Exploring the Future Potential of AI-Enabled Smartphone Processors
RSA 2010 Kevin Rowney
1. SECURITY BASICS BOOT
CAMP: Intrusion
Title of Presentation
detection and data loss
prevention
Kevin Rowney
Symantec Corporation.
Session ID: TUT-M51
2. Agenda
What are the challenges today around data loss?
What is Data Loss Prevention (DLP)?
How does DLP address key challenges?
How does DLP work?
2
3. • What are the challenges
today around data loss?
3
4. Data Loss Prevention is a
285 million records were stolen
in 2008, which is more than the
top 3 security project in 2010.
last 3 years combined
- Gartner Top 10 Security Priorities for 2010 - PrivacyRights.org
Cyber crime has surpassed illegal drug trafficking as a criminal moneymaker.
5. Cost of a Data Breach is Increasing
83 Million The total number of consumer records in publicly
reported data breaches in 2008
$6.75 Million The average cost to remediate a data breach
for US companies in 2009
$200 Billion Losses from IP theft from US companies every
year
Source: “Cost of a Data Breach Survey,” Ponemon Institute, 2009
5
6. Primary Threat Agents Behind Data Loss
Well-Meaning Malicious Insiders Hackers
Insiders
6
6
7. Methods Used in Current Hacks
DLP Risk Management Relevancy
7
7
8. Methods Used in Current Hacks
1 2 3 4
INCURSION DISCOVERY CAPTURE EXFILTRATION
Attacker breaks into the Hacker then maps Accesses data on Confidential data sent to
network by targeting organization’s defenses unprotected systems back to enemy’s “home
vulnerable system or from the inside base” for exploitation
naïve employees Installs malware to and fraud
Creates a battle plan secretly acquire crucial
data
8
8
9. Intrusion Detection
Act of detecting actions that attempt to
compromise the confidentiality, integrity or
availability of a resource.
Manual Automatic
intrusion intrusion
log file
detection prevention
review
system (IDS) system (IPS)
9
10. DLP Answers 3 Questions About Risk of Breach
Where is your How is it How best to
confidential data? being used? prevent its loss?
10
11. Key DLP Capabilities
DISCOVER MONITOR PROTECT
• Find data wherever it is • Understand how data is • Proactively secure data
stored being used
• Prevent confidential data
• Create inventory of • Understand content and loss
sensitive data context
• Enforce data protection
• Manage data clean up • Gain visibility into policy policies
violations
MANAGE
• Define unified policy • Remediate and • Detect content accurately
across enterprise report on incidents
11
12. How It Works
DISCOVER MONITOR PROTECT
2 3 4
• Identify scan targets • Inspect data being sent • Block, remove or encrypt
• Run scan to find sensitive • Monitor network & endpoint • Quarantine or copy files
data on network & endpoint events • Notify employee & manager
MANAGE
MANAGE
• Enable or customize 5 • Remediate and report
1 policy templates on risk reduction
1
13. Data Loss Prevention Architecture
MTA or Proxy
SPAN Port or Tap
Disconnected SECURED CORPORATE LAN DMZ
13
20. DLP for Endpoint – Use Cases
MTA or Proxy
DISCOVER SPAN Port or Tap
MONITOR
PROTECT
Disconnected SECURED CORPORATE LAN DMZ
20
21. Fix Exposed Data on a Desktop
Call center records improperly stored on an Endpoint
2
21
22. Clean Up Exposed Data on a Desktop
Call center records improperly stored on an Endpoint
Notify user via automated email.
Empower users to self remediate.
2
22
24. Protect Competitive Advantage
Pricing copied to USB
Stop it from being copied to USB.
Notify User. Launch investigation.
2424
25. Prevent Breach of Customer Data
Sensitive data sent via personal webmail
Block the email.
On or off the corporate network.
25
26. Continuous Risk Reduction
Visibility
1000
Remediation
800
Notification
Incidents Per Week
600
400
Prevention
200
0
Risk Reduction Over Time
27. Expected Measurable Risk Reduction
Financial Business
Healthcare Insurance Manufacturing
Services Services
70% risk 80% risk 95% reduction 97% risk 98% reduction
reduction due reduction in 20 in new reduction due to in unauthorized
to employee days with incidents within structured data sharing of
education automated one year due to detection of design specs
notification automated every U.S. with
protection citizen’s SSN and fingerprinted
identify detection
information
28. How Most Enterprises Get Started with DLP
Define your • In your enterprise, is exposure likely to translate to
breach?
requirements: Is • Do these threat models make sense to the “C-level”
DLP for you? execs?
• DLP risk-assessments are an easy way to measure
How big is your exposure
company’s risk? • In many cases, risk-assessments catch live breaches
on site
Explore initial
discussions with • Who’s solution is the best fit for your requirements?
vendors
2