14 Data Leakage Prevention Charles Kong S. C. email@example.com
15 What is Data Leakage Prevention (DLP)?
Lost Data = Big Problems 16
How is this data exposed? 17 Loss of devices Leakage via email and web Leakage via USB * Data is representative and uses an IDC data point on the split between accidental and deliberate data loss. Email represents the single greatest potential liability for data loss
Headlines To Be Avoided
NUS Data leakage – 1 st April 2009 NUS accidentally leaks personal data of some 15,700 alumni members Consequences of personal data falling into the wrong hands What can organisation do to prevent accidental data leakage? Source : http://www.zaobao.com.sg/sp/sp090416_501.shtml
NUS Dataleak recommendation
CitiBank Staff Fine !
Hong Kong : Police confidential Data Leak 26 th May 2008, police confidential and classified documents discovered by Foxy King The documents include information on three undercover police officers who have bought illegal substances in a dubious Mong Kok disco and cars used by people suspected of thefts from motor vehicles in Wong Tai Sin Source : HKCERT
Headlines are the tip of the iceberg 27 Brand damage Loss of customers Incremental internal costs Direct costs of intellectual property loss
Todays Challenges Rise of stolen/lost Confidential Information ???? Notebook Lost or stolen weekly at the eight largest airports in EMEA ???? Notebooks Lost or stolen weekly in US airports (estimated) July 2008 www.vnunet.com/vnunet/news/2223012/eu-travellers-losing-laptops-airports
Todays Challenges 2. Rise of stolen/lost Confidential Information 3.300 Notebook Lost or stolen weekly at the eight largest airports in EMEA 12.000 Notebooks Lost or stolen weekly in US airports (estimated) July 2008 www.vnunet.com/vnunet/news/2223012/eu-travellers-losing-laptops-airports 5000 notebooks forgotten in London Taxis during a 6 months period www.theregister.co.uk/2005/01/25/taxi_survey
Lost laptop or other device 35% 2. Rise of stolen/lost Confidential Information 70% of all company data are stored redundant on Endpoints (notebooks, desktops, USB Memory sticks), not only on servers Ponemon Institute, U.S. Survey: Confidential Data at Risk, August 2007 Cost of data break will increase 20% per year through 2009 Gartner Symposium/ ITxpo, Oct. 2007 Top - reason for Data Breaches in Enterprises Ponemon Institute, 2007, Anual Study: Costs of Security Breaches
32 Data Leakage Prevention And Regulatory Compliance
Compliance – worldwide explosion 33 RegulationCountryTopic HIPAA Health Insurance Portability and Accountability Act USAProtection of patients data GLBA Gramm-Leach-Bliley Act USAProtection of personal financial data SB 1386 California Senate Bill 1386 CA, USA Protection of personal data of residents in the state of California PIPEDA Personal Information Protection and Electronic Documents Act Canada Protection of personal data in business relations PIPL Personal Information Protection Law Japan Comparable to German data protection act BDSG Bundesdatenschutzgesetz Germany Protection of personal data DPA Data Protection Act UK Protection of personal data 95/46/EC European Union Directive Europe European data protection directive SOX (Euro SOX) Sarbanes-Oxley Act USA (worldwide) Increased liability of companies concerning the presentation of business development Basel II Europe Policies to control and mitigate operational risk. Optimization of risk management as necessary
34 Finding Data Leaks
Eg;Customer presentation, competitive information
36 Encryption keys lost or stolen Lost or stolen data on mobile devices Data theft via removable media Unauthorized internal server access E-mail interception Insecure outsourcing Todays Challenges Intellectual Property
39 How Sophos addresses Data Loss Protection
Real integration with unified console, engine and agent Anti-Virus Application Control Behavior (HIPS) Anti-Spyware Firewall PUAs Genotype NAC LIGHT Device Control Wireless Block Anti-Rootkit Endpoint Security and Control 9 Data Leakage Prevention
Real integration with unified console, engine and agent Anti-Virus Application Control Behavior (HIPS) Anti-Spyware Firewall PUAs GenotypeNAC LIGHTDevice ControlWireless Block Anti-Rootkit Endpoint Security and Control 9.5 Data Leakage Prevention Encyrption
Device Control enhancements Dedicated device control policy Policy exceptions for individual instance or model types Ability to control modems as a device type Network bridging prevention Granular control of: Storage devices: Removable storage - USB keys, removable hard disks Optical / disk drives - CD / DVD / HD-DVD / Blu-ray Network devices Wi-Fi / Modems Bluetooth Infra-red
Simple to configure device control policies
Rich DLP functionality that is simple to manage TOP SECRET First fully integrated endpoint DLP solution One agent One license (Endpoint Security and Control) Monitor and enforce on all common data exit points Removable storage / optical media Read only mode for storage Internet applications (web browser, email client, IM client) Designed to prevent accidental data loss Train staff through use of desktop prompts Events audited and available for review within SEC
Designed to be implemented with minimal overhead Over 50 default sensitive data descriptions covering: Financial data (credit / debit card numbers) Personally Identifiable Information (national identification codes) Confidential document markers
Easy to configure and deploy rules Range of actions to meet different use cases: Log event only – initial deployment and silent monitoring Request user approval – train and inform Block – appropriate for highly sensitive data
Data Leakage Prevention - How Sophos Protects You!
