12. Prologue: Some new technologies
3D Printers
Google Glasses (“glassh**es)
Cloud Computing
Big Data & Supercomputers
Mobile Payment & Virtual Money
Robotics and Intraday Deliveries
Internet of things
Augmented Reality
Extreme development of Aps
Digital prototyping
Gadgets (devices) & Mobility
Technology replaced jobs (automation)
Geo-location power
Biometrics
Health bands and mHealth
Electronic cars
Avegant Glymph and much, much
more
20. Introduction of DLP
Don't be confused:
• Data Loss Prevention/Protection
• Data Leak Prevention/Protection
• Information Loss Prevention/ Protection
• Information Leak Prevention/ Protection
• Extrusion Prevention
• Content Monitoring and Filtering
• Content Monitoring and Protection
21. Using central policies, identify, monitor and protects corporate date in
rest, in motion and in use
DLP defining characteristics:
• Central policy management
• Deep content analyze
• Broad content coverage across multiple platforms and locations
Defining DLP
22. • USB Port Control/ Protection/ Monitoring ?
• IT infrastructure monitoring for anomalies regarding information
leaking?
• End user activities monitoring web, email, chats, document
tracking…?
• Information encryption?
Lets play a game – what is not DLP Solution?
23. • A DLP Product - includes centralized
management, policy creation, and enforcement
workflow, dedicated to the monitoring and
protection of content and data. The user interface
and functionality are dedicated to solving the
business and technical problems of protecting
content through content awareness.
• DLP Features - include some of the detection and
enforcement capabilities of DLP products, but are
not dedicated to the task of protecting content and
data.
Example: USB port control is not DLP Solution is DLP
Feature
DLP Features vs. DLP Solutions
24. • DLP is dedicated to a clear business problem
(protect my content), that is differentiated from
other security problems (protect my PC or
protect my network) most of you should look for
dedicated DLP solutions.
• DLP is highly effective against bad business
processes and mistakes
Chose wisely
25. • Context - source, destination, size, recipients, sender, header
information, metadata, time, format ....
• Business context analysis – time, environment
• Content awareness involves peering inside containers and analyzing
the content itself to protect it any ware at any time by using Crack
text technologies
Content vs. Context
26. • Rule – Based/ Regular Expressions
• Data Base Fingerprinting (ODB)
• Exact File Matching (Hash file)
• Partial Document Matching
• Statistical Analysis
• Conceptual/ Lexicon
• Pre Built Categories
Content Analysis Techniques
27. • Data @ Rest – scanning of storages and other data vaults
for locating business critical content
• Data in Use – Endpoint monitoring to identify user
activities with data
• Data in Motion – sniffing out traffic on network to identify data
that has been sent out (emails, messaging, web ...)
The DATA
28. • Hardest point in DLP is DATA location - we call this
Content Discovery
• Enterprise Data Classification tools doesn't work well
for finding specific policy violations
Data @ Rest
29. • DLP with Content Discovery – now we talking!
• 3x main components:
A. Endpoint Discovery – Scans workstations for sensitive business
content
B. Storage Discovery – Scans mass storages for sensitive business
content
C. Server Discovery – Scans application servers (email, Document
management systems, DB…) for sensitive business content
Data @ Rest – Content Discovery
30. • Remote Scanning (using file sharing or application protocols)
• Agent Based Scanning (using installed agent on system)
• Memory Resident Agent Scanning (memory based agent
installation performed)
Data @ Rest – Content Discovery Techniques
31. • Remote Scanning - can increase SIGNIFICANTLY network traffic
and has limitations based on bandwidth
• Agent Scanning - temporal or permanent, are limited by
processing power and memory on the target system, do not
support all OS platforms
• Both are limited to Big Data Analyze
Data @ Rest – combine technique's
32. Once a policy violation is discovered, the DLP tool can take a
variety of actions:
• Alert/Report
• Warn
• Quarantine/Notify
• Encrypt
• Access Control
• Remove/Delete
Data @ Rest – take actions in scanning phase
33. OLD school - DLP usually sits in network as network monitoring
What about SSL?
