2024: Domino Containers - The Next Step. News from the Domino Container commu...
Data Loss Prevention de RSA
1. RSA Data Loss Prevention(DLP) Suite
Discover and Mitigate Business Risk from Sensitive Data
2. RSA Data Loss Prevention
Data Breaches Overview
RSA DLP Solution
Five Critical Factors
Customer Case Studies
2
2
3. Why is Information Security So Difficult?
Endpoint Network/E-mail Apps/DB FS/CMS Storage
LAN
Internal Enterprise Production File Server
Employees Applications Disk Arrays Backup
WAN Database Tape
VPN
Backup
Business Replica File Server Disk Arrays System
Remote
Analytics
Employees
Disk Arrays Backup Disk
SharePoint and other
Outsourced Staging Collaboration &
Partners Dev. Content Mgmt
Systems
3
Endpoint Network/E-mail Apps/DB FS/CMS Storage
4. We Are Exposed At Every Point
Endpoint Network/E-mail Apps/DB FS/CMS Storage
LAN
Network Leak
Endpoint Privileged User Privileged User Tapes lost or
Internal Email-IM-HTTP- Enterprise File Server
theft/loss
FTP-etc. BreachProduction Breach stolen
Backup
Employees Applications Database Disk Arrays
WAN Tape
VPN
Backup
E-mail leak or Business DB or Replica
App, File Server Disk Arrays System
Endpoint Leak File Server / CMS
Remote packets sniffed Encryption Key
via print/copy
in transit
Analytics
Hack
Hack
Employees
Disk Arrays Backup Disk
SharePoint and other
Public Outsourced Staging Collaboration &
(Semi) Discarded disk
IP Sent to
Partners Unintentional
Infrastructure Dev.
non trusted user
Access Hack
Distribution Content User
Trusted Mgmt exploited
Misuse
Systems
4
Endpoint Network/E-mail Apps/DB FS/CMS Storage
5. There Are Many Point Solutions
Endpoint Network/E-mail Apps/DB FS/CMS Storage
Mobile Email Application File
Encryption Encryption Encryption Encryption
LAN
Tape
Internal Enterprise Production File Server Encryption
Employees Applications Disk Arrays Backup
WAN Database Tape
Port Network Database CMS/FS
Monitoring Monitoring Encryption Access Controls
VPN
Backup
Business Replica File Server Disk Arrays System
Remote
File Network Activity
Encryption Encryption
Analytics
Monitoring
eDRM
Employees
Disk
Encryption
Disk Arrays Backup Disk
App/DB SharePoint and other
eDRM eDRM Outsourced Staging File
Collaboration &
Partners Discovery Discovery
Dev. Content Mgmt
Systems
5
Endpoint Network/E-mail Apps/DB FS/CMS Storage
6. The Business Case for DLP
Reduce Risk | Minimize Cost | Avoid Disruption
Reduce Risk
1. What data can you catch? Where?
2. What can you do about it?
3. Time to Value
Minimize Cost Avoid Disruption
1. Product 1. Consider the “who” not just “what”
2. People
2. Make controls transparent to users
a) Setup/Maintain
b) Investigations 3. Involve the data owners
c) Remediation
3. Infrastructure
6
7. RSA Data Loss Prevention
Data Breaches Overview
RSA DLP Solution
Five Critical Factors
Customer Case Studies
7
7
8. RSA Data Loss Prevention Suite
Policy System RSA DLP Reporting & Incident
Management Administration Dashboard Workflow
Enterprise Manager
Policies Incidents
DLP Datacenter DLP Network DLP Endpoint
Discover sensitive data Monitor all traffic for Discover sensitive data
from everywhere sensitive data and Monitor user actions
Enforce controls on Enforce controls on Enforce controls on both
sensitive data sensitive transmissions data and user actions
Third Party Enforcement Controls
8
9. Reducing Your Sources of Risk: Data at Rest
Discover Analyze Remediate
Rescan sources to measure and manage risk
File shares, Servers, Laptops 300+ File types Databases & Repositories Remediation
