1 / 29

Sean C. Wilcox, Sr. Product Marketing Manager

Securing Your Email – ensuring that outbound messages comply with corporate policies and external regulations. Sean C. Wilcox, Sr. Product Marketing Manager. Agenda. Introduction to Proofpoint Content security risks Content monitoring and filtering requirements Proofpoint solution

brendan-lyne
Download Presentation

Sean C. Wilcox, Sr. Product Marketing Manager

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Your Email – ensuring that outbound messages comply with corporate policies and external regulations Sean C. Wilcox, Sr. Product Marketing Manager

  2. Agenda • Introduction to Proofpoint • Content security risks • Content monitoring and filtering requirements • Proofpoint solution • Policy enforcement and compliance in action Proofpoint Confidential

  3. Agenda • Introduction to Proofpoint • Content security risks • Content monitoring and filtering requirements • Proofpoint solution • Policy enforcement and compliance in action Proofpoint Confidential

  4. Proofpoint Snapshot • Provide messaging security to Global 2000, Fortune 500 • HQ in Silicon Valley, CA, offices around the world • 24x7 global support • Best of breed partners • Award-winning solutions • Customers are 100% reference-able Strategic Partners Proofpoint Confidential

  5. Email is Both Enabler and Largest Risk • Email is mission critical • But brings new risk • Email is ubiquitous • So is electronic data • “Over 70% of intellectual property can be foundin the email system” • Email is the top concern followed by HTTP, FTP Memos Other email File systems DBs Source: ESG Research Proofpoint Confidential

  6. Top Outbound Email Concerns Source: Proofpoint/Forrester Survey 2005 Proofpoint Confidential

  7. What’s Occurred in Last 12 Months? Source: Proofpoint/Forrester Survey 2005 Proofpoint Confidential

  8. Risks Consequences • Lack of internal governance enforcement • Breaches of privacy and regulations • Leaks of intellectual property • PR/brand damage, decreased shareholder value • Employee litigation • Regulatory penalties • Loss of customers & trust • Loss of business and competitive advantage • Decrease in national security “Content Monitoring and Filtering” mitigates these risks What are the Business Risks? Proofpoint Confidential

  9. Agenda • Introduction to Proofpoint • Content security risks • Content monitoring and filtering requirements • Proofpoint solution • Policy enforcement and compliance in action Proofpoint Confidential

  10. Information gathering - Assessment Policy creation Policy Application Controls Access controls Communication controls Risk Mitigation Starts with Policy Business, departments, industry, intellectual property, corporate data, regulations, audit Messaging Controls Source: Modified from Institute of Internal Auditors Proofpoint Confidential

  11. Problems with Existing Content Monitoring and Filtering Protection • Detection technologies lack, well, detection capability • Policy -> technology mapping is inaccurate • Encryption technologies too costly & cumbersome • Business user interfaces are minimal • Different solution for each messaging protocol Proofpoint Confidential

  12. Detection Technology Gap • “What do you need to detect to enforce your policy?” • Certain words, phrases, important numbers/strings, information in databases, networked directories • E.g., “guarantee”, CC#’s, MRIs, Insurance claim forms • “What technologies are you using today?” • Keyword & regular expression dictionaries • Keyword & regular expression dictionaries • Keyword & regular expression dictionaries • Keyword & regular expression dictionaries • Keyword, regular expression dictionaries and Bob! Detection Policy Encryption Business User Interface Multi-Protocol Proofpoint Confidential

  13. Detection Policy Encryption Business User Interface Multi-Protocol Reliance on Dictionary Technology is Dangerous • A good first step, but… • Very quickly out of date • Cumbersome for administrators to manage • Business users don’t have direct access • Only works on structured information, thus misses a large portion of private data • Need to protect unstructured content Proofpoint Confidential

  14. Detection Policy Encryption Business User Interface Multi-Protocol Let Policy Define Technology • Many technologies dispose messages based on a “score”, basically the # of private terms in messages • The more terms, the higher the score • Leads to false positives, incident response overhead and “over-encryption” • HIPAA example • Two doctors might be emailing re. a procedure and receive a high score, thus blocked or encrypted • But, PHI is defined as “individually identified health information” • Essentially the combination of personal identifiers and health info • For example “Patient Name + X-ray” Proofpoint Confidential

  15. Detection Policy Encryption Business User Interface Multi-Protocol Encryption Needs to be Secure & Easy • PKI technology is secure • but difficult to gain adoption and manage digital certificates over time • I is for (lots of) Infrastructure (and $’s) • Real users are often unsophisticated • Web pick-up solutions requires a separate storage of messages • Solution requires • Same level of security of PKI • Much better usability • Low administrative and management cost Proofpoint Confidential

