Presentation is loading. Please wait.

Presentation is loading. Please wait.

Addressing Email Security Holistically Jeff Lake Vice President, Federal Operations Proofpoint, Inc. August 17, 2011.

Similar presentations


Presentation on theme: "Addressing Email Security Holistically Jeff Lake Vice President, Federal Operations Proofpoint, Inc. August 17, 2011."— Presentation transcript:

1 Addressing Security Holistically Jeff Lake Vice President, Federal Operations Proofpoint, Inc. August 17, 2011

2 Jeff Lake Speaker Background  Vice President, Federal Operations, Proofpoint, Inc.  Former Vice President, Federal Operations for Fortinet, Inc. and CipherTrust, Inc.  20 years of IT experience, 10 in messaging security  Former US Army, Military Intelligence Officer

3 Objectives  Understand landscape changes  Review the government agency landscape  Learn about CUI  Discuss how an agency can ‘control’ information  Define ESI and retention policies  Discover why eDiscovery is important  Review how the “Cloud-First” Policy can help

4 Understanding Landscape Changes Presentation Title —4— March 5, 2010

5 Malware Sophistication Aggregate volumes increasing  50% increase over 3 months Massive bursts and concentration of attacks  100,000 spams/day single user Distribution channels  Spammers leverage others’ resources

6 Message Volumes Continue to Rise  Rising spam and complexity demand a holistic strategy  Spam message sizes are increasing as well  Update

7 Botnet activity continually increasing  Botnets continue to drive spam growth »New Internet users coming online in developing countries with no (or pirated) AV protection »Hackers rent out portions of their botnets to spammers and sell stolen credentials

8 Today: More than Just the Mail Server Mail Servers

9 Today: Soaring Costs and Complexity Routing MTAs Mail Servers Mobility (BES) Mail Server Anti-Virus Disaster Recovery eDiscovery ArchivingCompliance Anti-spamAnti-virus Content Filtering Data Loss Prevention Encryption

10 Today: Soaring Costs and Complexity Routing MTAs Mail Servers Mobility (BES) Mail Server Anti-Virus Disaster Recovery eDiscovery ArchivingCompliance Anti-spamAnti-virus Content Filtering Data Loss Prevention Encryption

11 The World Has Changed Inbound Security DLP/ Encryption ArchivingeDiscoveryBudgets  Spam Volumes  Focused Attacks  Spam Sophistication  Government Regulations – FISMA, DFARS  PCI, HIPAA, FERPA  Frequent Data Breaches  OMB Memorandum  NIST Special Pub  GAO Report  Records retention - EMPA  FRCP Rules  Increased Litigation  Bloated Mail Server  Records Definition (44 USC 3301)  NARA Rule 1234  DoD Shift from On- Premises to Cloud FCCI, FedRAMP TCO and security driving deployment choice Marketplace confusion regarding options  11% decrease in total receipts from 2009

12 Government Agency Landscape Focus on protection of PII and CUI Demands: records preservation, access Consolidation of Agency networks Interest in SaaS Budgets: pressured for efficiency

13 More Regulations and Scrutiny

14 CNCI  Comprehensive National Cybersecurity Initiative  Launched by President Bush with NSPD-54/HSPD-23 in January, 2008  3 Major Goals: »Establish a front line defense against immediate threats »Defend against the full spectrum of threats … »Strengthen the future cybersecurity environment…

15 TIC  Trusted Internet Connection (TIC) Initiative »Headed by OMB and DHS »Common security solution which includes: Reduced access points Baseline security capabilities Validating agency adherence to baseline capabilities

16 Trusted Internet Connection(TIC)  Agencies have a choice: »TICAP - TIC Access Providers agency rolls their own, and/or provides for others »MTIPS - Managed Trusted IP Service agency “seeking service” Networx contract vehicle managed by GSA 4 approved Networx Universal MTIPS providers –ATT, Verizon, Qwest, Sprint

17 A new government acronym: CUI Presentation Title —17— March 5, 2010

18 Controlled Unclassified Information (CUI)  Background: »107+ unique markings »130+ different labeling or handling processes for Sensitive But Unclassified (SBU) information E.g. “For Official Use Only” and “Law Enforcement Sensitive  Definition »Federal agencies routinely generate, use, store, and share information that, while not meeting standards for classified national security information, requires safeguarding measures and dissemination controls

