1 / 42

Addressing Email Security Holistically

Addressing Email Security Holistically. Jeff Lake Vice President, Federal Operations Proofpoint, Inc. August 17, 2011. Jeff Lake Speaker Background. Vice President, Federal Operations, Proofpoint, Inc. Former Vice President, Federal Operations for Fortinet, Inc. and CipherTrust, Inc.

jana
Download Presentation

Addressing Email Security Holistically

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Addressing Email Security Holistically Jeff Lake Vice President, Federal Operations Proofpoint, Inc. August 17, 2011

  2. Jeff LakeSpeaker Background • Vice President, Federal Operations, Proofpoint, Inc. • Former Vice President, Federal Operations for Fortinet, Inc. and CipherTrust, Inc. • 20 years of IT experience, 10 in messaging security • Former US Army, Military Intelligence Officer

  3. Objectives • Understand Email landscape changes • Review the government agency landscape • Learn about CUI • Discuss how an agency can ‘control’ information • Define ESI and retention policies • Discover why eDiscovery is important  • Review how the “Cloud-First” Policy can help

  4. Understanding Email Landscape Changes Presentation Title—4—March 5, 2010

  5. Malware Sophistication Massive bursts and concentration of attacks Aggregate volumes increasing Distribution channels • 100,000 spams/daysingle user • Spammers leverage others’ resources • 50% increaseover 3 months

  6. Message Volumes Continue to Rise • Rising spam and email complexity demand a holistic strategy • Spam message sizes are increasing as well • Update

  7. Botnet activity continually increasing • Botnets continue to drive spam growth • New Internet users coming online in developing countries with no (or pirated) AV protection • Hackers rent out portions of their botnets to spammers and sell stolen credentials

  8. Email Today:More than Just the Mail Server Mail Servers

  9. Email Today:Soaring Costs and Complexity ContentFiltering Data LossPrevention Anti-spam Anti-virus Encryption Routing MTAs Mail ServerAnti-Virus DisasterRecovery Mobility (BES) Mail Servers Archiving Compliance eDiscovery

  10. Email Today:Soaring Costs and Complexity ContentFiltering Data LossPrevention Anti-spam Anti-virus Encryption Routing MTAs Mail ServerAnti-Virus DisasterRecovery Mobility (BES) Mail Servers Archiving Compliance eDiscovery

  11. The Email World Has Changed InboundSecurity DLP/Encryption Archiving eDiscovery Budgets • Spam Volumes • Focused Attacks • Spam Sophistication • Government Regulations – FISMA, DFARS • PCI, HIPAA, FERPA • Frequent Data Breaches • OMB Memorandum 07-16 • NIST Special Pub 800-122 • GAO Report 08-343 • Records retention - EMPA • FRCP Rules • Increased Litigation • Bloated Mail Server • Records Definition (44 USC 3301) • NARA Rule 1234 • DoD 5015.2 • Shift from On-Premises to Cloud • FCCI, FedRAMP • TCO and security driving deployment choice • Marketplace confusion regarding options • 11% decrease in total receipts from 2009

  12. Government Agency Landscape • Focus on protection of PII and CUI • Demands: records preservation, access • Consolidation of Agency networks • Interest in SaaS • Budgets: pressured for efficiency

  13. More Regulations and Scrutiny

  14. CNCI • Comprehensive National Cybersecurity Initiative • Launched by President Bush withNSPD-54/HSPD-23 in January, 2008 • 3 Major Goals: • Establish a front line defense against immediate threats • Defend against the full spectrum of threats … • Strengthen the future cybersecurity environment…

  15. TIC • Trusted Internet Connection (TIC) Initiative • Headed by OMB and DHS • Common security solution which includes: • Reduced access points • Baseline security capabilities • Validating agency adherence to baseline capabilities

  16. Trusted Internet Connection(TIC) • Agencies have a choice: • TICAP - TIC Access Providers • agency rolls their own, and/or provides for others • MTIPS- Managed Trusted IP Service • agency “seeking service” • Networx contract vehicle managed by GSA • 4 approved Networx Universal MTIPS providers • ATT, Verizon, Qwest, Sprint

