Overview of Data Protection - theory & reality, administrative requirements, technology tools and possibilities of today's Business & IT World..

1. Data Security Solutions
Principles of Data Protection
Artūrs Filatovs
Business Development Executive
Riga, Latvia
Riga, Latvia

2. “Data Security Solutions” business cardWhat We Do?
DSS
ICT
Security
Provider
Advisory,
Consulting,
Installation,
Support
Most
Innovative
Portfolio in
Baltics
Member–
ships,
Awareness
Rising
Technology
&
Knowledge
Transfer
ICT
Security
Evangelists
Endpoints
Applications
Networks
Data
Identity
Mobility
Management
Cloud

3. DSS Global Partnerships

4. DSS Delivering Excellent ICT Security Operatitions to
its Customers
Customer ICT
Security
Operations
Excellence
Cooperation with
Industry Top
Technology
Leaders
Recognised by
Gartner, IDC,
Forester
Top level ICT
Security
Professionals
Selected
Cutting Edge
ICT Security
Innovative
Technology
Integration
Pan-
Baltic
Projects
Particular
Focus on
Security

5. ERGO Case Study
Dainis Bairs, Head of IT department of
ERGO insurance Latvia
DSS Solution
Integrated
into Corporate
Training
Process

6. ABLV Bank Case Study DSS Regional
Technological
Inception

7. Citadele BankCitadele Bank Case Study
DSS
Internationally
Recognised
Project

8. Agenda
DLP
Story of
Digital
World
Introduction
to DLP
Features
vs.
Solutions
Content
vs.
Context
Data in
Motion/
Rest/ in
Use
DLP
Selection
Process

9. Prologue: The Digital World 2015 & future

10. Fastest technology development in time..

11. What this is not about

12. Prologue: Some new technologies
3D Printers
Google Glasses (“glassh**es)
Cloud Computing
Big Data & Supercomputers
Mobile Payment & Virtual Money
Robotics and Intraday Deliveries
Internet of things
Augmented Reality
Extreme development of Aps
Digital prototyping
Gadgets (devices) & Mobility
Technology replaced jobs (automation)
Geo-location power
Biometrics
Health bands and mHealth
Electronic cars
Avegant Glymph and much, much
more

14. New security technologies

15. Now you see me now you don't

16. Sensitive Data what we create

18. Daily work instrument

19. Principles of Data Protection

20. Introduction of DLP
Don't be confused:
• Data Loss Prevention/Protection
• Data Leak Prevention/Protection
• Information Loss Prevention/ Protection
• Information Leak Prevention/ Protection
• Extrusion Prevention
• Content Monitoring and Filtering
• Content Monitoring and Protection

21. Using central policies, identify, monitor and protects corporate date in
rest, in motion and in use
DLP defining characteristics:
• Central policy management
• Deep content analyze
• Broad content coverage across multiple platforms and locations
Defining DLP

22. • USB Port Control/ Protection/ Monitoring ?
• IT infrastructure monitoring for anomalies regarding information
leaking?
• End user activities monitoring web, email, chats, document
tracking…?
• Information encryption?
Lets play a game – what is not DLP Solution?

23. • A DLP Product - includes centralized
management, policy creation, and enforcement
workflow, dedicated to the monitoring and
protection of content and data. The user interface
and functionality are dedicated to solving the
business and technical problems of protecting
content through content awareness.
• DLP Features - include some of the detection and
enforcement capabilities of DLP products, but are
not dedicated to the task of protecting content and
data.
Example: USB port control is not DLP Solution is DLP
Feature
DLP Features vs. DLP Solutions

24. • DLP is dedicated to a clear business problem
(protect my content), that is differentiated from
other security problems (protect my PC or
protect my network) most of you should look for
dedicated DLP solutions.
• DLP is highly effective against bad business
processes and mistakes
Chose wisely

25. • Context - source, destination, size, recipients, sender, header
information, metadata, time, format ....
• Business context analysis – time, environment
• Content awareness involves peering inside containers and analyzing
the content itself to protect it any ware at any time by using Crack
text technologies
Content vs. Context

26. • Rule – Based/ Regular Expressions
• Data Base Fingerprinting (ODB)
• Exact File Matching (Hash file)
• Partial Document Matching
• Statistical Analysis
• Conceptual/ Lexicon
• Pre Built Categories
Content Analysis Techniques

