1. RSA Data Loss Prevention Protect Your Sensitive Data David Mateju RSA Sales Consultant

2. RSA – The Big Picture information Encryption
Store, Transport
IT infrastructure
information
Access Authentication, Authorization,
Anti-fraud Solutions
DLP
Data Loss Prevention
SIEM
Security Information and Event Management

3. RSA Encryption and Key Management Suite
RSA – The Big Picture
RSA Encryption and Key Management Suite
RSA Access Manager RSA Federated Identity Manager
RSA SecurID
RSA Digital Certificate Solutions
RSA Identity Protection and Verification Suite
IT infrastructure
information
RSA Data Loss
Prevention Suite
RSA enVision Platform

4. Proč potřebujeme DLP?
„Komerční pojišťovna musí podle rozhodnutí Nejvyššího správního soudu zaplatit pokutu tři miliony korun za únik informací o klientech, kterou ji vyměřil Úřad pro ochranu osobních údajů…”
„Jeden z pracovníků společnosti Panasonic z Borských Polí získal databázi zaměstnanců, která obsahovala jména, rodná čísla, adresy, a také výdělky jednotlivých zaměstnanců. Databázi poslal Plzeňskému deníku…“
„Spořitelna zablokovala kartu klienta kvůli úniku dat… Někdy se jedná o jednotlivé karty, jindy jich mohou být stovky, to se však stává několikrát do roka.“
„Ačkoli Bezpečnostní informační služba únik svých tajných dat zlehčuje a tvrdí, že má veškeré své informace pod kontrolou, opak je pravdou: strategické záznamy, které před více než dvěma lety kdosi ze služby vynesl, nemá pod kontrolou dodnes…“

5. Vaše citlivá data jsou v celém IS…
RSA Data Security System Briefing
1-Nov-17
Vaše citlivá data jsou v celém IS…
Endpoint
Network/
Apps/DB
FS/CMS
Storage
Partners
Remote
Employees
Internal
LAN
WAN
VPN
File Server
Collaboration &
Content Mgmt
Systems
Víte, kde všude jsou uložena vše citlivá obchodní data?
Business
Analytics
Outsourced
Dev.
Enterprise
Applications
Production
Database
Replica
Staging
Disk Arrays
Backup Disk
Backup
Tape
System
Disk Arrays
Over the last several years there has been a noticeable shift in attention and investment from securing the network, to securing systems within the network, to securing the data itself. Several factors seem to be driving this shift. There is growing exposure or risk stemming from 7 key factors
We’re storing more sensitive information
We’re sharing more data: sharing between individuals within departments, across departments, even across organizations.
There are more credentialed users in organizations than ever before. It’s an interesting statistic that most organizations have more credentialed “insiders” than employees. This happens because of contractors, partners, integrators, etc. This creates significant exposure because Insiders know where to look. Hacks from the outside happen, but there is often “security through obscurity”. Insiders by contrast know what information is valuable, where to find it, and how it’s protected.
Market for Stolen Data: At the same time, there are more markets for stolen data – more money to made
Threats are also more sophisticated. Our traditional investments in security have typically focused on keeping bad guys/things out. That is no longer sufficient. And it’s not simply a matter of moving those same controls deeper inside the network – you simply need a different way of dealing with these new risks because the data is not static; it moves, it’s transformed, it’s collaborated on.
We have more regulations – creating more exposure to fines and other costs of non compliance
Finally, our environments are far more complex than they have ever been before
This growing exposure is leading to new costs
Breach remediation & regulatory fines: We’re seeing more breaches, and a significant escalation in regulatory fines and other costs arising from those breaches
Compliance efforts: All these compliance programs are created an amazing amount of overhead. CIO magazine published a study that suggested 20% of IT’s time is spent on compliance. That’s one day a week for every IT employee.
Customer Churn and Brand Erosion. The number and frequency of disclosures is also growing due to legislation and the press. This is leading to a wider set of costs such as the impact of brand erosion, customer churn, etc.
So the bottom line is that the amount of sensitive data is increasing daily and the costs of securing this data is also increasing daily. This leads to a situation of growing costs without results.
Víte, co s těmito daty dělají Vaši zaměstnanci?
- Confidential - 5

