Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010

Sophos, Simply Secure

Changing security landscape PCI-DSS HIPAA CSB 1386 GLBA 95/46/EC Contractors, outsourcing Partners, customers Web 2.0 Mobile workers Firewall Corporate data $ Customer data Intellectual property Personally identifiable information Targeted...targeting commercial data Complex threats.... Web-based, Invisible Fast changing Regulatory disclosure and reputation damage Digital generation set looseInformation theft – not graffiti

Headlines are the tip of the iceberg 5 Brand damage Loss of customers Incremental internal costs Direct costs of intellectual property loss

How is this data exposed? Insider theft accounts for only 5-15% of the data loss Most data breaches are accidental Only 2.4% were prevented by protective measures (e.g. encryption) 6

What data is at risk? 7 Process Work Knowledge Work Well-defined responsibilities Well-defined workflows Dealing with PII Risks: - Non-compliance - Criminal prosecution - Brand / reputation damage Changing roles / assignments Unstructured data Company information assets Risks: - Competitive damage - Loss of partner trust Personally identifiable information Intellectual property Customer data

Business challenge Conflicting Goals! Challenge of Data Loss Prevention 8 Enable productivity, mobility and flexible “web 2.0” working Comply with regulation Avoid damaging data loss There is no “100% DLP” but also

Simply Secure Data Loss Prevention 9

Four elements of an effective DLP strategy Control the user environment by restricting data exit points Control devices, applications, and web usage Ensure security policy compliance Protect confidential and sensitive information Full disk, removable storage and file encryption encryption Prevent leakage of personal identifiable information Comprehensive coverage of personally identifiable information types Continuously assess, audit, report and enforce on endpoint and gateway Classify intellectual property and sensitive business data Empower knowledge workers to classify sensitive business data Apply classification to existing documents and data sets 10

Control user environment 11 Data loss objective: Significantly reduce risk by managing what users can do on data exit points Sophos solution provides granular control of: Storage devices and network interfaces Applications Web site access Continuously monitor user behaviour and enforce security policies SophosLabs provide the domain expertise: Managed application definitions (P2P, IM, Remote Access) Managed web site categories (webmail, social networks, IM) Indentify over 150 file formats using “True File Type” technology

Protect confidential and sensitive information Data loss objective: Data encryption is the ultimate data loss insurance policy Sophos solution protects data where it is most exposed: Laptops Removable storage and optical media Server file shares Data protection platform: Enterprise mangement console and key management Integration with Active Directory Transparent file and folder encryption Audit compliance 12

Prevent leakage of PII Data loss objective: Tackle the highest risk of regulatory infringement and brand damage Sophos solution covers all critical data leakage points: Storage, web, and IM Fully integrated into core endpoint and gateway products SophosLabs provide the content expertise: Over 100 expert definitions of personally identifiable information Administrator decides appropriate enforcement action: Audit – silent background monitoring of events Training – audited end user authorisation Enforcement - encrypt or block transfer 13

Classify and protect documents Data loss objective: Protect high value intellectual property and operations data Sophos solution is designed to empower knowledge workers: Define classification levels within policy Enable end user to tag and classify new documents Embed classification within document Scan for and classify existing documents using document context Enforce policies for classified documents on endpoint and gateway Integrated with enterprise encryption solution: Leverages existing user identity and permissions Provides workable enterprise rights management 14

Sophos Data Loss Prevention 15

Solutions designed to meet a need 16 Process Work Knowledge Work Comply with regulations Protect data using full disk encryption Prevent leakage of PII from endpoints Prevent leakage of PII from and web gateway Data at resting scanning of PII on endpoints Protect company assets using encryption and classification. Detect leakage of IP via common leak points. Classify and protect IP at the point of creation. Persistent tagging Identify and protect IP using automated classification and data at rest scanning.

SafeGuard Enterprise Your key to data protection with encryption 2. Encrypt laptops, desktops 6. Secure network file shares 1. Consistent policies, mgmt. of keys & certificates 3. Encrypt removable media 4. PC port control & DLP 5. Manage external security products (*) Future release

Safeguard Mail Gateway overview Client sends out in plain text 2. Server forwards to Content-Filter 3.Content-Filter forwards to SGMG 4.SGMG evaluates Security Policy and cryptographically handles the accordingly 5.SGMG delivers to the Recipient a.External Communication Partner sends an encrypted b.SGMG identifies encrypted and decrypts this . The is now in plain- text. c.SGMG forwards to AV-Scanner d.AV-Scanner checks and forwards the to the Server e. Client receives in plain text edc b a

DLP Implementation Tips Senior management sponsorship Cross-functional team Identify PII data types Prioritize risks Data security policies End-user education Warn before blocking

Questions? 20