Learn how you can leverage Symantec DLP's superior detection technologies and comprehensive coverage to protect your confidential data against theft not only from malicious insiders but also well-meaning employees - while enabling you to comply with global data privacy laws and safeguard your reputation.
Tata AIG General Insurance Company - Insurer Innovation Award 2024
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data at Risk
1. WEBCAST: WHAT’S YOURS IS MINE 1WEBCAST: WHAT’S YOURS IS MINE
Chris Wargo, CISSP, CISAPresenter:
2. WEBCAST: WHAT’S YOURS IS MINE
Agenda
About infoLock Technologies
What Is the Insider Threat?
Symantec Data Loss Prevention
Symantec Data Insight
Q&A
2
3. WEBCAST: WHAT’S YOURS IS MINE
About infoLock Technologies
3
• Information security consulting & integration services
• Symantec Security Focus Partner & DLP Master Specialist
• DLP Managed Services & INSIGHT DLP Appliance
• 100+ DLP implementations and engagements; customers
range from 100 to 40,000+ users
• Customers in all industry verticals – financial services,
healthcare, insurance, government, technology, legal,
manufacturing, and telecommunications
4. WEBCAST: WHAT’S YOURS IS MINE 4
“Insider threats are not necessarily the result
of rogue employees driven by malicious
intent. Any employee with a device that
stores information can be at risk of
inadvertently compromising data security.”
Quentyn Taylor, Director of Information Security, Canon
5. WEBCAST: WHAT’S YOURS IS MINE 5
Well-meaning Insiders Malicious Insiders Malicious Outsiders
What do we mean by “Insider Threat”?
6. WEBCAST: WHAT’S YOURS IS MINE 6
Malicious
Attack, 37%
Employee
Negligence, 35%
System or
Process Error,
28%
Causes of Data Breaches
Source: 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute
“Insiders” are the leading cause of data breaches
7. WEBCAST: WHAT’S YOURS IS MINE 7
“Insiders” agree that they are a risk!
Source
Corporate Data: A Protected Asset or a Ticking Time Bomb? Ponemon Institute, December 2014
•71% report having access to company data they should
not be able to see
•54% characterize that access as frequent or very
frequent
Employees have frequent
access to sensitive data
they believe they should
not be able to see
•47% say their organization does not strictly enforce data
security policies
•45% say they are more careful with company data than
their supervisors or managers
•Only 22% say their organization is able to tell them
what happened to lost data, files or email
Employees believe data
protection oversight and
controls are weak
•64% of employees and 59% of IT practitioners believe
that insiders are unknowingly the most likely to be the
cause of leakage of company data.
•Only 46% of IT practitioners say employees in their
organizations take appropriate steps to protect the
company data they access.
Employees and IT staff
agree that employees are
unknowingly the most
likely to be responsible
for the loss of company
data
8. WEBCAST: WHAT’S YOURS IS MINE 8
58% of employees store company-sensitive information
on their personal devices
40% of employees use sensitive business data they have
taken with them when they changed companies
More than 50% of employees send business documents
to their personal email and don’t delete them after use
One-third of employees move work files to file sharing
apps without permission
Sources:
What’s Yours Is Mine: How Employees are Putting Your Intellectual Property at Risk, Symantec & Ponemon Institute
Security Awareness Training: It's Not Just for Compliance, Enterprise Management Associates
Risky behavior leads to data loss
Credit Suisse Says VP Stole Secrets
9. WEBCAST: WHAT’S YOURS IS MINE 9
Introducing Symantec DLP
Symantec Data Loss Prevention enables you to discover,
monitor and protect confidential information wherever it is
stored or used
• Email, web, and other network-based communications
• Servers, databases and other document repositories
• Laptops, desktops, and removable storage
• Mobile devices
• Cloud applications
10. WEBCAST: WHAT’S YOURS IS MINE
MANAGE
MANAGE
DISCOVER
• Identify scan targets
• Run scan to find sensitive
data on network & endpoint
• Enable or customize
policy templates
• Remediate and report
on risk reduction
MONITOR
1
2 3
PROTECT
4
5
• Inspect data being sent
• Monitor network & endpoint
events
• Block, remove or encrypt
• Quarantine or copy files
• Notify employee & manager
10
How Does It Work?
