Be Aware Webinar # 50:Maximice su Prevención Hacia la Fuga de InformaciónNueva Versión Symantec DLP v14.5

Jairo Pantoja MoncayoCISSP, CISM, CGEIT, CRISC, ABCP, ISO27001 LA, PCIP, AWSP, CobIT Found. Sec+ Senior SE, Symantec MCLAC RegionJune 8, 2016

Safe Harbor Disclaimer

This information is about pre-release software. Any

unreleased update to the product or other planned

modification is subject to ongoing evaluation by Symantec

and therefore subject to change. This information is

provided without warranty of any kind, express or

implied. Customers who purchase Symantec products

should make their purchase decision based upon features

that are currently available.

2Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Symantec Enterprise Security | ESTRATEGIA DE SOLUCIONES

3

Protección de Amenazas

ENDPOINTS DATA CENTER GATEWAYS

• Protección contra Amenazas Avanzadas a través de los Puntos de Control• Forensia incluida y Remediación dentro de cada Punto de Control• Protección Integrada para servidores Físicos, Virtuales y en la Nube• Administración en la nube para Endpoints, Datacenter y Gateways

Plataforma Unificada de Seguridad

Colección de Registros y Telemetría

AdministraciónUnificada de Incidentes y Hub

Integración en Líneade InteligenciaProcesable

EvaluacióncomparativaRegional e Industrial

Análisis de Amenazas y Comportamiento

Protección de Información

DATOS IDENTIDADES

• Protección integral para Datos e Identidades• Cloud Security Broker para Aplicaciones en la Nube y

Moviles• Análisis de Usuarios y Comportamiento• Cifrado y Administración de llaves en la Nube

Users

Data

Apps

Cloud

Endpoints

Gateways

Data Center

Servicios de Ciber SeguridadMonitoreo, Respuesta a Incidentes, Simulación, Inteligencia contra Amenazas

Copyright © 2015 Symantec Corporation

Agenda

1 Panorama Actual

2 Desafíos

3 DLP v14.5

Copyright © 2014 Symantec Corporation4

Agenda

1 Panorama Actual

2 Desafíos

3 DLP v14.5

Copyright © 2014 Symantec Corporation5

Copyright 2016, Symantec Corporation Informe sobre las Amenazas a la Seguridad en Internet 2016 - Volumen 21

Fugas de Datos 2015Reporte ISTR v.21

6

Copyright 2016, Symantec Corporation Informe sobre las Amenazas a la Seguridad en Internet 2016 - Volumen 21

232

93

552

348

429

0

100

200

300

400

500

600

2011 2012 2013 2014 2015

MIL

LON

ES

7

Total de Registros Expuestos, 2015

+23%

500

+30%

ESTIMADO

Copyright 2016, Symantec Corporation Informe sobre las Amenazas a la Seguridad en Internet 2016 - Volumen 21

Megafugas 2015

8

Tendencias, retos y lo que está en juego

Agenda

1 Panorama Actual

2 Desafíos

3 DLP v14.5

Copyright © 2014 Symantec Corporation10

11

Seguridad de la Información y Cumplimientoregulatorio…..

• Sudeban (Venezuela)

• Resol. JB 3066:2014 (Ecuador)

• Circular 042 SF (Colombia)

• Ley 1581 Protección de datos (Colombia) -DI

• Ley LFPDPPP (México) -DI

• Ley 19.628 Protección de datos (Chile)

Algunas Amenazas

Copyright © 2014 Symantec Corporation12

Source: APT1: Exposing one of China’s Cyber Espionage Units, Mandiant®, 2013

A corporate black eye

Agenda

1 Panorama Actual

2 Desafíos

3 DLP v14.5

Copyright © 2014 Symantec Corporation13

Symantec Data Loss Prevention -Generalidades

2016 Gartner Magic Quadrant for Enterprise Data Loss Prevention: 9 Años líder indiscutible del Mercado

This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Symantec. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose

Source: Magic Quadrant for Enterprise Data Loss Prevention, Brian Reed, Neil Wynne 28 January 2016, Gartner, Inc.

Copyright © 2016 Symantec Corporation16

DATA LOSS PREVENTION (DLP)

DESCUBRIR PROTEGERMONITOREAR

¿Cómo la protejo?¿Cómo esta siendo utilizada?

¿Dónde esta la información

confidencial?

Symantec - DLP

Copyright © 2016 Symantec Corporation17

Symantec - DLP

Evitar que personas maliciosas roben propiedad intelectual valiosa.

Educar y proteger a empleados.

Evitar la fuga o pérdida de datos confidenciales.

Cumplir con las leyes globales de privacidad.

Proteger su reputación.

Capacidad de Detección en DLP

Copyright © 2015 Symantec Corporation18

Unified ManagementExtending Data Protection for the Cloud

BoxOffice 365iOSAndroid

EmailWebFTPIM

USBHard Drives

Removable StorageNetwork Shares

Print/FaxCloud & Web Apps

File ServersExchange, Lotus

SharePointDatabases

Web Servers

Tecnologías en la detección de archivos

DescribedContent Matching

Indexed Document Matching IDM

Vector Learning Machine

DATOS DESCRITO

Datos No Indexables

Léxicos

Data identifiers

DATOS ESTRUCTURADOS

Datos de Clientes / Empleados / Personas

Partial row matching

Precisión casi perfecta

DATOS NO ESTRUCTURADOS PROPIEDAD INTELECTUAL

Diseños / código fuente / Finanzas

Derivative match

Precisión casi perfecta

300M+ docs por servidor 5M+ docs por servidor

Exact Data Matching

DATOS NO ESTRUCTURADOS PROPIEDAD INTELECTUAL

Diseños / código fuente / Finanzas

Derivative match

Precisión perfecta

DLP Nueva Versión 14.5

DLP 14.5 Algunas Novedades

• Principales Características:

– Cloud Storage: Cuarentena de Incidentes en Box.

