data loss prevention overview
play

Data Loss Prevention Overview Jeff Silver, CISSP Delaware DLP - PowerPoint PPT Presentation

Oct 13, 2023 •166 likes •554 views

Data Loss Prevention Overview Jeff Silver, CISSP Delaware DLP Technical Specialist AGENDA: I. Introduction II. WHY Data Loss Prevention III. DLP Architecture and Fundamentals IV. Examples of DLP Violations IV. Examples of DLP

  1. Data Loss Prevention Overview Jeff Silver, CISSP Delaware DLP Technical Specialist

  2. AGENDA: I. Introduction II. ‘WHY” Data Loss Prevention III. DLP Architecture and Fundamentals IV. Examples of DLP Violations IV. Examples of DLP Violations V. Questions and Discussion

  3. What Makes A Business Consider DLP? Many customers worry about data extraction and leakage: • Reputation Damage/Strategic Loss • Compliance Fines • Litigation and financial loss

  4. What Makes A Business Worry about DLP? The Legal Department informs the Network Security Team that a DLP deployment might violate International Privacy Laws in Europe. The Human Resources Department does not feel comfortable installing DLP Agents onto employee PCs, as active monitoring of every user action is generally frowned upon.

  5. Legal Considerations for DLP PC ‘Barker’ message that comes up for every login session. This message must contain the proper legal ‘verbage’ to clearly remove the employees ‘right’ to any privacy on company owned equipment. Employee action to click on this message stating they read and understand this corporate policy. Employees must sign an employee handbook . For certain industries, annual confirmation is required [i.e. Healthcare]. This handbook should clearly lay out in confirmation is required [i.e. Healthcare]. This handbook should clearly lay out in solid legal terms that the company has the right to monitor all user actions while they are using or accessing corporate resources. On-line mandatory training regarding protection of corporate intellectual property and other sensitive data [in relation to regulations the company must adhere to] is an added value. Clearly written ‘Standard Operating Procedures’ on corporate policy that lays out not just what the company can and will do to the employee, but what the interaction is with Law Enforcement, if intervention is needed.

  6. Legal Considerations for DLP--- BYOD Should the employer issue out mobile devices or let the employee use their own for corporate use? Compartmenting work spaces with ‘Containers’. Corporate applications that can be accessed from personal devices. For example, Outlook Web Application. How do you monitor this vector of data loss that can happen right from the employees living room! Has the organization formalized a clear plan of action for what to do if sensitive data has been moved onto an active employees personal device? Has the organization factored in State and Federal Privacy Laws that apply to it’s business and employees? If the organization is International in nature, is the network infrastructure segmented so that security tools can be implemented in a way that does not violate stricter overseas privacy laws [for example, Germany and France]? Defense in depth to cover this vector.

  7. Compliance and Regulations PCI Internal HIPAA GLBA HSPD 12 DSS Policy Country CSB 1386 Privacy SOX EU CDR UK RIPA Laws Data Data EU Data EU Data FISMA COCOM Security FACTA Privacy Act FFIEC BASEL II J-SOX IRS 97-22 NERC State Partner NISPOM ACSI 33 NIST 800 Privacy Rules Laws

  8. Why is Data Security So Difficult? :because sensitive information is always moving and transforming Privileged Privileged Privileged Privileged Customers Users Users Users Users WWW Production Internal eCommerce Disk Backup Database Employees Applications Arrays Tape WAN Production Enterprise File Server Backup LAN Disk Database Applications Remote System Arrays Campuses VPN Business Replica Analytics Portals Disk Backup Remote Arrays Disk Employees Staging Outsourced Collaboration & Dev. Disk Content Mgmt Arrays Systems Partners Endpoint Endpoint Network Network Apps/DB Apps/DB FS/CMS FS/CMS Storage Storage

  9. The “community’ of attackers Organized Unaware/Petty crime criminals Organized, sophisticated Criminals Unsophisticated supply chains (PII, financial services, retail) Nation PII, government, defense industrial base, PII, government, defense industrial base, state state IP rich organizations actors Anti-establishment CyberTerrorists vigilantes Non-state “Hacktivists” PII, Government, critical infrastructure Targets of opportunity actors

