1 / 61

Welcome to SOPHOS DATA LEAKAGE PREVENTION AND DATA PROTECTION SEMINAR 28 JAN 2010

Welcome to SOPHOS DATA LEAKAGE PREVENTION AND DATA PROTECTION SEMINAR 28 JAN 2010 HOTEL EQUATORIAL KL. SC Systems Sdn Bhd. Thank you. http://www.facebook.com. https://twitter.com/scsystems. http://www.scsystems.com.my/. http://www.youtube.com/watch?v=bySYNTXtb6U.

eliot
Download Presentation

Welcome to SOPHOS DATA LEAKAGE PREVENTION AND DATA PROTECTION SEMINAR 28 JAN 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Welcome to SOPHOS DATA LEAKAGE PREVENTION AND DATA PROTECTION SEMINAR 28 JAN 2010 HOTEL EQUATORIAL KL

  2. SC Systems Sdn Bhd Thank you

  3. http://www.facebook.com https://twitter.com/scsystems http://www.scsystems.com.my/ http://www.youtube.com/watch?v=bySYNTXtb6U

  4. SC Systems Sdn Bhd The Team

  5. SC Systems SdnBhd Team Caren Lee Charles Kong Kevin Ho Carol Chai Mohd Fedli Sophos Malaysia Team MF Che Eugene TEH Johnny Yeo

  6. Invited Guest Speaker Mr Ogie Tabor Sophos Philippines

  7. SC Systems Sdn Bhd Our Support and Blogs

  8. Phone Support +603-9200 6220 (Normal Office Hour) +603-80767467 (03-80SOPHOS) 24 x 7 support@scsystems.com.my supportasia@sophos.com Normal Office Hour – 2 to 4 hours respond support@scsystems.com.my Normal Office Hour – Immediately * www.sophos.com/support Sophos Products Knowledgebase - 24 x 7

  9. http://scsys.blogspot.com/ http://www.sophos.com/blogs/gc/ http://www.sophos.com/blogs/duck/

  10. Sophos Malaysia Mr Che Mun Foong

  11. Data Leakage Prevention Charles Kong S. C. charles@scsystems.com.my

  12. What is Data Leakage Prevention (DLP)?

  13. Lost Data = Big Problems

  14. How is this data exposed? Leakage via USB Loss of devices Leakage via email and web Email represents the single greatest potential liability for data loss * Data is representative and uses an IDC data point on the split between accidental and deliberate data loss.

  15. Headlines To Be Avoided

  16. NUS Data leakage – 1st April 2009 • NUS accidentally leaks personal data of some 15,700 alumni members • Consequences of personal data falling into the wrong hands • What can organisation do to prevent accidental data leakage? Source : http://www.zaobao.com.sg/sp/sp090416_501.shtml

  17. NUS Dataleak recommendation

  18. CitiBank Staff Fine !

  19. Hong Kong : Police confidential Data Leak • 26th May 2008, police confidential and classified documents discovered by Foxy King • The documents include information on three undercover police officers who have bought illegal substances in a dubious Mong Kok disco and cars used by people suspected of thefts from motor vehicles in Wong Tai Sin Source : HKCERT Source : HKCERT

  20. Headlines are the tip of the iceberg Brand damage Loss of customers Incremental internal costs Direct costs of intellectual property loss

  21. Today’s ChallengesRise of stolen/lost Confidential Information • ???? Notebook • Lost or stolen weekly at the eight largest airports in EMEA • ???? Notebooks • Lost or stolen weekly in US airports (estimated) July 2008 www.vnunet.com/vnunet/news/2223012/eu-travellers-losing-laptops-airports

  22. 5000 notebooks forgotten in London Taxis during a 6 months period www.theregister.co.uk/2005/01/25/taxi_survey Today’s Challenges2. Rise of stolen/lost Confidential Information • 3.300 Notebook • Lost or stolen weekly at the eight largest airports in EMEA • 12.000 Notebooks • Lost or stolen weekly in US airports (estimated) July 2008 www.vnunet.com/vnunet/news/2223012/eu-travellers-losing-laptops-airports

  23. Lost laptop orother device 35% 2. Rise of stolen/lost Confidential Information • 70% of all company data are stored redundant on Endpoints(notebooks, desktops, USB Memory sticks), not only on serversPonemon Institute, U.S. Survey: Confidential Data at Risk, August 2007 • Cost of data break will increase 20% per year through 2009Gartner Symposium/ ITxpo , Oct. 2007 • Top - reason for Data Breaches in EnterprisesPonemon Institute, 2007 , Anual Study: Costs of Security Breaches

  24. In Asia….

  25. Data Leakage Prevention And Regulatory Compliance

  26. Compliance – worldwide explosion

  27. Finding Data Leaks

  28. Eg;Customer presentation, competitive information

  29. Today’s Challenges Lost or stolen data on mobile devices Encryption keys lost or stolen Intellectual Property Unauthorizedinternal serveraccess Insecure outsourcing Data theft via removablemedia E-mailinterception

  30. How Sophos addresses Data Loss Protection

  31. Anti-Spyware PUAs Anti-Rootkit Application Control Genotype NAC LIGHT Device Control Wireless Block Data Leakage Prevention Anti-Virus Endpoint Security and Control 9 Real integration with unified console, engine and agent Behavior (HIPS) Firewall

  32. Anti-Spyware PUAs Anti-Rootkit Application Control Genotype NAC LIGHT Device Control Wireless Block Data Leakage Prevention Encyrption Anti-Virus Endpoint Security and Control 9.5 Real integration with unified console, engine and agent Behavior (HIPS) Firewall

  33. Data Leakage Prevention - How Sophos Protects You!

  34. So how does it all actually work ? Best explained with a typical “use case”

  35. An example = Bill in HR and his laptop • At 4:30pm Bill‘s boss asks him to get some budget figures together about staffing levels and wages for next year. Bill‘s boss needs it 10am Monday morning for a meeting • Bill‘s bus leaves at 5:10pm and he doesn‘t like taking his laptop on the bus......so he exports the raw staff data from the ERP sytem and dumps it to a spreadsheet on his hard drive. • Bill‘s plan is to copy the file to his usb sitck and leave a bit early (he‘s going to be working all weekend anyway......)

  36. An example = Bill in HR and his laptop • So he plugs in his trusty US key and tries to save the spreadsheet to his E: • He get‘s a nice pop up messages from SESC9 explaining that the file trasfer has been blocked. Bill shouldn‘t be doing this (a customisable message)

  37. An example = Bill in HR and his laptop • So he opens explorer and tries copying the file to E:

  38. An example = Bill in HR and his laptop • Next he tries to burn to a CD....

  39. An example = Bill in HR and his laptop • ..... I know !!

  40. An example = Bill in HR and his laptop • So he tries to email it to home, via the corporate Outlook email client....

  41. An example = Bill in HR and his laptop • So he tries his Gmail account .....

More Related