Upload
marianna-short
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Addressing Email Security Holistically
Jeff Lake
Vice President, Federal Operations
Proofpoint, Inc.
August 17, 2011
Jeff LakeSpeaker Background
Vice President, Federal Operations, Proofpoint, Inc.
Former Vice President, Federal Operations for Fortinet, Inc. and CipherTrust, Inc.
20 years of IT experience, 10 in messaging security
Former US Army, Military Intelligence Officer
Objectives
Understand Email landscape changes Review the government agency landscape Learn about CUI Discuss how an agency can ‘control’
information Define ESI and retention policies Discover why eDiscovery is important Review how the “Cloud-First” Policy can help
Understanding Email Landscape Changes
Presentation Title—4—March 5, 2010
Malware Sophistication
Aggregate volumes increasing
· 50% increaseover 3 months
Massive bursts and concentration of attacks
· 100,000 spams/daysingle user
Distribution channels
· Spammers leverage others’ resources
Message Volumes Continue to Rise
Rising spam and email complexity demand a holistic strategy
Spam message sizes are increasing as well
· Update
Botnet activity continually increasing
Botnets continue to drive spam growth»New Internet users coming online in
developing countries with no (or pirated) AV protection
»Hackers rent out portions of their botnets to spammers and sell stolen credentials
Email Today:More than Just the Mail Server
Mail Servers
Email Today:Soaring Costs and Complexity
Routing MTAs
Mail Servers
Mobility (BES)
Mail ServerAnti-Virus
DisasterRecovery
eDiscoveryArchiving Compliance
Anti-spam Anti-virusContentFiltering
Data LossPrevention Encryption
Email Today:Soaring Costs and Complexity
Routing MTAs
Mail Servers
Mobility (BES)
Mail ServerAnti-Virus
DisasterRecovery
eDiscoveryArchiving Compliance
Anti-spam Anti-virusContentFiltering
Data LossPrevention Encryption
Mail Servers $50- $100
Routing MTAs $0 - $20
Anti-spam $10 - $20
Anti-virus $2 - $4
Content Filtering $0 - $30
Data Loss Prevention $10 - $20
Encryption $10 - $15
Mobility (BES) $5 - $10
Mail Server Anti-Virus $0 - $5
Disaster Recovery $0 - $25
Archiving $0 - $80
Compliance $0 - $30
eDiscovery $0 - $20
TOTAL $87 - $259
The Email World Has Changed
InboundSecurity
DLP/Encryption Archiving eDiscovery Budgets
· Spam Volumes· Focused
Attacks· Spam
Sophistication
· Government Regulations – FISMA, DFARS
· PCI, HIPAA, FERPA
· Frequent Data Breaches
· OMB Memorandum 07-16
· NIST Special Pub 800-122
· GAO Report 08-343
· Records retention - EMPA
· FRCP Rules· Increased
Litigation· Bloated Mail
Server· Records
Definition (44 USC 3301)
· NARA Rule 1234
· DoD 5015.2
• Shift from On-Premises to Cloud
• FCCI, FedRAMP
• TCO and security driving deployment choice
• Marketplace confusion regarding options
· 11% decrease in total receipts from 2009
Government Agency Landscape
Focus on protection of PII and CUI
Demands: records preservation, access
Consolidation of Agency networks
Interest in SaaS
Budgets: pressured for efficiency
More Regulations and Scrutiny
CNCI
Comprehensive National Cybersecurity Initiative
Launched by President Bush withNSPD-54/HSPD-23 in January, 2008
3 Major Goals:»Establish a front line defense against
immediate threats»Defend against the full spectrum of threats
…»Strengthen the future cybersecurity
environment…
TIC
Trusted Internet Connection (TIC) Initiative
»Headed by OMB and DHS»Common security solution which
includes:• Reduced access points• Baseline security capabilities• Validating agency adherence to
baseline capabilities
Trusted Internet Connection(TIC)
Agencies have a choice:
»TICAP - TIC Access Providers • agency rolls their own, and/or provides
for others»MTIPS - Managed Trusted IP Service• agency “seeking service”• Networx contract vehicle managed by GSA• 4 approved Networx Universal MTIPS
providers– ATT, Verizon, Qwest, Sprint
A new government acronym:
CUI
Presentation Title—17—March 5, 2010
Controlled Unclassified Information (CUI)
Background:»107+ unique markings»130+ different labeling or handling
processes for Sensitive But Unclassified (SBU) information• E.g. “For Official Use Only” and “Law
Enforcement Sensitive Definition
»Federal agencies routinely generate, use, store, and share information that, while not meeting standards for classified national security information, requires safeguarding measures and dissemination controls
Presidential Directive:Controlled Unclassified Information
Presidential memorandum on Classified Information and Controlled Unclassified Information Formation of Task Force, which recommended “Controlled Unclassified Information” (CUI) Framework Requirement for safeguarding and dissemination controls for CUI
Data Loss Prevention for
Controlled Unclassified information
How can an agency “control” information?