  10. DLP ARCHITECTURE

  11. Data Loss Prevention Components DLP Enterprise Manager Unified Policy Mgmt & Incident User & System Dashboard & Workflow Administration Reporting Enforcement DLP Endpoint DLP Datacenter DLP Network Discover Discover Monitor Monitor Monitor Monitor File shares, SharePoint sites, Email, webmail, IM/Chat, FTP, Hard Drives, USB, External Devices, Databases, SAN/NAS HTTP/S, Telnet, etc Print Actions, burn to CD/DVD, etc. Remediate Enforce Enforce Quarantine, Move to secure location, Allow, Notify, Block, Encrypt Allow, Justify, Block on Copy, Save Delete, or Shred As, Print, USB, Burn, etc. Electronic Data Rights Electronic Data Rights Encryption Encryption Access Controls Access Controls Management Management 11

  12. DLP Management Single policy and administration interface for all DLP components • Network • Datacenter • • Endpoint Endpoint Consolidated workflow and remediation Custom incident search engine Active Directory integration [key for reports] Role-based permissions and report access

  13. Reducing Your Sources of Risk: Data at Rest Remediate Discover Analyze Rescan sources to measure and manage risk Rescan sources to measure and manage risk File shares, Servers, Laptops Databases & Repositories Remediation 300+ True File types • Windows file shares • Microsoft Office Files • SharePoint • Delete • Unix file shares • PDFs • Microsoft Access • Move • NAS / SAN storage • PST files • Oracle, SQL • Quarantine • Windows 2003, 2008 • Zip files • Content Mgmt systems • Notifications • Windows XP, 7 13

  14. Grid Worker Automation Drives Performance Automatic Load Balancing Grid Workers work together, intelligently balancing the scan load. They can be modified on the fly as well. Grid Workers can be dedicated servers, or even existing servers and PCs in the environment. The grid worker service can be made permanent or temporary, based on the needs of the business. the needs of the business.

  15. DLP Datacenter and Endpoint: Agent Details Agent Software Uses • Site Coordinator Software • Scanning Agent • Permanent • Temporary (Dissolvable) • Grid Worker Agent • • Endpoint Enforcement Agent (policy-enabled) Endpoint Enforcement Agent (policy-enabled) Agent Software Deployment Options • Manual installation • RSA DLP Enterprise Manager push installation • SMS or other configuration management tool Temporary scan agent Permanent scan agent 15

  16. 8 Best Practices for Enterprise Data Protection Know where your sensitive Sensitive Information Sensitive Information data resides What level of sensitivity is it How many copies exist Who has access to it Who has access to it Is it dormant Policy Policy Set appropriate controls based on policy, risk and location of data Manage centrally Audit consistently Security Incidents Security Incidents Endpoint Network Applications FS/DB Storage

  17. REAL WORLD ‘ DATA CENTER ’ INCIDENTS

  18. Tightening Up Loose Ends

  19. Tightening Up Loose Ends [Part 2]

  20. Tightening Up Loose Ends [Part 3]

  21. PST Files and User Backup Data Issues

  22. Executive Level Sensitive Information

  23. Executive Level Sensitive Information

  24. REAL WORLD ‘ NETWORK ’ INCIDENTS

  25. Protecting Data In The Network: Data in Motion Monitor Analyze Enforce Email Instant Messages Web Traffic Remediation • SMTP email • Yahoo IM • FTP • Audit • Exchange, Lotus, etc. • MSN Messenger • HTTP • Block • Webmail • AOL Messenger • HTTPS • Encrypt • Text and attachments • Google Talk/Chat • TCP/IP • Log 25