19 Presidential Directive: Controlled Unclassified Information Presidential memorandum on Classified Information and Controlled Unclassified Information Formation of Task Force, which recommended “Controlled Unclassified Information” (CUI) Framework Requirement for safeguarding and dissemination controls for CUI Data Loss Prevention for Controlled Unclassified information

20 How can an agency “control” information? Presentation Title —20— March 5, 2010

21 Controlling Information  CUI Framework tag »COTS products, or manual effort  Data Loss Prevention technologies to stop information from being sent in the clear »DAR – Data At Rest »DIM – Data in Motion Two most prevalent protocols are SMTP and HTTP(s)  DIM technology to identify CUI  Policy enforcement should include list of possible actions to include notify, quarantine, discard, encrypt

22  Multi-layered defense in depth »Utilize smart intelligence for SSNs, PANs, ABA Routing Numbers, etc. »Proximity and correlation analysis »Enforce policy on s containing sensitive authorization data  Integrated encryption »Ensure DLP is tightly integrated with strong encryption technology »Encrypt messages automatically, based on presence of sensitive data  Easy to implement and use »Today’s DLP and encryption solutions are not yesterday’s PKI nightmares »Should not require any end-user training Policy Driven Disposition

23  Data Loss Prevention to web protocols »Webmail, blog posts, etc. sent to SEG for DLP filtering »SEG returns allow or block  Single management interface »All policies managed through single administrative interface ( and web) »Easily leverage existing policies or create new ones  Easy to implement and use »Configure Proxy to deliver content to SEG »No licensing required for use of ICAP interface from SEG or proxy vendors Protect HTTP(S) with Web DLP ICAP Content Allow/Block SMTP HTTP(S) Internet Web proxy SEG

24 What is ESI? and What is a Retention Policy? Presentation Title —24— March 5, 2010

25 Defining ESI  Electronically Stored Information »Sources: , mainframes, local servers, laptops, backup tapes, external hard drives »Common forms: with attachments, text files, powerpoints, spreadsheets, instant messaging, etc. »Federal Rules of Civil Procedures (FRCP) Rule 26(f) – rule which governs pre-trial conference on the disclosure and discovery of ESI

26 NARA Retention Policy Guidelines on ESI  C.F.R = Code of Federal Regulations  Transitory »6 month retention cycle  Federal Record »Old requirement – print the and store before the electronic record can be deleted (36 C.F.R ) »Permanent Electronic Mail – must be archived »Temporary Electronic Mail – varied retention period »Transitory Electronic Mail Records – 180 day retention

27 Federal Archiving Regulations  Litigation demands preservation and access  Includes “electronically stored information” or “ESI” NARA Records Management Guidance & Regulations (36 CFR 1236) Guidelines for archiving NARA Records Management Guidance & Regulations (36 CFR 1236) Guidelines for archiving Electronic Message Preservation Act (2010) Electronically capture, manage, preserve records Electronic Message Preservation Act (2010) Electronically capture, manage, preserve records Federal Rules for Civil Procedure (Rule 34) Huge penalties for not adhering Federal Rules for Civil Procedure (Rule 34) Huge penalties for not adhering DoD Records Management Program Create, maintain, preserve as records in any media DoD Records Management Program Create, maintain, preserve as records in any media

28 Why is eDiscovery important? Presentation Title —28— March 5, 2010

29 The need for eDiscovery  Government litigation incidents »Deepwater Horizon Response (BP oil spill) Claims citing the Oil Pollution Act (OPA) BP, Haliburton Co, and Cameron International Corp USCG and FEMA also involved with litigation »Hurricane Katrina Judgments against US Army Corps of Engineers Various claims remain open with FEMA »Many other examples

30 Enforce Policy Expedite Discovery Expedite Discovery Centralize Data How an Archive Helps Build a centralized, deduped repository that can’t be tampered with for legal usage Provide end users with access to their historical mail to eliminate need for PST’s Enforce retention policy with flexible rules Initiate a litigation hold without dependency on end-user compliance Early case assessment with real-time full text search Cull data to reduce review costs Quickly export data to PSTs