Presentation Title—20—March 5, 2010
Controlling Information
CUI Framework tag »COTS products, or manual effort
Data Loss Prevention technologies to stop information from being sent in the clear»DAR – Data At Rest»DIM – Data in Motion
• Two most prevalent protocols are SMTP and HTTP(s)
DIM technology to identify CUI Policy enforcement should include list of
possible actions to include notify, quarantine, discard, encrypt
Multi-layered defense in depth» Utilize smart intelligence for SSNs,
PANs, ABA Routing Numbers, etc.» Proximity and correlation analysis» Enforce policy on emails containing
sensitive authorization data
Integrated encryption» Ensure DLP is tightly integrated with
strong encryption technology» Encrypt messages automatically,
based on presence of sensitive data
Easy to implement and use» Today’s DLP and encryption solutions
are not yesterday’s PKI nightmares» Should not require any end-user
training
Policy Driven Email Disposition
Data Loss Prevention to web protocols» Webmail, blog posts, etc. sent
to SEG for DLP filtering» SEG returns allow or block
Single management interface» All policies managed through
single administrative interface (email and web)
» Easily leverage existing policies or create new ones
Easy to implement and use» Configure Proxy to deliver
content to SEG» No licensing required for use
of ICAP interface from SEG or proxy vendors
Protect HTTP(S) with Web DLP
ICAP
Content
Allow/Block
SMTP
HTTP(S)
Internet
Web proxy SEG
What is ESI? and What is a Retention Policy?
Presentation Title—24—March 5, 2010
Defining ESI
Electronically Stored Information»Sources: email, mainframes, local servers,
laptops, backup tapes, external hard drives
»Common forms: email with attachments, text files, powerpoints, spreadsheets, instant messaging, etc.
»Federal Rules of Civil Procedures (FRCP) Rule 26(f) – rule which governs pre-trial conference on the disclosure and discovery of ESI
NARA Retention Policy Guidelines on ESI
C.F.R = Code of Federal Regulations Transitory email
»6 month retention cycle Federal Record
»Old requirement – print the email and store before the electronic record can be deleted (36 C.F.R. 1234.24)
»Permanent Electronic Mail – must be archived
»Temporary Electronic Mail – varied retention period
»Transitory Electronic Mail Records – 180 day retention
Federal Archiving Regulations
Litigation demands preservation and access Includes “electronically stored information” or
“ESI”
NARA Records Management Guidance & Regulations (36 CFR 1236)
• Guidelines for email archiving
NARA Records Management Guidance & Regulations (36 CFR 1236)
• Guidelines for email archiving
Electronic Message Preservation Act (2010)
• Electronically capture, manage, preserve records
Electronic Message Preservation Act (2010)
• Electronically capture, manage, preserve records
Federal Rules for Civil Procedure (Rule 34)
• Huge penalties for not adhering
Federal Rules for Civil Procedure (Rule 34)
• Huge penalties for not adhering
DoD 5015.2 Records Management Program
• Create, maintain, preserve as records in any media
DoD 5015.2 Records Management Program
• Create, maintain, preserve as records in any media
Why is eDiscovery important?
