Presentation is loading. Please wait.

Presentation is loading. Please wait.

OPTIMIZE YOUR DATA LOSS PREVENTION INVESTMENT FOR BOTTOM LINE RESULTS.

Published byClyde Harrell Modified over 9 years ago

Similar presentations

Presentation on theme: "OPTIMIZE YOUR DATA LOSS PREVENTION INVESTMENT FOR BOTTOM LINE RESULTS."— Presentation transcript:

1 OPTIMIZE YOUR DATA LOSS PREVENTION INVESTMENT FOR BOTTOM LINE RESULTS

2 Providing DLP Since 2002 Deployed 400+ DLP Projects Completed 500+ Assessments Manage DLP Solutions in 22 Countries Provide Daily Management of 1,000,000+ Users Globally DATA LOSS PREVENTION EXPERTISE QUICK FACTS Symantec Master Specialization DLP Partner RSA’s Only Authorized Managed DLP Partner 1st Managed DLP Services Provider (2008) Localized Chinese DLP Practice (2011) Global Support in 130 countries Data Mining, Custom Policies, & Scripting

3 MARKET EVOLUTION - 2005/2006 GARTNER RESULTS Vidius changes name to PortAuthority and accelerates product development and US presence. Reconnex enters market with forensics approach.

4 MARKET EVOLUTION - 2007 GARTNER RESULTS Websense acquires PortAuthority. ($80M) Trend Micro acquires Provilla, October 2007. Raytheon acquires Oakley Networks, October 2007. Tablus touted for exceptional data-at-rest capabilities. “Grid Worker”

5 MARKET EVOLUTION - 2008 GARTNER RESULTS Vontu acquired by Symantec. ($350M) Tablus acquired by RSA. ($40M Approx.) McAfee acquires Reconnex for network DLP ($46M) and Onigma ($20M) for Host DLP. Verdasys and Fidelis announce strategic partnership.

6 MARKET EVOLUTION - 2009 GARTNER RESULTS CA acquires Orchestria, January 2009. GTB struggles to gain a significant customer base. Palisade Systems and Code Green Networks target SMB DLP market. Workshare late entry into DLP market lacks functionality. Vericept acquired by Trustwave.

7 MARKET EVOLUTION - 2010 GARTNER RESULTS Symantec releases 10.5 and DataInsight to enhance DAR capabilities. RSA releases 8.0 with enhanced endpoint capabilities. Strategic partnership with Varonis. Websense releases 7.5 with upgraded management interface. Claims DLP in 30-minutes…. McAfee releases 9.0 with greater integration with network and host DLP into ePO console.

8 MARKET EVOLUTION - 2011 GARTNER RESULTS

9 INTELISECURE APPROACH Dedicated Staff for Each Client, Focused on Accomplishing the Quality Management System Tasks In-Depth Customized Reporting & Development of Key Performance Metrics (On-Demand) Advanced Skills to Optimize & Enable DLP Systems & Integrated Device Features Independent Analysis of Events to Ensure Impartiality and Integrity of the DLP Program Experience & Best Practices from 400+ DLP Projects in 22+ countries Clients Spend 33% - 50% on a Fully Burdened Full-Time Employee for what Intelisecure provides

10 USE CASE: DLP PRE-PROJECT STATE Organization Overview: Cardiology Practice: 700 Employees, 25 Locations DLP Scope: Protection of PHI, PII, PCI – Card Data DLP Primary Issue: Customer overwhelmed with incident data, numerous false positives. Application Management: Operated and managed by IT with limited input from business. Policy Governance: Using out of box policies, limited modification. No finger printing. Incident Triage: Infrequently reviewed by IT with little to no review by business owners. Event Management: Driven by high match counts. Typical “shock value” mentality. Reporting and Metrics: Relies on pre-built in system reporting with no correlation analysis. Status: Over 3M incidents interface. Cannot start user notifications.

11 APPLICATION SUPPORT & INTEGRATION Primary System DLP Management = Resource Requirements Integrated System Management = Cross Department Processes Upgrade & Release Management = Resource Requirements Vendor Management = Primary and Integrated Technology Vendor Relationships

12 POLICY & RULE GOVERNANCE Who requests rules & policy requirements? Are business owners engaged? Who reviews rule requests? Criteria for approved rule? What’s the process for converting a rule request into a policy? Who’s responsible for converting a rule into technical policy? Do they policy building expertise? What is the formal policy development process? First drafts rarely work as expected. Is there a process to relay production policy metrics?