11. WEBCAST: WHAT’S YOURS IS MINE 11
Action
Use case: Data-in-Motion
Detection and
Response
Problem
Betty attempts to
email confidential
employee data
without knowing it
DLP Response
Network: DLP inspects
content and context
for policy match as
email leaves server
Endpoint: DLP
inspects the mail
when user hits “send”
Network: Monitor,
notify user, encrypt or
block
Endpoint: Display pop-
up, justify, block
email, remove content
Result
Help users understand
and justify risk
transparently
Block or encrypt data
in some cases
Symantec Advantage
Betty G. | Well-meaning Insider
Asst. HR Manager | Insurance Company
SITUATION: Sending sensitive data over email
12. WEBCAST: WHAT’S YOURS IS MINE 12
Sanjay V. | Well-meaning Insider
Assistant Controller | Manufacturing Company
SITUATION: Copying sensitive data to removable storage devices
ActionProblem
Sanjay copies pre-
released financial data
to removable media
DLP Response
Endpoint agent
analyzes content
based on policies
Monitor, record or
notify
Automatically encrypt
files using SEE
Result
Automatically encrypt
content
Higher visibility into
where data is going
Change users’
behavior
Detection and
Response
Use case: Data-on-the-Endpoint
13. WEBCAST: WHAT’S YOURS IS MINE 13
ActionProblem
Charles inadvertently
stores source code on
an unprotected share
DLP Response
Network Discover scan
finds the exposed
source code, Data
Insight IDs Charles as
the file owner
Network Protect can:
• Notify Charles
• Encrypt the data
• Move the file
• Apply rights
management
policies
Result
Secure your most
sensitive assets – keep
the malicious outsider
from finding them
Competitive Advantage
Charles N. | Well-meaning Insider
Software Developer | Investment Banking Firm
SITUATION: Discovering data “spills” and cleaning them up
Detection and
Response
Use case: Data-at-Rest
14. WEBCAST: WHAT’S YOURS IS MINE 14
ActionProblem
Unhappy or departing
employees copy or
share sensitive data
via email or
removable storage
DLP Response
DLP monitors desktop
and network activity
Notify (warn) the user
of their actions
Inform manager,
security and/or HR
Stop the transmission
or copy
Result
Information assets
don’t leave with the
employee
People know they are
being monitored
Mimi L. | Malicious Insider
Soon-to-be-former Account Executive | Staffing Firm
SITUATION: Attempting to copy customer records and resumes
Detection and
Response
Use case: Data-in-Motion
16. WEBCAST: WHAT’S YOURS IS MINE
Gartner Magic Quadrant Leader for 8 straight years
This Magic Quadrant graphic was published by Gartner, Inc. as part of a
larger research note and should be evaluated in the context of the entire
report. The Gartner report is available upon request from
Symantec. Gartner does not endorse any vendor, product or service
depicted in our research publications, and does not advise technology
users to select only those vendors with the highest ratings. Gartner
research publications consist of the opinions of Gartner's research
organization and should not be construed as statements of fact. Gartner
disclaims all warranties, expressed or implied, with respect to this
research, including any warranties of merchantability or fitness for a
particular purpose
16
Source: Gartner, Inc., Magic Quadrant for Content-
Aware Data Loss Prevention, Eric Ouellet, January 3,
2013
18. WEBCAST: WHAT’S YOURS IS MINE
Symantec Difference – Detection Technology
Described
Content Matching
Indexed Document
Matching
DESCRIBED DATA
Non-indexable data
Lexicons
Regular Expressions
Data Identifiers
STRUCTURED DATA
CUSTOMER DATA
Customer / Employee
Data
Partial row matching
Near perfect accuracy
UNSTRUCTURED DATA
INTELLECTUAL PROPERTY
Designs / Source /
Financials
Derivative match
Near perfect accuracy
300M+ rows per server 5M+ docs per server
Exact Data
Matching
18
19. WEBCAST: WHAT’S YOURS IS MINE
Symantec Difference – Granular Policies & Workflow
• Notifications
• Emails to sender/manager/IT Security, on-
screen pop-up, marker file, SysLog alert, etc.
• Blocking
• SMTP, HTTP/S, FTP, IM, USB/CD/DVD,
print/fax, copy/paste, etc.
• Modification
• For conditional encryption
• Relocate or copy file at rest
• Network Protect or Endpoint Discover
• FlexResponse for custom actions
• Two main ways of detection
1. Described data (DCM)
• Keywords, data identifiers, regular
expressions, file type, etc.
