protecting your information assets l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Protecting your information assets PowerPoint Presentation
Download Presentation
Protecting your information assets

Loading in 2 Seconds...

play fullscreen
1 / 54

Protecting your information assets - PowerPoint PPT Presentation


  • 319 Views
  • Uploaded on

Protecting your information assets Eoin Farrer ILP Sales Manager Northern Europe 21 November 2008 Information security is a people issue Once access is granted, what happens to your data? Are your IT systems equipped to deal with people issues? Agenda What you are telling us

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Protecting your information assets' - Ava


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
protecting your information assets

Protecting your information assets

Eoin Farrer

ILP Sales Manager

Northern Europe

21 November 2008

information security is a people issue
Information security is a people issue

Once access is granted, what happens to your data?

Are your IT systems equipped to deal with people issues?

what you are telling us
What you are telling us

95% of organisations would not be confident theywould know if a data leak occurs*Survey of 105 international security professionals at at eCrime Congress London, 2007

sensitive information is everywhere
Sensitive Information is everywhere

Finance

HR

Employee data

Payroll

IT

Investor information

E-Banking records

Budgets

Intranets

Extranets

Network Designs

Confidential plans

Designs

Client databases

M&A

Strategic plans & designs

Client data

Forecasts

Management

Sales

Marketing

the landscape

Channels: Exploits, HTTP/S, P2P, IM, FTP

Channels: SMTP, IM, P2P, FTP, HTTP/S, Print

The Landscape

Inbound

Inappropriate content

Malcode

Fraud

Productivity inhibitors

Outbound

Confidential information

Customer data

Intellectual property

Regulated information

Fundamental Business Issues

Regulatory Compliance & Risk Management

Productivity and Corporate Governance

Business Continuity and Competitive Advantage

people issues put content at risk

Trojan horse captured data on 2,300 Oregon taxpayers

By Todd Weiss, Computerworld, 06/15/06

People issues put content at risk

The Oregon Department of Revenue has been contacting some2,300 taxpayers this week to notify them that their names,addresses or Social Security numbers may have been stolen by a Trojan horse program downloaded accidentally by a former worker who was surfing pornographic sites while at work in January.

their names,

addresses or Social Security numbers may have been stolen

Trojan horse program downloaded

surfing pornographic sites

why is this a hot issue all of a sudden
Why is this a hot issue all of a sudden?

EJS Ráðgjöf | Nóv. 2007

  • We hear of information leaks every day
  • Are incidents on the rise or more being disclosed?
    • Both!
  • Regulatory Compliancy is a key driver
  • As is protecting Brand and Intellectual assets
  • CISO’s know the value of thier data assets
  • So do the bad guys!
slide11

How is Data Being Leaked?

HTTP

Email

Networked Printer

Endpoint

Internal Mail

Corporate Webmail

IM

Other

What Type of Data is Leaked?

Non Public Information

Confidential Information

Intellectual Property

Protected Health Information

slide12

Unintentional leaks:

Accidental/Ignorant

Customer_Info.xls

Customer_Intel.xls

Unintentional leaks:

Malicious

Spyware orKeylogger Site

Un/Intentional:Broken Business Process

Data in Motion

Data at Rest

Intentional:Malicious

how big is the malicious issue
How big is the malicious issue?

Unintentional/Accidental (77%)

Malicious Intent (23%)

- Infowatch 2007

EJS Ráðgjöf | Nóv. 2007

  • Accidental or unintentional is the biggest leak source
  • Malicious activity on the increase
    • Targeted trojans, Spyware, Greyware
managing the malicious risk
Managing the malicious risk

