BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS

BEW GLOBAL’S DLP EXPERTISE Global Support in 130 countries Manage DLP Solutions in 22 Countries Daily Management of 1,000,000+ Users Deployed 400+ DLP Projects Completed 500+ Assessments Localized Chinese DLP Practice (2011) 1st Managed DLP Services Provider (2008) VENDOR RECOGNITIONS Symantec Master Specialization DLP Partner RSA’s Only Authorized Managed DLP Partner Websense Certified TRITONs – More than any other partner, 10 Olympians & 5 Gladiators

BEW GLOBAL SERVICES BEW GLOBAL’S CORE DIFFERENTIATORS Methodology based on the cornerstones of ISO Plan-Do-Check-Act Leverage our proven Quality Management System (QMS) to drive continuous improvement Reduce risk and increase operational efficiencies

SECURITY CONTINUUM

BEW Global works in cooperation with customers to plan, implement and maintain a Critical Asset Protection Program (CAPP) that clearly defines what assets are deemed most important to the customer organization based on revenue, income, reputation and core operational impact.. BEW GLOBAL’S PROVEN APPROACH

REALISTIC SCOPE, MEASUREABLE RESULTS Through a comprehensive interview and information gathering process, BEW Global works with the customer to develop a realistic Critical Asset Protection Program ( CAPP ) scope that defines the assets as well as the core attributes of those assets in regards creation, storage, usage and transmission.

CONTENT TYPES

USE CASE: DLP PRE-PROJECT STATE Organization Overview: Manufacturing firm of 30,000 employees operating in 50 countries globally DLP Scope: Protection of Intellectual Property (General) DLP Primary Issue: Lack of staff and buy-in from business owners who handle critical assets Application Management: Most information security tools operated and “managed” by IT or networks Policy Governance: No internal resources with any experience with DLP policy construction Incident Triage: Lean staff of Infosec staff already buried by SIEM and other tools output Event Management: Informal event management process with little feedback to the business Reporting and Metrics: Zero customized reports. Very little business analysis provided Status: Charged with implementing DLP to protect Critical Assets, specifically product IP

INTELISECURE QUALITY MANAGEMENT SYSTEM

USE CASE: POST-PROJECT STATE Organization Overview: Defined specific business units to initiate program DLP Scope: Focused on 3 specific product lines linked to highest revenue & earnings DLP Primary Goal: Identification of unauthorized movement of specific elements of IP Application Management: Operated by a combination of IT, messaging & desktop management teams Policy Governance: 100% customized policies based on data collected from business unit Incident Triage: Daily review of incidents by BEW Global Intelisecure Managed Services team Event Management: Incidents meeting severity criteria routed to business unit for investigation Reporting and Metrics: Behavioral pattern analysis leading to preventive actions Status: R&D teams have high-level of confidence in ability to identify leakage of IP

PITFALL 1: NO PLAN OF ATTACK

5 Pieces of DLP Advice You Can’t Afford to Ignore 17 PITFALL 2: FAILURE TO ENGAGE THE BUSINESS

5 Pieces of DLP Advice You Can’t Afford to Ignore 18 PITFALL 3: INADEQUATELY TRAINED RESOURCES

DATA LOSS PROTECTION PITFALLS: Missing the Target – False Sense of Security Mis-configured Tap or Port Span Problem Missing segments of network traffic or protocols Solution Comprehensive test plan that maps to in scope business processes and related data types transmitted from various network locations to ensure all relevant data streams are being captured. Encryption – The Masked Data Problem Analysis of data DID NOT take place prior to encryption. Solution Comprehensive test plan that proves ALL DLP data assessment takes place prior to the gateway encryption & implement managed “test” DLP policies that identify encrypted transmissions as part of the test plan. Misfire of Network Discovery Scans Problem Locations of sensitive data never targeted by the organization for scanning due to lack of an effective policy governance process. Solution Identify potential data stores by discussing the DLP program with staff to understand process. Network versus Endpoint Discovery Problem Running DAR scans using a combo of network & endpoint without thinking about which policy types & detection methods are not the same. Solution Prior to acquiring DLP solution, have an understanding of the data types that make up your target environment & then, decide on scanning method..

The Pandora’s Box of DLP Environment Assessment Staying in Contact User Performance Impacts Network/System Performance Impacts Problem No rigorous endpoint environment assessment prior to the selection of the application & enablement. Solution Address age of environment, performance capabilities, technical & human issues, & load of applications, in conjunction with education on the DLP endpoints. Problem Failure to monitor endpoint population & their frequency of “checking-in” to the management server with validated results. Solution Phased deployment of endpoint with validation via test plan on initial success of ALL agents & on- going endpoint agent health reports. Problem Implementing same policies for network based & endpoint assessments without testing or modification. Solution Utilize a comprehensive test plan outlining specific metrics (time to open files, open/send s, open applications) prior to deployment. Problem Failure to calculate & measure the impact of endpoint policy traffic across wide & local area network connections. Solution Thorough assessment of endpoint policies that addresses all of the concerns including policy design requirements, timing, frequency & delivery methods. DATA LOSS PROTECTION PITFALLS:

BEW GLOBAL IS THE CHOICE OF MARKET LEADERS CLIENTS INCLUDE UNIVERSITIESINSURANCE HEALTHCARE FINANCE TOP 50

BEW GLOBAL IS THE CHOICE OF MARKET LEADERS CLIENTS INCLUDE MANUFACTURINGOIL & GAS RETAIL/ENTERTAINMENT

Questions?