This document provides an overview and agenda for a Data Loss Prevention presentation. It discusses trends in data loss, how DLP works to discover, monitor and protect data, and case studies of how DLP helps different types of insider and outsider threats. It highlights the advantages of the Symantec DLP solution, including its accuracy, sophisticated workflow for incident response, ability to identify sensitive data with Data Insight, and zero-day content detection through machine learning. The appendix discusses Symantec's leadership in the DLP market and new features of the latest DLP product version.
1. Data Loss Prevention: Protecting Your
Information and Reputation
April 2016
Reza Kopaee, Frank Coburn, Omid Esfandiari - RiskView
Neil Greenberg – Bell Canada
2. Agenda
Data Loss Prevention Presentation
• Introduction
• RiskView - Threatview
• Conceptual Understanding
• Technical Demo
• Bell Case Study
Suite 281, 3044 Bloor
Street West, Toronto, On,
M8X 2Y8
3. Trends, News and What’s at Stake
Data Loss Prevention Presentation
64% of data
loss caused by
well-meaning
insiders
50% of
employees
leave with
data
$3.5 million
average cost
of a breach
Legal and
compliance
penalties
A corporate
black eye
4. Well-meaning Insiders Malicious Insiders Malicious Outsiders
The Faces of Data Loss Prevention
It’s about people.
Data Loss Prevention Presentation
5. Symantec Solutions Protect What’s Important
Customer Information Company Information
Financials
SSNs and
Government IDs
Medical Records
Credit Card Info
HR Records
Internal Auditing
M&A and Strategy
Intellectual
Property
6. You need more than technology.
A Non-Transparent Solution
Data Loss Prevention Presentation
Where is my
confidential data?
DISCOVER
How is it
being used?
MONITOR
How do I
prevent loss and theft?
PROTECT
7. How Data Loss Prevention Works
Data Loss Prevention Presentation
DATA LOSS POLICY
Content
Credit Cards
SSNs
Intellectual
Property
Context
Who?
What?
Where?
Action
Notify
Justify
Encrypt
Prevent
Notification
User
Manager
Security
Escalate
RESPONSEDETECTION
Find it. Fix it.
8. DLP is About People
Data Loss Prevention Presentation
Action
Detection and
Response
Problem
Betty attempts to
email confidential
employee data
without knowing it
DLP Response
Network: DLP inspects
content and context
for policy match as
email leaves server
Endpoint: DLP
inspects the mail
when user hits “send”
Network: Monitor,
notify user, encrypt or
block
Endpoint: Display pop-
up, justify, block
email, remove content
Result
Help users understand
and justify risk
transparently
Block or encrypt data
in some cases
Betty G. Well Meaning Insider
Asst. HR Manager | Midwestern Insurance Company
SITUATION: Sending sensitive data over email
Symantec Advantage
Detection High-performance
Off Network Coverage Flexible Response
9. DLP is About People
Data Loss Prevention Presentation
Sanjay V. Well Meaning Insider
Assistant Controller | Manufacturing Company
SITUATION: Copying sensitive data to removable storage devices
ActionProblem
Sanjay copies pre-
released financial data
to removable media
DLP Response
Endpoint agent
analyzes content
based on policies
Monitor, record or
notify
Automatically encrypt
files using SEE
Result
Automatically encrypt
content
Higher visibility into
where data is going
Change users’
behavior
Symantec Advantage
Lightweight agent Trusted devices
Group based policies Automatic encryption
Detection and
Response
10. DLP is About People
Data Loss Prevention Presentation
ActionProblem
Charles inadvertently
stores source code on
an unprotected share
DLP Response
Network Discover
scan finds the exposed
source code, Data
Insight IDs Charles as
the file owner
Network Protect can:
• Notify Charles
• Encrypt the data
• Move the file
• Apply rights
management
policies
Result
Secure your most
sensitive assets – keep
the malicious outsider
from finding them
Charles N. Well Meaning Insider
Software Developer | Investment Banking Firm
SITUATION: Discovering data “spills” and cleaning them up
Detection and
Response
Symantec Advantage
Broad scan coverage Data owner ID
Encryption Data owner remediation
11. DLP is About People
Data Loss Prevention Presentation
ActionProblem
Unhappy or departing
employees copy or
share sensitive data
via email or
removable storage
DLP Response
DLP monitors desktop
and network activity
Notify (warn) the user
of their actions
Inform manager,
security and/or HR
Stop the transmission
or copy
Result
Information assets
don’t leave with the
employee
People know they are
being monitored
Mimi L. Malicious Insider
Soon-to-be-former Account Executive | Staffing Firm
SITUATION: Attempting to copy customer records and resumes
Detection and
Response
Symantec Advantage
Continuous coverage on PCs Custom pop-ups