  26. Sending Work Home---In the ‘Wild’ This employee sent work home, and it contained a lot of SSNs.

  27. Medical Information to Russia [with love]

  28. Tracking Legitimate Encrypted Business Traffic RSA DLP can help track business traffic that is encrypted.

  29. Protecting Data In The Endpoint: Data in Use Monitor Analyze Enforce Print Copy and Save As Actions & Controls USB • Local printers • External hard drives • Copy to Network shares • Justify • Network printers • Memory sticks • Copy to external drives • Notify • i-Pods, portable discs • Save As to external • Block drives • Audit & Log 29

  30. UNDER THE ‘DLP’ HOOD

  31. DLP Classification Methodology Described Content Analysis Content Analysis Fingerprinted Analysis 31

  32. DLP Classification Methodology Built-in Expert Policy Templates •Policies ‘out of the box’ • National & International Regulations • Includes PCI, PII, HIPAA, GLBA, etc. • Industry specific templates 32

  33. DLP Classification Methodology Described Content Analysis • Keywords, Phrases, RegEx, Dictionaries • Special patterns - Entities • Proximity analysis • Positive and negative rules •Weighting 33

  34. DLP Classification Methodology Fingerprinted Analysis • Register known sensitive data • Applicable for any binary/digital file • Intellectual property protection • Automated fingerprinting 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data Loss Prevention Academic Senate Meeting October 18, 2017 Data Protection Program

Data Loss Prevention Academic Senate Meeting October 18, 2017 Data Protection Program

Data Loss Prevention Academic Senate Meeting October 18, 2017 Data Protection Program Empower users with the Secure critical data assets, ability to use new protect data confidentiality, and technologies while managing minimize

329 views • 4 slides
Quick Wins with Data Loss Prevention How to Make DLP Work for You Mark Moroses, Assistant CIO,

Quick Wins with Data Loss Prevention How to Make DLP Work for You Mark Moroses, Assistant CIO,

Quick Wins with Data Loss Prevention How to Make DLP Work for You Mark Moroses, Assistant CIO, John Dasher, Senior Director, Rich Mogull, CEO & Analyst Continuum Health Partners Data Protection, McAfee Securosis, L.L.C. Agenda Rich

951 views • 33 slides
Data Loss Prevention @ Duquesne University Brad Maloney | maloneyb@ duq.edu Manager, Secure

Data Loss Prevention @ Duquesne University Brad Maloney | maloneyb@ duq.edu Manager, Secure

Data Loss Prevention @ Duquesne University Brad Maloney | maloneyb@ duq.edu Manager, Secure Integrated Infrastructure Michael Muto | mutom@ duq.edu Sr. Information Security Engineer Reasons for DLP Assessing where your organizations

329 views • 20 slides
with DLP Real World Scenarios My Journey into Patient Data Protection 10+ years in Data Loss

with DLP Real World Scenarios My Journey into Patient Data Protection 10+ years in Data Loss

Stopping PHI Theft with DLP Real World Scenarios My Journey into Patient Data Protection 10+ years in Data Loss Prevention Dozens of customer installations across the finance and healthcare industries Chris Leffel My story in

603 views • 32 slides
Using Loss Data to Win Over Clients Webinar: June 29 th @ 11am EDT How can you use loss data to

Using Loss Data to Win Over Clients Webinar: June 29 th @ 11am EDT How can you use loss data to

Using Loss Data to Win Over Clients Webinar: June 29 th @ 11am EDT How can you use loss data to justify your coverage recommendations and help determine appropriate limits? When clients ask you for relevant loss examples, how do you respond and

341 views • 18 slides
Noise Audits What they are and the training required to do them The Hearing Loss Prevention/

Noise Audits What they are and the training required to do them The Hearing Loss Prevention/

Noise Audits What they are and the training required to do them The Hearing Loss Prevention/ Noise Rule includes a section on noise audits. The following three modules provide information on noise audits: Module 1 is a general overview of

570 views • 18 slides
Loss Prevention Committee Richard Decker, Chairman AIG / President Global Marine September

Loss Prevention Committee Richard Decker, Chairman AIG / President Global Marine September

