機密圖檔與敏感資料庫資料防洩漏方案
•Als PPT, PDF herunterladen•
1 gefällt mir•1,365 views
不改變檔案內容, 非侵入式 不改變使用行為 機密變造仍可被判讀 不是採用關鍵字, 而是採用專利技術根據內容特徵萃取, 辨識率極高. 道成資訊 張賜賢
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (18)
Ähnlich wie 機密圖檔與敏感資料庫資料防洩漏方案
Ähnlich wie 機密圖檔與敏感資料庫資料防洩漏方案 (20)
Mehr von 道成資訊股份有限公司
Mehr von 道成資訊股份有限公司 (20)
機密圖檔與敏感資料庫資料防洩漏方案
- 1. 如何因應新版個資法 保護資料安全 林秉忠 Websense 技術經理
- 4. Gartner/Forrester Magic Quadrant for Content Monitoring and Filtering and Data Loss Prevention
- 6. The need of DLP – 台灣個人資料保護法
- 8. The need of DLP – 個資洩漏層出不窮
- 10. 我該如何選擇 ? 問題 我該先安內 ( 管理使用者 ) 還是壤外 ( 防止駭客攻擊 ) ? 問題 我該封鎖管道 (USB/Web?) 還是監控內容 ?
- 11. 市場上號稱可協助個資法規的產品 內部使用者 外部使用者 內容 管道 Web FW IPS Anti-Malware Firewall DB 加密 DB 稽核 流量側錄 NAC 周邊控管 DRM 文管系統 垃圾郵件 郵件側錄 檔案加密 Data Loss Prevention 網頁過濾
- 13. 市場上號稱可協助個資法規的產品 內部使用者 外部使用者 內容 管道 Web FW IPS Anti-Malware Firewall DB 加密 DB 稽核 流量側錄 NAC 周邊控管 DRM 文管系統 垃圾郵件 郵件側錄 檔案加密 Data Loss Prevention 網頁過濾
- 14. DLP 專案如何規劃 ?
- 17. DLP 如何運作 ?
- 20. PreciseID 如何學習及比對資料相似度 0x9678A 0x59A06 Detect: 0x1678A 0x461BD 0x66A1A 0x6678A 0x4D181 0xB678A 01011100110100110000101100 100100 1000111 01110101011010110110011 0111101 Database Record or Document Algorithmic Conversion One-way Mathematical Representation Fingerprint: Extract Fingerprint Storage & Indexing Real-Time Fingerprint Comparison Outbound Content (E-mail, Web, Fax, Print, etc.) Extract Algorithmic Conversion 01011100110100110000101100 100100 One-way Mathematical Representation 0xB6751 0xB61C1 0x37CB2 0x5BD41 0x190C1 0x93005 0x590A9 0xA0001 0xB6751 0xB61C1 0x37CB2 0x5BD41 0x190C1 0x93005 0x590A9 0xA0001 0x5BD41 0x190C1 0x93005 Fingerprint Creation
- 21. Websense 如何防護病患個資外洩 客戶名稱 身分證字號 聯絡電話 行動電話 出生日期 楊宗尾 N100145XXX (02)2325-58XX 0912-3456XX 1951/5/23 林幼佳 X100058XXX (02)2266-55XX 0987-6543XX 1923/9/15 潘欲聞 L200552XXX (02)2325-58XX 0912-3456XX 1953/5/11 梨會騎 N101290XXX (02)2266-55XX 0987-6543XX 1954/3/22 服窮音 L101832XXX (02)2325-58XX 0912-3456XX 1955/1/25 陶金銀 L121942XXX (02)2266-55XX 0987-6543XX 1962/12/2 利精 B120231XXX (02)2325-58XX 0912-3456XX 1961/6/20 王痣平 L200547XXX (02)2266-55XX 0987-6543XX 1938/12/23 小胖 B120897XXX (02)2325-58XX 0912-3456XX 1965/10/9 張與 B200002XXX (02)2266-55XX 0987-6543XX 1932/2/1 林稚齡 B200720XXX (02)2325-58XX 0912-3456XX 1927/7/16 蔡一零 L100580XXX (02)2266-55XX 0987-6543XX 1943/9/23 李啟龍 L200473XXX (02)2325-58XX 0912-3456XX 1950/4/12
- 22. Who 人資單位 客服單位 財務人員 會計人員 法務單位 業務人員 行銷單位 技術支援單位 工程研發 What 程式碼 Source Code 事業計畫 合併計畫 病患個資、病例 員工個資 財報 客戶個資 技術文件 競爭比較資訊 Where 競爭對手 網路硬碟 部落格網站 客戶 對案 間諜軟體網站 會計事務所夥伴 媒體 Web Mail 網站 How FTP 檔案傳輸 IM 即時訊息 P2P 檔案交換 網路印表機 Email Web 誰 傳了什麼 到哪裡 如何送 ( 人員解析 / AD 帳號 整合 ) ( 文件內容自然語言 比對 ) ( 網址 /IP 分類庫整 合,目的地感知 ) ( 支援完整的資料 通道 ) Websense DSS 政策管理邏輯,可對任何項目製定白名單或黑名單 What 隨身碟
- 23. Websense DSS 偵測功能說明
- 26. 情境 A 使用者上傳機密檔案
- 27. Example Incident Detail User zips up passwords file File of system passwords Passwords.zip sent via email to Yahoo Group © 2010 Websense, Inc. All rights reserved. Incident Intercepted by Websense Partners wishing to transact business
- 28. 結論
- 30. Planning of the implementation
- 31. Websense Data Security Solutions 導入實務探討 – 政策設計
- 32. Websense Data Security Solutions 導入實務探討–該如何規劃 DLP 專案 ? Confidential documents PCI DSS HIPAA GLBA, EU DPA Sarbox Customer data 機密分級 建立指紋資料庫 稽核 | 保護 Databases File servers 報表 檢討 | 修正 Compliance IT Risk Management Fingerprints Known locations Throughout the enterprise Confidential Data File, Record Removal Change file permissions Status, Inventory Assign to data owners Tombstones Ransom Notes > Chmod +r –w -x Encryption User Desktops Web Email IM 0x5BD41 0x190C1 0x93005
- 34. Any Questions? v7 Architecture Architecture-
Hinweis der Redaktion
