Data Leakage Prevention (DLP)

Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.

https://shaolininteger.blogspot.com

[email protected]

https://www.linkedin.com/in/shaolinint

@shaolinint

HarisTahir@ Slash The Underground

in

DATA LEAKAGE PREVENTION


¤  Challenges and Threat Landscape ¤  Why Data Breaches Happen ¤  Data Leakage Prevention



knowledge empowerment to

the masses CHALLENGES AND THREAT LANDSCAPE 4

Challenges and Threat Landscape Evolution efficiency and effectiveness

Problems

²  Modern attacks have moved up on the architectural layer, there are content based.

²  Criminals have started to leverage online marketing as a tool to promote and sell their services on the black market.

²  Modern malicious software (malware) is stealth and getting better, smarter, faster and stronger.

²  The growing popularity of the “Internet of Things” makes the threat landscape a moving target.

²  Abundant resources, data collection and mining unable to process millions or billions of data daily



the masses

Data Breach Investigation Report past data breaches

CHALLENGES AND THREAT LANDSCAPE 5

2011 2012 2013 2014

Epsilon $4B, names/email

eBay $145M credentials

Saudi Aramco 30,000+ PCs infected

Adobe $152M (IDs, pwd, data)

Target $110M affected and CEO/CIO gone



the masses

Data Breach Investigation Report impact on industries

²  IP: 70% of value of public companies ²  Annual losses: estimated over $300B ²  China: +$107B sales and +2.1M jobs

²  43%: ITRC account of breaches ²  2013: 8.8M records stolen ²  1.8M: Victims of Identity Theft

²  2013: 856 reported breaches ²  Q1 2014: 98.3% of data exposed ²  37%: Breaches affected the sector




the masses

Data Breach Investigation Report transition from geopolitical to large-scale attacks

²  95 countries ²  64,347 confirmed security

incidents ²  1,367 confirmed data

breaches ²  Others reports:





the masses

Meet Your Whistleblower threat actors is about people

WHY DATA BREACHES HAPPEN 9

Criminals

Hacktivist

Insiders

59% of threat actors leave the organization with sensitive data



the masses

Knowledge is Power enough time and equipped with offensive security tools

WHY DATA BREACHES HAPPEN 10

Threat actors spend most of their time understanding the target environment, operations and information system, and preparing attacking platform before the actual execution.

1

Define mission

2

Information gathering

3

Scoping

4

Scanning

5

Simulation

6

Exploit development

7

Execution

8

Rootkit and C2 cultivation




the masses

Defense-in-Depth think about people, process and technology

DATA LEAKAGE PREVENTION 12

Defense-in-Depth is an Information Assurance (IA) concept to defend a system against attacks by placing multiple layers of security controls throughout an information technology system.

Data in use Data in transit Data at rest



the masses

Critical Path decision should be based on acceptable risk treatment plan


“In preparing for battle I have always found that plans are useless, but planning is indispensable.” ~Dwight D. Eisenhower

1 2 3 4 5 RA Results What is the mission statement and business objective?

People Who are the resources required to execute the plan?

Process What is the gap analysis results?

Technology Minimal disruption with greatest coverage

Leverage Utilize others for what they know

You are about to invest a substantial amount of the company's money, time and resources. Consult with research analysts such as Forrester or Gartner and gain a basic to intermediate understanding of the industry, the vendors and solutions available, and their particular strengths and weaknesses. DLP is solving different problem space to ensure data confidentiality.



the masses

DLP Technology four simple explanation


DLP is about preserving organization sensitive information from unauthorized access

DLP means different things to different people þ  data loss prevention þ  data loss protection þ  data leakage prevention

1 2

3 4

DLP technology is content aware

Driven by significant insider threats and by rigorous privacy laws

Use rules to examine file content and classification tag



the masses

Key DLP Questions what kind of animal is this?


It’s about governance and compliance, what is the business objective?

What problem space? Unauthorized access of data due to an improper implementation, inadequacy of a technology, process and/or policy.

Do I have existing DLP protection? Surprisingly, firewalls, IDS and

encryption solutions are part of overall data security strategy.

Does the enterprise need DLP solution? Start with Risk Assessment and identify what are data type the enterprise processes and/or stores.

What problem DLP does not solve? DLP are not designed to address

data leakage issues resulting from external attacks.

FAQ



the masses

Preliminary Risk Assessment risk mitigated by DLP


1 Identifying insecure business processes 2 Accidental data

disclosure by employee

3 Intentional data leakage by employee

The problem space is not solved comprehensively by DLP solutions! Example: an employee can still take a picture of sensitive data



the masses

Benefits of DLP something to consider


Benefits

²  Visibility – visibility to data and information that leaves the organization and exposing bad business processes.

²  Compliance – Helps demonstrate compliance with privacy regulations such as Data protection Act, PDPA, PCI-DSS and HIPAA-HITECH

²  Flexible security environment – Provide an alternative by allowing the organizations to say “Yes” to social media and personal email and other channels, but with ability to control the content posted to those destinations.

²  Malicious activity detection – Stops malicious insiders from stealing valuable intellectual property such as product designs and financial reports.

²  Employee education and awareness – Educates well-meaning

employees of policy violations and prevents accidental data leaks.

²  Reduce financial impact – By reducing the risk of data leaks,

the financial risk to the enterprise decrease.


https://shaolininteger.blogspot.com

[email protected]

https://www.linkedin.com/in/shaolinint

@shaolinint

HarisTahir@ Slash The Underground

in

Thank You “no duty is more urgent than that of returning thanks” Q&A

This slide can be downloaded from: http://www.slideshare.net/shaolinint

Presentations & Public Speaking

Data Leakage Prevention (DLP)