– Enforce Platform : Importar, Exportar y Clonar Políticas, Soporte de Red Hat Enterprise Linux 7.1, correlacionamiento entre Incidentes en Network Prevent con un usuario final.

– Detection: Nueva tecnología de Detección: Reconocimiento de Formatos, nuevos data identifiers.

– Endpoint: Monitoreo de operaciones en Box con Cloud Storage: Save As en documentos deOffice, Soporte en Windows 10 (HTTP and FTP aplicaciones de almacenamiento), Monitoreocomplete en Safari, Chrome y Firefox para endpointsMac, Monitoreo de Outlook 2011 enendpointsMac, Monitoreo de carpetas compartidas en endpoints Mac, Clipboard (Paste) enMac, entre otras.

21Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Nuevo Método de Detección: Form Recognition

Resúmen y Casos de Uso

• Las organizaciones nos solicitan constantemente la necesidad de proteger informaciónque se encuentra diligenciada a mano en formatos pre-establecidos escaneados y que en su mayoría, contiene Información de Datos Personales.

x ej: Formatos de regístros de visitas, registros médicos, encuestas, bitácoras…

• Nueva Tecnología de reconocimiento de imágenes.

• Se pueden habilitar todas las capacidades de detección y prevención de DLP.

23Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Ejemplo

The algorithm looks for “key-points” or “regions” and analyses the images being detected against those previously indexed.

It is not based on Optical Character Recognition.

24Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Arquitectura básica

25Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Form Recognition

Engine

Capacidades Adicionales en los Incidentes

Filled sections are highlighted.

Confidence and Fill Score results.

Additional improvements have been made in XML Export, Web Archive and to the Reporting and Update API.

26Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Controls to Zoom and Rotate the image.

Demostración

28Copyright © 2016 Symantec Corporation

Nuevos Identificadores de Datos (DI)

Nuevos Identificadores de Datos Disponibles

International Securities Identification Number (ISIN)Mobile Identity Numbers - IMEI Number

Japanese My Number – Corporate

Japanese My Number - Personal

Australian Company Number Mexico CLABE Number

Australian Passport Number New Zealand Ministry of Health Number (NHI)

Australian Tax File Number South Korea Resident Registration Number

Colombian Addresses Spanish DNI ID

Colombian Cell Phone Number Ley 1581 DatosPersonales

Turkey Citizenship Number / Turkish Identification Number

Colombian Personal Identification Number Ley 1581 Drug Enforcement Agency (DEA) Number

Colombian Tax Identification Number Ley 1581 National Provider Identifier (NPI)

Finland National ID Number Washington State Driver’s License Number

30Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Mejoras en la Manipulación de Políticas y Reglas

Resúmen y Casos de Uso

• Exportar, Importar y clonar políticas

• Dentro del mismo Enforce Server o entre diferentes Consolas Enforce

– Estrategias de Recuperación ante desastres

– Minimizar la administración

– Asistencia en la resolución de problemas disponible

Symantec DLP 14.5 Differences Training: Storage, Platform and Reporting32

Nuevas Opciones disponibles en la GUI

Policies are imported one at a time.

All the existent policies can be exported. XML files are contained in a Zip file [ENFORCEHOSTNAME]-policies-DATE-TIME.ZIP.

Policies can be exported individually as an XML file[ENFORCEHOSTNAME]-[POLICYNAME]-DATE-TIME.XML.

Symantec DLP 14.5 Differences Training: Storage, Platform and Reporting33

Prevención contra fugas en Nube Box ®

Overview

• Cloud Sync was first introduced in DLP 14.

• Improvements and new features (for Box ®)

– Identity aware protection, allowing organizations to use cloud applications through Enterprise accounts.

– Prevent upload of corporate sensitive information to personal Box account through Sync and Office clients by applying detection policies.

– Identity based ignore filtering is applicable to Box only and not for other cloud storage applications.

35Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Requirements and Prerequisites

• Below applications should be installed on endpoint

– Box Sync.

– MS office.

– Box for Office Add-in.

• Supported Versions of Office

– Office 2016 (x86, x64).

– Office 2013 (x86, x64).

– Office 2010 (x86, x64).

36Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Configuración

Enable Cloud Storage channel under Configured Applications.

Accounts or domains whose content will be ignored by DLP Agent for Box operations.

37Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Ejemplo Prevención de Fuga - Excel

When the user clicks on Share, this windows is

displayed before triggering the upload

operation. Quarantine location.

Box for Office ribbon.

38Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Ejemplo Prevención de Fuga Office

Corporate accounts or domains can be excluded from detection at Agent Configuration level. Box for Office user logged with an enterprise account.

39Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Ejemplo Prevención de Fuga - Outlook

40Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Incidentes

Symantec DLP 14.5 Differences Training: Storage, Platform and Reporting41

Demostración

43Copyright © 2016 Symantec Corporation

Notas Finales

Resúmen

• Mejoras Disponibles en DLP v14.5

– New Form Recognition detection technology.

– IDMv3 improving index and detection performance and extending support to Endpoint (Windows and Mac).

– New detection rule to protect email based on the number and size of attachments.

– Endpoint Cloud Sync identity-based usability and protection.

– New international data identifiers.

– Out-of-the-Box quarantine response rule for Cloud Storage.

– New Policy Export and Import process.

– Improved IP Address to Username resolution configuration.

– Red Hat Enterprise Linux 7.1 and 7.2 support.

45Symantec DLP 14.5 Differences Training: Detection, Storage, Platform and Reporting

Thank you!

Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Jairo Pantoja

Jairo_pantoja@symantec.com