Upload
kasia
View
65
Download
1
Embed Size (px)
DESCRIPTION
Sophos / Utimaco Data Loss Prevention. Peter Szendröi, SOPHOS Nordics Jan 20, 2010. Sophos, Simply Secure. Personally identifiable information. Customer data. Intellectual property. Changing security landscape. Digital generation set loose. Information theft – not graffiti. Firewall. - PowerPoint PPT Presentation
Citation preview
Sophos / Utimaco Data Loss Prevention
Peter Szendröi, SOPHOS Nordics
Jan 20, 2010
Sophos,Simply Secure
Changing security landscape
PCI-DSSHIPAA
CSB 1386
GLBA 95/46/EC
Contractors, outsourcingPartners, customersWeb 2.0
Mobile workers
Firewall
Corporate data
$Customer
dataIntellectual
propertyPersonally identifiableinformation
Targeted
...targeting commercial data
Complex threats....
Web-based, Invisible
Fast changing
Regulatory disclosure and reputation damage
Digital generation set loose Information theft – not graffiti
5
Headlines are the tip of the iceberg
Brand damage
Loss of customers
Incremental internal costs
Direct costs of intellectual property loss
6
How is this data exposed?
Insider theft accounts for only 5-15% of the data loss
Most data breaches are accidental
Only 2.4% were prevented by protective measures (e.g. encryption)
What data is at risk?
7
Process Work Knowledge Work
Well-defined responsibilities Well-defined workflows Dealing with PII
Risks: - Non-compliance- Criminal prosecution- Brand / reputation damage
Changing roles / assignments Unstructured data Company information assets
Risks: - Competitive damage - Loss of partner trust
Personally identifiableinformation
Intellectual propertyCustomerdata
Business challenge Conflicting Goals!
Challenge of Data Loss Prevention
8
Enable productivity, mobility and flexible “web 2.0” working
Comply with regulationAvoid damaging data loss
There is no “100% DLP”
but also
9
Simply Secure Data Loss Prevention
10
Four elements of an effective DLP strategyControl the user environment by restricting data exit points
Control devices, applications, email and web usage
Ensure security policy compliance
Protect confidential and sensitive informationFull disk, removable storage and file encryption
Email encryption
Prevent leakage of personal identifiable informationComprehensive coverage of personally identifiable information types
Continuously assess, audit, report and enforce on endpoint and gateway
Classify intellectual property and sensitive business dataEmpower knowledge workers to classify sensitive business data
Apply classification to existing documents and data sets
11
Control user environment Data loss objective:
Significantly reduce risk by managing what users can do on data exit points
Sophos solution provides granular control of: Storage devices and network interfaces
Applications
Web site access
Continuously monitor user behaviour and enforce security policies
SophosLabs provide the domain expertise: Managed application definitions (P2P, IM, Remote Access)
Managed web site categories (webmail, social networks, IM)
Indentify over 150 file formats using “True File Type” technology
12
Protect confidential and sensitive information
Data loss objective: Data encryption is the ultimate data loss insurance policy
Sophos solution protects data where it is most exposed:Laptops
Removable storage and optical media
Server file shares
Data protection platform:Enterprise mangement console and key management
Integration with Active Directory
Transparent file and folder encryption
Audit compliance
13
Prevent leakage of PII Data loss objective:
Tackle the highest risk of regulatory infringement and brand damage
Sophos solution covers all critical data leakage points: Storage, web, email and IM
Fully integrated into core endpoint and gateway products
SophosLabs provide the content expertise: Over 100 expert definitions of personally identifiable information
Administrator decides appropriate enforcement action: Audit – silent background monitoring of events Training – audited end user authorisation Enforcement - encrypt or block transfer
14
Classify and protect documentsData loss objective:
Protect high value intellectual property and operations data
Sophos solution is designed to empower knowledge workers:Define classification levels within policy
Enable end user to tag and classify new documents
Embed classification within document
Scan for and classify existing documents using document context
Enforce policies for classified documents on endpoint and gateway
Integrated with enterprise encryption solution:Leverages existing user identity and permissions
Provides workable enterprise rights management
Sophos Data Loss Prevention
15
Enterprise Security and Control SafeGuard Enterprise
Solutions designed to meet a need
16
Process Work Knowledge Work
Comply with regulationsProtect data using full disk encryption
Prevent leakage of PII from endpoints
Prevent leakage of PII from email and web gateway
Data at resting scanning of PII on endpoints
Protect company assets using encryption and classification.
Detect leakage of IP via common leak points.
Classify and protect IP at the point of creation.
Persistent taggingIdentify and protect IP using automated classification and data at rest scanning.
SafeGuard EnterpriseYour key to data protection with encryption
SafeGuardDevice
Encryption
2. Encrypt laptops, desktops
SafeGuardFileShare*6. Secure
network file shares
SafeGuard Management
Center
1. Consistent policies, mgmt. of keys & certificates
SafeGuardData
Exchange
3. Encrypt removable media
SafeGuard Configuration
Protection
4. PC port control & DLP
SafeGuard Partner Connect
5. Manage external security products
(*) Future release
Safeguard Mail Gateway overview
1 2 34
5
1. Email Client sends out Email in plain text2. Email Server forwards Email to Content-Filter3. Content-Filter forwards Email to SGMG4. SGMG evaluates Email Security Policy and
cryptographically handles the Email accordingly
5. SGMG delivers Email to the Recipient
a. External Communication Partner sends an encrypted Email
b. SGMG identifies encrypted Email and decrypts this Email. The Email is now in plain-text.
c. SGMG forwards Email to AV-Scannerd. AV-Scanner checks and forwards the Email to
the Email Servere. Email Client receives Email in plain text
e d cb
a
20
Questions?