270 likes | 559 Views
Sophos / Utimaco Data Loss Prevention. Peter Szendröi, SOPHOS Nordics Jan 20, 2010. Sophos, Simply Secure. Personally identifiable information. Customer data. Intellectual property. Changing security landscape. Digital generation set loose. Information theft – not graffiti. Firewall.
E N D
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010
Personally identifiable information Customer data Intellectual property Changing security landscape Digital generation set loose Information theft – not graffiti Firewall $ Complex threats.... Corporate data Mobile workers Fast changing Web-based, Invisible Targeted ...targeting commercial data Contractors, outsourcing Partners, customers Web 2.0 Regulatory disclosure and reputation damage PCI-DSS HIPAA GLBA 95/46/EC CSB 1386
Headlines are the tip of the iceberg Brand damage Loss of customers Incremental internal costs Direct costs of intellectual property loss
How is this data exposed? Insider theft accounts for only 5-15% of the data loss Most data breaches are accidental Only 2.4% were prevented by protective measures (e.g. encryption)
Personally identifiable information Customer data Intellectual property What data is at risk? Process Work Knowledge Work Well-defined responsibilities Well-defined workflows Dealing with PII Risks: - Non-compliance- Criminal prosecution- Brand / reputation damage Changing roles / assignments Unstructured data Company information assets Risks: - Competitive damage - Loss of partner trust
Challenge of Data Loss Prevention Conflicting Goals! Business challenge Enable productivity, mobility and flexible “web 2.0” working Comply with regulation Avoid damaging data loss but also There is no “100% DLP”
Four elements of an effective DLP strategy • Control the user environment by restricting data exit points • Control devices, applications, email and web usage • Ensure security policy compliance • Protect confidential and sensitive information • Full disk, removable storage and file encryption • Email encryption • Prevent leakage of personal identifiable information • Comprehensive coverage of personally identifiable information types • Continuously assess, audit, report and enforce on endpoint and gateway • Classify intellectual property and sensitive business data • Empower knowledge workers to classify sensitive business data • Apply classification to existing documents and data sets
Control user environment • Data loss objective: • Significantly reduce risk by managing what users can do on data exit points • Sophos solution provides granular control of: • Storage devices and network interfaces • Applications • Web site access • Continuously monitor user behaviour and enforce security policies • SophosLabs provide the domain expertise: • Managed application definitions (P2P, IM, Remote Access) • Managed web site categories (webmail, social networks, IM) • Indentify over 150 file formats using “True File Type” technology
Protect confidential and sensitive information • Data loss objective: • Data encryption is the ultimate data loss insurance policy • Sophos solution protects data where it is most exposed: • Laptops • Removable storage and optical media • Email • Server file shares • Data protection platform: • Enterprise mangement console and key management • Integration with Active Directory • Transparent file and folder encryption • Audit compliance
Prevent leakage of PII • Data loss objective: • Tackle the highest risk of regulatory infringement and brand damage • Sophos solution covers all critical data leakage points: • Storage, web, email and IM • Fully integrated into core endpoint and gateway products • SophosLabs provide the content expertise: • Over 100 expert definitions of personally identifiable information • Administrator decides appropriate enforcement action: • Audit – silent background monitoring of events • Training – audited end user authorisation • Enforcement - encrypt or block transfer
Classify and protect documents • Data loss objective: • Protect high value intellectual property and operations data • Sophos solution is designed to empower knowledge workers: • Define classification levels within policy • Enable end user to tag and classify new documents • Embed classification within document • Scan for and classify existing documents using document context • Enforce policies for classified documents on endpoint and gateway • Integrated with enterprise encryption solution: • Leverages existing user identity and permissions • Provides workable enterprise rights management
Solutions designed to meet a need Process Work Knowledge Work Comply with regulations Protect data using full disk encryption Prevent leakage of PII from endpoints Prevent leakage of PII from email and web gateway Data at resting scanning of PII on endpoints Protect company assets using encryption and classification. Detect leakage of IP via common leak points. Classify and protect IP at the point of creation. Persistent tagging Identify and protect IP using automated classification and data at rest scanning. SafeGuard Enterprise Enterprise Security and Control
SafeGuard Enterprise Your key to data protection with encryption 2. Encrypt laptops, desktops 1. Consistent policies, mgmt. of keys & certificates SafeGuard Configuration Protection SafeGuard FileShare* SafeGuard Device Encryption 3. Encrypt removable media SafeGuardManagement Center 4. PC port control & DLP SafeGuard Data Exchange 6.Secure network file shares SafeGuardPartner Connect 5. Manage external security products (*) Future release
Safeguard Mail Gateway overview 5 a 1 e 2 d 3 c 4 b Email Client sends out Email in plain text Email Server forwards Email to Content-Filter Content-Filter forwards Email to SGMG SGMG evaluates Email Security Policy and cryptographically handles the Email accordingly SGMG delivers Email to the Recipient External Communication Partner sends an encrypted Email SGMG identifies encrypted Email and decrypts this Email. The Email is now in plain-text. SGMG forwards Email to AV-Scanner AV-Scanner checks and forwards the Email to the Email Server Email Client receives Email in plain text