Quick Wins with Data Loss Prevention How to Make DLP Work for You - - PowerPoint PPT Presentation

quick wins with data loss prevention how to make dlp work
SMART_READER_LITE
LIVE PREVIEW

Quick Wins with Data Loss Prevention How to Make DLP Work for You - - PowerPoint PPT Presentation

Dec 15, 2023 602 likes •953 views

Quick Wins with Data Loss Prevention How to Make DLP Work for You Mark Moroses, Assistant CIO, John Dasher, Senior Director, Rich Mogull, CEO & Analyst Continuum Health Partners Data Protection, McAfee Securosis, L.L.C. Agenda Rich

slide-1
SLIDE 1

Quick Wins with Data Loss Prevention

How to Make DLP Work for You

Rich Mogull, CEO & Analyst Securosis, L.L.C. John Dasher, Senior Director, Data Protection, McAfee Mark Moroses, Assistant CIO, Continuum Health Partners

slide-2
SLIDE 2

2

Agenda

  • Rich Mogull, CEO & Analyst, Securosis, L.L.C.

– Low-Hanging Fruit: Quick Wins with DLP

  • Mark Moroses, Assistant CIO, Continuum Health Partners

– How Continuum uses McAfee DLP to protect sensitive patient data

  • John Dasher, Senior Director, Data Protection, McAfee

– McAfee DLP solution overview

slide-3
SLIDE 3

Quick Wins with Data Loss Prevention!

Rich Mogull! Securosis, LLC!

slide-4
SLIDE 4

DLP Fears !

  • Too complex to deploy.!
  • Too many false positives.!
slide-5
SLIDE 5

The Quick Wins Process !

slide-6
SLIDE 6

"Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis."!

  • Rich Mogull!
slide-7
SLIDE 7

What DLP Provides !

  • Helps you identify where you store

sensitive information.!

  • Helps you understand how that

information is used and moved throughout your organization.!

  • Proactively protects your information,

while limiting impact on legitimate business processes.!

slide-8
SLIDE 8

Defining Process !

slide-9
SLIDE 9

Process Workflow!

slide-10
SLIDE 10

Prepare Directory Servers!

  • Why? DLP policies are

typically user and group based.!

  • Need to correlate activities

back to warm bodies.!

  • Poor directories are a

leading obstacle to DLP deployments.!

  • Email vs. Web vs. Endpoint!
slide-11
SLIDE 11

Integrate with Infrastructure !

  • Passive sniffer

(SPAN/ Mirror)!

  • Email (MTA)!

Network!

  • Software

deployment!

Endpoint!

  • Admin

credentials!

Storage!

slide-12
SLIDE 12

Integration Recap !

  • For all deployments: Directory services (usually

your Active Directory and DHCP servers).!

  • Network deployments: Network gateways and mail

servers.!

  • Endpoint deployments: Software distribution tools.!
  • Discovery/storage deployments: File shares on the

key storage repositories (you generally only need a username/password pair to connect).!

slide-13
SLIDE 13

Choose Flavor !

Single Data Type ! Information Usage !

slide-14
SLIDE 14

Choose Deployment Type !

Network! Storage! Endpoint!

slide-15
SLIDE 15

Define Policies !

Single Type !

  • Leverage an existing category

when possible.!

  • Tune later.!
  • False positives are good!!

Information Usage !

  • Turn on (nearly) everything.!
  • Collect as much as possible to

identify usage patterns.!

slide-16
SLIDE 16

Monitor !

ID! Time! Policy! Channel! Severity! User! Action! Status!

1138! 1625!

PII! Email! 1.2 M! rmogull! Blocked! Open!

1139! 1632!

HIPAA! IM! 2! jsmith! Notified!Assigned!

1140! 1702!

PII! HTTP! 1!

192.168.0.213!

None! Closed!

1141! 1712! R&D/Product X!

USB! 4! bgates! Notified!Assigned!

1142! 1730!

Financials! Storage! 4!

192.168.1.94!

Encrypt! Escalated!

1143!

12/1/08!

Source Code!

Cut/Paste!

12! sjobs! Confirm! Open!

slide-17
SLIDE 17

Analyze !

