(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data at Risk

WEBCAST: WHAT’S YOURS IS MINE 1WEBCAST: WHAT’S YOURS IS MINE

Chris Wargo, CISSP, CISAPresenter:

WEBCAST: WHAT’S YOURS IS MINE

Agenda

About infoLock Technologies

What Is the Insider Threat?

Symantec Data Loss Prevention

Symantec Data Insight

Q&A

2


About infoLock Technologies

3

• Information security consulting & integration services

• Symantec Security Focus Partner & DLP Master Specialist

• DLP Managed Services & INSIGHT DLP Appliance

• 100+ DLP implementations and engagements; customers range from 100 to 40,000+ users

• Customers in all industry verticals – financial services, healthcare, insurance, government, technology, legal, manufacturing, and telecommunications

WEBCAST: WHAT’S YOURS IS MINE 4

“Insider threats are not necessarily the result of rogue employees driven by malicious intent. Any employee with a device that stores information can be at risk of inadvertently compromising data security.”Quentyn Taylor, Director of Information Security, Canon


Well-meaning Insiders Malicious Insiders Malicious Outsiders

What do we mean by “Insider Threat”?


Malicious Attack, 37%

Employee Negligence, 35%

System or Process Error,

28%

Causes of Data Breaches

Source: 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute

“Insiders” are the leading cause of data breaches


“Insiders” agree that they are a risk!

SourceCorporate Data: A Protected Asset or a Ticking Time Bomb? Ponemon Institute, December 2014

•71% report having access to company data they should not be able to see

•54% characterize that access as frequent or very frequent

Employees have frequent access to sensitive data

they believe they should not be able to see

•47% say their organization does not strictly enforce data security policies

•45% say they are more careful with company data than their supervisors or managers

•Only 22% say their organization is able to tell them what happened to lost data, files or email

Employees believe data protection oversight and

controls are weak

•64% of employees and 59% of IT practitioners believe that insiders are unknowingly the most likely to be the cause of leakage of company data.

•Only 46% of IT practitioners say employees in their organizations take appropriate steps to protect the company data they access.

Employees and IT staff agree that employees are

unknowingly the most likely to be responsible for the loss of company

data


58% of employees store company-sensitive information on their personal devices

40% of employees use sensitive business data they have taken with them when they changed companies

More than 50% of employees send business documents to their personal email and don’t delete them after use

One-third of employees move work files to file sharing apps without permission

Sources:What’s Yours Is Mine: How Employees are Putting Your Intellectual Property at Risk, Symantec & Ponemon InstituteSecurity Awareness Training: It's Not Just for Compliance, Enterprise Management Associates

Risky behavior leads to data loss

Credit Suisse Says VP Stole Secrets


Introducing Symantec DLP

Symantec Data Loss Prevention enables you to discover, monitor and protect confidential information wherever it is stored or used

• Email, web, and other network-based communications• Servers, databases and other document repositories• Laptops, desktops, and removable storage• Mobile devices• Cloud applications


MANAGE

MANAGE

DISCOVER

• Identify scan targets

• Run scan to find sensitive data on network & endpoint

• Enable or customize policy templates

• Remediate and report on risk reduction

MONITOR

1

2 3

PROTECT

4

5

• Inspect data being sent

• Monitor network & endpoint events

• Block, remove or encrypt

• Quarantine or copy files

• Notify employee & manager

10

How Does It Work?


