1. Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010

2. Sophos, Simply Secure

3. Changing security landscape PCI-DSS HIPAA CSB 1386 GLBA 95/46/EC Contractors, outsourcing Partners, customers Web 2.0 Mobile workers Firewall Corporate data $ Customer data Intellectual property Personally identifiable information Targeted...targeting commercial data Complex threats.... Web-based, Invisible Fast changing Regulatory disclosure and reputation damage Digital generation set looseInformation theft – not graffiti

5. Headlines are the tip of the iceberg 5 Brand damage Loss of customers Incremental internal costs Direct costs of intellectual property loss

6. How is this data exposed? Insider theft accounts for only 5-15% of the data loss Most data breaches are accidental Only 2.4% were prevented by protective measures (e.g. encryption) 6

7. What data is at risk? 7 Process Work Knowledge Work Well-defined responsibilities Well-defined workflows Dealing with PII Risks: - Non-compliance - Criminal prosecution - Brand / reputation damage Changing roles / assignments Unstructured data Company information assets Risks: - Competitive damage - Loss of partner trust Personally identifiable information Intellectual property Customer data

8. Business challenge Conflicting Goals! Challenge of Data Loss Prevention 8 Enable productivity, mobility and flexible “web 2.0” working Comply with regulation Avoid damaging data loss There is no “100% DLP” but also

9. Simply Secure Data Loss Prevention 9

10. Four elements of an effective DLP strategy Control the user environment by restricting data exit points Control devices, applications, email and web usage Ensure security policy compliance Protect confidential and sensitive information Full disk, removable storage and file encryption Email encryption Prevent leakage of personal identifiable information Comprehensive coverage of personally identifiable information types Continuously assess, audit, report and enforce on endpoint and gateway Classify intellectual property and sensitive business data Empower knowledge workers to classify sensitive business data Apply classification to existing documents and data sets 10

11. Control user environment 11 Data loss objective: Significantly reduce risk by managing what users can do on data exit points Sophos solution provides granular control of: Storage devices and network interfaces Applications Web site access Continuously monitor user behaviour and enforce security policies SophosLabs provide the domain expertise: Managed application definitions (P2P, IM, Remote Access) Managed web site categories (webmail, social networks, IM) Indentify over 150 file formats using “True File Type” technology

12. Protect confidential and sensitive information Data loss objective: Data encryption is the ultimate data loss insurance policy Sophos solution protects data where it is most exposed: Laptops Removable storage and optical media Email Server file shares Data protection platform: Enterprise mangement console and key management Integration with Active Directory Transparent file and folder encryption Audit compliance 12

13. Prevent leakage of PII Data loss objective: Tackle the highest risk of regulatory infringement and brand damage Sophos solution covers all critical data leakage points: Storage, web, email and IM Fully integrated into core endpoint and gateway products SophosLabs provide the content expertise: Over 100 expert definitions of personally identifiable information Administrator decides appropriate enforcement action: Audit – silent background monitoring of events Training – audited end user authorisation Enforcement - encrypt or block transfer 13

14. Classify and protect documents Data loss objective: Protect high value intellectual property and operations data Sophos solution is designed to empower knowledge workers: Define classification levels within policy Enable end user to tag and classify new documents Embed classification within document Scan for and classify existing documents using document context Enforce policies for classified documents on endpoint and gateway Integrated with enterprise encryption solution: Leverages existing user identity and permissions Provides workable enterprise rights management 14

15. Sophos Data Loss Prevention 15

16. Solutions designed to meet a need 16 Process Work Knowledge Work Comply with regulations Protect data using full disk encryption Prevent leakage of PII from endpoints Prevent leakage of PII from email and web gateway Data at resting scanning of PII on endpoints Protect company assets using encryption and classification. Detect leakage of IP via common leak points. Classify and protect IP at the point of creation. Persistent tagging Identify and protect IP using automated classification and data at rest scanning.

17. SafeGuard Enterprise Your key to data protection with encryption 2. Encrypt laptops, desktops 6. Secure network file shares 1. Consistent policies, mgmt. of keys & certificates 3. Encrypt removable media 4. PC port control & DLP 5. Manage external security products (*) Future release

18. Safeguard Mail Gateway overview 123 4 5 1.Email Client sends out Email in plain text 2.Email Server forwards Email to Content-Filter 3.Content-Filter forwards Email to SGMG 4.SGMG evaluates Email Security Policy and cryptographically handles the Email accordingly 5.SGMG delivers Email to the Recipient a.External Communication Partner sends an encrypted Email b.SGMG identifies encrypted Email and decrypts this Email. The Email is now in plain- text. c.SGMG forwards Email to AV-Scanner d.AV-Scanner checks and forwards the Email to the Email Server e.Email Client receives Email in plain text edc b a

19. DLP Implementation Tips Senior management sponsorship Cross-functional team Identify PII data types Prioritize risks Data security policies End-user education Warn before blocking

20. Questions? 20