  • Top violations by data type.!
  • Top violations by business unit.!
  • Top violations by volume.!
  • False positive patterns.!
  • Different violations from same source.!
  • Unusual origins.!
slide-18
SLIDE 18

What Did We Accomplish? !

  • Established a flexible incident management

process.!

  • Integrated with major infrastructure

components.!

  • Assessed broad information usage.!
  • Set foundation for later.!
slide-19
SLIDE 19

Deployment Best Practices !

Evaluate results! Tune policy! Add protection! Expand scan scope! Baseline scan!

Integrate with Infrastructure! Define Initial Policy!

slide-20
SLIDE 20

Rich Mogull!

rmogull@securosis.com! http://securosis.com! AIM: securosis! Skype: rmogull! Twitter: rmogull! Securosis, L.L.C.!

slide-21
SLIDE 21

Continuum Health Partners

Deploying Data Loss Prevention Mark Moroses, Assistant CIO, Continuum Health Partners

slide-22
SLIDE 22

22

Background

  • Who is Continuum Health Partners?
  • Drivers

– Regulations - HIPAA – Joint commissions to certify best practices – Regular audits

  • Failure not an option
  • Policy

– Must be able to ensure enforcement – Need to prove policies are being followed

slide-23
SLIDE 23

Solution

  • Business Enablement

– IT supporting physician’s needs

  • Allow liberal web access while still having monitoring capabilities
  • Data Risk Assessment

– Documented inappropriate data leakage, which helped secure budget

  • Investigative Support

– McAfee DLP has become the starting point for investigations – Investigations now able to occur much faster

  • Passing Audits

– Proving compliance with policies and demonstrating working controls – Predictable technology and process speed future audits, reduce manpower requirements

23

slide-24
SLIDE 24

Lessons Learned

  • Executive sponsorship

– Physician with prior first-hand experience

  • Deployment

– “Soft opening” – Communicated roll-out plan

  • Response Plan

– No “ready, fire, aim” – Work closely with HR & Legal stakeholders

24

slide-25
SLIDE 25

McAfee Data Loss Prevention

John Dasher, Senior Director, Data Protection, McAfee

slide-26
SLIDE 26

McAfee Data Protection 26

Static DLP Leaks Data

Violations

Data

slide-27
SLIDE 27

McAfee Data Protection 27

Static DLP Leaks Data

Violations Bit Bucket

Data

slide-28
SLIDE 28

McAfee Data Protection 28

McAfee DLP Leverages Data

Violations

Data

slide-29
SLIDE 29

McAfee Data Protection 29

McAfee DLP Leverages Data

Violations Capture

Data Intelligence

Data Fast, accurate policy creation and rapid, in- depth investigations

slide-30
SLIDE 30

McAfee DLP 9 Advantages

Tight Product Integration

  • Integrated technologies provide superior protection
  • Optimized oversight and control

Deployment Velocity

  • Protected sensitive data more quickly
  • Drive down deployment and ongoing costs

Data Analytics

  • Build better policy, conduct fast investigations
  • Anticipate risks before they become problems
slide-31
SLIDE 31

31

McAfee DLP Solution – What Others Say

SC Magazine finds McAfee Host DLP “to be a good value for customers looking for a lot of features and a lot of flexibility in both data leakage control and enterprise rights management.” NetworkWorld found that McAfee has a “very practical understanding of the role of DLP in a modern organization” with “innovative features, excellent user interfaces, and a clear vision for the future of DLP.”

slide-32
SLIDE 32

32

McAfee DLP Resources

  • Optimized Security Architecture for Data Protection

http://www.mcafee.com/us/enterprise/optimize/data_protection.html

– 10 Steps to Protecting Your Data – Low Hanging Fruit: Quick Wins with DLP – Forrester Research Total Economic Impact of McAfee DLP – McAfee 48-hour Data Risk Assessment

  • http://dataprotection.mcafee.com/forms/RiskAssessment
  • Data Protection section of McAfee.com

http://www.mcafee.com/us/enterprise/products/data_protection/ data_loss_prevention/index.html

– Continuum and BCI customer case studies

  • Data Protection Blogs

http://siblog.mcafee.com/category/data-protection/

slide-33
SLIDE 33

Q&A