EJS Ráðgjöf | Nóv. 2007

  • ILP solutions have not focused heavily on this problem, it needs IT Security and Infosec awareness
  • Websense offer a Total Content Security approach
    • Brings best of breed content filtering and web security together
    • Full content and context awareness
malicious activity destination awareness
Malicious activity – Destination Awareness
  • Gay or Lesbian or Bisexual Interest
  • Hobbies
  • Personals and Dating
  • Restaurants and Dining
  • Social Networking and Personal
  • Sport Hunting and Gun Clubs
  • Travel
  • Special Events
  • Vehicles
  • Violence
  • Weapons
  • Internet Radio and TV
  • Internet Telephony
  • Peer-to-Peer File Sharing
  • Personal Network Storage and Backup
  • Streaming Media
  • Advertisements
  • Freeware and Software Downloads
  • Instant Messaging
  • Pro-Choice
  • Pro-Life
  • Adult Content
  • Financial Data and Services
  • Educational Institutions
  • Educational Materials
  • Reference Materials
  • MP3 and Audio Download Services
  • Gambling
  • Games
  • Military
  • Political Organizations
  • Health
  • Hacking
  • Proxy Avoidance
  • Search Engines and Portals
  • URL Translation Sites
  • Web Hosting
  • Web Chat
  • General Email
  • Organizational Email
  • Text and Media Messaging
  • Job Search
  • Content Delivery Networks
  • Dynamic Content
  • File Download Servers
  • Image Servers
  • Images (Media)
  • Alternative Journals
  • Religious
  • Internet Auctions
  • Real Estate
  • Professional and Worker Organizations
  • Service and Philanthropic Organizations
  • Social and Affiliation Organizations
  • Alcohol and Tobacco
  • Message Boards and Forums
  • Online Brokerage and Trading
  • Pay to Surf
  • Bot Networks
  • Keyloggers
  • Malicious Websites
  • Phishing and Other Frauds
  • Potentially Unwanted Software
  • Spyware
  • Potentially Damaging Content
  • Elevated Exposure
  • Emerging Exploits
  • User Defined

EJS Ráðgjöf | Nóv. 2007

the power of destination awareness

Destination Categories

Financial Data and Services

Forbes, CNNMoney, Bloomberg

Search Engines and Portals

Google, Yahoo, MSN, Dogpile

General and Organizational Email

Corp. Webmail, Hotmail, Gmail

Social Networking and Personal

Wikipedia, MySpace, LinkedIn

Bot Nets, Spyware, Keyloggers, etc.

The Power of Destination Awareness
slide17

EJS Ráðgjöf | Nóv. 2007

But...

it’s important to know that fighting determined intent can be very difficult...

notkun ilp lausna
Notkun ILP lausna

EJS Ráðgjöf | Nóv. 2007

in a nutshell
In a nutshell...

* Educated guess

EJS Ráðgjöf | Nóv. 2007

  • ILP Solutions can with high degree of certainty
    • Stop accidental/ignorant/negligent user incidents
    • Stop the “average” malicious user (sales guy posting customer db to webmail account)
    • Malicious information stealing trojan
  • But this could account for 90-100%* of leaks for a given company
  • Also ... It is one of the most effective solutions for ensuring compliance with regulations such as PCI, SOX etc
  • ILP solutions do not offer 100% information security
    • But significantly reduce the risk of data loss
    • Are rapidly becoming a key part of information risk management
hva er til r a
Hvað er til ráða?

EJS Ráðgjöf | Nóv. 2007

best practice
Best Practice
  • 7 Steps to Success – It’s about process, people and technology!
    • Identify and find data
    • Classify data
    • Monitor the flow of data inside the network
    • Control who distributes data
    • Control where data is distributed to
    • Prevent leaks via non-business channels
    • Protect data at all times
best practice23

Your Data

Best Practice
  • Step 1: Identify and find data
    • Define what is actually “confidential” data
    • Discover data anywhere in your network
      • Desktops
      • Laptops
      • File Servers
      • Databases
      • eVaults
      • Other…
    • Automate the process
    • Review regularly
best practice24
Best Practice
  • Step 2: Classify data
    • Use technology to build on previous step
      • watermark, signature, fingerprint, hash – whatever!
    • It has to be…
      • Accurate
      • Robust
      • Secure
    • Automate the process - Do you see a pattern here?
best practice25

Custom Channels

IM

HTTP

Print

FTP

Email

Best Practice
  • Step 3: Monitor the flow of data inside the network
    • Inbound, Outbound, Internal
    • Which business channels are used for information flow?
      • Email, HTTP, IM, FTP, Printing etc.
    • This must be Real-Time!
best practice26
Best Practice
  • Step 4: Control who distributes data
    • Who actually does what in the organisation?
      • Do you have an org chart?
        • Finance, Marketing, R&D, HR, Customer Services
      • Do you have a directory service?
    • You must make use of this information
    • Essential for any forensics investigations
    • Remember, it’s about people!
best practice27

