1 / 24

Information Leak Prevention: Protecting Valuable Data

Learn about the importance of information leak prevention and how it can help protect your valuable data. Explore ILP vendors, trends, buyer requirements, and best practices.

willam
Download Presentation

Information Leak Prevention: Protecting Valuable Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. April 12, 2007. Call in at 10:55 a.m. Eastern Time

  2. Agenda • Users • Why ILP • ILP vendors • Forrester Wave™ (Q4 ’06) • Updates • ILP trends • Buyer requirements • Best practices • Q&A

  3. Terminology: What are we talking about? • Information leak prevention • Data leak/loss prevention • Data leakage • Outbound content compliance • Insider threat prevention • Extrusion prevention • Data leak prevention (or content monitoring and filtering) • . . . •  . . . keeping the valuable stuff where it belongs!

  4. The problem . . . starts with the users! • Enterprise users . . . don’t like security • Have little knowledge of security • Value convenience over security • Are often ignorant of reg. security rules/policies • Feel to have the right to employee privacy • They do . . . unintelligent things • Send emails with inappropriate and sensitive content • Copy work-related information onto storage devices • Bring their work (e.g., laptops) into unsafe environments • Let outsiders (e.g., family members) use their work computers • But also . . . are generally willing to improve • Are receptive to incentives and enforcement • Obey corporate rules when enforced • Would like to be informed before they are about to make mistakes • Are concerned about job safety •  . . . are your company’s main assets!

  5. Types of employees that put your company at risk • The security illiterate • Majority of employees with little or no knowledge of security • Corporate risk because of accidental breaches • The gadget nerds • Introduce a variety of devices to their work PCs • Download software • The unlawful residents • Use the company IT resources in ways they shouldn't • i.e., by storing music, movies, or playing games • The malicious/disgruntled employees • Typically minority of employees • Gain access to areas of the IT system to which they shouldn’t • Send corporate data (e.g., customer lists, R&D, etc.) to third parties

  6. Why traditional approaches no longer suffice • Messaging did not have appropriate controls • Solutions aimed at the external threats coming in, not the regulation and governance of internal communications going out • Products offered inadequate protection • Solutions based on old ideas of “perimeter” • Unable to look into SSL • Unable to provide real-time detection and remediation • Message analysis was crude • Did not look into the intent of messaging • Point solutions did not see the whole picture • Silos of policy, monitoring, enforcement, and reporting across different communication channels

  7. New challenges call for new strategies • Information protection is an increasingly complex problem • Web, IM, P2P, PDAs, smart phones, USB devices • Point solutions are impractical • Need to move to multichannel protection, and beyond the network • Centralized policy, with distributed enforcement • Information governance offers value, not just insurance • Ensure proper use and disposition of information in a business context • Enable good things as well as preventing bad things • ILP products are key tools to help manage information risk • Deployment strategy: learn before acting • ILP solutions are still maturing

  8. What information leak prevention products do • Information protection is paramount • Traditional email/Web/IM security tools no longer suffice • Relying on keywords and phrases is not enough

  9. Industries most concerned about information protection

  10. Forrester Wave™ ILP

  11. Vendors: Who are we talking about?

  12. About the Forrester Wave™ analysis • Conducted from July through October 2006 • Included products from Oakley Networks, Orchestria, PortAuthority, Proofpoint, Tablus, Verdasys, Vericept, Vontu • Multichannel capabilities • Content- or context-aware policy mechanisms • Sizeable revenues (>$5 million) and growth (50% yr/yr) • Enterprise-class customers: average deal size of at least $100,000 and production deployments of more than 20,000 users • Methodology • Vendor surveys and vetting • Discussions with prospective and established customers

  13. December 2006, Tech Choices “The Forrester Wave™: Information Leak Prevention, Q4 2006” Evaluation Criteria

  14. December 2006, Tech Choices “The Forrester Wave™: Information Leak Prevention, Q4 2006” Vendor/Product Scoring

  15. December 2006, Tech Choices “The Forrester Wave™: Information Leak Prevention, Q4 2006” Forrester Wave™: Information Leak Prevention, Q4 2006

  16. ILP vendors: A closer look Italics = in Forrester Wave

  17. Market trends and recommendations

  18. Vendors and technologies closing in on ILP

  19. Trends: Simplicity versus specialization • Simplicity • Convergence • Need for simplicity leads to convergence: ILP built into networking equipment, content security products, security suites, endpoint products, etc. • Market consolidation • Acquisitions continue: McAfee+Onigma, Websense+PortAuthority, etc • Integration of ILP functionality • Into storage, archiving, SIM, intrusion D/P, risk and compliance solutions • Specialization • Different customer pain points: • Vendor/product specialization: e.g., financial services, healthcare, military, etc. • Extension of functionality • Understanding what happens with the data after leakage: Rights management, laptop lockdown and recovery solutions, etc. • Ability to recognize images and media content •  Products will catch majority of noncompliant content/information traffic — inbound and outbound, regardless of the channel — MS, Symantec, McAfee, will be vendors •  Specialized products will provide greater accuracy (while increasing complexity) and/or offer industry- or country-specific solutions

  20. What are different ILP buyers looking for? • Security managers: Protection • Ensure conformity with security policies • Protect confidential data • Mostly concerned with USBs and email • Provide reporting for CIOs, CCOs, etc. • IT managers: Risk management • Reduce costs • Understand extend of information leakage in organization • Achieve acceptable level of risk • Auditors and compliance managers: Regulatory compliance • Create transparency, availability, and . . . reduce audit costs • Automate risk and regulatory reporting • IT ops: Uptime • Avoid downtime; optimize workflow • Use scarce resources efficiently •  Develop a targeted product and communication strategy for these roles!

  21. Capabilities to look for in ILP solutions Criteria Description Analysis techniques • Multiple techniques to categorize all types of content • Real-time detection, classification, and remediation Enforcement points • Network (internal servers, perimeter), desktop, or all Ease of deployment • Policy and classification templates for various regulations and industries Management • Delegated, hierarchical administration and reporting • Integration: LDAP, SIM, ERM, CMS, archiving, etc. Enforcement actions • Alert, quarantine, question, block, archive, encrypt . . . Forensics • Capture entire session contents • Log history and trend analysis Vendor partnerships • Partnerships for broader solutions Vendor strategy • Road map for ILP serving a strategic role in an enterprise’s information risk management practice

  22. Applicationactivity Data classification & Policymanagement Enterpriserightsmanagement File I/O Contentmanagementsystem Communications Policy Policy Archive Threat management Governance Regulatory enforcement Moving from content security to information governance

  23. ILP best practices • Products have distinctive features and value; are still maturing • Classification, policy management, enforcement points, remediation capability, and forensics • Use the Forrester Wave spreadsheet to customize your own evaluations • Steps: • Assessment: Monitor first • Your exposure: Understand where sensitive data sits and where it travels • Tune the content classification engine • Policies • Develop, implement, and/or update policies • Block, protect, and prevent • Integrate ILP into broader data classification and policy management •  Become active — the insider threat is likely to increase!

  24. Thank you Thomas Raschke Jonathan Penn traschke@forrester.comjpenn@forrester.com www.forrester.com

More Related