposing counsel if

necessary

Email represents 75% of corporate intelligence and is often the primary discovery source for litigation.


7

Data Privacy Laws Can Be Costly

Nearly 40 states have laws similar to California SB1386.

A federal law is currently making its way through Congress.

Laws require a company to notify customers or employees if nonpublic personal information about them is lost.

Average cost of a data breach to a company is $182 per lost record (Ponemon Institute Survey)


8

New Federal Trade Commission Guidance

Federal Trade Commission recently issued guidance on: “Protecting Personal Information: A Guide for Business” (www.ftc.gov)

Explicitly recommends email encryption and content monitoring as two techniques to help companies secure personal information.

http://www.ftc.gov/


9

Best Practices for Data Privacy

1. Establish Data Privacy Policies and Educate Employees

2. Monitor and Assess High-Risk Data Flows

3. Encrypt Authorized Transmissions of Sensitive Data

4. Block and Quarantine Unauthorized High Risk Transmissions

5. Implement Data Privacy Policies on Endpoint Computers


10

Data Leak Prevention Solution

The Content Inspection Appliance is installed at the network gateway and monitors all content flowing to the Internet across all TCP protocols:

•SMTP Email•WebMail•IM•HTTP•FTP

MTA

SMTP Server

Content Inspection Agents are installed on endpoint machines from a central console and monitor all content copied to/from external devices (ex: USB sticks, CD ROMS)


11

WebMail/HTTP Content Inspection & Enforcement


12

Flexible Policy Definition

Detection Criteria• Deep content fingerprinting• Data element fingerprinting• 390+ file formats

including image & CAD• Pattern match• Pre-defined match templates for SSN, etc.

Constraints• Source address• Destination address• Document format• Protocol• Exceptions

Actions• Log• Notify• Retain copy• Syslog• Block• Quarantine• Encrypt


13

Typical Policy

Fingerprint customer database elements: Name Date_of_birth Social_security_number Credit_card_number Account_number

“If (SMTP or HTTP or FTP) contains more than 4 occurrences of Name and (Social_security_number or Credit_card_number or Account_number) then log the incident, block the transmission and retain a copy of the message.”


14

Content Inspection Appliance Detects Fingerprinted Data in Messages


15

Incident Detection and Management


16

Email Encryption: Secure and Protect with a Single Policy

Automate compliance processes by detecting authorized sensitive messages and automatically encrypting them.

SMTP

[email protected] [email protected]

Encryption Server or Service

SMTP

LANPolicy = Encrypt if Sensitive

InternetDMZ

VSN


17

Implementation: Two Types of Information to be Protected

Intellectual Property Customer Data

Examples: M&A plans Financial reports Patent materials Design drawings Source code

Multiple document formats. Many languages. Unstructured content stored in file system or content management system.

Examples Social security no. Credit card no. Bank account no. Medical diagnostic code

Structured data stored in RDBMS or spreadsheet.

M & A Financial DataCustomer Data

Intellectual PropertyRegulatory Compliance

Business Critical Detect & Block X

Business Process Log / Quarantine / Re-route for encryption ?Price Lists

Purchase OrdersEmployment OffersCustomer contractsCustomer proposals

Sales & Marketing DataStatutory Reporting Data

Business Productivity Monitor trends !Sales activityWebmail traffic

Popular Web-siteseMail to competitors

Competitive web sitesTransmission of resume

Data Loss Prevention Hierarchy


19

Quick Configuration and Deployment

Typical deployment takes one day or less:

1-2 hrs. Install and configure appliance on network.

2-3 hrs. Define draft policies and fingerprint content.

1-2 hrs. Inspect network traffic.

2-3 hrs. Analyze incidents and tune policies.

Go live and deploy in production.


20

Customer Use Case – Financial Services

$5B+ Conglomerate in financial services and natural resources product manufacturing

Information protected (stored in Documentum and file system): Financial reports and plans Customer and vendor contracts Legal documents Personnel health and employment records Manufacturing process flow designs Consumer data

Value proposition: Avoid fines, compliance incidents, lost customers, remediation costs, lost trade

secrets and reputation damage by monitoring data and content flows.

Business drivers Compliance with state and federal laws. Value of digital assets -- trade secrets and intellectual property. Minimize reputation risk and preserve market capitalization.


21

Customer Use Case - Technology

Innovative network security software firm.

Information protected: Source code Product plans

Value proposition: Avoid loss of valuable and proprietary intellectual

property by monitoring content flows.

Business drivers: Value of digital assets -- trade secrets and intellectual

property. Demonstrate content protection controls as part of

IPO compliance initiatives.


22

Content Protection Benefits

Automates compliance to prevent costly and embarrassing compliance incidents.

Helps identify and fix poor business processes that expose sensitive data.

Changes behavior of trusted employees to prevent accidental disclosures.

Prevents industrial espionage.

Preserves firm’s reputation.


23

Gartner on the Value of Data Leak Prevention

“Gartner maintains, however, that the true value (of data leak prevention) lies in helping management to identify and correct faulty business processes and — crucially — identify and prevent accidental disclosures of sensitive data.

This concern is becoming more and more important because of the compliance demands of regulatory initiatives (for example, breach disclosure laws and HIPAA) and industry initiatives, such as the PCI standard.”

*Gartner, Inc., “Magic Quadrant for Content Monitoring and filtering and Data Loss Prevention, 2007”, by Paul E. Proctor, Rich Mogull, and Eric Ouellet, April 13, 2007.


24

Code Green Networks is Different

Totally focused on small and mid-size companies (few hundred network users to a few thousand):

All functionality packaged in a single appliance

Easy-to-use graphical user interface with wizards

Tiered pricing to match your organization’s size


25

About Code Green Networks

From the founders of SonicWall Sreekanth Ravi – Founder, Chairman and CEO Sudhakar Ravi – Founder and CTO

Team of 40 people 25 senior developers with a minimum of 7 years experience

each in networking & security technologies The Team has expertise in developing high performance,

appliance based content, networking and security products Core development team responsible for SonicWALL UTM

technology

Raised $32M in equity to date

Board of Directors includes recognized technology leaders Tim Guleri, GP Sierra Ventures Atul Kapdia, GP Bay Partners

HQ in Santa Clara, CA. Sales offices in United Kingdom, Germany, and Japan.

3975 Freedom CircleSuite 900

Santa Clara, CA 95054(408) 213-2300

www.codegreennetworks.com

Protecting Sensitive Information and Your Reputation with Data Loss Prevention...

Documents

Transcript of Protecting Sensitive Information and Your Reputation with Data Loss Prevention...