Complexity of filtering good from bad?
Doesn't secure data when it has been copied out to USB
New school – Agent on Endpoint!
Data in Use
34. • Monitoring and enforcement within the network stack
• Monitoring and enforcement within the system kernel
• Monitoring and enforcement within the file system
Data in Use – mix of approaches
35. • Most of DLP solutions are based on
Network Monitoring components
• Real time Full Packet Capture (Pcap),
Session Reconstruction, Content Analysis
• Network topologies?
• Solution performance?
Data @ Motion – Network Monitoring
36. • External Email functionalities – Filtering,
Blocking, quarantine and encrypting
• What about internal emails?
• Deep email system integration with DLP is
absolutely critical to perform content
protection
Data in Motion – Email
37. • Nearly anyone deploying a DLP solution will
eventually want to start blocking traffic
• Everything runs in real time! Big data Big traffic!
• Is it possible in real environment – allow good,
block bad traffic?
• Distributed and Hierarchical environments?
Data in Motion – Filtering and Blocking
38. • BRIDGE - It's like sitting in a doorway watching
everything go past with a magnifying glass
• PROXY – only few DLP solutions include
their own proxy engine
• Not all proxies includes revers SSL
• What about internal networks?
Data in Motion – Bridge vs. Proxy Integration
39. Define Needs and Prepare Your Organization
• Identify business units that need to be
involved and create a selection committee
• Define what you want to protect
• Decide how you want to protect it and set
expectations
• Outline process workflow
The DLP Selection Process - Define Needs
40. Formalize Requirements
• Come up with any criteria for directory
integration, gateway integration, data
storage, hierarchical deployments,
endpoint integration …
• RFI (Request for Information) development
The DLP Selection Process – Requirements
41. Evaluation of Products
• Issue the RFI (Request for Information)
• Perform a paper evaluation
• Bring in 3 vendors for an on-site presentation and risk
assessment
• Finalize your RFP and issue it to your short list of
vendors
• Assess RFP responses and begin product Internal Testing
• Select, negotiate, and buy
The DLP Selection Process – Evaluation
43. • Be smart in Digital world and internet of things
• Don't be afraid from DLP solutions
• Find out your business needs, processes, information
• Discover content and context- who, when, what, how….
• Evaluate solutions not separate functionality
• Look at price/ performance indications
• Complexity is not user friendly– Chose smart
Takeaway for today
IT Security services (consulting, audit, pen-testing, market analysis, system testing and integration, training and technical support)
Solutions and experience portfolio with more then 20 different technologies – Cybersecurity global market leaders from more than 10 countries
Trusted service provider for banks, insurance companies, government, and private companies (critical infrastructure etc.)
Own organized conference “DSS ITSEC”
5th annual event this year
More than 400 guests and more than 250 online live streaming wievers from LV, EE, LT
4 parallel sessions with more than 40 international speakers, including Microsoft, Oracle, Symantec, IBM, CISCO, Samsung, F-Secure and many more – everything free of charge
Participation in other events & sponsorship
CERT & ISACA conferences
RIGA COMM exhibition & conferences
Roadshows and events in Latvia / Lithuania / Estonia (f.i. Vilnius Innovation Forum, Devcon, ITSEC HeadLight, SFK, business associations)
Memebr of Latvian IT Cluster un LIKTA
Participation in Cybersecurity discussions, strategy development, seminaries, publications, etc.
More info: https://www.vasco.com/company/about_vasco/case_studies/ergo.aspx
More info: http://www-03.ibm.com/software/businesscasestudies/lv/lv/corp?synkey=O533770Y52518D22
More info: https://www.mobileiron.com/en/company/press-room/press-releases/citadele-bank-chooses-mobileiron-byod-and-document-security
Don’t want to predict the future. It is hard and easily can go wrong. It is present. 1000000 aps on Apstore, 1000000 aps on google store.
http://www.youtube.com/watch?v=cCyGEzzZhTQ