Powerful Google developer tools for immediate impact! (2023-24 C)
Internet Security Threat Report (ISTR) Vol. 16
1. Information & Identity Protection
Data Loss Prevention, Encryption, User Authentication
Information & Identity Protection Overview 1
2. Agenda
1 People and Information-Centric Security
2 Symantec’s Information & Identity Protection Suite
3 Next Steps
Information & Identity Protection Overview 2
3. Data Breaches are Top of Mind
Insiders and Partners
• Employees and partners stealing customer data and IP
• 68% of breaches are caused by user negligence and system
glitches
Compliance
• Breach notification and encryption enforcement laws are
pervasive and now have real costs
• Average cost of a data breach is up to $7.2 million
External Threats
• Lead to the most expensive cost per record breached: $318
• Attackers are profit driven or politically motivated
Information & Identity Protection Overview 3
4. Evolving to Information-Centric Security
System- Information- People &
Centric Centric Information-
Centric
NEW BUSINESS TRENDS NEW THREATS
• Collaborative apps and social • WikiLeaks
media • Hacker Collectives
• Information explosion • LulzSec
• Virtual infrastructure and cloud • Anonymous
• Mobile workforce • State-sponsored, targeted attacks
Information & Identity Protection Overview 4
5. As companies focus on securing their data,
security professionals increasingly recognize that
access control and information management are
key components of data security. Proper
management and control of user accounts,
access permissions, and privileges is one of the
most effective avenues to ensuring that data
doesn’t walk out the door. Often, you must
Khalid Kark demonstrate controls around segregation of
CISO Advisor, Forrester duties, privileged access, and stronger
authentication for Internet-facing applications to
meet regulatory requirements.
Information & Identity Protection Overview 5
6. Key Components of Information-Centric Security
• Where is the sensitive data?
AWARENESS
• How is it being used?
IDENTITY • Who should have access to sensitive data?
• How to enforce data policies?
PROTECTION
• How to prevent breach?
Information & Identity Protection Overview 6
7. Reducing Risk with Information and Identity Protection
IDENTITY AWARENESS PROTECTION
Authentication DLP Encryption
Passwords Network Email
+
RISK
Heuristics +
Endpoint Endpoint
Two Factor
+ +
Biometric Storage Storage
Information & Identity Protection Overview 7
8. Information & Identity Protection Solution Portfolio
Map
Storage DLP Network DLP Endpoint DLP
• Where is the sensitive data?
AWARENESS
• How is it being used?
User Authentication
IDENTITY • Who should have access to that data?
Behavior Two-Factor PKI
Shared Storage Email Endpoint
• Encryption
How to enforce data policies?
Encryption Encryption
PROTECTION
• How to prevent breach?
Information & Identity Protection Overview 8
10. Symantec User Authentication Products
Risk-Based Tokens & Mobile Certificate
• Machine and • Cloud based
configuration • Multiple form factors infrastructure
registered
• Over 700 handsets • Certificates for
• Risk score determined supported devices and people
by machine, access
pattern
Symantec™ Management Platform
Symantec™ VIP/PKI Authentication Services
Information & Identity Protection Overview 10
12. Symantec Data Loss Prevention Products
Storage Endpoint Network
• Symantec™ • Symantec™ • Symantec™
Data Loss Data Loss Data Loss
PreventionNetwork PreventionEndpoint PreventionNetwork
Discover Discover Monitor
• Symantec™ • Symantec™ • Symantec™
Data Loss Prevention Data Loss Prevention Data Loss Prevention
Data Insight Endpoint Prevent Network Prevent
• Symantec™
Data Loss Prevention
Network Protect
Symantec™ Management Platform
Symantec™ Data Loss Prevention Enforce Platform
Information & Identity Protection Overview 12
13. Defense-In-Depth: Encryption + Data Loss Prevention
Network DLP / Email Gateway Encryption
• Automatically encrypt emails containing sensitive data
• Notify employees in real time/context about encryption policies and tools
Storage DLP / Shared Storage Encryption
• Discover where confidential data files are stored and automatically apply
encryption
• Ease the burden to IT staff with near transparence to users
Endpoint DLP / Endpoint Encryption
• Target high risk users by discovering what laptops contain sensitive data
• Protect AND enable the business by targeting encryption efforts to
sensitive data moving to USB devices
Information & Identity Protection Overview 13
14. The Symantec Advantage
Integrated Flexible User
Broad DLP
Encryption Authentication
Protects data across Identifies sensitive Strong authentication
laptops, mobile devices, information requiring for people and their
servers, and email protection across devices
communications endpoints, network, and
storage
Information & Identity Protection Overview 14