480 likes | 1.1k Views
Check Point DLP Technical Presentation . Agenda. 1. 2. 3. 4. DLP and its Key Challenges. Introducing Check Point DLP. How Does Check Point DLP Work?. Summary. Check Point DLP Makes data loss prevention work. Data Loss Prevention. Financial data , forward-looking earnings.
E N D
Agenda 1 2 3 4 DLP and its Key Challenges Introducing Check Point DLP How Does Check Point DLP Work? Summary Check Point DLP Makes data loss prevention work
Data Loss Prevention Financial data, forward-looking earnings Confidential customer data Bad media and brand damage Regulatory penalties Liability and lawsuits Why Data Loss Prevention? Company secrets and intellectual property Prevent Loss of Sensitive Data Consequences of Data Loss
Data Breaches Data Breaches Have Happened to All of Us 80 to 90% of Data Breaches are Unintentional John.Stevens@yahoo.com Corporate Strategy Company document uploaded to an external website. E-mail sent to the wrong recipient, intentionally or by mistake. Green World Strategy Plan 2010
DLP Challenges Technology IT Staff Challenge Challenge DLP Has Not Yet Been Solved Burden of incident handling Computers can not reliably understand human content and context Exposure to sensitive data
Introducing Check Point Data Loss Prevention Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue Confidential data sent to the wrong recipient! User prompted to take action User remediates Check Point Makes DLP Work ‘John’ <john@greenworld.com> John.Stevens@yahoo.com John.Stevens@yahoo.com Green World Strategy Plan 2010 Corporate Strategy John, Let’s review the corporate strategy in our morning meeting.
Introducing Check Point Data Loss Prevention Prevent Move from detection to prevention Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue Educate Users on corporate data policies Enforce Data loss business processes Check Point Combines Technology and Processes to Make DLP Work NEW! John.Stevens@yahoo.com Corporate Strategy Green World Strategy Plan 2010 John, Let’s review the corporate strategy in our morning meeting.
Introducing Check Point DLP Scaling from hundreds to thousandsof users Supporting HTTP, SMTP and FTP protocols At-A-Glance Features Inline network-based Software Bladerunning on any existing Check Point gateway Alert notification using either a thin agent, an email to the user or web browser popup Proactively block intentional and unintentional data loss
How Does Check Point DLP Work? UserCheck™ MultiSpect™ Detection Engine Ease of Deployment
UserCheck Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue 2. User alert 1.Mail sent or document uploaded by HTTP or FTP 3. User remediation UserCheck™ Provides User Remediation by Alerting User Real-time Educational Non-disruptive
UserCheck Scenarios Filter communications of confidential information based on policy exception Block Web upload of proprietary information Ask user to confirm and remediate potential breach Scenario 1: Prevent Scenario 2: Enforce Scenario 3: Alert, Ask and Educate
UserCheck Scenario1 Developer uploads source code to file share to work on from home Rights to files posted to web file shares transfer to host site Check Point DLP blocks upload and notifies user UserCheck Preemptively Prevents Data Breaches http://mywebuploads.com http://mywebuploads.com src.c src2.c src3.c src4.c src5.c Software Developer Jenn@gmail.com jsimmons@dlpdemo.com src.c Code subroutine to work on from home c:\src.c
UserCheck Scenario 2 Data Loss Prevention Alert An email that you have just sent has been identified as containing sensitive information. An email that you have just sent has been allowed based on DLP policy exception. For additional details, please refer to the Corporate Data Security Policy jcraicg@mylawyer.com M&A letter of intent for review Corporate VP sends M&A contract to attorney Alert notifies user of data policy ProjectAtlantisLoI.pdf 2.UserCheck Allows Filtering Based on Corporate Data Policies Hi James, We have revised the terms of the acquisition. Attached is the Letter of Intent for your review. Thanks,David Corporate Development VP
UserCheck Scenario 3 Company CFO sends preliminary financial statement to external auditor User provides an explanation of his request to send User receives an email alert asking owner of sensitive data to confirm communication UserCheck Alerts, Asks and Educates Users Greg.Smith@ernstyoung.com mattg@dlpdemo.com Preliminary Financial Statement Reconsider sending this email (Preli… Preliminary_financials.pdf Preliminary Financial Statement The attached message, sent by you, is addressed to an external email address. The Check Point Data Loss Prevention System determined that it may contain confidential information. Email’s attachment Preliminary_financials.pdf appears to contain financial records. The message is being held until further action. Send, Discard, or Review Issue Greg, Sending you the Q1 preliminary financials for audit. Thanks, Matt Gerhart Chief Financial Officer ACME Corp. mattg@acmecorp.com Check Point Data Loss Prevention Reconsider sending this email (Prelimi… Fri 4/2/2010 3:45 PM Rachel Greene Fri 4/2/2010 1:23 PM PCI Audit Status Thu 3/2/2010 9:45 AM Tom Peters Sales Planning Meeting Preliminary Financial Statement mattg@acmecorp.com Chief Financial Officer Hi, This information is OK to send to our outside auditor. Thanks, Matt