6. 3 kroky k nalezení a ochraně citlivých dat
Definice citlivých dat – pravidla pro vyhledávání:
Podle obsahu – slova, věty, spojení, frekvence, externí slovníky
Podle otisku (fingerprint) dokumentu
Nastavení míst pro vyhledávání
Nalezení citlivých dat – jednorázově a pravidelně:
Datové centrum – úložiště SAN/NAS, databáze, Windows file-shares, SharePoint sites, Unix file-shares, …
Koncové body – uživatelské stolní počítače a notebooky
Ochrana citlivých dat – vynucení bezpečnostních pravidel
Datové centrum – mazání, přesuny citlivých dat
Síť – sledování pohybu citlivých dat, zamezení úniku přes perimetr
Koncové body – sledování a případné omezení práce uživatele s citlivými daty (kopírování, , HTTP, FTP, tisk, vypalování, atd.)

7. Řešení RSA – RSA Data Loss Prevention Suite
DLP
Enterprise Manager
Unified Policy Mgmt & Enforcement
Incident Workflow
Dashboard & Reporting
User & System Administration
DLP Datacenter
DLP Network
DLP Endpoint
Nalezení
File shares, SharePoint sites, Databases, SAN/NAS
Sledování
, webmail, IM/Chat, FTP, HTTP/S, TCP/IP
Nalezení
Local drives, PST files, Office files, file types
Ochrana
Mazání, přesun, karanténa uložených dat
Ochrana
Povolení, notifikace, blokování, šifrování přenášených dat
Ochrana
Povolení, notifikace, blokování práce se soubory
eDRM
Šifrování
Řízení přístupu
Podpora 300+ typů souborů, databází, úložišť, CMS, …
Podpora velkého množství protokolů

8. RSA DLP Datacenter and Endpoint Architecture
Enterprise Manager
Quantity / Scale
1 per DLP deployment
Same EM controls Network, Datacenter, and Endpoint
Enterprise Coordinator
Deploys configuration and policies to Site Coordinators
Harvests results from Site Coordinators
Site Coordinator
Deploys configuration and policies to Agents and Grid Workers
Coordinate Grid Worker activities
Harvest results from Agents and Grid Workers
Scanning Agent
Scan files on local system
Grid Worker
Scan defined shares on nearby systems
This diagram, shows a variety of components, starting with the Enterprise Manager on the left. This is the same Enterprise Manager that is employed by the DLP Network solution. Note that this is a very important point. It’s always the same interface that manages the entire RSA DLP environment.
The next component is the Enterprise Coordinator. This is a separate piece of software that needs to be installed, and it’s role is much like that of the Network Controller in DLP Network. Once a policy is created in Enterprise Manager, it is handed off to the Enterprise Coordinator. It’s the Enterprise Coordinator’s job to push out those policy changes to all of the Site Coordinators within the environment, which live below it in the chain.
It’s also the Enterprise Coordinator’s job to harvest all of the results from the various Site Coordinators. So, as events pertaining to the discovery or misuse of sensitive data are discovered by the agents, they are picked up by the Site Coordinators; then picked up from the Site Coordinators by the Enterprise Coordinator, and finally submitted to the Enterprise Manager.
The Enterprise Coordinator is software only, deployed on Windows 2003 Server. And watch the Enterprise Manager, it’s going to slide over here on top of the Enterprise Coordinator. That’s to illustrate that in most environments, we actually deploy the Enterprise Coordinator software and the Enterprise Manager software on the same machine.
There’s no reason why you cannot do that, and, in fact, it’s recommended. In the future, the expectation is that the Enterprise Coordinator may not even remain a separate piece of software. For now it is—you can treat it separately if you choose, but it can be transparent to the customer. You can almost forget that it’s there except when you need to troubleshoot.
There is only one Enterprise Coordinator per DLP deployment, just like the Enterprise Manager and the Network Controller.
Temporary scan agent
Permanent scan agent 8

