“ “ Accidental email with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

Slides:

Advertisements

Similar presentations

2 DLP helps to identify monitor protect sensitive data through deep content analysis.

Advertisements

Risk: Got anything to worry about? You probably don’t need to be here if.

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

System glitches Malicious intentOops! 39% 24% 37% 97% avoidable! Online Trust Alliance: 2013 Data Protection and Breach Readiness Guide.

Security Controls – What Works

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304.

Microsoft Ignite /17/2017 2:11 PM

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.

Clinton Ho Program Manager Microsoft Corporation SESSION CODE: SIA311.

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

MEC /22/2017 5:53 AM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

WSV323. CSO/CIO department Regulation translated to control objectives Infrastructure Support Control objectives turned into control activities.

Demos Sharing a document B2B Protected with Policy Tips Departmental Templates Mac Outlook Protected PDF OneDrive / SharePoint Document Tracking.

Florida Information Protection Act of 2014 (FIPA).

Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.

SPAM Settings. The ExchangeDefender Admin Site is a powerful tool that gives you access to all of the benefits ExchangeDefender has to offer, from the.

Ankur Kothari Microsoft Corporation. In-Place Archive with secondary quota Access documents with SkyDrive Pro Site Mailboxes enable better collaboration.

 Searching PST folders for legal discovery is costly  Multiple regulations require complicated archiving processes.

Module 7 Planning and Deploying Messaging Compliance.

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

OTM 6.1 / GTM Update and Agility China Case Sharing.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.

Information explosion 1.4X 44X Protect communications.

Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |

Your data, protected and under control wherever they go SealPath Enterprise – IRM

Protect communications Conditions Actions Exceptions Conditions Actions Exceptions.

Data Loss Prevention and Information Rights Management in SharePoint Tim Beamer, Plus Consulting

Data Loss Prevention (DLP) in Microsoft Office 365

ActiveSync & DLP management in Exchange Online

Intro to Data Loss Prevention In SharePoint 2016\Office 365

Data Loss Prevention in Office 365

Encrypted from CDS Office Technologies

Florida Information Protection Act of 2014 (FIPA)

Deployment Planning Services

Exchange security and protection

Protect sensitive information with Office 365 DLP

7/23/2018 6:01 PM BRK2282 Protecting complete data lifecycle using Microsoft’s information protection capabilities Gagan Gulati Alex Li Principal.

Protect your data in Office 365 with Data Loss Prevention

Extending classification ,labeling , and protection to 3rd party applications Kartik Microsoft Tony Digital Guardian Amit Cohen.

Understanding best practices in classifying sensitive data

Florida Information Protection Act of 2014 (FIPA)

Data Loss Prevention in O365:The Basics

Azure Information Protection

Office 365 Security Assessment Workshop

Protect your OneDrive and SharePoint files on mobile devices

11/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Customize and Tune Microsoft Office 365 Data Loss Prevention

Azure Information Protection

Azure Information Protection

Azure Information Protection

Security in SharePoint and Teams with DLP, IRM, and AIP

Top 10 Tips for GDPR Compliance in Office 365

Encryption in Office 365 Shobhit Sahay Technical Product Manager

Data Loss Prevention in Office 365

IN THE PAST, THE FIREWALL WAS THE SECURITY PERIMETER devicesdata users apps On-premises.

4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Data Loss Prevention in Office 365

Colorado “Protections For Consumer Data Privacy” Law

Make it real: Help your customers comply with the GDPR

Comodo Dome Data Protection

Security in SharePoint and Teams with DLP, IRM, and AIP

Presentation transcript:

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

Data Loss Prevention in Exchange Helps to identify monitor protect sensitive data through deep content analysis Identify Protect Monitor End user education

Policy distribution Contextual policy education DLP policy configuration Backend policy evaluation Audit & incident data generation Admin Information workers DLP system walkthrough

Integrated into Exchange Transport Rule (ETR) engine Runs in categorizer during OnResolvedMessage Integrated as a new ETR predicate Performs text extraction for body & attachments followed by classification Can be combined with any existing predicates & actions Text extraction Transport rule agent Classification

DLP Policy Enforcement Flexible tools for policy enforcement that provide the right level of control Transport Rules Rights Management Data Loss Prevention ALERT CLASSIFY ENCRYPT APPENDOVERRIDE REVIEW REDIRECT BLOCK

Built-in templates based on common regulations Import DLP policy templates from partners Build your own

Predefined rules targeted at sensitive data types Advanced content detection Combination of regular expressions, dictionaries, and internal functions (e.g. validate checksum on credit card numbers) Extensibility for customer and ISV defined data types

CountryPIIFinancialHealth US US State Security Breach Laws, US State Social Security Laws, COPPA GLBA & PCI-DSS (Credit, Debit Card, Checking and Savings, ABA, Swift Code) Limited Investment: US HIPPA, UK Health Service, Canada Health Insurance card Rely on Partners and ISVs Germany EU data protection, Drivers License, Passport National Id EU Credit, Debit Card, IBAN, VAT, BIC, Swift Code UK Data Protection Act, UK National Insurance, Tax Id, UK Driver License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Canada PIPED Act, Social Insurance, Drivers License Credit Card, Swift Code France EU data protection, Data Protection Act, National Id (INSEE), Drivers License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Japan PIPA, Resident Registration, Social Insurance, Passport, Driving License Credit Card, Bank Account, Swift Code Australia Drivers License, Passport, Social InsuranceCredit Card, Bank Account, Swift Code

Examples: Joseph F. Foster Visa: Expires: 2/2015 Get Content  a 16 digit number is detected RegEx Analysis  matches checksum  does NOT match Function Analysis 1.Keyword Visa is near the number 2.A regular expression for date (2/2015) is near the number Additional Evidence 1.There is a regular expression that matches a check sum 2.Additional evidence increases confidence Verdict

Fabrikam Patent Form Tracking Number Author Date Invention Title Names of all authors... Get Template Content 1.Condensed representation of the template content 2.Document is not stored 3.Stored as a sensitive information type Create Fingerprint Fabrikam Patent Form Tracking Number Author Alex Date 1/28/2014 Invention Title Fabrikam Green Energy... Get Content 1.Temporary in memory representation 2.Used for comparson with source fingerprint created at config time Create Fingerprint 1.Compare the two fingerprints 2.Evaluate a ’containtment coefficient’ to declare template contained in content Verdict CONFIGURATIO N RUNTIME CLASSIFICATION RULE with FINGERPRINT GENERATION Evaluation + verdict

Empower users to manage their compliance Contextual policy education Doesn’t disrupt user workflow Can work even when disconnected Admin customizable text and actions Outlook OWA User education

Custom DLP content: Supplemental DLP policy rules Supplemental DLP classification rules Incident reports integration with custom workflows Custom reporting solutions

Deep content analysis engine 46 OOB sensitive information types 40 OOB DLP Templates Support for 3rd party defined DLP policy templates Policy Tips in OWA and Mobile OWA Advanced Document Fingerprinting in Exchange, Outlook, and OWA 5 new OOB sensitive information types Policy Tips in Outlook 2013 Contextual user education and empowerment Incident management Rich reporting

Exchange 2013 DLP introduction DLP policy templates Managing DLP policies OOB DLP policy templates Policy tips in Exchange Supported file types MessageStats Quick Guide

Q&A