27. • Data @ Rest – scanning of storages and other data vaults
for locating business critical content
• Data in Use – Endpoint monitoring to identify user
activities with data
• Data in Motion – sniffing out traffic on network to identify data
that has been sent out (emails, messaging, web ...)
The DATA

28. • Hardest point in DLP is DATA location - we call this
Content Discovery
• Enterprise Data Classification tools doesn't work well
for finding specific policy violations
Data @ Rest

29. • DLP with Content Discovery – now we talking!
• 3x main components:
A. Endpoint Discovery – Scans workstations for sensitive business
content
B. Storage Discovery – Scans mass storages for sensitive business
content
C. Server Discovery – Scans application servers (email, Document
management systems, DB…) for sensitive business content
Data @ Rest – Content Discovery

30. • Remote Scanning (using file sharing or application protocols)
• Agent Based Scanning (using installed agent on system)
• Memory Resident Agent Scanning (memory based agent
installation performed)
Data @ Rest – Content Discovery Techniques

31. • Remote Scanning - can increase SIGNIFICANTLY network traffic
and has limitations based on bandwidth
• Agent Scanning - temporal or permanent, are limited by
processing power and memory on the target system, do not
support all OS platforms
• Both are limited to Big Data Analyze
Data @ Rest – combine technique's

32. Once a policy violation is discovered, the DLP tool can take a
variety of actions:
• Alert/Report
• Warn
• Quarantine/Notify
• Encrypt
• Access Control
• Remove/Delete
Data @ Rest – take actions in scanning phase

33. OLD school - DLP usually sits in network as network monitoring
 What about SSL?
 Complexity of filtering good from bad?
 Doesn't secure data when it has been copied out to USB
New school – Agent on Endpoint!
Data in Use

34. • Monitoring and enforcement within the network stack
• Monitoring and enforcement within the system kernel
• Monitoring and enforcement within the file system
Data in Use – mix of approaches

35. • Most of DLP solutions are based on
Network Monitoring components
• Real time Full Packet Capture (Pcap),
Session Reconstruction, Content Analysis
• Network topologies?
• Solution performance?
Data @ Motion – Network Monitoring

36. • External Email functionalities – Filtering,
Blocking, quarantine and encrypting
• What about internal emails?
• Deep email system integration with DLP is
absolutely critical to perform content
protection
Data in Motion – Email

37. • Nearly anyone deploying a DLP solution will
eventually want to start blocking traffic
• Everything runs in real time! Big data Big traffic!
• Is it possible in real environment – allow good,
block bad traffic?
• Distributed and Hierarchical environments?
Data in Motion – Filtering and Blocking

38. • BRIDGE - It's like sitting in a doorway watching
everything go past with a magnifying glass
• PROXY – only few DLP solutions include
their own proxy engine
• Not all proxies includes revers SSL
• What about internal networks?
Data in Motion – Bridge vs. Proxy Integration

39. Define Needs and Prepare Your Organization
• Identify business units that need to be
involved and create a selection committee
• Define what you want to protect
• Decide how you want to protect it and set
expectations
• Outline process workflow
The DLP Selection Process - Define Needs

40. Formalize Requirements
• Come up with any criteria for directory
integration, gateway integration, data
storage, hierarchical deployments,
endpoint integration …
• RFI (Request for Information) development
The DLP Selection Process – Requirements

41. Evaluation of Products
• Issue the RFI (Request for Information)
• Perform a paper evaluation
• Bring in 3 vendors for an on-site presentation and risk
assessment
• Finalize your RFP and issue it to your short list of
vendors
• Assess RFP responses and begin product Internal Testing
• Select, negotiate, and buy
The DLP Selection Process – Evaluation

42. Pioneer and Innovator of DLP

43. • Be smart in Digital world and internet of things
• Don't be afraid from DLP solutions
• Find out your business needs, processes, information
• Discover content and context- who, when, what, how….
• Evaluate solutions not separate functionality
• Look at price/ performance indications
• Complexity is not user friendly– Chose smart
Takeaway for today

44. Contact UsArtūrs Filatovs
arturs@dss.lv
+371 27194080
Riga, Latvia
www.dss.lv
LinkedIn: http://ow.ly/FAflz
Twitter: http://ow.ly/FAfv0
Facebook:http://ow.ly/FAfzZ
Youtube: http://ow.ly/FAfEN
SlideShare: http://ow.ly/FAfHd

45. Think Security First
Thank you