Allowed Information

Organization Network

Blocked Information

Trusted Destination

Spyware

Authorized User

Phishing

File Server

Hacker

Trusted Protocol

Network Users

Infected

Remote User

Spyware Infected User

Best Practice
  • Step 5: Control where data is distributed to
    • Do you have any idea where data is sent?
      • HTTP, is it a Business Partner or Web-Mail?
best practice28
Best Practice
  • Step 6: Prevent leaks on non-business channels
    • Are you monitoring other channels?
      • USB
        • Removable HDDs
          • iPods
          • Cameras
      • P2P
      • Hosted Storage
      • Evasion applications
        • RealTunnel
        • GhostSurf
best practice29
Best Practice
  • Step 7: Protect data at all times
    • We all need to learn to focus on the data, not just the threat
      • Recognise these?
        • Trojans, Worms, Spyware, Bots
      • What about these?
        • Stupidity, Naivety, Laziness, Willingness to “work around” policy, Broken business process
    • Bottom line is your security will fail at some point due to one or more of the above!
gartner magic quadrant for m f dlp 2q07
Gartner Magic Quadrant for M&F&DLP, 2Q07

Symantec

(PortAuthority)

Trend Micro / Provilla

EMC

McAfee / Onigma

Gartner Disclaimer: This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated In the context of the entire report.

EJS Ráðgjöf | Nóv. 2007

how can websense help here
How can Websense help here?

EJS Ráðgjöf | Nóv. 2007

The leading ILP solution

Dominating the Web Security market with 42% market share

42,000 customers, solid revenues and stable company

best practice for protecting data

Quarantine

Remediate

Block

Encrypt

Notify

Custom Channels

IM

HTTP

Print

FTP

Email

File Server

Laptop

Database

Desktop

Best Practice for Protecting Data
content protection suite architecture
Content Protection Suite Architecture

Data In Motion

Data Learning

Data at Rest

Data In Use

technology platform preciseid

Technology

Barrier

Technology

Barrier

1stGeneration Fingerprints

Regular

Expression withDictionaries

Regular

Expression

Keywords

Technology Platform:- PreciseID™

There are multiple techniques to classify and identify information, but only PreciseID™ NLP offers the most accurate and granular information leak prevention

High

3rdGeneration

PreciseID

Detection Accuracy

Low

Detection Granularity

why accurate identification is critical
Why Accurate Identification Is Critical

False Positives Cost Resources and Time

1

>160 false positives/day = 1 FTE

False Positives Reduce Employee Productivity

2

False Negatives Can Damage Brand, Reputation and Competitive Advantage

$5-20 million per incident

3

Accurate Identification Enables Smooth Workflow and Incident Remediation

4

preciseid fingerprinting learn data

0xB6751

0xB61C1

0x37CB2

0x5BD41

0x190C1

0x93005

0x590A9

0xA0001

0xB6751

0xB61C1

0x37CB2

0x5BD41

0x190C1

0x93005

0x590A9

0xA0001

PreciseID™ Fingerprinting: Learn Data

Fingerprints

database

Phase I: Fingerprint data at rest

0x59A06

01011100110100110000101100 100100 1000111 011 0110011 0111101

0x66A1A

0x1678A

0x461BD

0x6678A

0x4D181

Extract

0xB678A

0x9678A

0xB6751

0xB61C1

Database

Record or

Document

Algorithmic

Conversion

One-way

Mathematical Representation

Fingerprint

Storage &

Indexing

0x37CB2

0x5BD41

0x190C1

0x93005

0x590A9

0xA0001

Example:

01011100110100110000101100 100100 1000111 011 0110011 0111101

Algorithmic

Conversion

One-way

Mathematical Representation

Fingerprint

Storage &

Indexing

preciseid technology at work detection

0x5BD41

0x190C1

0x93005

PreciseID™ Technology at Work: Detection

Fingerprint

database

Real Time Data Detection

0x59A06

0x66A1A

0x1678A

0x461BD

0x6678A

01011100110100110000101100 100100

0x4D181

0xB678A

0x9678A

0xB6751

0xB61C1

Algorithmic

Conversion

One-way

Mathematical Representation

Fingerprint

Creation

Outbound Content

(E-mail, Web, Fax,

Print, etc.)

