Presentation is loading. Please wait.

Presentation is loading. Please wait.

By The Wanderers Securing Cision’s Confidential Data with Data Loss Prevention Systems.

Published byMadeline Ferguson Modified over 9 years ago

Similar presentations

Presentation on theme: "By The Wanderers Securing Cision’s Confidential Data with Data Loss Prevention Systems."— Presentation transcript:

1

2 By The Wanderers Securing Cision’s Confidential Data with Data Loss Prevention Systems

3 Outline of contents  Business Problem and Requirements [ Scott ]  Data Loss Prevention (DLP) Solutions [ Angel ]  Proposed Solution [ Koonal ]  Vendor Comparisons and Architecture[ Wander ]  Company implementation & Conclusion[ Scott ]

4 Business Problem Problem  Cision needs the capability to exchange confidential information securely and easily. Cision  1200 Employees, 30+ offices, 8 countries  Confidential Data  Credit Card / Client Information  Customer privileged data  Employee personal data  Business Confidential data  Secure data from  Employee Error, Employee Theft

5 Business Solution Requirements Business Solution Requirements Required  Meet the Payment Card Industry (PCI) requirements for credit card handling  Prevent client, business or employee data from being incorrectly disclosed internally and externally  Global capabilities with central configuration and enforcement Out of Scope  Anti Virus, Firewall, Intrusion Detection Systems, Email Spam Filtering  Limited Other legal requirements: No HIPPA or SOX requirements

6 Source: http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2008-04-techlinks/data-protection.jpghttp://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2008-04-techlinks/data-protection.jpg

7 DLP Background Definition of Data Loss Prevention  Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use, through deep content analysis. - Rich Mogull of Securosis Other TLAs  Data Loss Protection  Data Leak Prevention/Protection  Information Loss Prevention/Protection  Information Leak Prevention/Protection  Extrusion Prevention System  Content Monitoring and Filtering  Content Monitoring and Protection

8 DLP Background Identify where holes or exit points where leaks may occur  Instant messaging (Yahoo Instant Messaging, Windows Live)  P2P file sharing (e.g. LimeWire case as reported by LA Times)  Media streaming  Web mail (Yahoo mail, Gmail, Hotmail)  USB storage devices (ZDNet story from UK)  Removable drives  Devices connected through external ports (Firewire, serial, parallel)  FTP server  Printouts

9 DLP Background Source: Securosis.com http://securosis.com/images/uploads/Pragmatic_Data_Security-_Data_Protection_DecisiionsV2.006_.pnghttp://securosis.com/images/uploads/Pragmatic_Data_Security-_Data_Protection_DecisiionsV2.006_.png

10 How data are flagged and identified  Initial predefined policies  Social security numbers  Prescribed in HIPAA, SOX, GLBA, etc. (Bank account numbers, Credit card numbers)  Customized categories based on client needs  Data Discovery  Looks into the content and not just the file type  Examine context considerations (factor in parent directories, user group matching)  Structured data matching (SSN, credit card numbers, etc)  Unstructured data matching (diagrams, source codes, media files)  Fingerprint the data by using one way hash and saved in the database  Information can then be used to identify confidential data elsewhere DLP Background

11 Three different levels of DLP solution  Data in Motion  Data which uses HTTP, FTP, IM, P2P and SMTP protocols are mirrored in the DLP server for inspection where visibility is enhanced  Data at Rest  Data in file servers, databases, hosts computers set for file sharing, etc.  Data at End Points  Data which sits on end user hosts (workstations and notebooks) DLP Background

12 Technical Feature Considerations  Deep content analysis, monitoring and prevention  Identification and blocking capability  Centralized Management  Central policy setting, dashboard features  Broad content management across platforms and ease of Integration  Review of information infrastructure including software for requirement and compatibility issues  Automated remediation  Transfer confidential files, LDAP lookup, secure purging of sensitive data Business Environment Considerations  Matching with Business Need  Matches defined business need over feature allure  Market Presence  Major presence in the market, financial industry experience  Staffing Needs  Staffing considerations to handle additional responsibilities DLP Background

