Presentation is loading. Please wait.

Presentation is loading. Please wait.

Confidential - Copyright © 2006 Fidelis Security Systems, Inc. All Rights Reserved Mitigate the Risks of Data Leakage.

Published byGordon Williams Modified over 8 years ago

Similar presentations

Presentation on theme: "Confidential - Copyright © 2006 Fidelis Security Systems, Inc. All Rights Reserved Mitigate the Risks of Data Leakage."— Presentation transcript:

1 Confidential - Copyright © 2006 Fidelis Security Systems, Inc. All Rights Reserved Mitigate the Risks of Data Leakage

2 What is Data Leakage and How Do I Stop It? What is data leakage / loss? When protected or sensitive information inadvertently or intentionally crosses an organizational boundary in a methods inconsistent with information sharing policies How is this different than previous security technologies? (e.g. intrusion, firewalls…) About the information Sender, recipient, channel/service relevant, but incomplete Solutions go by many names: Data Leakage Prevention Extrusion Prevention Exfiltration Prevention Data Leakage Protection Data Loss Prevention Data Loss Protection Content Monitoring & Filtering Anti-data Leakage Information Leakage Prevention Information Leakage Protection Information Loss Prevention Information Loss Protection

3 3 2008: The Year of DLP Seeing significant budgeted projects for DLP for the first time

4 Data Security is a Paradigm Shift “The Year of DLP” marks the beginning of a secular trend: Data Security 4 Access Control 1970s1980s System Security 1990s Network Security 2000s Threat Mitigation Data Security 20082025 and beyond

5 Extrusion Prevention: Addressing Federal Problems Organizational Objectives Control channels of communication to mitigate the risk of data leakage Prevent proxy circumvention Prevent use of unapproved network applications Manage IM, Webmail & P2P, including attachments and file types Protect intellectual property including Classified information Source code Design documents And other digital assets requiring protection under FISMA Protect employee, student, patient, taxpayer, and other identity information Manage compliance with privacy regulations including Privacy Act of 1974, HIPAA,OMB directives, PCI, and other privacy regulations Privacy Compliance Digital Asset Protection Insider Internet Management

6 Key Market Driver—Preventing Leakage of Identity Information The Agriculture Department announced Friday it has publicly exposed the personal information of up to 63,000 citizens.

7 Impact of Information Leakage on Federal Organizations Security—potential National Security implications Legal—regulatory non-compliance Political damage—loss of trust, negative career implications Operational—Congressional oversight, investigation, remediation Financial—cost of notifications & monitoring

8 Unmonitored and uncontrolled outbound communications on 65,535 ports Extrusion Prevention for Federal Markets: Organizational Risks Threat+Vulnerability=Risk Hacker Malicious Insider Uneducated User Unauthorized disclosure of Personal Identity information (PII) Compromised confidentiality of protected information Compromised national security Protected information Actors Personal Identity Information Classified National Security Information Digital assets requiring confidentiality

9 Key Market Drivers 1.Preventing network leakage of Personal Identity Information 2.Preventing network leakage of including national security and FISMA protected information 3.Defend computer networks from rogue applications to prevent risk of data leakage Extrusion Prevention for Federal Markets: Market Drivers Use Cases Lists of PII National security information OPSEC Assets requiring confidentiality (FIPS 199 / NIST 800-60) Control rogue applications including IM, P2P, Webmail and rogue encryption Only solution to meet these requirements—Fidelis XPS Requirements Accurately Identify PII Accurately identify protected digital assets Zero data registration Prevention on all 65,535 ports on the network Gigabit speed Port-independent application monitoring with tunnel recognition Common Criteria Evaluation Supporting requirement

10 Confidential - Copyright © 2006 Fidelis Security Systems, Inc. All Rights Reserved Methods for Identifying Information for Data Leakage Prevention Confidential - Copyright © 2006 Fidelis Security Systems, Inc. All Rights Reserved

11 Goals of Content Analysis Algorithms Analyze all network traffic –At network speed –All ports and protocols Detect and Prevent Leakage Zero False Negatives Zero False Positives Performance is Critical Finding the Right Balance Analysis of Identification Methods Must Consider: Performance Probability of False Results

12 Further Considerations Deployment Effort –Are supporting processes required? –Installation time –Time to ROI –Maintenance requirements Scalability –Does the solution scale to hundreds or thousands of documents? –Does the solution apply to undocumented data? False Positives vs. False Negatives –False Positive : false detection of a violation –False Negative: false non-detection of a violation Total Cost Of Ownership

13 Key Methods for Identity Identification Registration (enrollment) Exact Matching Partial Document Recognition Keyword or Expression Matching “Smart Identity Profiling” Description (profiling) Rule sets that profile information of a certain type Uses statistical, pattern and/or key attributes to describe potential information “Find the transfer of data that matches specified patterns” Rule sets that match to information provided to the system Uses exact matching algorithms (i.e., hashing) to identify documents “Find the transfer of specified (registered) documents”

14 Exact Matching Database Record or Document Extract Database of Enrolled Fingerprints Hash or Checksum Can only detect an exact match Any data modification eludes detection Very high rate of false negatives Zero false positives (well, maybe not) Very fast on small database of enrolled files Linear degradation in performance The Only Method that can attempt to claim Zero False Positives (though doesn’t work that way in the real world) False Negatives are a major problem

