2. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
What are you getting:
2
1 2 3 4
5 6
3. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Symantec DLP News
3
4. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
It’s about People
4
5. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Customers need more than a technology solution
5
Source: http://www.slideshare.net/ArrowECSMarketing/data-loss-
prevention-from-symantec
6. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Variety of Misuse Actions
6
7. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
What is DLP?
• DLP means different things to different people
* Data Loss Prevention
* Data Leakage Prevention
* Data Loss Protection
• DLP is always about protecting organization sensitive information.
• DLP technology is content aware
referred to as deep packet inspection, analyzes the payload
contained within a file or session.
• DLP references data in one of three states
* Data in motion
* Data at rest
* Data in use
7
Source: http://www.slideshare.net/technetbelux/data-leakage-
prevention-22804526
8. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Defense In Depth: Encryption + DLP
8
9. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Sensitive organization data
Lack of familiarity with the types of information
that exist in organizations and processes related to use.
• What is confidential information?
• Where is it stored?
• What are the channels through which
information may leak ?
• What actions will be taken if and
when the event occurs leaked
confidential information?
9
Source: http://searchsecurity.techtarget.com/feature/IT-
Security-Trends-2013-Mobile-security-concerns-tops-the-
list
10. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Round table Insights 2010
10
This project includes:
Legal dep. , IT, HR.
50% organization
culture, 50%
technology tools.
Data classification
should include all
Department managers
and management.
You can not get 100%
coverage of Data
Leakage, even with
three systems.
Not all organizations
covering the issue of
data leakage from all
views.
11. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
DLP Project
I. Analysis of the business environment and existing threats
(internal / external ).
II. Data classification - Definition of Confidential Information /
sensitive and classified according to the level of sensitivity.
For example, Financial info, medical info, customers info
etc.
III. Identification and mapping of confidential / sensitive data
storage. For example: USB drives, Data Bases, file servers,
mobile, PC etc.
11
12. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
DLP Project
V. Mapping and analysis of business processes and information
lifecycle organization: create data, distribution data (email),
backup, update a file server etc.
VI. Mapping and assessment of potential leakage channels.
For example: Interfaces and external web links, third-party
authors or temporary workers, faxes and printers etc.
VII. Characterization requirements- product selection and
implementation, including compliance and design policies,
procedures, processes Reply and complementary measures.
12
13. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
13
14. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Recommendations
14
Work Procedures and Guidelines
Processing of events - depending on organization nature
and information security team.capabilities
Responsibilities and new roles
Life cycle processes of organization information- Determining the
classification tags each document creation stage.
Audit logging and connection to SIEM systems
Lifelong learning and improving the quality of monitoring depending on
the events and the number of false alarms produced by the system.
15. Sigal Russin’s work/ Copyright@2014
Do not remove source or attribution from any slide, graph or portion of graph
Thank You!
Sigalr@stki.info