Incident escalation Content removal
13. Symantec Data Loss Prevention Scope
Data Loss Prevention Presentation
Office 365
iOS
Android
Email
Web
FTP
IM
USB
Hard Drives
Removable Storage
Network Shares
Print/Fax
Cloud & Web Apps
File Servers
Exchange, Lotus
SharePoint
Databases
Web Servers
Unified
Management
14. Symantec Data Loss Prevention Products
Data Loss Prevention Presentation
MANAGEMENT AND REPORTING
Symantec Data Loss Prevention Enforce Platform & IT Analytics
NETWORK ENDPOINT STORAGE CLOUD & MOBILE
Network Monitor
Network Prevent
for Email
Network Prevent
for Web
Endpoint Discover
Endpoint Prevent
Network Discover
Data Insight
Data Insight Self-
Service Portal
Network Protect
Cloud Prevent for
Office 365
Mobile Email
Monitor
Mobile Prevent
15. Symantec Data Loss Prevention Architecture
Data Loss Prevention Presentation
DMZCorporate LAN
Network Discover - Data Insight -
Network Protect
Enforce - IT Analytics
Endpoint Discover - Endpoint Prevent
SPAN Port or Tap
MTA or Proxy
STORAGE
MANAGEMENT
ENDPOINT
Network Monitor - Network Prevent -
Mobile Monitor - Mobile Prevent
INTERNET
Cloud Prevent for Office 365
NETWORK &
MOBILE
CLOUD
17. Symantec Advantage: Highest Detection Accuracy
Data Loss Prevention Presentation
Described
Content Matching
Indexed Document
Matching
Vector Machine
Learning
Exact Data
Matching
DESCRIBED DATA
Non-indexable data
Lexicons
Data Identifiers
STRUCTURED DATA
CUSTOMER DATA
Customer / Employee
Pricing
Partial row matching
Near perfect accuracy
UNSTRUCTURED DATA
IP
Designs / Source /
Financials
Derivative match
Near perfect accuracy
UNSTRUCTURED DATA
IP
Designs / Source /
Financials
Derivative match
Very High Accuracy
18. Symantec Advantage: Sophisticated Workflow
90% of DLP is Incident Response
Data Loss Prevention Presentation
Right Automation Resolution, Enforcement, Notification
Right Person Route Incidents to Right Responder
Right Order High Severity of Incidents First
Right Information 5-Second Test
Right Action 1-Click Response
Right Metrics Prove Results to Execs and Auditors
29. Symantec Data Loss Prevention Methodology
Data Loss Prevention Presentation
Competitive
Trap
1000
800
600
400
200
0
Risk Reduction Over Time
IncidentsPerWeek
Visibility
Remediation
Notification
Prevention
30. Why Symantec?
Data Loss Prevention Presentation
8 Consecutive Years of
Technology Leadership
Used by over half of
the Fortune 100
The Global Market
Leader in DLP
32. Evolution of the DLP Market
20132010
2006 2008 20092007
20142011
Data Loss Prevention Presentation
33. Symantec is the only 8-time Leader in the Gartner
Magic Quadrant for Data Loss Prevention
Data Loss Prevention Presentation
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger
research note and should be evaluated in the context of the entire report. The
Gartner report is available upon request from Symantec. Gartner does not
endorse any vendor, product or service depicted in our research publications, and
does not advise technology users to select only those vendors with the highest
ratings. Gartner research publications consist of the opinions of Gartner's
research organization and should not be construed as statements of fact. Gartner
disclaims all warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a particular purposed
Source: Gartner, Inc., Magic Quadrant for Content-
Aware Data Loss Prevention, Brian Reed, Neil
Wynne
34. The Market Leader in Data Loss Prevention
Greater than next three competitors combined
Data Loss Prevention Presentation
Symantec
34.7%
McAfee
15.7%
Websense
9.4%
CA
7.2%
RSA
7.1%
Others
25.9%
Source: Worldwide Data Loss Prevention 2014 – 2018 Forecast And 2013 Vendor Shares, IDC, November 2014
36. What’s New in Data Loss Prevention 14
Data Loss Prevention Presentation
Unified
ManagementGreater Control, Simpler Management
Office 365
iOS
Android
Email
Web
FTP
IM
USB
Hard Drives
Removable Storage
Network Shares
Print/Fax
Cloud & Web Apps
File Servers
Exchange, Lotus
SharePoint
Databases
Web Servers
37. Greater Control, Simpler Management
Data Loss Prevention Presentation
14.0
Endpoint Agent for Mac OS
Enhanced endpoint scalability
Dynamic agent groups
Enhanced agent health status reporting
Expanded endpoint event coverage
Cloud Prevent for Microsoft Office 365
OWA & Outlook.com
Hyperlinks in pop-ups
Windows 8/8.1
Office 2013
Natural Language Processing for
Chinese, Japanese, Korean
HIPAA and Caldicott policy
template updates
Remote Desktop Protocol
(RDP) support
Data Insight Self-Service Portal
Multi-token Exact Data
Matching
Hyper-V & VMware View
Mobile email monitoring for
Android and iOS
Reusable policy rules
Endpoint Indexed Document
Matching
Randomized SSN Data
Identifier
Network monitoring for IPv6
Single-Server Installation