Upload
andris-soroka
View
220
Download
4
Tags:
Embed Size (px)
Citation preview
Data Security Solutions Principles of Data Protection
Artūrs FilatovsBusiness Development Executive
Riga, Latvia
Riga, Latvia
“Data Security Solutions” business cardWhat We Do?
DSS
ICT Security Provider
Advisory, Consulting, Installation,
Support
Most Innovative Portfolio in
BalticsMember–
ships, Awareness
Rising
Technology &
Knowledge Transfer
ICT Security
Evangelists
Endpoints
Applications
Networks
Data
Identity
Mobility
Management
Cloud
DSS Delivering Excellent ICT Security Operatitions to its Customers
Customer ICT Security
Operations Excellence
Cooperation with Industry Top Technology
Leaders Recognised by Gartner, IDC,
Forester
Top level ICT Security
Professionals
Selected Cutting Edge ICT Security Innovative
TechnologyIntegration
Pan-Baltic
Projects
Particular Focus on Security
ERGO Case Study
Dainis Bairs, Head of IT department of
ERGO insurance Latvia
DSS Solution
Integrated
into Corporate
Training
Process
Agenda
DLP
Story of Digital World
Introduction to DLP
Features vs.
Solutions
Content
vs. Context
Data in Motion/ Rest/ in
Use
DLP Selection Process
Prologue: Some new technologies3D Printers
Google Glasses (“glassh**es)
Cloud Computing
Big Data & Supercomputers
Mobile Payment & Virtual Money
Robotics and Intraday Deliveries
Internet of things
Augmented Reality
Extreme development of Aps
Digital prototyping
Gadgets (devices) & Mobility
Technology replaced jobs (automation)
Geo-location power
Biometrics
Health bands and mHealth
Electronic cars
Avegant Glymph and much, much
more
Introduction of DLP
Don't be confused:
• Data Loss Prevention/Protection
• Data Leak Prevention/Protection
• Information Loss Prevention/ Protection
• Information Leak Prevention/ Protection
• Extrusion Prevention
• Content Monitoring and Filtering
• Content Monitoring and Protection
Using central policies, identify, monitor and protects corporate date in rest, in motion and in use
DLP defining characteristics:
• Central policy management
• Deep content analyze
• Broad content coverage across multiple platforms and locations
Defining DLP
• USB Port Control/ Protection/ Monitoring ?
• IT infrastructure monitoring for anomalies regarding information leaking?
• End user activities monitoring web, email, chats, document tracking…?
• Information encryption?
Lets play a game – what is not DLP Solution?
• A DLP Product - includes centralizedmanagement, policy creation, and enforcementworkflow, dedicated to the monitoring andprotection of content and data. The user interfaceand functionality are dedicated to solving thebusiness and technical problems of protectingcontent through content awareness.
• DLP Features - include some of the detection andenforcement capabilities of DLP products, but arenot dedicated to the task of protecting content anddata.
Example: USB port control is not DLP Solution is DLPFeature
DLP Features vs. DLP Solutions
• DLP is dedicated to a clear business problem (protect my content), that is differentiated from other security problems (protect my PC or protect my network) most of you should look for dedicated DLP solutions.
• DLP is highly effective against bad business processes and mistakes
Chose wisely
• Context - source, destination, size, recipients, sender, header information, metadata, time, format ....
• Business context analysis – time, environment
• Content awareness involves peering inside containers and analyzing the content itself to protect it any ware at any time by using Crack text technologies
Content vs. Context
• Rule – Based/ Regular Expressions
• Data Base Fingerprinting (ODB)
• Exact File Matching (Hash file)
• Partial Document Matching
• Statistical Analysis
• Conceptual/ Lexicon
• Pre Built Categories
Content Analysis Techniques
• Data @ Rest – scanning of storages and other data vaults for locating business critical content
• Data in Use – Endpoint monitoring to identify user activities with data
• Data in Motion – sniffing out traffic on network to identify data that has been sent out (emails, messaging, web ...)