How is this data exposed? Insider theft accounts for only 5-15% of the data loss Most data breaches are accidental 50
Business challenge Conflicting Goals! Challenge of Data Loss Prevention 51 Enable productivity, mobility and flexible web 2.0 working Comply with regulation Avoid damaging data loss but also
Simply Secure Data Loss Prevention 52
Four elements of an effective DLP strategy Control the user environment by restricting data exit points Control devices, applications, email and web usage Ensure security policy compliance Protect confidential and sensitive information Full disk, removable storage and file encryption Email encryption Prevent leakage of personal identifiable information Comprehensive coverage of PII, CCN, SSN and all other types Continuously assess, audit, report and enforce on endpoint and gateway Classify intellectual property and sensitive business data Empower knowledge workers to classify sensitive business data Apply classification to existing documents and data sets and then set policy 53
Control user environment 54 Data loss objective: Significantly reduce risk by managing what users can do on data exit points Sophos ESC 9 provides granular control of: Storage devices and network interfaces Applications Sophos ESC 9 Monitors user behaviour through reporting and Centralised event logs So you can see what is being attempted SophosLabs provide the domain expertise: Managed application definitions (P2P, IM, Remote Access) Indentify over 150 file formats using True File Type technology
Protect confidential and sensitive information Sophos ESC 9 protects data where it is most exposed: Laptops (full disk encryption) Removable storage and optical media : encrypt (often not a good idea if the request is to take to home PC) Block only certain data. Its OK to copy a spreadsheet of customer company names to a USB key but not to copy a spreadsheet of credit card numbers. Managed email encryption – not from the client but at the gateway. Simpler for the user and safer from a DLP perspective – becuase you can check the content before Encrypting the email. 55
Prevent leakage of PII Data loss objective: Tackle the highest risk of regulatory infringement and brand damage Sophos ESC 9 covers all critical data leakage points: Storage, web, email and IM Fully integrated into Sophos ESC 9 and gateway products SophosLabs provide the content expertise: 100s of expert definitions of personally identifiable information – we do the work, so that you dont have to be an expert. Administrator decides appropriate enforcement action: Audit – silent background monitoring of events Training – audited end user authorisation Enforcement - encrypt or block transfer 56
Classify and protect documents Data loss objective: Protect high value intellectual property and operations data Sophos solution is designed to empower knowledge workers: Define classification levels within policy Enable end user to tag and classify new documents Embed classification within document (sometimes silently) Enforce policies for classified documents on endpoint and gateway 57
So how does it all actually work ? 58 Best explained with a typical use case
An example = Bill in HR and his laptop 59 At 4:30pm Bills boss asks him to get some budget figures together about staffing levels and wages for next year. Bills boss needs it 10am Monday morning for a meeting Bills bus leaves at 5:10pm and he doesnt like taking his laptop on the bus......so he exports the raw staff data from the ERP sytem and dumps it to a spreadsheet on his hard drive. Bills plan is to copy the file to his usb sitck and leave a bit early (hes going to be working all weekend anyway......)
An example = Bill in HR and his laptop 60 So he plugs in his trusty US key and tries to save the spreadsheet to his E: He gets a nice pop up messages from SESC9 explaining that the file trasfer has been blocked. Bill shouldnt be doing this (a customisable message)
An example = Bill in HR and his laptop 61 So he opens explorer and tries copying the file to E:
An example = Bill in HR and his laptop 62 Next he tries to burn to a CD....
An example = Bill in HR and his laptop 63..... I know !!
An example = Bill in HR and his laptop 64 So he tries to email it to home, via the corporate Outlook email client....
An example = Bill in HR and his laptop 65 So he tries his Gmail account.....
Its 4:50... Bill is getting desperate. His bus leave in 20 minutes 66
An example = Bill in HR and his laptop 67 So he tries one last option. Bill zips and encypts the file and password protects it. And then he tries copying that to his USB stick....
Potential CNN Moment Averted !!! 68 At 4:55pm Bill realises that he needs to pack up his laptop and take it with him.
What about encryption ? You might think that Bill would have been OK to encrypt the file and take it home. Bills I.T. Department would disagree. While its true that a properly encrypted file, provides protection for the data transit, what happens when he unzips it on his home PC ? Does the I.T. Department control the state of Bills home PC ? Can they be sure it has up to date AV and is not compromised by hackers ? 69
73 Questions ?
What did Edison Chen Stand for ? ECDHIESNONECDHIESNON
EdisonC DataH Is E SecureN Or Not ?
What did Edison Chen Stand for ? EdisonCertainly DataHaving Is Encryption SecureNow Or Not ?
SOPHOS Endpoint Security and Data Protection 77 Terms and Conditions apply -excluded migration services -Promo valid until 01 MARCH 2010 Pls acknowledge. Anti-Virus Application Control Behavior (HIPS) Anti-Spyware Firewall PUAs Genotype NAC LIGHT Device Control Wireless Block Anti-Rootkit Endpoint Security and Control 9 Data Leakage Prevention
Validity 01 March 2010 No of Devices12 + 3 months software Support and subscription 10-24RM 216 25-49RM 194 50-99RM 174 100-249RM 157 250-499 RM 138 500 and above RM 118 78 Free Media Kit (worth RM 250), Free Home Use, Extra 3 months Free software support. FREE 3 months Software Support and subscription
CNY Services Promo Version Upgrade Onsite Services (within Klang Valley) RM 1800 RM 1288 * Onsite Maintenance (within Klang Valley) RM 8000 RM 6688 ^ (500 devices and below) RM 12500 RM 9988 ^ (501 – 999 devices) Validity by 01 March 2010 79 (*) Upgrade from Ver 8 Management server only (^) total 50 support hours within 1 year. Includes preventive maintenance, version onsite upgrade, hands-on training, Documentation, infection alert, remote monitoring (if applicable), priority support.
80 Thank you Charles Kong S. C. firstname.lastname@example.org