Action

Use case: Data-in-Motion

Detection and Response

Problem

Betty attempts to email confidential employee data without knowing it

DLP Response

Network: DLP inspects content and context for policy match as email leaves server

Endpoint: DLP inspects the mail when user hits “send”

Network: Monitor, notify user, encrypt or block

Endpoint: Display pop-up, justify, block email, remove content

Result

Help users understand and justify risk transparently

Block or encrypt data in some cases

Symantec Advantage

Betty G. | Well-meaning Insider

Asst. HR Manager | Insurance Company

SITUATION: Sending sensitive data over email


Sanjay V. | Well-meaning Insider

Assistant Controller | Manufacturing Company

SITUATION: Copying sensitive data to removable storage devices

ActionProblem

Sanjay copies pre-released financial data to removable media

DLP Response

Endpoint agent analyzes content based on policies

Monitor, record or notify

Automatically encrypt files using SEE

Result

Automatically encrypt content

Higher visibility into where data is going

Change users’ behavior


Use case: Data-on-the-Endpoint


ActionProblem

Charles inadvertently stores source code on an unprotected share

DLP Response

Network Discover scan finds the exposed source code, Data Insight IDs Charles as the file owner

Network Protect can:• Notify Charles • Encrypt the data• Move the file• Apply rights

management policies

Result

Secure your most sensitive assets – keep the malicious outsider from finding them

Competitive Advantage

Charles N. | Well-meaning Insider

Software Developer | Investment Banking Firm

SITUATION: Discovering data “spills” and cleaning them up


Use case: Data-at-Rest


ActionProblem

Unhappy or departing employees copy or share sensitive data via email or removable storage

DLP Response

DLP monitors desktop and network activity

Notify (warn) the user of their actions

Inform manager, security and/or HR

Stop the transmission or copy

Result

Information assets don’t leave with the employee

People know they are being monitored

Mimi L. | Malicious Insider

Soon-to-be-former Account Executive | Staffing Firm

SITUATION: Attempting to copy customer records and resumes


Use case: Data-in-Motion


The Symantec Difference


Gartner Magic Quadrant Leader for 8 straight years

This Magic Quadrant graphic was published by Gartner, Inc. as part of a

larger research note and should be evaluated in the context of the entire

report. The Gartner report is available upon request from

Symantec. Gartner does not endorse any vendor, product or service

depicted in our research publications, and does not advise technology

users to select only those vendors with the highest ratings. Gartner

research publications consist of the opinions of Gartner's research

organization and should not be construed as statements of fact. Gartner

disclaims all warranties, expressed or implied, with respect to this

research, including any warranties of merchantability or fitness for a

particular purpose

16

Source: Gartner, Inc., Magic Quadrant for Content-

Aware Data Loss Prevention, Eric Ouellet, January 3,

2013


Symantec Difference - Threat Coverage

USB/CD/DVD

Stored data

Email

Instant Message

FTP

SharePoint / Lotus Notes / Exchange

Databases

File Servers

Print/Fax

DLP PolicyMonitoring & PreventionDiscovery & Protection

Webmail

Web servers

Untrusted networks

17


Symantec Difference – Detection Technology

DescribedContent Matching

Indexed Document Matching

DESCRIBED DATA

Non-indexable data

Lexicons

Regular Expressions

Data Identifiers

STRUCTURED DATACUSTOMER DATA

Customer / EmployeeData

Partial row matching

Near perfect accuracy

UNSTRUCTURED DATAINTELLECTUAL PROPERTY

Designs / Source / Financials

Derivative match

Near perfect accuracy

300M+ rows per server 5M+ docs per server

Exact Data Matching

18


Symantec Difference – Granular Policies & Workflow

• Notifications

• Emails to sender/manager/IT Security, on-screen pop-up, marker file, SysLog alert, etc.

• Blocking

• SMTP, HTTP/S, FTP, IM, USB/CD/DVD, print/fax, copy/paste, etc.

• Modification

• For conditional encryption

• Relocate or copy file at rest

• Network Protect or Endpoint Discover

• FlexResponse for custom actions

• Two main ways of detection

1. Described data (DCM)

• Keywords, data identifiers, regular expressions, file type, etc.

