410 likes | 545 Views
« Points at issue ». Practical Aspects of Deploying a DLP System Based on the Experience of SearchInform Ltd. www.searchinform.com. SearchInform Today. SearchInform Information Security Perimeter (SISP) is deployed in more than 1000 companies in
E N D
«Points at issue» Practical Aspects of Deploying a DLP System Based on the Experience of SearchInform Ltd www.searchinform.com
SearchInform Today SearchInformInformation Security Perimeter (SISP) is deployed in more than 1000companies in Russia, Ukraine, Belarus, Kazakhstan, Latvia, and Lithuania. The company has its offices in Moscow, Khabarovsk, Novosibirsk, Yekaterinburg, Kazan, St. Petersburg, Riga, Vilnius, Kiev, Minsk, and Almaty. www.searchinform.com
Deployment Department Information security officers do not actively share knowledge in the sphere. However they trust their problems to us. SearchInform experts are like doctors: we do not spread information, we offer solutions. www.searchinform.com
Deployment Department Working with 1200 customers from different business spheres allowed accumulating a unique database of problem-solving cases. This database is the answer to your question “where to start from?” 100% of DLP solution functionality should be used. www.searchinform.com
Advantages of Deployment Department • Manager taking care of your company supports all your initiatives and solves all your problems. • You are informed about all recent updates related to SearchInform Information Security Perimeter (SISP) and its usage . • All managers are involved in the training program. You will not only learn how to create security policies for your company’s needs, but also find out about the pitfalls of security processes and predicted results based on the examples taken from real life. www.searchinform.com
Training Center SearchInform training center has been working since May 2013. It offers a training course called “Practical application of DLP systems”. More than 300 people completed the course since then. Two other courses are planned for 2014. www.searchinform.com
Working with Colleges Quite often college graduates do not meet employer expectations because of the lack of experience. SearchInform participates in the graduate training program making it easier for college students to obtain priceless experience. Free SISP version is available for all interested colleges. www.searchinform.com
Information Security Should Promote Business, not Hinder It.All Data Channels Should Be Open Very often employees are not allowed to use the most efficient and popular data channels. For instance employees can only use corporate e-mail, while instant messengers are banned despite the fact they could considerably increase efficiency. A state-of-the-art DLP system should monitor, analyze, and control leaks of sensitive data over all possible data channels. www.searchinform.com
Information Security System Should Control All Data Channels “The Wizard of Oz” featured a big scary wolf protecting the gate of the country from intruders. Nobody could cross the border. However the rest of the border was just painted. The same with information security: if flash drives are not allowed, confidential data will leak through e-mail or instant messengers. Skype has a reputation of being the most secure means of communication. Being at work employees feel free to use it rather than any other instant messenger. That is why files and sms, text and voice messages sent over Skype should be controlled. Integrated approach to information security is only possible when all data channels are controlled. www.searchinform.com
SearchInform Information Security Perimeter www.searchinform.com
One man doesn’t make a team? Captured data is useless until it is analyzed. Reading all captured data is a rather irrational way of information analysis. A security officer may only handle 20-50 employees if traditional approach is used. And what if there is a couple of hundreds or even thousands of them? SISP offers an extensive set of search engines and automatic data analysis. This way one security officer can monitor activity of 1000-1500 employees. www.searchinform.com
Domain Names Integration with Windows domain structure helps accurately identify users even if they use nicknames, free web mail or other computers. www.searchinform.com
SISP Applications Control and prevention of data leaks through laptops SearchInform provides fully fledged control of laptops outside corporate network. Endpoint agents are completely unnoticed to users. Even skilled engineers will hardly be able to detect them running. As soon as installed, they start collecting and sending data to security officers for analysis. In 2013 we launched MicrophoneSniffer, a supplementary solution used to record employee conversations. www.searchinform.com