Loss Prevention Committee Richard Decker, Chairman AIG / President Global Marine September 18, 2013 Loss Prevention Committee Members 2013 Richard Decker, USA, Chairman Raymond Ng, Hong Kong John Aston, UK Terje Paulsen, Norway Massimo

366 views • 18 slides
Prevention Presented by: Paul Robertson, Construction Safety Services Director Integrated Loss

Prevention Presented by: Paul Robertson, Construction Safety Services Director Integrated Loss

Slip, Trip and Fall Prevention Presented by: Paul Robertson, Construction Safety Services Director Integrated Loss Control, Inc . September 19, 2017 Objectives Review Loss Study Info Review Applicable Standards and Best Industry Practices

645 views • 29 slides
Network Security & Privacy Liability: An Overview of Loss Mitigation Concepts and Data Breach

Network Security & Privacy Liability: An Overview of Loss Mitigation Concepts and Data Breach

Network Security & Privacy Liability: An Overview of Loss Mitigation Concepts and Data Breach Response Services March 20 th , 2012 Brian Cole, Managing Director Professional Liability Specialty Practice Overview of Topics Cyber Security

611 views • 21 slides
Securing the Digital Transformation Overview Largest Data Breaches Hacks resulting in loss of

Securing the Digital Transformation Overview Largest Data Breaches Hacks resulting in loss of

Securing the Digital Transformation Overview Largest Data Breaches Hacks resulting in loss of more than 30,000 records uTorrent Philippines Banner Mail.ru Commission on Health 25000000 Anthem Verizon Elections 800000000 55000000

869 views • 71 slides
Upset Prevention & Recovery Training (UPRT) Why Mitigating Loss of Control In-Flight Matters

Upset Prevention & Recovery Training (UPRT) Why Mitigating Loss of Control In-Flight Matters

Upset Prevention & Recovery Training (UPRT) Why Mitigating Loss of Control In-Flight Matters Karl Schlimm, Director of Flight Operations Aviation Performance Solutions Why Mitigating the Loss of Control In-Flight Threat Matters Thank You

404 views • 39 slides
Emerging Retail Loss Prevention Technologies ECR Community Shrinkage and On-shelf Availability

Emerging Retail Loss Prevention Technologies ECR Community Shrinkage and On-shelf Availability

Emerging Retail Loss Prevention Technologies ECR Community Shrinkage and On-shelf Availability Group Dusseldorf Meeting 31 st May 1 st June 2017 US Retail Benchmarking Surveys Short highly focussed benchmarks Excellent representation

308 views • 14 slides
CARE OR CURE LOSS PREVENTION IN HEALTH INSURANCE + A PRESENTATION BY GEORGE E. THOMAS

CARE OR CURE LOSS PREVENTION IN HEALTH INSURANCE + A PRESENTATION BY GEORGE E. THOMAS

CARE OR CURE LOSS PREVENTION IN HEALTH INSURANCE + A PRESENTATION BY GEORGE E. THOMAS (TARIFF ADVISORY COMMITTEE, INDIA) AT THE INTERNATIONAL ACTUARIAL ASSOCIATION HEALTH SECTION COLLOQUIUM 2004 DRESDEN, GERMANY 28 - April -

1.16k views • 38 slides
Water Loss May 14, 2020 Water Loss Regulation Overview Senate Bill 555 Validated AWWA

Water Loss May 14, 2020 Water Loss Regulation Overview Senate Bill 555 Validated AWWA

Water Loss May 14, 2020 Water Loss Regulation Overview Senate Bill 555 Validated AWWA Water Loss Audits Performance Standard Senate Bill 606/Assembly Bill 1668 Water Loss is part of each agencys water budget Reporting

417 views • 6 slides
Uganda Law Society Uganda Law Society Professional Indemnity - The Risk, Loss Prevention &

Uganda Law Society Uganda Law Society Professional Indemnity - The Risk, Loss Prevention &

Uganda Law Society Uganda Law Society Professional Indemnity - The Risk, Loss Prevention & Insurance Loss Prevention & Insurance Thursday August 26 2010 Thursday, August 26, 2010 Individual Non Individual Non-Practicing