- For more information on this Corporate Presentation Toolkit please direct your questions to the following people: Main presentation deck and content: csaunders@websense.com Financial information, analyst or case study content: rzarkos@websense.com Product messaging and positioning: dmeizlik@websense.com Use and sales cycle: jsharer@websense.com
- I’d like to say a few words about Websense in case you are not familiar with our company. Over the last year, Websense has achieved a number of milestones. Websense is the global market share leader in Web Filtering according to leading IT market research firms such as IDC. Today, more than 24 thousand customers, representing over 19 million protected users, have come to rely on Websense technology for managing their employee computing resources. Websense also had its best year financially in 2004. In fact, our annual billings have grown by 35% year over year for the last 2 years. Forbes recently recognized Websense as one of the fastest growing technology companies for 2005. And most importantly, Websense remains committed to product research and development. This focus on R&D enables our products to win awards like the 2004 PC Magazine Editor’s Choice.
- Websense provides fundamentally solid CMF/DLP functions for data in motion (network) and at rest (discovery) in the same appliance. The company uses advanced detection techniques, including partial document match, data fingerprinting and statistical analysis to detect character replacements. Competitive differentiators include network printing analysis and watermarking as a response, offered through a partnership with SourceMedia (formerly Thomson Media). The ability to offer end users self-remediation for quarantined e-mails, such as encrypt and forward, can reduce operation costs. The product is internationalized to be able to detect content in double-byte character sets — a capability that is already in use in Japan — but the user interface is not localized. Websense acquired PortAuthority in January 2007 after a strategic partnership in 2006 and has announced that it intends to integrate the two companies' technologies in 2007. Before the acquisition, PortAuthority provided host functions through a partnership with Safend. The integration with Websense technology will likely involve integrating content awareness capabilities into the Websense Client Policy Manager host agent. Given the stability of its host based technology, Websense should be well-positioned to provide a comprehensive solution for data in motion, at rest and endpoint.
- Websense provides fundamentally solid CMF/DLP functions for data in motion (network) and at rest (discovery) in the same appliance. The company uses advanced detection techniques, including partial document match, data fingerprinting and statistical analysis to detect character replacements. Competitive differentiators include network printing analysis and watermarking as a response, offered through a partnership with SourceMedia (formerly Thomson Media). The ability to offer end users self-remediation for quarantined e-mails, such as encrypt and forward, can reduce operation costs. The product is internationalized to be able to detect content in double-byte character sets — a capability that is already in use in Japan — but the user interface is not localized. Websense acquired PortAuthority in January 2007 after a strategic partnership in 2006 and has announced that it intends to integrate the two companies' technologies in 2007. Before the acquisition, PortAuthority provided host functions through a partnership with Safend. The integration with Websense technology will likely involve integrating content awareness capabilities into the Websense Client Policy Manager host agent. Given the stability of its host based technology, Websense should be well-positioned to provide a comprehensive solution for data in motion, at rest and endpoint.