•Windows file shares •Microsoft Office Files •SharePoint • Secure Delete
•Unix file shares •PDFs, PSTs •Documentum • Manual/Auto Move
•NAS / SAN storage •Zip files •Microsoft Access • Manual/Auto Quarantine
•Windows 2000, 2003 •CATIA files •Oracle, SQL • Notifications
•Windows XP, Vista •Content Mgmt systems • eDRM
9
10. Protecting Data in the Network: Data in Motion
Monitor Analyze Enforce
Email Instant Messages Web Traffic Remediation
•SMTP email •Yahoo IM •FTP •Audit
•Exchange, Lotus, etc. •MSN Messenger •HTTP •Block
•Webmail •AOL Messenger •HTTPS •Encrypt
•Text and attachments •TCP/IP •Log
10
11. Protecting Data at the Endpoint: Data in Use
Monitor Analyze Enforce
Print & Burn USB Copy and Save As Actions & Controls
•Local printers •External hard drives •Copy to Network shares • Allow
•Network printers •Memory sticks •Copy to external drives • Justify
•Burn to CDs/DVDs •Removable media •Save As to external • Block
drives • Audit & Log
11
12. How Can RSA DLP Solution Help?
Identify and address sources of risk
Discover
Identify broken business processes
Enforce data security policies for compliance
Enforce
Leverage third-party control solutions
Educate employees on policy and risk
Educate
Provide insight into violations & policies
Monitor and protect all egress points
Protect
Prevent sensitive data from leaking out
12
13. How Can DLP Solutions Reduce Risk?
Endpoint Network Apps/DB FS/CMS Storage
Customers Privileged Privileged Privileged Privileged
People Users Users Users Users
• Discover unsafe user behavior and educate
WWW
Internal Production
employees on security policies
Employees
eCommerce
Applications Database
Disk
Arrays
Backup
Tape
WAN
Processes Enterprise Production
Backup
LAN Database File Server Disk
• Identify and fix broken business processes
Remote
Campuses
Applications
Arrays System
VPN
Technology Business
Analytics
Replica
Portals Disk Backup
Remote
• Leverage technology controls more effectively
Employees
Arrays Disk
to secure data Outsourced Staging
Collaboration &
Dev. Disk
Content Mgmt
13 Systems Arrays
Partners
13
14. RSA Data Loss Prevention
Data Breaches Overview
RSA DLP Solution
Five Critical Factors
Customer Case Studies
14
14
15. Top 5 Success Factors for DLP
E
Policy & Identity Incident Enterprise Built-In vs.
Classification Aware Workflow Scalability Bolt-On
More policies and Identity awareness Consolidated alerts Scan more data Common policies
better policies for for classification, with the right faster with lesser across the
classification and controls and information to the hardware and infrastructure -
risk mitigation remediation right people for the resources EMC, Cisco and
right actions Microsoft
15
16. Policy & Classification
More policies and better policies for classification
and risk mitigation
• Unified policy framework
• Best of breed classification
• 150+ built in policy templates
• Information Policy and Classification team
• Highest accuracy per Wipro analysis
16
17. Identity Awareness
Identity awareness for classification, controls and
remediation
• Identity-based Policy
E.g. Group x can send data y out
• Identity-based notification
E.g. Notify the persons manager
• Identity-based control
E.g. Lock this data so only group x can open
• Integration with Microsoft Active Directory
17
18. Incident Workflow
Consolidated alerts with the right information to the
right people for the right actions
• Intelligent correlation of events into incidents
• Right alerts to the right people in the right order
• Intuitive workflow to remediate violations
• Scheduled reports sent to subscribers automatically
• Integration with RSA enVision to simplify security
operations
18
19. Enterprise Scalability
E Scan more data faster with lesser hardware and
resources
• Support distributed deployments
• Scale to 100’s of thousands of users
• Unique Grid Scanning technology
• Scan large amounts of data faster and cheaper
19
20. Built-in Vs. Bolt-on
Common policies across the infrastructure –
Microsoft, Cisco and EMC
• Leverage your existing infrastructure
• Microsoft: Integration with Microsoft RMS and will
also integrate RSA DLP data classification engine
and policies into Microsoft infrastructure
• Cisco: Integration with IronPort
• EMC: Integration with Documentum, Celerra,
SourceOne, etc.
20
21. RSA Data Loss Prevention
Data Breaches Overview
RSA DLP Solution
Five Critical Factors
Customer Case Studies
21
21
23. How Can We Help
Your Current Status We Can Help
Gathering Information By Offering
1. Investigating DLP in general 1. Risk Advisor to discover current risk
2. Identifying business drivers 2. Free Scan to support business case
3. Developing a business case 3. ROI/TCO analysis for DLP
4. Identifying a Project Sponsor 4. DLP workshop
Planning to Procure and Deploy By Providing
1. Have a defined DLP project 1. A framework for DLP evaluation
2. An evaluation environment
2. Developing a detailed DLP project
3. A detailed DLP proposal
3. Evaluating DLP vendors
4. Deployment architecture
23