15 Partial Document Matching: Slow, High False Negatives 0x9678A 0x59A06 Detect: Does Content Contain A Registered Chunk? 010111001 101001100 00101100 100100 Outbound Content Extract Algorithmic Conversion One-way Mathematical Representation 0x5BD41 0x190C1 0x93005 0x1678A 0x461BD 0x66A1A 0x6678A 0x4D181 0xB678A 01011100 11010011 00001011 00 100100 1000111 011 0110011 0111101 Database Record or Document Algorithmic Conversion One-way Mathematical Representation Fingerprint: But what if you don’t? 0xB6751 0xB61C1 0x37CB2 0x5BD41 0x190C1 0x93005 0x590A9 0xA0001 0xB6751 0xB61C1 0x37CB2 0x5BD41 0x190C1 0x93005 0x590A9 0xA0001 Extract Fingerprint Storage & Indexing Fingerprint Creation Real-Time Fingerprint Comparison Represent Data In Stored Chunks

16 Partial Document Matching : High False Positives Too 01011100 11010011 00001011 00 100100 1000111 011 0110011 0111101 Database Record or Document Algorithmic Conversion One-way Mathematical Representation 0xB6751 0xB61C1 0x37CB2 0x5BD41 0x190C1 0x93005 0x590A9 0xA0001 Extract Fingerprint Storage & Indexing 0x461BD 0x66A1A 0x4D181 0xB678A Size of the Chunk has Consequences: Too Small Too Big High False Positive Problem High False Negative Problem The Ideal Choice Differs Per File

17 Simple Profiling: High False Positives Simple Profiling based on Regular Expressions 0xB678A Expressions Entered By System Administrator No Data Registration Involved Identity Information Consists of: –Numbers –Names Internet traffic contains many numbers and names Unverified numbers = High false positives Names out of context = High false positives Zero False Negatives Database size is small Performance is Excellent Smarter Approach Needed To Reduce False Positives While Maintaining Zero Negatives

18 Smart Identity Profiling™: algorithmic filtering minimizes false positives…

19 Granularity of Profile is Important Further reduction of false positives achieved by: –Statistical analysis of data –Combination of other profiling techniques: Keywords, regular expressions Identification of corporate logos, document formats Who, What, Where, When, and How It’s not just about What! (i.e. content) Example: –Block all PII data except that transferred from HR to Medical Provider over approved FTP site, Mon-Fri, 8am-5pm

20 Deployment Considerations Time Fingerprinting Profiling Have I seen this before? Is this sensitive? How Often Do I Update My Documents?

21 TCO Comparison 1.Deploy sensor to network 2.Enable pre-built policies 3.Configure policy 4.Deploy 1.Deploy sensor to network 2.Enable pre-built policies 3.Plan integration project 4.Obtain integration solution 5.Deploy integration resources 6.Initial data registration 7.Deploy 8.Design process to keep registration current 9.Resource re-registration process 10.Add registration with all new IT systems Smart ProfilingExact Matching Time and Effort Hours Months Customization requirements shown in red italics

22 Scalability Considerations Data Registration Database of Enrolled Fingerprints 01011100 11010011 00001011 00 100100 1000111 011 0110011 0111101 Database Size for Non-Trivial Implementation = GB to TB Requires expensive disk storage Comparing network traffic to large Disk array equals slow performance Prevention cannot be considered Except in trivial instances Smart Identity Profiling Profile description is very small Can be stored in RAM Comparing network traffic to RAM equals lookup in real time Prevention is a user decision, not a technical barrier

23 Summary of Approaches Registration (enrollment) Description (profiling) Zero False PositivesZero False Negatives Technology improvements try to reduce false negatives Partial Document Recognition Requires Data Registration: High TCO External Processes Needed Low Scalability Performance Problems Technology improvements and tuning reduce false positives Smart Identity Profiling Requires Granular Policies: Low TCO Minor Administrator Effort High Scalability High Performance

24 Profiling FAIL Registration Which Method? Predictability of Information Access to Information CEO memo Personal Identity Information Source Code Classified Data Design Docs

25 Confidential - Copyright © 2006 Fidelis Security Systems, Inc. All Rights Reserved Questions? David Etue, VP Product Management (301) 652-7190, david.etue@fidelissecurity.comdavid.etue@fidelissecurity.com Robert Deitz – Government Technology Solutions / Exclusive GSA/ICPT contract holder for Fidelis Security. 1-800-326-5683 rdeitz@gvTechSolutions.com

Download ppt "Confidential - Copyright © 2006 Fidelis Security Systems, Inc. All Rights Reserved Mitigate the Risks of Data Leakage."

Similar presentations

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
Unit 7: Store and Retrieve it Database Management Systems (DBMS)

Unit 7: Store and Retrieve it Database Management Systems (DBMS)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security Controls – What Works

Security Controls – What Works
Lisa Farmer, Cedo Vicente, Eric Ahlm

Lisa Farmer, Cedo Vicente, Eric Ahlm
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Similar presentations

Ads by Google