9. RSA DLP Network Architecture
Enterprise Manager
Single policy configuration
interface for all applications
Single administration interface
Network Controller
Synchronizes policy, updates configuration
Aggregates incidents up from managed devices
SENSOR
Passive network monitoring for HTTP, FTP, POP3, IMAP, SMTP, and IM traffic
ICAP Server
Active or passive network monitoring for proxied http/https/ftp connections
Blocking optional
INTERCEPTOR
Active, in-line SMTP monitoring
Quarantine and Encryption options
Here is an overview of the possibilities for the RSA DLP Network solution. There are five RSA components in this diagram—the Enterprise Manager, the Network Controller, the ICAP Server, and the Interceptor. We’ll talk about each one of them in turn. Let’s start with the Enterprise Manager.
The Enterprise Manager is the single interface for the administration and operation of the entire RSA DLP suite.
This is where an analyst can go to handle incidents that are created as sensitive data is found within the environment. The entire workflow can be handled from this interface.
All administrative tasks—setting up users, groups… configuring new scanning agents or new RSA DLP appliances that are brought into the environment… Again, all of this configuration is accomplished through this single interface.
It is a software-only solution. It’s going to run typically on customer-provided hardware on a Windows 2003 platform.
It does require a Microsoft SQL database on the backend.
You’re going to have one of these per DLP deployment, no matter if you’re installing DLP Network, Datacenter, or Endpoint separately or you’re running all three of them, you will always only have one Enterprise Manager to handle all of your needs. 9

10. RSA DLP Datacenter and RSA DLP Endpoint Sensitive Data Discovery
Discovery Use Cases
Discover and remediate sensitive data and help put into categories based on content and context
Segment High, Medium, Low Impact
Remediate sensitive data by deleting, quarantining, or moving
Highlight areas in need of additional enforcement
Encryption
Access Control solutions
eDRM enforcement products
And now lets take a look at the products themselves. Customers typically begin a DLP deployment with RSA DLP Datacenter and RSA DLP Endpoint Discover. Discovering your sensitive data in the datacenters or on remote workstations is a crucial first step towards lowering your risk profile. Again, if you don’t where it resides you can’t manage and protect it.
Each of these discovery products provide built in remediation capabilities for discovered content such as quarentine, delete, or move to a secure location. Sensitive data located in file systems, databases, systems, content management systems or large SAN/NAS environments is often at the root cause of data loss because these systems have large volumes of users accessing the data. RSA DLP Datacenter maps the data into managable buckets of low, medium, and high impact data based on your risk profile and then highlights the areas in need of additional enforcement.
From a technology perspective RSA DLP Endpoint – Discover can be deployed using either temporary or permanent agents. In temporary mode, the agent completes the scan and then is automatically removed from the system leaving one less agent to worry about. This is one of the key differentaitors of RSA DLP Endpoint – Discover and a major reason many customers have choosen our solution.
For RSA DLP Datacenter is also highly differentiated in the market. With the markets only grid scanning system, RSA DLP Datacenter can scan hundreds of terabytes by leveraging the power of multiple CPUs in the grid. Customers can dynamically add grid workers in the form of additional servers to increase the speed of the scan. RSA is the only technology on the market with this capability and this is the reason Microsoft choose our solution.
With both of these products you can see on the diagram, that a Enterprise Coordinator is deployed at the corporate headquarters as the brains of the system to push the policies out to the remote offices. Associated site coordinators are deployed at all these remote locations take the policies and then assist in deploying them to the grid workers for DLP Datacenter or to help push out the agents and policies to workstations for DLP Endpoint – Discover.

11. RSA DLP Endpoint Sensitive Data Usage Policies Enforcement
DLP Endpoint - Enforce Use Cases
Protect sensitive data on endpoints from being copied, printed, or saved to a unsecure file system or off to a mobile device
The RSA DLP Endpoint - Enforce solution takes a content aware approach to endpoint protection by only limiting actions that involve sensitive data. This approach can be very specific about which users and which actions can be blocked based on the sensitivity level of the data. The distributed agent technology allows the Enforce module to actively monitor laptops and block unauthorized actions on sensitive data even when the laptop is disconnected from the network.
RSA DLP Endpoint – Enforce is distinguished from conventional desktop protection solutions by the ability not only to discover sensitive data but also to enforce controls on the data. Using the Enforce module, organizations can insert fine-grained control at the point of use to ensure the blocking of a specific activity instead of blocking access altogether. To ensure reliable compliance with policy, it tracks all actions performed against sensitive data and blocks those actions not allowed by the policy.
Other end-point solutions attempt to solve the problem by locking down ports and or all attempts to copy data whether it’s sensitive or not. There is usually large pushback from internal groups on these practices because of the nature of our mobile workforce today. Managers do not want to compromise productivity by having ports blocked altogether and limiting the exchange of presentations or other documents as common business practice. We can enforce the actions of files at a fine grain to provide enforcements mechanisms for only the data that matters.

