450 likes | 1.31k Views
Addressing Email Security Holistically. Jeff Lake Vice President, Federal Operations Proofpoint, Inc. August 17, 2011. Jeff Lake Speaker Background. Vice President, Federal Operations, Proofpoint, Inc. Former Vice President, Federal Operations for Fortinet, Inc. and CipherTrust, Inc.
E N D
Addressing Email Security Holistically Jeff Lake Vice President, Federal Operations Proofpoint, Inc. August 17, 2011
Jeff LakeSpeaker Background • Vice President, Federal Operations, Proofpoint, Inc. • Former Vice President, Federal Operations for Fortinet, Inc. and CipherTrust, Inc. • 20 years of IT experience, 10 in messaging security • Former US Army, Military Intelligence Officer
Objectives • Understand Email landscape changes • Review the government agency landscape • Learn about CUI • Discuss how an agency can ‘control’ information • Define ESI and retention policies • Discover why eDiscovery is important • Review how the “Cloud-First” Policy can help
Understanding Email Landscape Changes Presentation Title—4—March 5, 2010
Malware Sophistication Massive bursts and concentration of attacks Aggregate volumes increasing Distribution channels • 100,000 spams/daysingle user • Spammers leverage others’ resources • 50% increaseover 3 months
Message Volumes Continue to Rise • Rising spam and email complexity demand a holistic strategy • Spam message sizes are increasing as well • Update
Botnet activity continually increasing • Botnets continue to drive spam growth • New Internet users coming online in developing countries with no (or pirated) AV protection • Hackers rent out portions of their botnets to spammers and sell stolen credentials
Email Today:More than Just the Mail Server Mail Servers
Email Today:Soaring Costs and Complexity ContentFiltering Data LossPrevention Anti-spam Anti-virus Encryption Routing MTAs Mail ServerAnti-Virus DisasterRecovery Mobility (BES) Mail Servers Archiving Compliance eDiscovery
Email Today:Soaring Costs and Complexity ContentFiltering Data LossPrevention Anti-spam Anti-virus Encryption Routing MTAs Mail ServerAnti-Virus DisasterRecovery Mobility (BES) Mail Servers Archiving Compliance eDiscovery
The Email World Has Changed InboundSecurity DLP/Encryption Archiving eDiscovery Budgets • Spam Volumes • Focused Attacks • Spam Sophistication • Government Regulations – FISMA, DFARS • PCI, HIPAA, FERPA • Frequent Data Breaches • OMB Memorandum 07-16 • NIST Special Pub 800-122 • GAO Report 08-343 • Records retention - EMPA • FRCP Rules • Increased Litigation • Bloated Mail Server • Records Definition (44 USC 3301) • NARA Rule 1234 • DoD 5015.2 • Shift from On-Premises to Cloud • FCCI, FedRAMP • TCO and security driving deployment choice • Marketplace confusion regarding options • 11% decrease in total receipts from 2009
Government Agency Landscape • Focus on protection of PII and CUI • Demands: records preservation, access • Consolidation of Agency networks • Interest in SaaS • Budgets: pressured for efficiency
CNCI • Comprehensive National Cybersecurity Initiative • Launched by President Bush withNSPD-54/HSPD-23 in January, 2008 • 3 Major Goals: • Establish a front line defense against immediate threats • Defend against the full spectrum of threats … • Strengthen the future cybersecurity environment…
TIC • Trusted Internet Connection (TIC) Initiative • Headed by OMB and DHS • Common security solution which includes: • Reduced access points • Baseline security capabilities • Validating agency adherence to baseline capabilities
Trusted Internet Connection(TIC) • Agencies have a choice: • TICAP - TIC Access Providers • agency rolls their own, and/or provides for others • MTIPS- Managed Trusted IP Service • agency “seeking service” • Networx contract vehicle managed by GSA • 4 approved Networx Universal MTIPS providers • ATT, Verizon, Qwest, Sprint
A new government acronym: CUI Presentation Title—17—March 5, 2010
Controlled Unclassified Information (CUI) • Background: • 107+ unique markings • 130+ different labeling or handling processes for Sensitive But Unclassified (SBU) information • E.g. “For Official Use Only” and “Law Enforcement Sensitive • Definition • Federal agencies routinely generate, use, store, and share information that, while not meeting standards for classified national security information, requires safeguarding measures and dissemination controls
How can an agency “control” information? Presentation Title—20—March 5, 2010
Controlling Information • CUI Framework tag • COTS products, or manual effort • Data Loss Prevention technologies to stop information from being sent in the clear • DAR – Data At Rest • DIM – Data in Motion • Two most prevalent protocols are SMTP and HTTP(s) • DIM technology to identify CUI • Policy enforcement should include list of possible actions to include notify, quarantine, discard, encrypt
Policy Driven Email Disposition CLEARED ENCRYPTED BLOCKED UNSTRUCTURED DATA ANALYSIS STRUCTURED DATA ANALYSIS ATTRIBUTE ANALYSIS • Multi-layered defense in depth • Utilize smart intelligence for SSNs, PANs, ABA Routing Numbers, etc. • Proximity and correlation analysis • Enforce policy on emails containing sensitive authorization data • Integrated encryption • Ensure DLP is tightly integrated with strong encryption technology • Encrypt messages automatically, based on presence of sensitive data • Easy to implement and use • Today’s DLP and encryption solutions are not yesterday’s PKI nightmares • Should not require any end-user training
Protect HTTP(S) with Web DLP Internet Allow/Block ICAP Web proxy Content SEG HTTP(S) SMTP • Data Loss Prevention to web protocols • Webmail, blog posts, etc. sent to SEG for DLP filtering • SEG returns allow or block • Single management interface • All policies managed through single administrative interface (email and web) • Easily leverage existing policies or create new ones • Easy to implement and use • Configure Proxy to deliver content to SEG • No licensing required for use of ICAP interface from SEG or proxy vendors