Presentation Title—28—March 5, 2010
The need for eDiscovery
Government litigation incidents»Deepwater Horizon Response (BP oil spill)
• Claims citing the Oil Pollution Act (OPA)• BP, Haliburton Co, and Cameron
International Corp• USCG and FEMA also involved with
litigation»Hurricane Katrina
• Judgments against US Army Corps of Engineers
• Various claims remain open with FEMA»Many other examples
Enforce Policy Expedite Discovery
Centralize Data
How an Archive Helps
Build a centralized, deduped repository that can’t be tampered with for legal usage
Provide end users with access to their historical mail to eliminate need for PST’s
Enforce retention policy with flexible rules
Initiate a litigation hold without dependency on end-user compliance
Early case assessment with real-time full text search
Cull data to reduce review costs
Quickly export data to PSTs
Mailbox Management Considerations
Benefits:
• IT can impose tighter quotas on mailboxes while preventing PST creation
• Less data in Exchange improves performance
• Less data in Exchange shortens backup and recovery times
• Prevents ongoing storage growth within Exchange
Access archive directly within mail clientIntuitive search with full text indexing to find
historical mailSelf-serve retrieval of accidentally deleted
End-User Search
Larger, older attachments replaced with shortcut to archiveend-user access to stubbed attachmentsAutomated restoration of original when
forwarding
Stubbing
eDiscovery Considerations
Automated enforcement w/ AD integration
Real-time, Flexible
People, content holds beyond standard period
Export data for review tools, Fast exports to PST
Instant for active archive, legal hold
Forensically compliant storage, capture
Disposition
Retention Policy
Repository
Search
Legal Holds
Export
US Federal CIO’s Cloud-First Policy
Presentation Title—33—March 5, 2010
Cloud-First Policy
First introduced November, 2010 Detailed in the “Federal Cloud Computing
Strategy” paper by Vivek Kundra, 2/8/11 Targeting $20b of the $80b annual IT spend
by Federal agencies Goal: Each agency identifies 3 “must move”
services, 1 moved within 12 months, remaining 2 within 18 months
Moving to the Cloud
• Unify Cloud Computing Standards
• Federal Cloud Computing Initiative
FCCI
• Federal Risk & Authorization Management Program
FedRAMP
• NIST security evaluation guidelinesFIPS
How Cloud Computing Can Help Reduce email risks and costs
» Consolidated compliance and cloud-powered platforms» eDiscovery solution for reducing retention and litigation
costs» Policy-based encryption ensures security is not user
dependent
Adhere to regulations and privacy best practices» DLP and policy-based encryption» Built-in remediation / workflow» Multiple archive retention policies
Raise the quality of services » Enable and promote secure communication for your
agency, ensuring continued public trust» Automate privacy training and raise awareness
internally
Benchmarking YourCloud-based Security
Accuracy· Should have 99% spam
effectiveness
· Should have100% virus control
· Should have < 1 in 350,000 false positives
Speed · Should have sub-minute email latency
· Should have < 20 second archive search results
Reliability· Should have
99.999% service availability
SaaS Architecture Advantages(if done correctly)
Requirement Consideration
ResilienceMulti-datacenter processing across all applications
Security Encryption of data at rest
Isolation No co-mingling of data
Integration Tied to directory services (LDAP/AD)
Cost
Leverage inexpensive storage via grid architectureLeverage multi-customer load processing for economies of scale
Security and Compliance Are Top Priorities For Federal and Commercial Organizations
Enterprise 2.0 Data Everywhere –
Public/Private Clouds Consumerization of IT Rise of Mobile Rise of Social Media
LITIGATION
PRIVACYSECURITY
Global 2000Government Orgs.
• Spam Volumes• Focused Attacks• Phish Attacks• Botnets
• Government Regulations• PCI, HIPAA, FERPA• Frequent Data Breaches• Confidential Information Leaks
• Being Brought In-house To Reduce Costs
• FRCP Rules• Freedom of Information (FOIA)• Increased, Costly Litigation• Compliance• Records retention
On-Premises (Private Cloud)(Virtual Appliance)
Anti-Spam/Anti-VirusData Loss PreventionPolicy enforcement
In the Cloud
Anti-Spam/Anti-VirusData Loss PreventionPolicy enforcementEmail archiving/eDiscovery
Common Services
Applications
Underlying Infrastructure
CPU, Memory, Network
Cloud Services for Email Security, Compliance, and Archiving
DynamicUpdate Service
ReputationServices
Encryption KeyService
StorageService
Reporting& Analytics
A Holistic View of email security, compliance, and archiving
SecureCommunicationEncrypt emailsand send largeattachments securely
Email ThreatProtectionProtect the infrastructurefrom outside threats
Archiving andeDiscovery
Enable search,eDiscovery, storage
management andcompliance
Email Security &Compliance Cloud
Platform
Data LossPrevention
Ensure externalrequirements and
internal policiesare met
Questions?