SISP Applications Control and prevention of data leaks through iPadsandiPhones Employee mobility is an issue that has taken on a whole new meaning. Corporate iPads and iPhones increase business efficiency as now employees can connect to the corporate network anywhere at any time. However, besides advantages, this presents a range of new threats to information security. SISP monitors, analyses and controls leaks of sensitive data through iPhone and iPad e-mail, Skype, and HTTP. www.searchinform.com
SISP Applications Worktime monitoring Alongside with protecting sensitive data and fighting malicious attacks security officers have to reveal non-efficient employees. ProgramSniffer offered as part of SISP faces the challenge. It creates reports on • arrival and leave time • real work performed • applications use statistics www.searchinform.com
Tricks Sensitive data can be transmitted in graphic or encrypted files. • SISP offers fully fledged control of all data channels: • Optical character recognition (OCR) • Capturing encrypted files • Capturingfiles with changed extension www.searchinform.com
Social Networks and Web Blogs • Company matters are often discussed in social networks and • web blogs. Sharing company’s internal information may affect • its public image and client opinion. www.searchinform.com
Incoming Secured Gmail Correspondence Many employees use their Gmail boxes despite corporate security rules. Being sure Gmail is protected they may use it for non-work-related purposes. SearchInform allows controlling two sides correspondence, and not just e-mails from one party. Even if employees use their smartphones, as soon as they open their mail boxes from corporate computers, all correspondence will be captured. www.searchinform.com
Data Leak Prevention With SISP you will always know who your employees communicate with and reveal opinion shapers.
IT or IS? We strongly recommend drawing a line between info technology and info security departments. Each one of them has its own objectives. Employing a qualified information security officer would be the best possible solution. www.searchinform.com
Three Pillars of Information Security • Prevent data leaks A state-of-the-art DLP system should not only discover data leaks, but also prevent them at the very stage of malicious intent. • Keep up with employee moods A better understanding of your employees is achieved through monitoring instant messengers, social networks and web blogs. • Optimize corporate policy By monitoring employees’ reaction to innovations, you can effectively update corporate policies and procedures. www.searchinform.com
User Rights Differentiation With SISP you can configure different access rights for different users. www.searchinform.com
System Architecture All SISP components have a client-server architecture. Server side incorporates two platforms - NetworkSnifferorEndpointSniffer. Client side includes applications used to access databases and retrieve information. NetworkSniffer platform is developed to capture data with the help of a traffic-mirroring device, i.e. corporate network is not affected in any way. All data sent over SMTP, POP3, IMAP, HTTP, HTTPs, MAPI, ICQ, JABBER, and MSN are captured on the level of corporate network. The following products are offered as part of NetworkSniffer platform: www.searchinform.com
System Architecture EndpointSnifferplatformis developed to capture data with the help of agents installed on user computers. It provides additional control of employees working outside the office. SearchInform EndpointSniffer collects all data sent or received by users and transfers it to security officers for analysis as soon as laptops are in corporate network again. Its major advantage is increased failure tolerance. Interception is ensured even if servers are not available. Data transmitted over secure protocols are also captured. EndpointSniffer agents:
SISP Applications Internet Traffic SearchInform NetworkSniffer is used to monitor, analyze, and control leaks of sensitive data over the Internet. All common protocols are supported, as well as proxy servers: software (Kerio, Squid, etc.) and hardware (BlueCoat, IronPort, etc.) through ICAP. E-mail E-mail is the biggest threat to information security. It is used to send and receive huge data volumes every day. SMTP, POP3, MAPI, IMAP are supported. HTTP Sensitive data can be posted to social networks and web blogs or sent through free web mail and sms services. FTP FTP can be used to transmit entire databases, drawings, scanned documents, etc. www.searchinform.com
SISP Applications Skype Voice and text messages, sms and attached files are captured to be further retrieved and analyzed if a data breach occurs. IM ICQ, Google Talk, XMPP (Jabber), Windows Live (MSN), Facebook, LinkedIn, etc. are supported. PrintSniffer Printed documents are captured, indexed and saved to a database. It helps prevent data leaks and see if printers are used for work-related purpose. www.searchinform.com
