1. Protecting PII in the EU
GTB Data Leak Prevention
March 27, 2012
Oxford, UK
2. Security Breach Statistics - (2005 -2011):
479,072,533 Confidential records stolen/lost
Over $150 Cost per breached record
1 in 75 emails Contain secure content
2 of 50 files Exposed files on the network
$0.10 to $25 Price of a valid credit card w/ CVV
$10 - $1,000 Price for bank account credentials
Sources: epic.org, Ponemon llc., Privacy Rights Clearinghouse
5/3/2012 Copyright GTB Technologies, Inc. 2
3. All time largest reported incidents
records date organizations Known Cost
130,000,000 January 20, 2009 Heartland Payment Systems $68 mill
94,000,000 January 17, 2007 TJX Companies Inc. $64 mill
90,000,000 June 1, 1984 TRW, Sears Roebuck Unknown
77,000,000 April 26, 2011 Sony Corporation $173 mill
76,000,000 October 5, 2009 National Archives and Records Administration unknown
40,000,000 June 19, 2005 CardSystems, Visa, MasterCard, American Express unknown
32,000,000 December 14, 2009 RockYou Inc. unknown
26,500,000 May 22, 2006 U.S. Department of Veterans Affairs $20 mill
25,000,000 November 20, 2007 HM Revenue and Customs, TNT unknown
24,600,000 May 2, 2011 Sony Online Entertainment, Sony Corporation unknown
Source: http://datalossdb.org/
5/3/2012 Copyright GTB Technologies, Inc. 3
4. EU Electronic Communications Guidance
Section 16: Offences and Penalties
Failure to comply with certain provisions of the Regulations are criminal offences:
• Data Security and Data Breaches
• Unsolicited Marketing Communications
• Requirements specified in Information and Enforcement Notices issued by the
Commissioner Requirements imposed by the Commissioner’s authorised officers.
The offences attract a fine of up to €5,000 – per message in the case of unsolicited marketing –
when prosecuted by the Commissioner in the District Court.
Unsolicited marketing offences may be prosecuted on indictment and attract fines of up to
€250,000 in the case of a company and €50,000 in the case of an individual. A data security
offence may similarly be prosecuted on indictment and attract the same level of Penalty.
Source: http://www.dataprotection.ie/documents/guidance/Electronic_Communications_Guidance.pdf
5/3/2012 Copyright GTB Technologies, Inc. 4
5. Defining DLP
A DLP system performs real-time data
classification on Data at Rest and Data
in Motion and automatically enforces
security policies including PREVENTION.
5/3/2012 Copyright GTB Technologies, Inc. 5
6. DLP answers 4 questions:
1. Where is my 2. Who is sending 3. What data is 4. Who is receiving
data? my data? being sent? my data?
• Desktops • Trusted users • PII • IP address
• Laptops • Intruders • PHI • Email destination
• File shares • Spyware • Source code • Geographic
• SharePoint • Viruses • Intel. Property location
5/3/2012 Copyright GTB Technologies, Inc. 6
7. The 8 use-cases for Network DLP
1. Control a broken 2. Demonstrate 3. Automate Email 4. Detect or Block
business process Compliance Encryption encrypted content
Should I allow
I have no way of How do I automate
Who is sending, what encrypted data to
enforcing EU data loss encrypting emails
data and to whom? leave without
compliance regulation which require it?
content inspection?
7. Detect/Block TCP 8. Employees’
5. Severity Blocking 6. Visibility to SSL
from non-trusted users Education
How do I detect My employees are
Some breaches are so I have no visibility to transmissions from not complying with
severe that I prefer to SSL in general and non-trusted users the Written
altogether block them! HTTPS in particular! (Malware/Viruses/Troj Information Security
ans) Policy (WISP)
5/3/2012 Copyright GTB Technologies, Inc. 7
8. Where is my data?
5/3/2012 Copyright GTB Technologies, Inc. 8
9. Who is sending my data?
5/3/2012 Copyright GTB Technologies, Inc. 9
10. What data is being sent?
a
5/3/2012 Copyright GTB Technologies, Inc. 10
11. Who is receiving my data?
5/3/2012 Copyright GTB Technologies, Inc. 11
15. Essential Elements of DLP
1. Detection accuracy
2. Resiliency to data manipulation
3. Comprehensive protocol support
4. File format independence
5. Performance – no network degradation
6. Security
7. Detection of encrypted content
8. User remediation
GTB DLP Suite-Confidential
16. Detection Engine Accuracy
Would you enforce blocking if you don’t trust the event is true?
Imprecise Algorithms
•Data Pattern engine
•Bayesian analysis
•Statistical analysis
•Others
GTB DLP Suite-Confidential
17. Detection Accuracy (continued)
Would you enforce blocking if you don’t trust the event is true?
Precise Algorithms
•Whole file hash
•Cyclical hashes
•Rolling hashes
•Watermarking/tagging
•Recursive Transitional Gaps (GTB proprietary)
GTB DLP Suite-Confidential
20. Resiliency to Data Manipulation
•Data extracting – copy and paste
Imprecise Algorithms
•File format conversion
•Compression
•File embedding
•File extension changes
•Re-typing – secure text is re-typed
•Data representation change (069-44-4321 – 069,44,4321)
GTB DLP Suite-Confidential
21. File format and protocol independence
•SMTP, HTTP and FTP are most commonly used
Imprecise Algorithms
•HTTP Server, HTTP Tunnel, NNTP, IM, POP3, MS
Networks, SSL and unknown protocols
•Secure data may reside in any file format
GTB DLP Suite-Confidential
22. Performance & Security
• Make sure all packets are scanned without
Imprecise Algorithms
network degradation
• Make sure the solution is secure
• Choose a solution that does not copy
secure content in order to protect it
GTB DLP Suite-Confidential
23. What data must be protected?
Personal identifiable information (PII)
• Credit card number
• Social security number
• Customer name
• Address
• Telephone numbers
• Account numbers/Member numbers/Tax ID’s
• PIN or password
• Username & password
• Drivers license number
• Date of birth