What is ESI? and What is a Retention Policy? Presentation Title—24—March 5, 2010
Defining ESI • Electronically Stored Information • Sources: email, mainframes, local servers, laptops, backup tapes, external hard drives • Common forms: email with attachments, text files, powerpoints, spreadsheets, instant messaging, etc. • Federal Rules of Civil Procedures (FRCP) Rule 26(f) – rule which governs pre-trial conference on the disclosure and discovery of ESI
NARA Retention Policy Guidelines on ESI • C.F.R = Code of Federal Regulations • Transitory email • 6 month retention cycle • Federal Record • Old requirement – print the email and store before the electronic record can be deleted (36 C.F.R. 1234.24) • Permanent Electronic Mail – must be archived • Temporary Electronic Mail – varied retention period • Transitory Electronic Mail Records – 180 day retention
Federal Archiving Regulations • Litigation demands preservation and access • Includes “electronically stored information” or “ESI” • NARA Records Management Guidance & Regulations • (36 CFR 1236) • Guidelines for email archiving • Electronic Message Preservation Act (2010) • Electronically capture, manage, preserve records • DoD5015.2 Records Management Program • Create, maintain, preserve as records in any media • Federal Rules for Civil Procedure (Rule 34) • Huge penalties for not adhering
Why is eDiscovery important? Presentation Title—28—March 5, 2010
The need for eDiscovery • Government litigation incidents • Deepwater Horizon Response (BP oil spill) • Claims citing the Oil Pollution Act (OPA) • BP, Haliburton Co, and Cameron International Corp • USCG and FEMA also involved with litigation • Hurricane Katrina • Judgments against US Army Corps of Engineers • Various claims remain open with FEMA • Many other examples
How an Archive Helps Centralize Data Enforce Policy Expedite Discovery • Build a centralized, deduped repository that can’t be tampered with for legal usage • Provide end users with access to their historical mail to eliminate need for PST’s • Enforce retention policy with flexible rules • Initiate a litigation hold without dependency on end-user compliance • Early case assessment with real-time full text search • Cull data to reduce review costs • Quickly export data to PSTs
Mailbox Management Considerations • Access archive directly within mail client • Intuitive search with full text indexing to find historical mail • Self-serve retrieval of accidentally deleted mail End-User Search • Larger, older attachments replaced with shortcut to archive • end-user access to stubbed attachments • Automated restoration of original when forwarding Stubbing Benefits: • IT can impose tighter quotas on mailboxes while preventing PST creation • Less data in Exchange improves performance • Less data in Exchange shortens backup and recovery times • Prevents ongoing storage growth within Exchange
eDiscovery Considerations • Forensically compliant storage, capture Repository • Automated enforcement w/ AD integration Retention Policy • Real-time, Flexible Search • People, content holds beyond standard period Legal Holds • Export data for review tools, Fast exports to PST Export • Instant for active archive, legal hold Disposition
US Federal CIO’s Cloud-First Policy Presentation Title—33—March 5, 2010
Cloud-First Policy • First introduced November, 2010 • Detailed in the “Federal Cloud Computing Strategy” paper by Vivek Kundra, 2/8/11 • Targeting $20b of the $80b annual IT spend by Federal agencies • Goal: Each agency identifies 3 “must move” services, 1 moved within 12 months, remaining 2 within 18 months
How Cloud Computing Can Help • Reduce email risks and costs • Consolidated compliance and cloud-powered platforms • eDiscovery solution for reducing retention and litigation costs • Policy-based encryption ensures security is not user dependent • Adhere to regulations and privacy best practices • DLP and policy-based encryption • Built-in remediation / workflow • Multiple archive retention policies • Raise the quality of services • Enable and promote secure communication for your agency, ensuring continued public trust • Automate privacy training and raise awareness internally
Should have 99.999% service availability Reliability Speed Accuracy • Should have 99% spam effectiveness • Should have100% virus control • Should have < 1 in 350,000 false positives • Should have sub-minute email latency • Should have < 20 second archive search results Benchmarking YourCloud-based Security
Security and Compliance Are Top Priorities For Federal and Commercial Organizations SECURITY PRIVACY Enterprise 2.0 • Data Everywhere – Public/Private Clouds • Consumerization of IT • Rise of Mobile • Rise of Social Media • Spam Volumes • Focused Attacks • Phish Attacks • Botnets • Government Regulations • PCI, HIPAA, FERPA • Frequent Data Breaches • Confidential Information Leaks Global 2000Government Orgs. • Being Brought In-house To Reduce Costs • FRCP Rules • Freedom of Information (FOIA) • Increased, Costly Litigation • Compliance • Records retention LITIGATION
Cloud Services for Email Security, Compliance, and Archiving In the Cloud Anti-Spam/Anti-Virus Data Loss Prevention Policy enforcement Email archiving/eDiscovery On-Premises (Private Cloud)(Virtual Appliance) Anti-Spam/Anti-Virus Data Loss Prevention Policy enforcement Applications DynamicUpdate Service ReputationServices Encryption KeyService StorageService Reporting& Analytics Common Services CPU, Memory, Network Underlying Infrastructure
A Holistic View of email security, compliance, and archiving Data LossPrevention Ensure externalrequirements andinternal policiesare met Email ThreatProtection Protect the infrastructurefrom outside threats Email Security &Compliance CloudPlatform Archiving andeDiscovery Enable search,eDiscovery, storagemanagement andcompliance SecureCommunication Encrypt emailsand send largeattachments securely