13 The Selection  Given that the business problem of to be able to exchange confidential information securely and easily,  We believe that a DLP solution have the ability to address such need by identifying and securing confidential data in a comprehensive and efficient manner as described in the guidelines above,  We select Websense as a representative of such DLP solution which has met all criteria mentioned above. Websense  Global leader in integrated Web security, data security, and email security solutions.  Protects approximately 40 million employees at more than 40,000 organizations worldwide  Core strength in Web filtering, discovery and classification of content Source: http://www.websense.com/content/aboutus.aspx Solution Selection Solution Selection

14 Websense Data Security Suite  Data Discovery  Data Protect  Data Monitor  Data Endpoint DLP Solution: DLP Solution:

15 Data Discovery  Software-based solution that remotely scans specified network file shares, databases, email servers, data repositories, and desktops to discover and classify confidential data on these systems  Automated remediation of unsecured confidential data on data repositories, such as encryption, file removal, etc  370 different types of file definitions DLP Solution: DLP Solution:

16 Data Protection  Protects data with policy-based controls that map to business processes  Automated, policy-based enforcement options including block, quarantine, file removal, encrypt, audit and log, user notification in real time. DLP Solution: DLP Solution:

17

18 Data Monitor  Monitors and identifies what customer data is at risk; who is using the data in real time; and where this data is going  Precise ID technology DLP Solution: DLP Solution:

19 Data Endpoint  Provides endpoint security and control over what confidential data is and should be stored (through local discovery)  Who is using it  How it is being used (with what applications)  Where it is being transferred (USB storage, printer) DLP Solution: DLP Solution:

20

21 Websense Data Security Suite in Action (Case: Miss Bea Haven) DLP Solution: DLP Solution:

22 Alternative Vendors (Considerations) Alternative Vendors (Considerations)

23 VendorStrengthsWeaknesses Symantec Industry-leading network discovery and endpoint protection Supports localization in 16 languages Mature deployment methodology Most expensive enterprise license costs Admin Console is not localized (English only) Websense Robust on network discovery and endpoint protection Supports localization in multiple languages and already has global presence Subscription based or perpetual licensing Most appealing to current WebSense clients wishing to leverage existing products RSA(EMC) Robust on network discovery Providing a broad range of DLP inspection capabilities Document fingerprinting content-inspection capabilities. Weak on endpoint protection Limited localized detection and support Alternative Vendors (Comparison) Alternative Vendors (Comparison)

24 Deployment Architecture  Windows Enterprise Network  500 – 2,500 Users DLP Solution DLP Solution

25 Deployment Architecture  Windows Enterprise Network  500 – 2,500 Users DLP Solution DLP Solution

26 Project Implementation Cost Estimates 1st Year Fees / ComponentQtyPriceTotal Websense Data Security Suites1200$65$78,300 Estimated Discount (25% of list)1200-$16-$19,575 Implementation Consulting80$175$14,000 Hardware$18,000 Totals $90,725 Ongoing Fees / Component (Yearly)QtyPriceTotal Websense Data Security Suites1200$65$78,300 Estimated Discount (25% of list)1200-$16-$19,575 Totals $58,725 Company Implementation Company Implementation

27

28 Requirements Support Requirement Websense SupportedNotes Legal RequirementsXPCI Regional / Language RequirementsX8 countries Centralized AdministrationX Auto Identify Confidential DataX Limit End Point data actionsX Industry Recognized LeaderX Other Considerations Limitations / Concerns Software sold as subscription software (yearly ongoing costs) Websense cannot detect data within image Will users be able to easily create new controlled data sets Data Privacy rules are regional and may conflict Company Feasibility Company Feasibility

29  Cision needs to add DLP capabilities to their current security solutions to meet the business needs.  Websense meets the requirements  Websense is well positioned to grow with Cision’s future needs.  Your mileage may vary Conclusion Conclusion

30 Questions? Preguntas? Pangutana? Questions? Preguntas? Pangutana? Tanong? Perguntas? क्वेस्चन्स ? Tanong? Perguntas? क्वेस्चन्स ?

31 DON’T BE A MISS BEA HAVIN!

32

Download ppt "By The Wanderers Securing Cision’s Confidential Data with Data Loss Prevention Systems."

Similar presentations

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
By HAIDER I MOHSIN Securing Confidential Data with Data Loss Prevention Systems.

By HAIDER I MOHSIN Securing Confidential Data with Data Loss Prevention Systems.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.

Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Security Controls – What Works

Security Controls – What Works
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.

FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304.

Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS.

BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS.

Similar presentations

Ads by Google