12. RSA DLP Network Sensitive Data Usage Policies Monitoring and Enforcement
DLP Network Use Cases
Passively monitor data leaving the network to understand IT process improvement areas and identify key risk areas
Pass regulatory audits by proving sensitive information is being blocked and or encrypted as it leaves the network
Protect Intellectual Property or Strategy and operations data from leaving the network
Next customers will typically implement RSA DLP Network to protect network egress points from leaking sensitive information. Millions of s and other forms of network communication are sent everyday to keep a company nimble and increase productivity. The downside is that often times these forms of communication include sensitive information in the attachments or even in the body of the message itself. The sensitive data in these transmissions can be intercepted over the wire, unintentionally leaked to a wrong address, or simply be outside normal regulatory compliance guidelines ensuring that s be encrypted.
Any of these types of unauthorized transmissions puts the business at risk one way or the other. RSA DLP Network helps mitigate these risks first by quickly and accurately discovering and analyzing data leaving the network at egress points, this is accomplished by monitoring data on a span port using a sensor appliance. Customers can also choose to deploy the product in an inline active mode using an interceptor appliance which provides proactive enforcement via centralized data security policies from the Enterprise Manager. Many customers use this technology to first understand what data is leaving the enterprise and then deploy interceptors to block and/or encrypt sensitive information to protect customers, pass regulatory audits, or maintain competitive advantage.
On the diagram, you can see the enterprise manager helps push out the policies to a sensor and/or interceptor appliance located at the network egress points. The sensor appliance is deployed at network egress points to monitor data on a span port, the interceptor appliance can be added inline to provide blocking capabilities for data in motion, or works in conjuction with partners to encrypt s. A optional ICAP server, [not shown], can also be installed at the egress points that connects to a bluecoat box to monitor and enforce webmail.

13. RSA Data Loss Prevention Suite Integration with Microsoft AD RMS
Legal
Outside law firm
Others
View, Edit, Print
View
No Access
Contracts
RMS
1. MS AD RMS admin creates RMS templates for data protection
Microsoft AD RMS
2. RSA DLP admin designs policies to find sensitive data and protect it using RMS
RSA DLP
Find Legal Contracts
Apply Legal Contracts RMS
Contracts
DLP Policy
As a first step, RSA is integrating Rights Management Services (RMS) and Microsoft Active Directory (AD) Group functionality into the DLP 6.5 release available in December 2008
RMS is Microsoft’s enterprise digital rights management platform (eDRM). RMS integration with RSA DLP Datacenter and DLP Endpoint Discover means customers can automate the application of RMS policies to documents based on the sensitivity of data. Support for EMC’s eDRM solution, Documentum Information Rights Management (IRM), is planned.
I’d like to walk you through a use of how DLP and RMS work together.
The first step is for the RMS administrator to create RMS templates for data protection. In this example, the RMS administrator creates a Legal contract RMS, where the legal department can view, edit, and print a document, while an outside law firm can only view it, and others have no access to it.
The next step is for the DLP administrator to design policies to find sensitive data and then apply RMS as a control to protect that data. In this example, the DLP administrator creates a policy called Contracts, where is a legal contract is found, the legal contracts RMS is automatically applied.
Then RSA DLP discovers and classifies the sensitive legal contracts and applies the legal contracts RMS template.
At this point, the policies and controls are in place.
Now, when a user requests a legal file on SharePoint, DLP will have discovered that this is a legal contract, and RMS will automatically apply controls based on who the user is. So in this example, the legal department can view, edit, print the legal contract, while the outside law firm can only view the legal contract, and others have no access.
The key takeaways here are that with the RMS and DLP integration, customers can automate the application of RMS protection based on sensitivity of data for data at rest on endpoints and in the datacenter discovered by DLP Endpoint Discover and DLP Datacenter.
Additionally, not shown in this diagram, but also part of the integration is that customers can leverage the AD group integration with DLP Network and DLP Endpoint Enforce to perform identity or group aware data loss prevention.
[Prompt] If customer uses RMS today, ask them how they use it. How do you ensure that users are following company policies? Is it widely used across the enterprise? Is it used across company boundaries? Is this integration useful to secure your legacy documents?
5. Users request files - RMS provides policy based access
Legal department
Outside law firm
Other
3. RSA DLP discovers and classifies sensitive files
4. RSA DLP applies MS AD RMS controls based on policy
Laptops/desktops
File shares
SharePoint