13 WORKFLOW DEVELOPMENT & MANAGEMENT Who develops & manages policy “buckets”? False positive, inbound partner, outbound employee Who defines thresholds that determine response rules for each “bucket”? Are 10 SSNs a high, medium or low severity incident? Who designs & sets the policy response triggers? Malicious, Inadvertent, Suspicious, above threshold. Triage response options: Human notification System notification (auto) Hybrid? Who’s responsible for building alerts, alarms & notifications? Has business been engaged on event management? Who manages the DLP policy & rules repository? Why recreate the wheel?

14 Who reviews volume & yield of incidents & events? What’s the review frequency? How are events/incidents routed? Who owns the incident/event? How does DLP fit in overall incident/event management process? Can this be mapped to DLP system? What metrics are developed to measure success of rules & related policy? Who ‘s responsible for developing metrics? Revision of rules based on quality of policy results. Who manages policy optimization process? How will integrated systems be tied together to yield valued info? Secure mail, web gateway, GRC, SIEM INCIDENT TRIAGE & EVENT MANAGEMENT

15 BUSINESS ANALYTICS & RECORD RETENTION What incidents or events are retained? How long is the retention period? Regulatory requirements? Who develops reports? Are DLP system generated reports adequate? Who drives report requirements? Requestors, Reviewers, others? Report accuracy tied into QA process?

16 APPLICATION MANAGEMENT PITFALL  Problem: Current IT infrastructure management is often inadequately trained for planning, deployment and ongoing operational management of DLP operation system. (Oracle vs. SQL, etc.)  Solution: Better internal planning & cross functional involvement. In addition to, outsourced 3 rd party management of on premise solution or fully managed cloud-based delivery. This provides you with instance expertise reducing the need for staffing and providing higher availability. Inadequate Planning & Resources Inadequately Training Infrastructure Resources

17 POLICY GOVERNANCE PITFALL No Plan of Attack  Problem: A survey of 50 DLP customers in 2010 said 83% of firms did not consider the overall DLP system cycle & the necessary resources for optimal system usage prior to solution acquisition. Inadequate or lack of resources leads to poor policy construction & unmanageable incidents.  Solution: A well thought out DLP scope with a supporting policy governance process that is VERY inclusive of business unit input as well as involvement with the triage & event management process. There must be people budgeted for any DLP project as well as preparation for business unit buy-in. Inadequate Planning & Resources

18 POLICY GOVERNANCE PITFALL Failure to Engage the Business Stuck in the IT Department Problem: A survey of 50 DLP customers in 2010 said 76% of firms stated the DLP system technical management & daily operations were the responsibility of a group directly involved with IT. In these cases it is very rare to find heavy involvement from business owners directly involved with the creation & usage of the data targeted for protection. Solution: Designation of a primary business owner of the DLP solution, in conjunction with technical management, is the best recipe for success on the front-end planning phase of the project. Without direct & serious involvement from the business, it is very likely that the entire DLP will never get more than mediocre results.

19 POLICY GOVERNANCE PITFALL Lack of Rule Customization Inaccuracy of Out-of-Box (OOB) Policies Problem: The reliance of organizations to use OOB policies as the primary detection criteria for their DLP scope. In many cases data identifiers in OOB policies may never capture unique attributes of a organizations information targets, yielding a combination of false positives and false negatives which lead to an unmanageable incident yield. Solution: Prior to enabling ANY managed production policies, it is highly recommended to select one primary data criteria to focus initial efforts. Once agreed upon, use business process mapping to capture how the data is used and stored, obtain examples, and then construct policies based on the collected data.

20 DATA-IN-MOTION PITFALLS: Missing the Target – False Sense of Security Mis-configured Tap or Port Span Problem Missing segments of network traffic or protocols Solution Comprehensive test plan that maps to in scope business processes and related data types transmitted from various network locations to ensure all relevant data streams are being captured. Encryption – The Masked Data Problem Analysis of data DID not take place prior to encryption. Solution Comprehensive test plan that proves ALL DLP data assessment takes place prior to the gateway encryption & implement managed “test” DLP policies that identify encrypted transmissions as part of the test plan. Misfire of Network Discovery Scans Problem Locations of sensitive data never targeted by the organization for scanning due to lack of an effective policy governance process. Solution Identify potential data stores by discussing the DLP program with staff to understand process. Network versus Endpoint Discovery Problem Running DAR scans using a combo of network & endpoint without thinking about which policy types & detection methods are not the same. Solution Prior to acquiring DLP solution, have an understanding of the data types that make up your target environment & then, decide on scanning method..