679 views • 6 slides
OVERVIEW Understanding of Grief & Loss Understanding the Uniqueness of Suicide Grief

OVERVIEW Understanding of Grief & Loss Understanding the Uniqueness of Suicide Grief

Healing Hearts' Approach to Building Resiliency in Children and Families in the Face of Loss & Aversity Presented by: Morgan Griffin & Melissa Minkley 1 OVERVIEW Understanding of Grief & Loss Understanding the Uniqueness of

110 views • 7 slides
A new approach to urban mining, materials reclamation and business/job creation. By: Chuck

A new approach to urban mining, materials reclamation and business/job creation. By: Chuck

A new approach to urban mining, materials reclamation and business/job creation. By: Chuck Vollmer 15 November 2017 Jobenomics Urban Mining Initiative Urban Mining Goal: Monetize Urban Waste Streams C&D MSW eWaste Tires Construction

522 views • 16 slides
Presented by State Representative Tom Weber & the IL Attorney Generals Office WARNING

Presented by State Representative Tom Weber & the IL Attorney Generals Office WARNING

Presented by State Representative Tom Weber & the IL Attorney Generals Office WARNING NING SIGN IGNS S OF ID IDENTITY NTITY THE HEFT FT Failing to receive bills or other mail. Follow up with creditors if your bills do not arrive

484 views • 31 slides
Supporting Student Success presentation The following notes were used by each service units

Supporting Student Success presentation The following notes were used by each service units

Supporting Student Success presentation The following notes were used by each service units superintendent (or their delegate) to present Supporting Student Success to the Board of Trustees on Dec. 1, 2015. Learning The Learning service unit

77 views • 6 slides
Dr. Paul Krasley, CPLP Defense Intelligence Agency John Ippolito, CISSP, PMP Allied Technology

Dr. Paul Krasley, CPLP Defense Intelligence Agency John Ippolito, CISSP, PMP Allied Technology

24 th Annual Conference Bridging to the Future Emerging Trends in Cybersecurity Dr. Paul Krasley, CPLP Defense Intelligence Agency John Ippolito, CISSP, PMP Allied Technology Group, Inc. How soon should we add new tec echnologies or new

540 views • 20 slides
MARKET ANNOUNCEMENT To: ASX Investor Briefing Materials Subject: Attached are the materials

MARKET ANNOUNCEMENT To: ASX Investor Briefing Materials Subject: Attached are the materials

Computershare Limited ABN 71 005 485 825 Yarra Falls, 452 Johnston Street Abbotsford Victoria 3067 Australia PO Box 103 Abbotsford Victoria 3067 Australia Telephone 61 3 9415 5000 Facsimile 61 3 9473 2500 MARKET ANNOUNCEMENT

821 views • 43 slides
What is ePACT? ePACT is your emergency network, helping minor hockey associations move their

What is ePACT? ePACT is your emergency network, helping minor hockey associations move their

What is ePACT? ePACT is your emergency network, helping minor hockey associations move their medical forms and waivers online. Why ePACT? No more paper forms Families complete medical information and waivers electronically Better access

226 views • 10 slides
Sound nd F Fisheri eries M Management Strengthening Adjacency Adjacency Longstanding,

Sound nd F Fisheri eries M Management Strengthening Adjacency Adjacency Longstanding,

Sound nd F Fisheri eries M Management Strengthening Adjacency Adjacency Longstanding, internationally recognized cornerstone of responsible fisheries management Key principle of: United Nations declaring Exclusive Economic Zones

579 views • 23 slides
Purpose Prevent overcapacity Promote economic efficiency and stability Protect

Purpose Prevent overcapacity Promote economic efficiency and stability Protect

Tab D, No. 5(a) Purpose Prevent overcapacity Promote economic efficiency and stability Protect federally managed Gulf shrimp stocks Determine if the royal red shrimp endorsement is still necessary Need Maintain increases

498 views • 14 slides

More recommend