14. RSA DLP Benefits: Policy & Classification
More policies and better policies for classification and risk mitigation
Unified policy framework
Best of breed classification
150+ built in policy templates
Information Policy and Classification team
Highest accuracy per Wipro analysis
Policies
need to address a range of regulations across a range of geos?
What will be the effort to build policies and classify your data?
What will be the resulting accuracy of your solution?
Information Policy and Classification Team provides finely-tuned policies, content types and classification libraries -- yield highest accuracy ratings in the industry
More out-of-the-box: More policies. More places. More content types.
E.g. More state regulations, UK, France, Germany, and soon Spain, Italy, Netherlands, Sweden, ANZ
Benefits
Faster time to value  Less to setup and tune
Lower TCO  Fewer false alerts to drain your people
Classification
You rarely need to find one type of content. More often the challenge is finding combinations of content (e.g. credit card numbers, near proper names. More serious if it has PIN numbers.)
This is the biggest factor in accuracy. False alerts will drain your people. Mistakes will disrupt your business.
Content correlation allows you look for and correlate combinations of data
Example: Proximity; Is First/Last Name near a state driver’s license.
Lower TCO  Fewer false alerts require fewer people.
Time to value  Less tuning lowers your setup costs.
Less Disruption  Mistakes will block valid user work 14 14

15. RSA DLP Benefits: Identity Awareness
Identity awareness for classification, controls and remediation
Identity-based Policy
E.g. Group x can send data y out
Identity-based notification
E.g. Notify the persons manager
Identity-based control
E.g. Lock this data so only group x can open
Integration with Microsoft Active Directory
We can leverage AD groups on the network and the endpoint.
Our integration with Microsoft RMS provides group specific controls, and enables protection beyond the boundaries of your company.
Benefits
Lower Risk  We can catch things specific to a given group
Lower TCO  Automatically involve people the data owners or relevant BU to resolve their own problems.
Less Disruption  Automated response based on the what and the who. Involving the right people for a more appropriate response. DRM provides transparent protection – even beyond the company 15 15

16. RSA DLP Benefits: Incident Workflow
Consolidated alerts with the right information to the right people for the right actions
Intelligent correlation of events into incidents
Right alerts to the right people in the right order
Intuitive workflow to remediate violations
Scheduled reports sent to subscribers automatically
Integration with RSA enVision to simplify security operations
Will you get lots of alerts for the same incident?
Will you get the relevant info to remediate without digging for it?
Can you get the alert to the right person/people in the right order?
We correlate and group events so you get a single alert for an incident.
We provide all relevant information for the event
We can leverage AD groups for notification workflow and make it easy to get the incident to the right people
Benefits
Less Disruption  Involving data owners and giving them the right info, results in better responses
Less People  Less effort on incident handling. Fewer alerts to sort through. Alert routes all pertinent info to the right person 16 16

17. RSA DLP Benefits: Enterprise Scalability
Scan more data faster with lesser hardware and resources
Support distributed deployments
Scale to 100’s of thousands of users
Unique Grid Scanning technology
Scan large amounts of data faster and cheaper
Deployment
Do you have distributed sites?
Will you need dedicated scanning servers at those sites?
What’s involved with installing, configuring, and provisioning those scanning servers? Do you have to figure out which scanners need to be applied to which servers
You can use your existing hardware. It doesn’t have to be dedicated to us. It can even be temporary. Give us IP addresses -- we take care of the rest
Automatic Scan Optimization figures out how best to leverage your scanners to analyze your servers as fast as possible.
Benefits
Less HW to buy  Use existing HW, and only when needed.
Less effort to setup/maintain  less time installing, provisioning, optimizing
Discovery
Do you have any big Sharepoint sites, erooms, or file shares?
How long will they take to scan? Not just incremental scans – but full scans (e.g. for new or changed policies)
Multiple agents or servers can analyze large repositories in parallel – cutting down scan times by orders of magnitude (our unique Grid technology)
You don’t have even have to think about it. You tell us which servers can be used for analysis on any given site. RSA will optimize them automatically
Faster time to value  Get actionable results sooner.
Less Risk  Faster scanning means smaller risk windows
Lower TCO  No time spent optimizing scans 17 17