- To ensure uninterrupted business operations, more and more customers must overcome the challenges of data security. There are several distinct areas of focus: Managing Compliance and Risks – Many business are now required to meet specific compliances. Data loss (accidental or targeted) can often result in non-compliance, fines and lawsuits. Of course, non-compliance can disrupt business operations having negative impact to the bottom line. Visibility – The first thing business must understand is the type of data stored in the network and end-points along with what type of communication methods are considered valid. The fact that data is stored and accessed from databases, document repositories, file share, end-user file systems, portable storage devices, etc… makes visibility to such information very complex. Securing Business Processes – Inability to implement controls to protect against accidental data loss and targeted attacks aimed at stealing sensitive data challenges businesses to establish and meet their business processes. Aside from business impact, loss of sensitive data can also adversely effect the company brand and reputation.
- Key Points: Whenever the PortAuthority Server receives a message from messaging server or application, the PortAuthority Server (via its fingerprint engine) creates a real-time fingerprint of that message and its associated attachments in memory. That real-time fingerprint is compared against the existing database of known fingerprints looking for any full or partial matches. This fingerprint library can be created through an automatic fingerprinting process that updates on a regular basis or when records are added, modified or deleted.
- Here’s a great example why locking down the infrastructure is not a great idea. When you first put in data loss prevention solutions you find interesting things like this. Now this is an real life incident that triggered off one of the 800 or so built in policies that are built in, come ready made if you like, into our data loss prevention module. What we see here is a file of passwords for a good many systems which was zipped and encrypted by a user who then went on to send the zipped file to yahoo mail. Now that incident, quite frankly, at first blush looks quite malicious. Somebody is sending the passwords to your systems to a yahoo mail account and they are obscuring it by zipping the file so maybe they don’t want anybody to see what they are doing. The reason why we like this example is that it is very illustrative of a few concepts. The most important concept is, do you know who caused this problem? Not as you might think the person who actually sent the email, this was inadvertently caused by the IT organization and policies that created this. The company in question had a policy that you couldn’t have distribution lists in the email system with external people on them, since that might allow data to leak. They also had another policy to rotate the passwords every 30 days, which is a great way to encourage sticky notes and password leakage but that was the policy. However this person had to get the passwords to all the [CLICK] business partners who needed these passwords to gain access to all the back end systems so they could conduct business with them. The couldn’t use their own email system because the IT policy forbade external email addresses, so to prove the point that business will find a way, the enterprising employee was using yahoo mail, created a distribution list to circumvent this restriction and send the passwords to all his business partners. They were doing this for a couple of years before we put our [CLICK] system in and found this going on. So it’s very illustrative and shows how IT security policies that say lock things down can create opportunity for people to work around these restrictions to get their jobs done and in doing so create some pretty significant risks for their organizations. It also shows that once you transact in this open manner, the IT department could lock down web mail and the employee would find another way, maybe as Facebook or LinkedIn friends or similar and use that as a distribution mechanism. So the morale is we really need to be able to get a hold of the CONTENT that is transiting our networks here.
- DLP methodology and available solutions have implemented some or all features of this process. This process is normally discussed in the context of network scanning for confidential data, but as highlighted previously, user mobility and privileged access to confidential data, combined with the need for timely and accurate scanning for this data - makes a strong case for executing the discovery process with a local software agent, where possible: Identify: a sound DLP discovery project requires prior knowledge of the data important to your organization, whether it is source code, formulas, CAD drawings or customer data. This type of data is usually created and stored in known locations. Other types of data like healthcare, credit card data may be stored within these known locations or they may be stored in bits and pieces, in the form of files or emails throughout the enterprise. Regardless, if any of these data types are unsecured, a breach could be devastating w/o proper controls. Fingerprint: take a snapshot of the business confidential data; at minimum, this is a hash of the bits, but more sophisticated technology is needed for accurate detection of files Discover: run a network scan and if needed, use endpoint software agents to run local scans of all confidential data Network-based: widest coverage and providing best overall visibility into multiple data stores, finding confidential data in often unexpected places Agent-based: scalable since individual discovery jobs on endpoints run independently of each other and report results back to a centralized server once completed; Report: Business policies for data protection as well as industry regulations mandate current inventory, knowledge of where sensitive data resides. This requires compliance reporting. Even without specific regulations or policies, need for risk management in the area of business data is needed. Trending across top violators and most frequent violations important to help prioritize remediation tasks Remediate: Ultimately, it is the responsibility of the data owner to set the policies and controls for how data is created, stored, used and even secured. In many cases, a compliance report concludes the automated discovery process and requires handoff to data owners, who then use their own tools or techniques to further secure the data. This can be complicated across numerous instances of confidential data storage. need, benefits, our features/functions, differentiation, etc. of our discovery product. Built a methodology for discovery, data id, data scan, data remediation planning, data enforcement. Call out the steps along the way, like fingerprinting via ODBC, automated scanning, distributed deployment and endpoint for parallel scanning, the need for recurring scans, flexibility of enforcement w/ tombstoning and ransom notes, etc.
- v7 Architecture header Architecture-