  17. A new government acronym: CUI Presentation Title—17—March 5, 2010

  18. Controlled Unclassified Information (CUI) • Background: • 107+ unique markings • 130+ different labeling or handling processes for Sensitive But Unclassified (SBU) information • E.g. “For Official Use Only” and “Law Enforcement Sensitive • Definition • Federal agencies routinely generate, use, store, and share information that, while not meeting standards for classified national security information, requires safeguarding measures and dissemination controls

  19. Presidential Directive:Controlled Unclassified Information

  20. How can an agency “control” information? Presentation Title—20—March 5, 2010

  21. Controlling Information • CUI Framework tag • COTS products, or manual effort • Data Loss Prevention technologies to stop information from being sent in the clear • DAR – Data At Rest • DIM – Data in Motion • Two most prevalent protocols are SMTP and HTTP(s) • DIM technology to identify CUI • Policy enforcement should include list of possible actions to include notify, quarantine, discard, encrypt

  22. Policy Driven Email Disposition CLEARED ENCRYPTED BLOCKED UNSTRUCTURED DATA ANALYSIS STRUCTURED DATA ANALYSIS ATTRIBUTE ANALYSIS • Multi-layered defense in depth • Utilize smart intelligence for SSNs, PANs, ABA Routing Numbers, etc. • Proximity and correlation analysis • Enforce policy on emails containing sensitive authorization data • Integrated encryption • Ensure DLP is tightly integrated with strong encryption technology • Encrypt messages automatically, based on presence of sensitive data • Easy to implement and use • Today’s DLP and encryption solutions are not yesterday’s PKI nightmares • Should not require any end-user training

  23. Protect HTTP(S) with Web DLP Internet Allow/Block ICAP Web proxy Content SEG HTTP(S) SMTP • Data Loss Prevention to web protocols • Webmail, blog posts, etc. sent to SEG for DLP filtering • SEG returns allow or block • Single management interface • All policies managed through single administrative interface (email and web) • Easily leverage existing policies or create new ones • Easy to implement and use • Configure Proxy to deliver content to SEG • No licensing required for use of ICAP interface from SEG or proxy vendors

  24. What is ESI? and What is a Retention Policy? Presentation Title—24—March 5, 2010

  25. Defining ESI • Electronically Stored Information • Sources: email, mainframes, local servers, laptops, backup tapes, external hard drives • Common forms: email with attachments, text files, powerpoints, spreadsheets, instant messaging, etc. • Federal Rules of Civil Procedures (FRCP) Rule 26(f) – rule which governs pre-trial conference on the disclosure and discovery of ESI

  26. NARA Retention Policy Guidelines on ESI • C.F.R = Code of Federal Regulations • Transitory email • 6 month retention cycle • Federal Record • Old requirement – print the email and store before the electronic record can be deleted (36 C.F.R. 1234.24) • Permanent Electronic Mail – must be archived • Temporary Electronic Mail – varied retention period • Transitory Electronic Mail Records – 180 day retention

  27. Federal Archiving Regulations • Litigation demands preservation and access • Includes “electronically stored information” or “ESI” • NARA Records Management Guidance & Regulations • (36 CFR 1236) • Guidelines for email archiving • Electronic Message Preservation Act (2010) • Electronically capture, manage, preserve records • DoD5015.2 Records Management Program • Create, maintain, preserve as records in any media • Federal Rules for Civil Procedure (Rule 34) • Huge penalties for not adhering

  28. Why is eDiscovery important? Presentation Title—28—March 5, 2010

  29. The need for eDiscovery • Government litigation incidents • Deepwater Horizon Response (BP oil spill) • Claims citing the Oil Pollution Act (OPA) • BP, Haliburton Co, and Cameron International Corp • USCG and FEMA also involved with litigation • Hurricane Katrina • Judgments against US Army Corps of Engineers • Various claims remain open with FEMA • Many other examples