18. RSA DLP Benefits: Built-in Vs. Bolt-on
Common policies across the infrastructure – Microsoft, Cisco and EMC
Leverage your existing infrastructure
Microsoft: Integration with Microsoft RMS, will also integrate RSA DLP data classification engine and policies into Microsoft infrastructure
Cisco: Integration with IronPort
EMC: Integration with Documentum, Celerra, SourceOne, etc.
Talking Points:
As your use of DLP grows, will you be able to leverage your existing infrastructure, or will you be managing more point tools?
Do you want DLP built-into Anti-virus, or across your entire infrastructure?
As DLP blends into the infrastructure we are making RSA DLP future ready by working with major infrastructure vendors such as Microsoft, Cisco and EMC
Benefits:
Less Risk  Enterprise wide coverage. Catching things anywhere
Less Cost  Leverage your existing infrastructure. Less things to buy, deploy and manage 18 18

19. Jak začít? Službou RSA DLP RiskAdvisor Service
Nalezení nechráněných citlivých dat
Doporučení k nápravě
Výhody služby DLP RiskAdvisor
Prioritizace
Kde začít?
Jaká data jsou v největším ohrožení?
Rychlost
Otázka max. několika týdnů.
If you are like many customers, you may be wondering how to begin with a data loss prevention project, especially when the task of securing all of your sensitive information can seem overwhelming. An easy way to get started is with RSA’s DLP RiskAdvisor Service. With RSA DLP RiskAdvisor, you can quickly gain visibility into where your sensitive data is unprotected and be given concrete remediation recommendations to reduce the risk of sensitive data loss.
For example, a financial services customer recently experienced excellent results with an RSA DLP RiskAdvisor implementation. The overall objective was to understand risks to the business with regards to sensitive information residing on laptops across the company and then initiate follow on steps to remediate that risk. After interviewing the business stakeholders to uncover the business drivers, RSA conducted an initial scan and found over 240,000 documents correctly identified as Credit Card numbers. Next, a detailed analysis of the data set uncovered that a portion of those files were actually test data sets their engineering group had used to test solutions. Upon filtering those files, there were still 70,000 sensitive files identified and tagged. As a result, RSA delivered a detailed findings report and sent s to each end user requesting that they either delete or encrypt the sensitive files identified. Ultimately, RSA was to show end users that they not only had risks in the MyDocuments folders, but also found meaningful sensitive data in the temp folders and recycle bins. A follow up scan later located only 18,000 files, thus lowering the overall risk to the business and setting a new security process in motion through education. Next steps will be to implement new IT processes to automatically delete the recycle bin and temp folders when users shut down their machines.
RiskAdvisor implementations come in fixed price/fixed scope implementations (500 endpoints/1 TB of file shares (called RiskAdvisor – Express) or 2,500 endpoints/5 TB of file shares (called RiskAdvisor - Department) or can be customized to your unique requirements.
The benefits of the service are;
Prioritization: Quickly prioritize next steps- Where should you start? What are your key risks?
Cost: Highly cost effective; services start at $30k
Fast: Results can be delivered in as little as 3 weeks
Note to presenter:
DLP RiskAdvisor is different from a product proof-of-concept and it should not be positioned as such. It differs in that the level of effort expended by our professional services organization is greater. We help customers determine the search criteria, we validate whether business process is contributing to the potential for data loss and we provide remediation recommendations and considerations that could include “people, policy, process and product” type controls. Pricing for the entry-level RiskAdvisor Express service starts at $30,000 and those customers who purchase a product license within 30 days of delivery will receive credit on the product purchase. A more detailed presentation on the RSA DLP RiskAdvisor service can be found on the SRC.

