Data Security Solutions Principles of Data Protection

Artūrs FilatovsBusiness Development Executive

Riga, Latvia

Riga, Latvia

“Data Security Solutions” business cardWhat We Do?

DSS

ICT Security Provider

Advisory, Consulting, Installation,

Support

Most Innovative Portfolio in

BalticsMember–

ships, Awareness

Rising

Technology &

Knowledge Transfer

ICT Security

Evangelists

Endpoints

Applications

Networks

Data

Identity

Mobility

Management

Cloud

DSS Global Partnerships

DSS Delivering Excellent ICT Security Operatitions to its Customers

Customer ICT Security

Operations Excellence

Cooperation with Industry Top Technology

Leaders Recognised by Gartner, IDC,

Forester

Top level ICT Security

Professionals

Selected Cutting Edge ICT Security Innovative

TechnologyIntegration

Pan-Baltic

Projects

Particular Focus on Security

ERGO Case Study

Dainis Bairs, Head of IT department of

ERGO insurance Latvia

DSS Solution

Integrated

into Corporate

Training

Process

ABLV Bank Case StudyDSS Regional

Technological

Inception

Citadele BankCitadele Bank Case Study

DSS

Internationally

Recognised

Project

Agenda

DLP

Story of Digital World

Introduction to DLP

Features vs.

Solutions

Content

vs. Context

Data in Motion/ Rest/ in

Use

DLP Selection Process

Prologue: The Digital World 2015 & future

Fastest technology development in time..

What this is not about

Prologue: Some new technologies3D Printers

Google Glasses (“glassh**es)

Cloud Computing

Big Data & Supercomputers

Mobile Payment & Virtual Money

Robotics and Intraday Deliveries

Internet of things

Augmented Reality

Extreme development of Aps

Digital prototyping

Gadgets (devices) & Mobility

Technology replaced jobs (automation)

Geo-location power

Biometrics

Health bands and mHealth

Electronic cars

Avegant Glymph and much, much

more

New security technologies

Now you see me now you don't

Sensitive Data what we create

Daily work instrument

Principles of Data Protection

Introduction of DLP

Don't be confused:

• Data Loss Prevention/Protection

• Data Leak Prevention/Protection

• Information Loss Prevention/ Protection

• Information Leak Prevention/ Protection

• Extrusion Prevention

• Content Monitoring and Filtering

• Content Monitoring and Protection

Using central policies, identify, monitor and protects corporate date in rest, in motion and in use

DLP defining characteristics:

• Central policy management

• Deep content analyze

• Broad content coverage across multiple platforms and locations

Defining DLP

• USB Port Control/ Protection/ Monitoring ?

• IT infrastructure monitoring for anomalies regarding information leaking?

• End user activities monitoring web, email, chats, document tracking…?

• Information encryption?

Lets play a game – what is not DLP Solution?

• A DLP Product - includes centralizedmanagement, policy creation, and enforcementworkflow, dedicated to the monitoring andprotection of content and data. The user interfaceand functionality are dedicated to solving thebusiness and technical problems of protectingcontent through content awareness.

• DLP Features - include some of the detection andenforcement capabilities of DLP products, but arenot dedicated to the task of protecting content anddata.

Example: USB port control is not DLP Solution is DLPFeature

DLP Features vs. DLP Solutions

• DLP is dedicated to a clear business problem (protect my content), that is differentiated from other security problems (protect my PC or protect my network) most of you should look for dedicated DLP solutions.

• DLP is highly effective against bad business processes and mistakes

Chose wisely

• Context - source, destination, size, recipients, sender, header information, metadata, time, format ....

• Business context analysis – time, environment

• Content awareness involves peering inside containers and analyzing the content itself to protect it any ware at any time by using Crack text technologies

Content vs. Context

• Rule – Based/ Regular Expressions

• Data Base Fingerprinting (ODB)

• Exact File Matching (Hash file)

• Partial Document Matching

• Statistical Analysis

• Conceptual/ Lexicon

• Pre Built Categories

Content Analysis Techniques

• Data @ Rest – scanning of storages and other data vaults for locating business critical content

• Data in Use – Endpoint monitoring to identify user activities with data

• Data in Motion – sniffing out traffic on network to identify data that has been sent out (emails, messaging, web ...)