SISP Applications DeviceSniffer is used to monitor, analyze and prevent leaks of sensitive data through removable media (CD/DVD/USB). MonitorSnifferis used to make screenshots and monitor user activity in real time. Control of RDP sessions is also supported. www.searchinform.com
SISP Applications FileSniffer is used to prevent leaks of sensitive data through shared network resources. IW is used to track operations with sensitive data on user computers. www.searchinform.com
Multi-office Deployment www.searchinform.com
Data-Leak Incidents and Preventive Measures Synonym Dictionaries Together with one of the city councils SearchInform Ltd. has worked out a synonym dictionary to find conversations related to bribery. If specific words, e.g. money, cash, franklins, booty etc. are found, security officers will be immediately notified about it. www.searchinform.com
Data-Leak Incidents and Preventive Measures Printer A company producing large volumes of grocery products found out a significant difference between the products shipped and the products stored at the end-seller’s warehouse. PrintSniffer helped discover illegal output of products organized by a group of employees which became possible due to printing invoice duplicates. www.searchinform.com
Data-Leak Incidents and Preventive Measures Monitoring ICQ and User Workstations A large flow of negative comments in instant messengers or social networks can be a hard blow to the company’s reputation. By analyzing instant messages of your employees, you can adjust your corporate security policy and avoid harmful consequences. www.searchinform.com
Data-Leak Incidents and Preventive Measures Swearing Swearing + names of top managers gives food for thought. www.searchinform.ru
Data-Leak Incidents and Preventive Measures Alternative Business Schemes If the search returned Articles of Association that has nothing in common with your company, then perhaps someone of your employees has organized an alternative business scheme. www.searchinform.ru
Data-Leak Incidents and Preventive Measures • Any company has its own secrets to protect. • It is crucial to monitor LAN activity and access to documents containing • last names of employees; • business partners data; • products description. www.searchinform.com
Data-Leak Incidents and Preventive Measures Some employees should be included in the risk group: 1. Employees who breached security policies even once 2. Employees who use various tricks, i.e. change file extensions, send password protected archives, etc. 3. Employees who post negative comments about company and top management in social networks and web blogs 4. Employees who all of a sudden started shirking work 5. Employees who operate cash flows and mid-level managers www.searchinform.com
Data-Leak Incidents and Preventive Measures Common Practice • Monitoring communication with dismissed employees • Monitoring so-called opinion shapers and bursts of activity • Monitoring activity of 1-2% of staff www.searchinform.com
DLP Solution Efficiency DLP solution is not a universal panacea, but an effective tool used to monitor, analyze and control leaks of sensitive data, as well as communication behavior through a fully-fledged product suite. SearchInform goes beyond data security and is viewed by our best clients as an integral management tool within the organization. www.searchinform.com
SISP Advantages 1. Easy to integrate. You will only need several hours to install SISP. Company’s information systems will not be affected in the process of system integration • End-to-end solution. All data channels are controlled, including e-mail, instant messengers, Skype, social networks, iPads, and iPhones, printers, etc. 3. Similar-content search. This search type allows finding documents similar in content or meaning to the queried ones. High search precision helps increase efficiency and save on labor expenses 4. Integration with Windows Domain Structure allows accurate user identification 5. Extended search possibilities help effectively protect sensitive data. One security officer can monitor 1000-1500 workstations www.searchinform.com
Why DLP is a must? • It is not expensive. As a rule, the cost of DLP solution equals to the cost of corporate tea, coffee, and corporate NY party for one employee. • Quick payout. On average, a data leak costs around 2.7M USD to the information owner. • A matter of urgency. Information security permits of no delay just like when your entrance door is broken. • Sensitive data is more expensive than the computer where it is stored. It seems reasonable to spend as much for information security as for SW and HW. www.searchinform.com
Thank you! www.searchinform.com