The DATA
• Hardest point in DLP is DATA location - we call thisContent Discovery
• Enterprise Data Classification tools doesn't work wellfor finding specific policy violations
Data @ Rest
• DLP with Content Discovery – now we talking!
• 3x main components:A. Endpoint Discovery – Scans workstations for sensitive business
content
B. Storage Discovery – Scans mass storages for sensitive business content
C. Server Discovery – Scans application servers (email, Document management systems, DB…) for sensitive business content
Data @ Rest – Content Discovery
• Remote Scanning (using file sharing or application protocols)
• Agent Based Scanning (using installed agent on system)
• Memory Resident Agent Scanning (memory based agent installation performed)
Data @ Rest – Content Discovery Techniques
• Remote Scanning - can increase SIGNIFICANTLY network traffic and has limitations based on bandwidth
• Agent Scanning - temporal or permanent, are limited by processing power and memory on the target system, do not support all OS platforms
• Both are limited to Big Data Analyze
Data @ Rest – combine technique's
Once a policy violation is discovered, the DLP tool can take a variety of actions:
• Alert/Report
• Warn
• Quarantine/Notify
• Encrypt
• Access Control
• Remove/Delete
Data @ Rest – take actions in scanning phase
OLD school - DLP usually sits in network as network monitoring What about SSL?
Complexity of filtering good from bad?
Doesn't secure data when it has been copied out to USB
New school – Agent on Endpoint!
Data in Use
• Monitoring and enforcement within the network stack
• Monitoring and enforcement within the system kernel
• Monitoring and enforcement within the file system
Data in Use – mix of approaches
• Most of DLP solutions are based onNetwork Monitoring components
• Real time Full Packet Capture (Pcap),Session Reconstruction, Content Analysis
• Network topologies?
• Solution performance?
Data @ Motion – Network Monitoring
• External Email functionalities – Filtering,Blocking, quarantine and encrypting
• What about internal emails?
• Deep email system integration with DLP isabsolutely critical to perform contentprotection
Data in Motion – Email
• Nearly anyone deploying a DLP solution willeventually want to start blocking traffic
• Everything runs in real time! Big data Big traffic!
• Is it possible in real environment – allow good,block bad traffic?
• Distributed and Hierarchical environments?
Data in Motion – Filtering and Blocking
• BRIDGE - It's like sitting in a doorway watchingeverything go past with a magnifying glass
• PROXY – only few DLP solutions includetheir own proxy engine
• Not all proxies includes revers SSL
• What about internal networks?
Data in Motion – Bridge vs. Proxy Integration
Define Needs and Prepare Your Organization
• Identify business units that need to be involved and create a selection committee
• Define what you want to protect
• Decide how you want to protect it and set expectations
• Outline process workflow
The DLP Selection Process - Define Needs
Formalize Requirements
• Come up with any criteria for directory integration, gateway integration, data storage, hierarchical deployments, endpoint integration …
• RFI (Request for Information) development
The DLP Selection Process – Requirements
Evaluation of Products
• Issue the RFI (Request for Information)
• Perform a paper evaluation
• Bring in 3 vendors for an on-site presentation and risk assessment
• Finalize your RFP and issue it to your short list of vendors
• Assess RFP responses and begin product Internal Testing
• Select, negotiate, and buy
The DLP Selection Process – Evaluation
• Be smart in Digital world and internet of things
• Don't be afraid from DLP solutions
• Find out your business needs, processes, information
• Discover content and context- who, when, what, how….
• Evaluate solutions not separate functionality
• Look at price/ performance indications
• Complexity is not user friendly– Chose smart
Takeaway for today
Contact UsArtūrs [email protected]
+371 27194080
Riga, Latviawww.dss.lvLinkedIn: http://ow.ly/FAflz
Twitter: http://ow.ly/FAfv0
Facebook:http://ow.ly/FAfzZ
Youtube: http://ow.ly/FAfEN
SlideShare: http://ow.ly/FAfHd