Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Awareness and Data Loss Prevention Effective DLP David Miller Sr. Director, Security Products October 15, 2009.

Published byVirgil Stewart Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Awareness and Data Loss Prevention Effective DLP David Miller Sr. Director, Security Products October 15, 2009."— Presentation transcript:

1 Identity Awareness and Data Loss Prevention Effective DLP David Miller Sr. Director, Security Products David.miller13@ca.com October 15, 2009

2 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. >DLP is the ability to dynamically identify and prevent the loss and misuse of data across the enterprise  DLP protects against the “insider threat”  Many companies have implemented solutions to protect against the “external threat” but not the “insider threat” What is DLP (data loss prevention)? 2

3 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. Personally Identifiable Information (PII) Personal Health Information (PHI) Sensitive data 3 IndustryPrimary Data Type(s)Other Financial ServicesNPI, PIIIP HealthcarePHI, PIINPI Life SciencesIP, NPIPII High TechnologyIP, NPIPII RetailPII, IPNPI Professional ServicesIP, NPIPII Public SectorPII, NPIPHI Intellectual Property (IP) Non-Public Information (NPI) Structured vs. Unstructured

4 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved.  3:5 firms experience a data loss or theft event 1  9:10 data loss or theft events go unreported 1  1:5 employees have emailed confidential data from their corporate account to a personal one 2  1:2 business travelers carry sensitive corporate data on their laptops 3  1:2 workers have lost portable devices containing work-related data 4 And there’s a lot of it.  58% Annual growth of electronically stored and shared data  100M Licensed copies of SharePoint in the world Your sensitive data is at risk 4 1 – http://www.ponemon.org/news-2/7http://www.ponemon.org/news-2/7 2 – http://blog.proofpoint.com/research-and-surveys/http://blog.proofpoint.com/research-and-surveys/ 3 – Dell + Ponemon SurveyDell + Ponemon Survey 4 – http://www.securestix.com/bad_news.phphttp://www.securestix.com/bad_news.php

5 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. 1.Intellectual property sent to external parties 2.Unprotected employee 401k information sent to unauthorized parties 3.Payroll data sent to personal email addresses 4.Draft press releases sent to outside counsel 5.SSNs, credit card numbers, and account numbers exposed across the enterprise 6.Financial and M&A plans posted to message boards 7.Source code and resumes sent to competitors 8.Internal memos leaked to non-corporate parties 9.Significant amounts of inappropriate employee behavior (HR-related) 10.Medical and patient information copied to removable media Common violations 5 Unauthorized copies of customer credit cards were emailed to an outside account Date: 2009-05-28 Organization: Sony Corporation of America Lost thumb drive contained medical and financial records for 1,200 patients Date: 2008-08-06 Organization: Harris County Hospital District

6 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. Data loss events can (will) lead to… 6 Regulatory Sanctions Reputational or Brand Damage Customer Attrition Significant Fines Loss of Competitive Advantage(s) Business Disruption Clean-up and Damage- Control Costs

7 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. 3 key customer challenges Where is my sensitive data going? And… Who is using data – and why? How do I educate users on data use policies? How do I control data with minimal IT burden? Where is my sensitive data stored? And … How do I recognize corporate secrets? How do I discover data required by regulations? How do I take action? How do I effectively remediate data loss? And… How do I reduce unauthorized data access and propagation? How do I improve compliance attestation?

8 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. Data Protection Done Right ENDPOINTNETWORK MESSAGE SERVER STORED DATA 8 Control at all locations Configurable policy Complete review Common platform

9 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. How DLP works: real-time email 9 1.User sends an email with sensitive information 2.CA DLP analyzes the content and context dynamically 3.CA DLP warns the user that the email violates security policy Demo adding Classification that will cause an alert

10 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. How DLP works : data at rest 10 1.A process is initiated to scan SharePoint repositories 2.CA DLP dynamically analyzes the location and data 3.CA DLP moves the sensitive files to a secure location and replaces the original with a message

11 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. DLP and Accuracy Message contains address, DOB and SSN. A definite case of PII Violation. Recipients are external to firm. Violation Non-Violation Message contains the phrase ‘Social Security’ not related to an SSN, and a number which looks a lot like an SSN but is not. >False Positive: activity that was incorrectly flagged >True Positive: activity that was correctly flagged

12 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. Woefully InaccurateAccurateBest-In-Class False-Positives>90%20%<2% For every 100 events or actions flagged… Up to 10 are relevant Up to 80 are relevant 98-99 are relevant The Implication of Accuracy 12 >Considerations >How many events will be flagged by DLP? >How many resources will you use to review those events? >Can you enforce policy in real-time? >Best-In-Class: How to get there?

13 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. >Identity is one of the keys! Understanding Identity 13 >“Identity” can be a role, a user attribute, or some other property that distinguishes one end-user from another Administrator Executive Customer / Partner IT Administration Compliance Contractor / Temp End User Benefit Specialist

14 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. DLP can use Identity 14 Policy Management Review & Reports Policy Administrators Incident Reviewers DLP Central Server Console Endpoints Servers & Stored Data Message Servers Network Devices Users >Identity-Aware DLP User Role/ Identity Information Identity/ Role Management System

15 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. Case Study: Global Financial Services Firm Customer Need –Insider risks –Fraud detection –Other compliance Initiatives Highly unstructured content 15 Other SolutionCA DLP 1,000,0005,000,000Emails, IMs, and other comm’s analyzed each day 7,44735,000Employees generating the above activity 98%<1%False-positives (flagged activity that were not violations) 6317Staff-equivalents to review the violations ? ? ? ? The Advantage –Accuracy –Identity –Detection techniques –Delegated incident review

16 Integrated Demonstration > CA Role & Compliance Manager > CA DLP

17 EMPLOYEE Current Role: Payroll Administrator Application access Use of sensitive data

18 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved.

19

20

21

22

23

24 MANAGER CA Role & Compliance Manager

25 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved.

26

27

28

29 EMPLOYEE Current Role: Sales Application Access Data Loss Prevention

30 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved.

31

32

33

34

35

36

37

38

39

40

41

42

43 Summary

44 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. DLP affects more organizational disciplines >Various services and other parts of the organization will introduce new requirements for identity-centric DLP 44 The Expanding Requirements of DLP Featuring Forrester’s Andrew Jaquith

45 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. CA's Vision for DLP and Security Combining identity and data intelligence improves the function and value of the organization’s security posture. 45

46 Data Loss Prevention and Identity – CA 2009. © CA, Inc. All rights reserved. >DLP addresses the “insider threat” >DLP dynamically identifies and prevents the loss and misuse of data across the enterprise >Effective DLP involves:  Understanding identity, and also  Real-time protection  Fostering employee collaboration  End-user self-remediation and education …and doing all of this while consuming minimal resources Identity and DLP is a Powerful Combination 46

47 Thank you! CA DLP: Data Protection Done Right

Download ppt "Identity Awareness and Data Loss Prevention Effective DLP David Miller Sr. Director, Security Products October 15, 2009."

Similar presentations

Kit Robinson Director Data Loss Prevention and HIPAA.

Kit Robinson Director Data Loss Prevention and HIPAA.
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.
THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.

THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.
Security Controls – What Works

Security Controls – What Works
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.

© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.
1 ZIXCORP The Criticality of Email Security Dena Bauckman Director Product Management April 2015.

1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.

© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.
IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Similar presentations

Ads by Google