0x37CB2

0x5BD41

0x190C1

0x93005

0x590A9

0xA0001

Real-Time

Fingerprint

Comparison

Policy

Action

using websense preciseid
Using Websense PreciseID™

Database Server

Document Management System

File Server

Policy

Enforcement

1

Data location defined using easy-to-use GUI

Websense Appliance

2

Database and DMS crawlers read only the data to be protected

3

PreciseID engine generates data fingerprints and stores in database

4

Original data is not altered or copied

5

Audit and reporting

protecting data
Protecting Data
  • Websense protects any data: Structured and unstructured, maintained in any container
    • 370 file formats
      • Content based detection
      • File content is always inspected
      • CAD/CAM
    • Any database
      • Automatic or manual learning of data including database content updates
    • Document Management Systems
websense use cases
Websense Use Cases
  • Pattern Policies
    • PCI, SEC, HIPAA etc
  • Customer data protection
    • Data fields in a record in a database
  • Confidential information protection
    • Unstructured data in different file formats
use case customer data protection

1234567891234567

1234

0207

123

John Hancock

1234567891234568

1234567

0307

1234

Samuel Adams

1234567891234569

0207

0207

124

John Adams

Please check activity w/ credit

card number

1234567891234567

Please check activity w/ credit

card number

1234567891234567

David Flinter, manager

Please check activity w/ credit

card number

1234567891234567 belongs to Mr. John Hancock

David Flinter, manager

Use Case: Customer Data Protection
  • Records management: built to protect structured data
  • Example: Database with credit cards data

Card Number

15 or 16 Digits Long

PIN

4 to 12 Digits

CVC

3 or 4 Digits

Expiration

Other Data

  • Content filters can easily identify credit card numbers and point to probable leaks
    • But for prevention purposes it is not enough to identify a credit card number, it is also critical to get the relevant data elements correlated
use case confidential data protection
Use Case: Confidential Data Protection
  • Multi selection folders for unstructured document fingerprinting
    • Unlimited number of policies
    • Any file system

File Server 1

File Server N

Crawlers

Policy

properties

4 steps to getting started

Step 1: Configure monitoring on network

    • Setup: 2 hours

Step 2:Select the policies that reflect the crown jewels you want to protect

DataatRest

DatainUse

Step 3:Wait a week and find out who is sending what information where

Spyware orKeylogger Site

DatainMotion

Step 4:Create a monitoring and enforcement policy based on results

4 STEPS TO GETTING STARTED
summary
Summary

EJS Ráðgjöf | Nóv. 2007

Information Leaks are happening every day, ILP solutions are the way to combat the problem.

Integrated with Web Security provides the highest level of inbound and outbound control

ILP solutions are easy to deploy and cheaper than you might think.

If you are responsible for highly sensitive data, losing that data is going to have a major impact on your business and your job.

slide48

PROTECT YOURDATAPROTECT YOURCUSTOMERS

PROTECT YOURBUSINESS

Register for a free risk assessment at: websense.com/CPS

integration options
Integration Options

Database crawler

Microsoft ISA

Encryption

Gateway

Print

Server

Microsoft

Exchange

Lotus

Notes

Customized

Applications

DMS API

Websense

Agent API

Websense

Agent API

Files crawler

Protected

Data

Enterprise Management Appliance

Discovery

Users Network

LDAP

Active Directory / LDAP

Protector Appliance

Protector Appliance

ICAP

Legend

Optional data connectors

Websense management

Proxy

Network Tap

Mirror/SPAN Port

Optional DATASEC

Optional Websense Server agent

Enterprise network

flexible deployment options

TAP

Network A

Flexible Deployment Options

Network C

Network E

Proxy

TAP

TAP

Network B

Network D

Protector Appliance

In Passive mode

Protector Appliance

In hybrid mode :

In-line, Passive and Proxy

Protector Appliance

In hybrid mode :

In-line, Passive and Proxy

Desktops

Servers

Laptops

Management Appliance/

Content Server

Protector Appliance

In Discovery mode

Agent based

Real time protection

data classification methodology

Principal

Pareto

Progressive

Data Classification Methodology

The 3P methodology

  • Principal
    • Top 5%, crown jewels, use PreciseID Fingerprinting
  • Pareto
    • Continue fingerprinting, use smart NLP policies
  • Progressive
    • Ongoing tuning and new data policies