Upload
andris-soroka
View
227
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
Citation preview
1
For your eyes only - Encryption and DLP
Erkko SkantzSymantec Finland
2
DATA CENTER SECURITY
INFORMATION MANAGEMENT
USER PRODUCTIVITY
3
Focus on information
4
Today's System-Centric Enterprise
Data Center
Point of Sale Field
Field Offices
Headquarters
5
Today's System-Centric Enterprise
Data Center
Point of Sale
Field Offices
Headquarters
1 in 10people have lost a laptop,
smart phone, or USB drive with corporate information on it
Field
12,000Laptops lost in United
States airports every week
6
Today's System-Centric Enterprise
Data Center
Point of Sale
Field Offices
Headquarters
1/2of corporate data resides
on mobile devices Field
7
Information is the most important asset you have
Data Center
Point of Sale Field
Field Offices
Headquarters
8
Where to get started?Where to implement encryption and DLP?
Recovey point- and time objective
9
CRASH
Last backup taken System up again
How much data can I afford to
lose?
How long does it take to get my
system up again?
1 Hour24 Hours 1/2 Hour 1 Hour
Impact of data loss?
The Mistakes that Companies Often Make
10
Disk Encryption
Deploy infrastructure
USB Encryption
Deploy infrastructure
Mobile Encryption
Deploy infrastructure
Find tactical solution Create keys
Find tactical solution Create keys
Find tactical solution Create keys
11
Pay attention
Encryption is Easy
12
1) Take a document2) Create a key and encrypt the document / file / disk
• Ask for management platform for encryption.
• Most customers think they are buying an encryption application. Don’t make this mistake.
Administration can be difficult
13
1) Encryption management is UNLIKE any other administrative responsibility
2) Normally, administrative responsibilities end when the user leaves / quits
3) You must manage an encryption key for as long as there is encrypted data!
Suggested roadmap
14
Full disk encryption
Encryption Management
Server
Device and media encryption
File/folder/shared server encryption
Smartphone solutions
End-2-end email encryption
Gateway email encryption
FTP, batch, backup transfer
15
Full disk encryption, the easy way
Symantec Full Disk Encryption• Encrypts desktops, laptops, and USB drives• Protects against
– Personal computer loss / theft / compromise / improper disposal
• Reduces risk of data loss• Protects against reputation damage• Enables business continuity without disrupting
user productivity• Demonstrates compliance to regulatory
standards• Common Criteria Evaluation Assurance Level
4+ (EAL4+) certification16
Symantec Full Disk Encryption Deployment
• Flexible .MSI and .PKG formats • Support for SMS, Zenworks, Altiris, AD GPO• Deploy to: Windows, (including Windows Server), Windows 8
(BIOS and UEFI), Mac OS X, Ubuntu, and Red Hat clients
17
Clients
Software Deployment Tool
LDAPEncryption Management
Server
18
Step 1Policy and
Provisioning
• Administrators configure policy on Symantec Encryption Management Server
• Deploy installation package(s) to Windows (or Mac OS X/Linux) laptops/desktops
Step 5Compliance
• Administrator views logs and reports on Symantec Encryption Management Server
Step 6Helpdesk
• Forgotten passwords
• Unavailable employee
• Machine recovery
Step 3Pre-Boot
Environment
• User is presented with modified pre-boot environment on reboot (or resume from hibernation)
Step 2Initial
Encryption
• Install Symantec Drive Encryption client
• System is encrypted, block-by-block
Step 4Authentication
• User logs in using passphrase or smart card
Full Disk Encryption How It Works
Product & Solution ResultSituation
19
Bag (+computer) lost at the airport or stolen from the car.
The laptop was encrypted and the data was inaccessible by unauthorized users. Because the data was encrypted, the company did not have to report the breach. The company did not suffer a public blackeye.
Symantec Drive Encryption
It is about the information
Symantec Drive Encryption: Encrypt all laptops and desktops.
Product & Solution ResultSituation
20
Employees are storing confidential documents in the cloud. They are doing this for collaboration purposes.
All data being stored in the cloud is encrypted prior to being sync’d into the cloud. Data is secure from 3rd party cloud companies as well as from compromise of account information to the cloud.
THEME: Cloud Storage
It is about the information
Symantec File Share Encryption: Encrypt data on internal file shares and data on cloud storage lockers.
ResultSituation Product & Solution
21
Email administrators are reading the email of the Executive staff
Emails are secured on the desktop. Email admins can still access the emails on the mail server, but cannot read them because they are encrypted. Backups of the emails remain encrypted and secured.
THEME: Email
It is about the information
Symantec Desktop Email Encryption: Encrypt and decrypt emails at the desktop level before leaving the desktop to the mail servers.
Information encrypted
22
ENDPOINT ENCRYPTION
Products
FILE AND SERVER ENCRYPTION
EMAILENCRYPTION
MANAGEMENT• Keep data secure
• Meet compliance objective
• Protect the business
• Control costs and liabilities
Objectives• Protect data
at rest
• Product data in motion
• Protect in use
Tasks
Complete Encryption Platform
23
Smartphone Solutions
Full Disk Encryption (FDE)
File/Folder/Shared Server Encryption
End-End Email Gateway Email Encryption
Management
Central Management of Encryption Applications
Symantec Encryption Management Server
Device and Media Encryption FTP/Batch and Backups
Key Management
PGP® Key Management Server (KMS)
24
The alternative option for encrypting everything
25
DISCOVER MONITOR PROTECT
Where is your confidential data?
How is it being used? How best to prevent its loss?
How Symantec DLP Works
26
DATA LOSS POLICY
Content
Credit Cards
SSNs
Intellectual Property
Context
Who?
What?
Where?
Action
Notify
Justify
Encrypt
Prevent
Notification
User
Manager
Security
Escalate
RESPONSEDETECTION
Find it. Fix it.
27
Symantec Data Loss Prevention
Symantec Data Loss Prevention Products
28
Management PlatformSymantec Data Loss Prevention Enforce Platform
STORAGE ENDPOINT
Network Discover
Data Insight
Network Protect
Endpoint Discover
Endpoint Prevent
Mobile Email Monitor
Network Monitor
Network Prevent for Email
Network Prevent for Web
NETWORK
Mobile Prevent
Symantec Data Loss Prevention Architecture
29
Secured Corporate LAN
SPAN Port or Tap
Network Discover - Data Insight - Network Protect
STORAGE
ENDPOINT
MGMT PLATFORM NETWORK
DMZ
Network Monitor - Network Prevent – Mobile Email Monitor – Mobile Prevent
MTA or Proxy
Enforce
Endpoint Discover - Endpoint Prevent
1000
800
600
400
200
0
Continuous Risk Reduction
30
Competitive TrapRisk Reduction Over Time
Inci
dent
s Pe
r Wee
k
Visibility
Remediation
Notification
Prevention
31
Putting it all together
32
Defense in Depth: DLP and Encryption
DLP: FIND ENCRYPTION: FIX
Gateway
Removable Storage
File-Based
33
Thank youQuestions? - [email protected]