  30. How an Archive Helps Centralize Data Enforce Policy Expedite Discovery • Build a centralized, deduped repository that can’t be tampered with for legal usage • Provide end users with access to their historical mail to eliminate need for PST’s • Enforce retention policy with flexible rules • Initiate a litigation hold without dependency on end-user compliance • Early case assessment with real-time full text search • Cull data to reduce review costs • Quickly export data to PSTs

  31. Mailbox Management Considerations • Access archive directly within mail client • Intuitive search with full text indexing to find historical mail • Self-serve retrieval of accidentally deleted mail End-User Search • Larger, older attachments replaced with shortcut to archive • end-user access to stubbed attachments • Automated restoration of original when forwarding Stubbing Benefits: • IT can impose tighter quotas on mailboxes while preventing PST creation • Less data in Exchange improves performance • Less data in Exchange shortens backup and recovery times • Prevents ongoing storage growth within Exchange

  32. eDiscovery Considerations • Forensically compliant storage, capture Repository • Automated enforcement w/ AD integration Retention Policy • Real-time, Flexible Search • People, content holds beyond standard period Legal Holds • Export data for review tools, Fast exports to PST Export • Instant for active archive, legal hold Disposition

  33. US Federal CIO’s Cloud-First Policy Presentation Title—33—March 5, 2010

  34. Cloud-First Policy • First introduced November, 2010 • Detailed in the “Federal Cloud Computing Strategy” paper by Vivek Kundra, 2/8/11 • Targeting $20b of the $80b annual IT spend by Federal agencies • Goal: Each agency identifies 3 “must move” services, 1 moved within 12 months, remaining 2 within 18 months

  35. Moving to the Cloud

  36. How Cloud Computing Can Help • Reduce email risks and costs  • Consolidated compliance and cloud-powered platforms • eDiscovery solution for reducing retention and litigation costs • Policy-based encryption ensures security is not user dependent • Adhere to regulations and privacy best practices • DLP and policy-based encryption • Built-in remediation / workflow • Multiple archive retention policies • Raise the quality of services • Enable and promote secure communication for your agency, ensuring continued public trust • Automate privacy training and raise awareness internally

  37. Should have 99.999% service availability Reliability Speed Accuracy • Should have 99% spam effectiveness • Should have100% virus control • Should have < 1 in 350,000 false positives • Should have sub-minute email latency • Should have < 20 second archive search results Benchmarking YourCloud-based Security

  38. SaaS Architecture Advantages(if done correctly)

  39. Security and Compliance Are Top Priorities For Federal and Commercial Organizations SECURITY PRIVACY Enterprise 2.0 • Data Everywhere – Public/Private Clouds • Consumerization of IT • Rise of Mobile • Rise of Social Media • Spam Volumes • Focused Attacks • Phish Attacks • Botnets • Government Regulations • PCI, HIPAA, FERPA • Frequent Data Breaches • Confidential Information Leaks Global 2000Government Orgs. • Being Brought In-house To Reduce Costs • FRCP Rules • Freedom of Information (FOIA) • Increased, Costly Litigation • Compliance • Records retention LITIGATION

  40. Cloud Services for Email Security, Compliance, and Archiving In the Cloud Anti-Spam/Anti-Virus Data Loss Prevention Policy enforcement Email archiving/eDiscovery On-Premises (Private Cloud)(Virtual Appliance) Anti-Spam/Anti-Virus Data Loss Prevention Policy enforcement Applications DynamicUpdate Service ReputationServices Encryption KeyService StorageService Reporting& Analytics Common Services CPU, Memory, Network Underlying Infrastructure

  41. A Holistic View of email security, compliance, and archiving Data LossPrevention Ensure externalrequirements andinternal policiesare met Email ThreatProtection Protect the infrastructurefrom outside threats Email Security &Compliance CloudPlatform Archiving andeDiscovery Enable search,eDiscovery, storagemanagement andcompliance SecureCommunication Encrypt emailsand send largeattachments securely

  42. Questions?

More Related