• Sender or recipient attributes

2. Fingerprinted data

• Structured data (EDM)

• Unstructured data (IDM)

• Match count threshold

• And / or / if logic, including exceptions

Detection Rules Response Rules

Data Loss Policy

• Easily build from scratch or customize 60+ policy templates

19


Symantec Difference – Workflow

80% of DLP is Incident Response

20

Right Automation Resolution, Enforcement, Notification

Right Person Route Incidents to Right Responder

Right Order High Severity of Incidents First

Right Information 5 Second Test

Right Action 1 Click Response

Right Metrics Prove Results to Execs and Auditors


1000

800

600

400

200

0

Continuous Risk Reduction

21

Competitive Trap

Risk Reduction Over Time

Inci

den

ts P

er W

eek

Visibility

Remediation

Notification

Prevention


Symantec Data Loss Prevention Solution


Symantec Data Loss Prevention Products

23

Management PlatformSymantec Data Loss Prevention Enforce Platform

STORAGE ENDPOINT

Network Discover

Network Protect

Data Insight

Endpoint Discover

Endpoint Prevent

DLP for Mobile

Network Monitor

Network Prevent for Email

Network Prevent for Web

NETWORK


The INSIGHT DLP Appliance

24

• Purpose-built network appliance for Symantec DLP software

• Four models offer scalability for any size network environment

• Two “Director models” are home to Enforce Management Platform, Oracle database, Data Insight, and detection servers

• Two “Sensor” models are home to additional detection servers and can be deployed in remote locations or additional network egress points

• Fully supported by infoLock Technologies


• Data Insight

– Identifies data owners

– Monitors data usage

– Reviews permissions

• Integrates with Data Loss Prevention & Archiving

Symantec Data Insight Improves Data Governance

Users

Data (File Servers)

File Activity Monitoring Technology


Microsoft Windows • NetApp DataONTAP • Microsoft Sharepoint EMC Celerra • UNIX file servers with Veritas File System

26


Data Insight Use Cases

2727

• Identify stale and orphan data and drive cleanup

• Build a consumption based chargeback model

• Understand usage and consumption patterns

• Manage custodians that need to be engaged in compliance efforts

• Automate data access reviews

• Adhere to data retention guidelines

• Remediate sensitive data through the integration with Symantec Data Loss Prevention

• Audit historical access, monitor sensitive data usage

• Find data at greatest risk of exposure and lockdown

Improved Data Management

Achieve Compliance

Protect Data from Security Risks


Symantec Data Security > Defense in Depth


Symantec Encryption Products

29

Management ConsoleSymantec Encryption Management Server

File Share Encryption

Drive Encryption

Removable Storage Encryption

Gateway Email Encryption

STORAGE ENDPOINT NETWORK


Defense-In-Depth: Encryption + Data Loss Prevention

30

Network DLP / Email Gateway Encryption•Automatically encrypt emails containing sensitive data•Notify employees in real time/context about encryption policies and tools

Storage DLP / Shared Storage Encryption•Discover where confidential data files are stored and automatically apply encryption•Ease the burden to staff with near transparence

Endpoint DLP / Endpoint Encryption•Target high risk users by discovering what laptops contain sensitive data•Protect & enable the business by targeting encryption efforts to sensitive data moving to USB devices


Symantec Enterprise Mobility Products

Mobile Management (MDM)

•Configuration, control and management of mobile devices•Policies applied to devices

App Center(MAM)

•Configuration, distribution and management of mobile apps/content•Policies applied to apps (app wrapping)•Enterprise App Store

Mobile Security(Threat Protection)

•Protect mobile devices from malware and unauthorized data access

Symantec Mobile Management Suite

31


Symantec Data Loss Prevention for Mobile

Corporate Email

Web Applications

Third Party Apps

Monitor confidential data downloaded to company and employee-owned devices

Monitor and block confidential data sent from company-owned devices

Mobile Email Monitor Mobile Prevent

32


For more information:

Chris Wargo

[email protected]

Thank you!

mailto:[email protected]

(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data at Risk

Technology

Transcript of (Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data at Risk