31 Mailbox Management Considerations Benefits: IT can impose tighter quotas on mailboxes while preventing PST creation Less data in Exchange improves performance Less data in Exchange shortens backup and recovery times Prevents ongoing storage growth within Exchange  Access archive directly within mail client  Intuitive search with full text indexing to find historical mail  Self-serve retrieval of accidentally deleted mail End-User Search  Larger, older attachments replaced with shortcut to archive  end-user access to stubbed attachments  Automated restoration of original when forwarding Stubbing

32 eDiscovery Considerations  Automated enforcement w/ AD integration  Real-time, Flexible  People, content holds beyond standard period  Export data for review tools, Fast exports to PST  Instant for active archive, legal hold  Forensically compliant storage, capture Disposition Retention Policy Repository Search Legal Holds Export

33 US Federal CIO’s Cloud-First Policy Presentation Title —33— March 5, 2010

34 Cloud-First Policy  First introduced November, 2010  Detailed in the “Federal Cloud Computing Strategy” paper by Vivek Kundra, 2/8/11  Targeting $20b of the $80b annual IT spend by Federal agencies  Goal: Each agency identifies 3 “must move” services, 1 moved within 12 months, remaining 2 within 18 months

35 Moving to the Cloud Unify Cloud Computing Standards Federal Cloud Computing Initiative FCCI Federal Risk & Authorization Management Program FedRAMP NIST security evaluation guidelines FIPS

36 How Cloud Computing Can Help  Reduce risks and costs »Consolidated compliance and cloud-powered platforms »eDiscovery solution for reducing retention and litigation costs »Policy-based encryption ensures security is not user dependent  Adhere to regulations and privacy best practices »DLP and policy-based encryption »Built-in remediation / workflow »Multiple archive retention policies  Raise the quality of services »Enable and promote secure communication for your agency, ensuring continued public trust »Automate privacy training and raise awareness internally

37 Benchmarking Your Cloud-based Security Accuracy  Should have 99% spam effectiveness  Should have100% virus control  Should have < 1 in 350,000 false positives Speed  Should have sub- minute latency  Should have < 20 second archive search results Reliability  Should have % service availability

38 SaaS Architecture Advantages (if done correctly) RequirementConsideration Resilience Multi-datacenter processing across all applications SecurityEncryption of data at rest IsolationNo co-mingling of data IntegrationTied to directory services (LDAP/AD) Cost Leverage inexpensive storage via grid architecture Leverage multi-customer load processing for economies of scale

39 Security and Compliance Are Top Priorities For Federal and Commercial Organizations Enterprise 2.0  Data Everywhere – Public/Private Clouds  Consumerization of IT  Rise of Mobile  Rise of Social Media LITIGATION PRIVACY SECURITY Global 2000 Government Orgs. Spam Volumes Focused Attacks Phish Attacks Botnets Government Regulations PCI, HIPAA, FERPA Frequent Data Breaches Confidential Information Leaks Being Brought In-house To Reduce Costs FRCP Rules Freedom of Information (FOIA) Increased, Costly Litigation Compliance Records retention

40 On-Premises (Private Cloud) (Virtual Appliance) Anti-Spam/Anti-Virus Data Loss Prevention Policy enforcement On-Premises (Private Cloud) (Virtual Appliance) Anti-Spam/Anti-Virus Data Loss Prevention Policy enforcement In the Cloud Anti-Spam/Anti-Virus Data Loss Prevention Policy enforcement archiving/eDiscovery Common Services Applications Underlying Infrastructure CPU, Memory, Network Cloud Services for Security, Compliance, and Archiving Dynamic Update Service Reputation Services Encryption Key Service Storage Service Reporting & Analytics

41 A Holistic View of security, compliance, and archiving Secure Communication Encrypt s and send large attachments securely Threat Protection Protect the infrastructure from outside threats Archiving and eDiscovery Enable search, eDiscovery, storage management and compliance Security & Compliance Cloud Platform Data Loss Prevention Ensure external requirements and internal policies are met

42 Questions?


Download ppt "Addressing Email Security Holistically Jeff Lake Vice President, Federal Operations Proofpoint, Inc. August 17, 2011."

Similar presentations


Ads by Google