21 DATA-IN-MOTION (ENDPOINT) PITFALLS: The Pandora Box of DLP Environment Assessment Encryption – The Masked Data Misfire of Network Discovery Scans Network versus Endpoint Discovery Problem No rigorous endpoint environment assessment prior to the selection of the application & enablement. Solution Address age of environment, performance capabilities, technical & human issues, & load of applications, in conjunction with education on the DLP endpoints. Problem Failure to monitor endpoints population & their frequency of “checking-in” to the management server with validated results. Solution Phased deployment of endpoint with validation via test plan on initial success of ALL agents & on- going endpoint agent health reports. Problem Implementing same policies for network based & endpoint assessments without testing or modification. Solution Utilize a comprehensive test plan outlining specific metrics (time to open files, open/send emails, open applications) prior to deployment. Problem Failure to calculate & measure the impact of endpoint policy traffic across wide & local area network connections. Solution Thorough assessment of endpoint policies that addresses all of the concerns including policy design requirements, timing, frequency & delivery methods.

22 QMS SAMPLE QUARTERLY REPORT

23 POLICY GOVERNANCE – RECENT OOB USE CASE (ADJUSTED PROGRAM) Organization Overview: Primary business Focus – Billing/Collections and Medical Records DLP Scope: Managed Production: Set of policies to cover PHI elements DLP Primary Goal: 95% Accuracy goal allowing enablement of user notifications. Application Management: Operated by IT with business analysis from Audit & Compliance. Policy Governance: Combination of OOB + ERE and finger printing. Obtained data examples. Incident Triage: Daily review of incidents by Audit and Compliance resource. Event Management: Driven by combo of match counts, data type, sender and recipient. Reporting and Metrics: Policy accuracy, business unit mapping, incident to event ratio. Status: 100% incidents triaged daily, targeted reporting and user notifications.

24 SAMPLE QUARTERLY REPORT

25 BEW GLOBAL HQBEW GLOBAL EMEABEW GLOBAL APAC 5613 DTC Parkway Suite 810 Greenwood Village, CO 80111 USA (ph) +1 720 227 0990 (fax) +1 720 227 0984 www.bewglobal.com 3 Albany Court Albany Park Camberley GU16 7QR England (ph) +44 (0) 845 481 0882 (fax) +44 (0) 871 714 2170 www.bewglobal.com 520 Oxford Street Level 23, Tower 1 Bondi Junction Sydney 2022 (ph) +61 (2) 9513 8800 (fax) +61 (2) 9513 8888 www.bewglobal.com

Download ppt "OPTIMIZE YOUR DATA LOSS PREVENTION INVESTMENT FOR BOTTOM LINE RESULTS."

Similar presentations

Testing Relational Database

Testing Relational Database
Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
Network Systems Sales LLC

Network Systems Sales LLC
Configuration Management

Configuration Management
BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATIONS MOST CRITICAL ASSETS.

BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATIONS MOST CRITICAL ASSETS.
LeadManager™- Internet Marketing Lead Management Solution May, 2009.

LeadManager™- Internet Marketing Lead Management Solution May, 2009.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
Presentation for the Management Study of the Code Enforcement Process City of Little Rock, Arkansas August 3, 2006.

Presentation for the Management Study of the Code Enforcement Process City of Little Rock, Arkansas August 3, 2006.
AMI & Grid Data Analytics & Analysis Management Platform Page  1 What does this platform offer? Our tool is a next generation grid management software.

AMI & Grid Data Analytics & Analysis Management Platform Page  1 What does this platform offer? Our tool is a next generation grid management software.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Business Intelligence Accurate Information, Accurate Decisions June 2012 Presented by: Scott Lea Government Services Infogroup Government Division.

Business Intelligence Accurate Information, Accurate Decisions June 2012 Presented by: Scott Lea Government Services Infogroup Government Division.
Security Controls – What Works

Security Controls – What Works
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Data Warehouse success depends on metadata

Data Warehouse success depends on metadata
BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS.

BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
OPTIMIZE YOUR DATA LOSS PREVENTION INVESTMENT FOR BOTTOM LINE RESULTS.

OPTIMIZE YOUR DATA LOSS PREVENTION INVESTMENT FOR BOTTOM LINE RESULTS.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Similar presentations

Ads by Google