20. RSA DLP zákaznická studie
Challenge:
Protecting HBI (high business impact) data
PII, PCI & Intellectual Property
Exponential growth has scattered data throughout the company
30,000 file shares, 120,000 SharePoint sites
Solution:
Implemented RSA DLP Datacenter
Selected based on scalability, performance and precision
Results:
Leveraged RSA DLP Datacenter Grid Processing, with 10 machine grid
Scanned over 100 TB of data
Follow-up incremental scan completed in 1/2 day
Established proactive and continuous process protecting confidential data (HBI)
Entire service managed by two staff members
In one of the largest installations of DLP in the world, Microsoft deployed RSA DLP Datacenter to protect what they deemed High business impact data including PII, PCI, and even sensitive IP. Microsoft choose RSA DLP Datacenter because it was the only technology on the market that was truly Enterprise Datacenter capable with it’s grid processing capabilities providing parallel processing of grid workers to achieve maximum scalability and performance. Accuracy was a key consideration in choosing RSA DLP.
Ultimately, they ended up scanning over 30,000 file shares and 120,000 sharepoint sites across the Datacenter. They achieved this using 10 grid machines scanning 12 TB of data in less than 10 days. The follow up incremental scan was completed in just hours. The results were that they established a proactive continuous process for protecting their confidential high business impact data were able to add additional control and enforcement mechanisms along with robust workflow to reduce their loss of competitive advantage and regulatory exposure.

21. RSA DLP zákaznická studie
Challenge:
Level 1 Processor of credit cards, concerned with risk of PCI-DSS non-compliance
Impending PCI audit, must demonstrate compliance
Transmit 1M+ s per day, ~2,000 contain sensitive data
Solution:
Implemented RSA DLP and Voltage IBE for encryption
Selected based on precision and automated enforcement capability
Results
Consistently achieve 99.8% accuracy detecting PCI data
Automatically encrypt transmissions containing PCI data
Effectively passed PCI audit
A tier 1 global retailer implemented RSA DLP Network to monitor and enforce s containing regulatory information to improve their compliance posture. In this case, the retailer had over 1 Million s a day leaving the network with approximately 2000 of them containing sensitive information. They needed to demonstrate compliance by proving those s were leaving the network egress points encrypted. For this deployment RSA teamed up with Voltage to provide encryption based on RSA DLP policies.
Again RSA was chosen because of their scalability, performance, and accuracy. The company was able to achieve 99.8% accuracy detecting PCI data, automatically encrypt sensitive s, and then effectively pass their PCI audits.

22. Hlavní výhody RSA řešení
Přesnost
Nejvyšší přesnost při identifikaci citlivých dat v celém DLP segmentu, zejména díky speciální kontextové analýze, nastavení vah a pravidel.
Rozšiřitelnost
Od megabytů přes terabyty až po petabyty, RSA DLP zpracuje jakkoliv rozsáhlé informační systémy, a to díky gridové architektuře na úrovni datových center a agentům pro koncové stanice.
The three key differentiators of RSA DLP Suite are Accuracy, Scalability and Ease of use.
Customers don’t want to block legitimate data, and they don’t want to miss a serious breach. RSA DLP is the market leader in terms of accuracy as measured by 3rd party. [Note: Please refer them to the Tolly group report on the SRC] This is achieved through a 3 Tiered Analysis: Detection, context and usage/handling rules.,
Scalability is all about speed and performance. It is essential if the deployment is going to grow beyond a pilot for a single department.
5 times competitive performance is achieved with RSA DLP by using multi threaded analysis and parallel processing. Where other systems transfer data across the network and analyze centrally, the RSA DLP suite agent architecture analyzes data locally. The grid system for analyzing file servers and storage can spread processing across multiple servers to achieve incredible performance. RSA DLP is the only solution capable of simultaneously scanning 1000’s of systems.
For the DLP Network product speeds close to gigabit capture and analysis across multiple protocols are obtained
The Ease of Use and Ease of Management is a key differentiator.
RSA DLP has an Integrated management console which unifies policy, workflow, reporting and administration of all components (Datacenter, Network and Endpoints).
The solution comes with 100+ out-of-the-box data detection and policy templates that are completely customizable and reusable.
Finally, the centralized dashboard summarizes overall corporate risk levels, and remediation areas across the enterprise
Jednoduchost
Centralizovaná správa bezpečnostních politik, intuitivní uživatelské rozhraní, přes 150 předpřipravených politik pro celosvětově běžně zpracovávaná citlivá data.