• Sender or recipient attributes
2. Fingerprinted data
• Structured data (EDM)
• Unstructured data (IDM)
• Match count threshold
• And / or / if logic, including exceptions
Detection Rules Response Rules
Data Loss Policy
• Easily build from
scratch or customize
60+ policy templates
19
20. WEBCAST: WHAT’S YOURS IS MINE
Symantec Difference – Workflow
80% of DLP is Incident Response
20
Right Automation Resolution, Enforcement, Notification
Right Person Route Incidents to Right Responder
Right Order High Severity of Incidents First
Right Information 5 Second Test
Right Action 1 Click Response
Right Metrics Prove Results to Execs and Auditors
21. WEBCAST: WHAT’S YOURS IS MINE
1000
800
600
400
200
0
Continuous Risk Reduction
21
Competitive
Trap
Risk Reduction Over Time
IncidentsPerWeek
Visibility
Remediation
Notification
Prevention
23. WEBCAST: WHAT’S YOURS IS MINE
Symantec Data Loss Prevention Products
23
Management Platform
Symantec Data Loss Prevention Enforce Platform
STORAGE ENDPOINT
Network Discover
Network Protect
Data Insight
Endpoint Discover
Endpoint Prevent
DLP for Mobile
Network Monitor
Network Prevent for
Email
Network Prevent for
Web
NETWORK
24. WEBCAST: WHAT’S YOURS IS MINE
The INSIGHT DLP Appliance
24
• Purpose-built network appliance for
Symantec DLP software
• Four models offer scalability for any size
network environment
• Two “Director models” are home to
Enforce Management Platform, Oracle
database, Data Insight, and detection
servers
• Two “Sensor” models are home to
additional detection servers and can be
deployed in remote locations or
additional network egress points
• Fully supported by infoLock Technologies
26. WEBCAST: WHAT’S YOURS IS MINE
• Data Insight
– Identifies data owners
– Monitors data usage
– Reviews permissions
• Integrates with Data Loss
Prevention & Archiving
Symantec Data Insight Improves Data Governance
Users
Data (File Servers)
File Activity Monitoring Technology
Symantec Data Insight
Microsoft Windows • NetApp DataONTAP • Microsoft Sharepoint
EMC Celerra • UNIX file servers with Veritas File System
26
27. WEBCAST: WHAT’S YOURS IS MINE
Data Insight Use Cases
2727
• Identify stale and orphan
data and drive cleanup
• Build a consumption based
chargeback model
• Understand usage and
consumption patterns
• Manage custodians that
need to be engaged in
compliance efforts
• Automate data access
reviews
• Adhere to data retention
guidelines
• Remediate sensitive data
through the integration
with Symantec Data Loss
Prevention
• Audit historical access,
monitor sensitive data usage
• Find data at greatest risk of
exposure and lockdown
Improved Data
Management
Achieve
Compliance
Protect Data from
Security Risks
30. WEBCAST: WHAT’S YOURS IS MINE
Defense-In-Depth: Encryption + Data Loss Prevention
30
Network DLP / Email Gateway Encryption
•Automatically encrypt emails containing sensitive data
•Notify employees in real time/context about encryption
policies and tools
Storage DLP / Shared Storage Encryption
•Discover where confidential data files are stored and
automatically apply encryption
•Ease the burden to staff with near transparence
Endpoint DLP / Endpoint Encryption
•Target high risk users by discovering what laptops contain
sensitive data
•Protect & enable the business by targeting encryption
efforts to sensitive data moving to USB devices
31. WEBCAST: WHAT’S YOURS IS MINE
Symantec Enterprise Mobility Products
Mobile Management
(MDM)
•Configuration, control
and management of
mobile devices
•Policies applied to
devices
App Center
(MAM)
•Configuration,
distribution and
management of mobile
apps/content
•Policies applied to apps
(app wrapping)
•Enterprise App Store
Mobile Security
(Threat Protection)
•Protect mobile devices
from malware and
unauthorized data
access
Symantec Mobile Management Suite
31
32. WEBCAST: WHAT’S YOURS IS MINE
Symantec Data Loss Prevention for Mobile
Corporate Email
Web Applications
Third Party Apps
Monitor confidential data downloaded to
company and employee-owned devices
Monitor and block confidential data sent
from company-owned devices
Mobile Email Monitor Mobile Prevent
32
33. WEBCAST: WHAT’S YOURS IS MINE 33
For more information:
Chris Wargo
cwargo@infolocktech.com
Thank you!