  16. Detection Policy Encryption Business User Interface Multi-Protocol Where are the Business User Interfaces? • Most Interfaces to technology are for technical/security administrators • Some administrators should not see (or know) privacy data • Business users need to be able to easily maintain policies and enforce incidents Proofpoint Confidential

  17. Detection Policy Encryption Business User Interface Multi-Protocol Email is Just the Tip of the Iceberg • Personal Webmail • Blogging • Message Boards • Instant Messaging • FTP, … Proofpoint Confidential

  18. Agenda • Introduction to Proofpoint • Content security risks • Content monitoring and filtering requirements • Proofpoint solution • Policy enforcement and compliance in action Proofpoint Confidential

  19. Proofpoint Attack Response Center (PARC) HTTP FTP HTTP FTP Secure Messaging Anti-spam, Reputation Email Firewall Zero-Hour Anti-Virus Regulatory Compliance Digital Asset Security Content Compliance Anti- Virus Network Content Sentry – HTTP & FTP Management Interface & Policy Engine Proofpoint Messaging Security Suite SMTP SMTP MTA & Message Processing Architecture Proofpoint Confidential

  20. Detection Policy Encryption Business User Interface Multi-Protocol Proofpoint Digital Asset Security Module Automatically protect (unstructured) digital assets • Continuously train on content in • Web servers • Files systems • Network shares • Documentum™ • Supports removal from training • Business users maintain content • Email and administrator upload also available File systems Web Servers Documentum Proofpoint Confidential

  21. Detection Policy Encryption Business User Interface Multi-Protocol Proofpoint Regulatory Compliance Module Compliance with privacy regulations and policies • Smart personal identifiers • Social Security numbers, Client/customer names, UK National Insurance ID • Smart payment indicators • Credit card numbers, CUSIP #, ABA routing # • Proofpoint Managed HIPAA Code-sets • HCPCS: CMS Common procedure codes • ICD9: CMS Disease codes • NDC-Class: National drug codes • NDC-Dosage: National drug codes • NDC-Names: National drug codes • NDC-Route: National drug codes • Any custom smart identifier • Detects PHI: Finds identifier + health information Proofpoint Confidential

  22. Detection Policy Encryption Business User Interface Multi-Protocol Proofpoint Secure Messaging Tightly integrated policy control and encryption MTA Routing & Policy Engine Email Server Email Server Secure Messaging Module ZDM Key Server Decrypt Encrypt Doctor Patient LDAP / DB Authentication Proofpoint Confidential

  23. Detection Policy Encryption Business User Interface Multi-Protocol Business User Incident Workflow Compliance Incident Manager Proofpoint Confidential

  24. Detection Policy Encryption Business User Interface Multi-Protocol Proofpoint Network Content Sentry Proofpoint Network Content Sentry FTP • Monitor HTTP, FTP traffic • Ensure content security for web mail, blogs, message boards and FTP • Leverage existing policy management, reporting, quarantine HTTP and FTP Enforce policy with Proofpoint Messaging Security Gateway or Protection Server Proofpoint Confidential

  25. Protecting Privacy - HIPPA • Large healthcare organization 150,000 user deployment • Anti-spam, Anti-virus • Regulatory Compliance • Secure Messaging • 500,000 messages per day • Key content security concerns: • Ease of management • PHI detection for HIPAA compliance • Policy-based encryption Proofpoint Confidential

  26. Protecting Privacy - GLBA • Financial corporation -- leading provider of mortgage outsourcing solutions • Anti-spam, Anti-virus • Regulatory Compliance • Digital Asset Security • Key content security concerns: • Protect customer financialinformation (GLBA compliance) • Protecting • loan documents • credit reports • application forms Proofpoint Confidential

  27. Protecting Intellectual Property • Helicopter design & manufacturer • Supplies the US military & Lockheed Martin • Anti-spam, Anti-virus • Digital Asset Security • Key content security concerns: • Protection of • Confidential design documents • R&D documents • CAD file detection Proofpoint Confidential

  28. Proofpoint Risk Assessment Proofpoint will help you evaluate and quantify the risk • 30-day Risk Assessment includes • One-on-one consultation • 30-day, live email audit – no actions taken • Risk assessment results and recommendation • Discover • What type of confidential data is flowing over email? Who is sending it? What’s the probability of a specific breach? • What regulations are being violated? Proofpoint Confidential

  29. Securing Your Email – ensuring that outbound messages comply with corporate policies and external regulations Sean C. Wilcox, Sr. Product Marketing Manager

More Related