The DATA

• Hardest point in DLP is DATA location - we call thisContent Discovery

• Enterprise Data Classification tools doesn't work wellfor finding specific policy violations

Data @ Rest

• DLP with Content Discovery – now we talking!

• 3x main components:A. Endpoint Discovery – Scans workstations for sensitive business

content

B. Storage Discovery – Scans mass storages for sensitive business content

C. Server Discovery – Scans application servers (email, Document management systems, DB…) for sensitive business content

Data @ Rest – Content Discovery

• Remote Scanning (using file sharing or application protocols)

• Agent Based Scanning (using installed agent on system)

• Memory Resident Agent Scanning (memory based agent installation performed)

Data @ Rest – Content Discovery Techniques

• Remote Scanning - can increase SIGNIFICANTLY network traffic and has limitations based on bandwidth

• Agent Scanning - temporal or permanent, are limited by processing power and memory on the target system, do not support all OS platforms

• Both are limited to Big Data Analyze

Data @ Rest – combine technique's

Once a policy violation is discovered, the DLP tool can take a variety of actions:

• Alert/Report

• Warn

• Quarantine/Notify

• Encrypt

• Access Control

• Remove/Delete

Data @ Rest – take actions in scanning phase

OLD school - DLP usually sits in network as network monitoring What about SSL?

Complexity of filtering good from bad?

Doesn't secure data when it has been copied out to USB

New school – Agent on Endpoint!

Data in Use

• Monitoring and enforcement within the network stack

• Monitoring and enforcement within the system kernel

• Monitoring and enforcement within the file system

Data in Use – mix of approaches

• Most of DLP solutions are based onNetwork Monitoring components

• Real time Full Packet Capture (Pcap),Session Reconstruction, Content Analysis

• Network topologies?

• Solution performance?

Data @ Motion – Network Monitoring

• External Email functionalities – Filtering,Blocking, quarantine and encrypting

• What about internal emails?

• Deep email system integration with DLP isabsolutely critical to perform contentprotection

Data in Motion – Email

• Nearly anyone deploying a DLP solution willeventually want to start blocking traffic

• Everything runs in real time! Big data Big traffic!

• Is it possible in real environment – allow good,block bad traffic?

• Distributed and Hierarchical environments?

Data in Motion – Filtering and Blocking

• BRIDGE - It's like sitting in a doorway watchingeverything go past with a magnifying glass

• PROXY – only few DLP solutions includetheir own proxy engine

• Not all proxies includes revers SSL

• What about internal networks?

Data in Motion – Bridge vs. Proxy Integration

Define Needs and Prepare Your Organization

• Identify business units that need to be involved and create a selection committee

• Define what you want to protect

• Decide how you want to protect it and set expectations

• Outline process workflow

The DLP Selection Process - Define Needs

Formalize Requirements

• Come up with any criteria for directory integration, gateway integration, data storage, hierarchical deployments, endpoint integration …

• RFI (Request for Information) development

The DLP Selection Process – Requirements

Evaluation of Products

• Issue the RFI (Request for Information)

• Perform a paper evaluation

• Bring in 3 vendors for an on-site presentation and risk assessment

• Finalize your RFP and issue it to your short list of vendors

• Assess RFP responses and begin product Internal Testing

• Select, negotiate, and buy

The DLP Selection Process – Evaluation

Pioneer and Innovator of DLP

• Be smart in Digital world and internet of things

• Don't be afraid from DLP solutions

• Find out your business needs, processes, information

• Discover content and context- who, when, what, how….

• Evaluate solutions not separate functionality

• Look at price/ performance indications

• Complexity is not user friendly– Chose smart

Takeaway for today

Contact UsArtūrs Filatovsarturs@dss.lv

+371 27194080

Riga, Latviawww.dss.lvLinkedIn: http://ow.ly/FAflz

Twitter: http://ow.ly/FAfv0

Facebook:http://ow.ly/FAfzZ

Youtube: http://ow.ly/FAfEN

SlideShare: http://ow.ly/FAfHd

Think Security FirstThank you