UserCheck Scenario 3 Company CFO sends preliminary financial statement to external auditor User provides an explanation of his request to send User receives an email alert asking owner of sensitive data to confirm communication UserCheck Alerts, Asks and Educates Users Greg.Smith@ernstyoung.com mattg@dlpdemo.com Preliminary Financial Statement Reconsider sending this email (Preli… Preliminary_financials.pdf Preliminary Financial Statement The attached message, sent by you, is addressed to an external email address. The Check Point Data Loss Prevention System determined that it may contain confidential information. Email’s attachment Preliminary_financials.pdf appears to contain financial records. The message is being held until further action. Send, Discard, or Review Issue Greg, Sending you the Q1 preliminary financials for audit. Thanks, Matt Gerhart Chief Financial Officer ACME Corp. mattg@acmecorp.com Check Point Data Loss Prevention Reconsider sending this email (Prelimi… Fri 4/2/2010 3:45 PM Rachel Greene Fri 4/2/2010 1:23 PM PCI Audit Status Thu 3/2/2010 9:45 AM Tom Peters Sales Planning Meeting Preliminary Financial Statement mattg@acmecorp.com Chief Financial Officer Hi, This information is OK to send to our outside auditor. Thanks, Matt
Check Point DLP UserCheck—How it Works Employee sends file attachment to personal email to work from home Company confidential spreadsheet containing customer data
Check Point DLP UserCheck—How it Works Message intercepted by Check Point DLP Message decomposed into its constituent parts by DLP engine SMTP Envelope Sender:employee2@company.com Recipients: me@gmail.com Subject: “Some homework” Check Point DLP Body: “Doc to work on …”
Check Point DLP UserCheck—How it Works Apply DLP Policy per message part SMTP Envelope Sender:employee2@company.com Recipients: me@gmail.com Subject: “Some homework” Body: “Doc to work on …”
Check Point DLP Data Loss Prevention Alert An email that you have just sent has been quarantined. Reason: attached document contains confidential internal data The message is being held until further action. Send ,Discard , or Review Issue UserCheck—How it Works Sensitive file detected User alerted—policy enforced
How Does Check Point DLP Work? UserCheck™ MultiSpect™ Detection Engine Ease of Deployment
New MultiSpect™ Technology 600+ File Formats 250+ Data Types Correlates data from multiple sources using open language Detects more than 600 file formats Over 250 pre-defined content data types Detect and recognize proprietary forms and templates MultiSpect Detection Engine
MultiSpect: Self-Learning Technology 1.First occurrence 2. Additional occurrences Self-Learning Technology Improves Accuracy No further action No Burden on User! Doc Sent Doc Sent User remediated Systemhas learned User alerted
MultiSpect Open Scripting Language Example: Use Open scripting language to create Australian Business Number data type Upload the script to DLP engine using Data Type wizard • Create completely new data types • Enhance existing data types • Unmatched flexibility in customizing DLP
How Does Check Point DLP Work? UserCheck™ MultiSpect™ Detection Engine Ease of Deployment
Centralized Management For Unified Control Across the Entire Security Infrastructure Quick links to priority data and actions to perform Enforcing gateways’ data Quick scan of Data Loss Prevention incidents Ratio of incidents to data inspected
Controlling Your DLP Policy DLP Policy Created and Enabled DLP policy rule base Install policy Enable rules and apply policy Compliance rules for PCI and HIPAA
Changing Policy Actions Action on rule now changed Quickly change action to be taken for a rule
Exhaustive Out-of-the-Box Data Types With Powerful Search Functionality Easily find the data types you need Search results displayed immediately
DLP Event Management • Incident Tracking: • by timeline, • by remediation, • by organization Incident Details: Look up the user name and machine info Managing Incidents with SmartEvent for DLP
DLP Event Management Timeline Severity Map Powerful Tools to Manage DLP Incidents
DLP Deployment • Bypass option • Bridge mode (L2) support • Integrated into Gateway • Manageability • Lower TCO • Lower carbon footprint DLP Solution Options Dedicated Appliance Software Blade
Competitive pricing after 3 years – 1000 users Year 1: DLP-1 2571 Year 2,3: 2x DLP blade
Competitive pricing after 3 years – 5000 users Year 1: DLP-1 9571 Year 2,3: 2x DLP blade
Flexible Deployment Options Deployment Modes L2 Dedicated Deployment Options WWW Mail Server AD/LDAP server Check Point DLP Software Blade • Check Point Security Gateway Security Management and Logs • Behind perimeter gateway • Integrated Software Blade • L2 bridge mode with fail-open option • L3 routing • Behind perimeter gateway • Protect outgoing mail traffic • Behind perimeter gateway • Protect outgoing mail traffic • Directly protect user subnet Internet
DLP Deployment Activating DLP: Quickly set up DLP Specify the FQDN which will be used for the DLP portal DLP Blade Wizard quickly gets DLP up and running Configure a mail server for notification emails Under Gateway General Properties, check Data Loss Prevention This starts the DLP Blade Wizard Basic DLP setup completed
Summary Enforce Data PoliciesAcross the entire network Educate and Alert UsersWithout involving IT staff Prevent Data BreachesMove from detection to prevention Check Point combines technology and processes to make DLP work