DATA LOSS PREVENTION PROTECTING YOUR INFORMATION AND REPUTATION. Petr Zahálka / Prosinec 2016

Transcription

1 DATA LOSS PREVENTION PROTECTING YOUR INFORMATION AND REPUTATION Petr Zahálka / Prosinec 2016

2 Cyber Security Services Arm your team with actionable insights Extend your team with experts who interpret and prioritize critical events to respond faster than you can alone Threat Protection Protect against the most advanced threats with complete protection from endpoint, to , to servers, to cloud Information Protection Safeguard your information everywhere by keeping track of it when it s in motion, at rest or in use Unified Security Analytics Platform Leverage Symantec Cyber Security Services, Threat Protection and Information Protection solutions in one platform and collect deep actionable intelligence from telemetry no other security solutions provider can claim Copyright 2015 Symantec Corporation

3 Cloud & Mobile Create new information protection risks and challenges Cloud Mobile BYOD You don t own the app You don t own the infrastructure You can s say no Your security slows me down I expect an insanely great user experience You don t own the device You can t lock my device down I will use the device and app I want Symantec Data Loss Prevention Customer Presentation 3

4 People And their behavior increase risk of data loss User habits and expectations are evolving Creating, storing and consuming more information outside the corporate perimeter Authorized and unauthorized cloud and mobile apps Sharing data that shouldn t be shared Storing sensitive information where it s vulnerable to loss or theft 4

5 79% of corporate executives admitted to behaviors that put corporate data at risk: 53% uploaded company documents to USB drives 51% ed documents from personal addresses 44% Uploaded documents to file sharing sites *Source: Protecting Corporate Information in the Cloud; WSJ Custom Studios 5

6 Information is everywhere. How much is outside your view and control? of business critical apps are housed in the cloud but IT isn t aware of nearly half of them *Source: Protecting Corporate Information in the Cloud; WSJ Custom Studios 6

7 Information is everywhere. How much is outside your view and control? of business information is stored in the cloud, yet over one third of it isn t visible to IT *Source: Protecting Corporate Information in the Cloud; WSJ Custom Studios 7

8 Information is everywhere. How much is outside your view and control? Of employees using their own devices (BYOD) to connect to the cloud *Source: Protecting Corporate Information in the Cloud; WSJ Custom Studios 8

9 Introduction Symantec Data Loss Prevention 9

10 Protect Sensitive Data over cloud Betty G. - Well Meaning Insider HR Manager Insurance Company Detection and Response Problem DLP Response Action Result Betty attempts to confidential employee data without knowing it Cloud: DLP inspects content and context for policy match as leaves Office 365 Endpoint: DLP inspects the mail when user hits send Cloud: Monitor, notify user, encrypt or block Endpoint: Display pop-up, justify, block , remove content Secure your most sensitive assets keep the malicious outsider from finding them Advantage Detection High-performance Off Network Coverage Flexible Response 10

11 Discover Data Spills and clean them up Charles N. - Well Meaning Insider Software Developer Investment Banking Firm Detection and Response Problem DLP Response Action Result Charles inadvertently stores source code on an unprotected share Network Discover scan finds the exposed source code, Data Insight IDs Charles as the file owner Network Protect can: Notify Charles Encrypt the data Move the file Apply rights management policies Secure your most sensitive assets keep the malicious outsider from finding them Advantage Broad Scan Coverage Data Owner ID Encryption Data Owner Remediation 11

12 Introduction Symantec Data Loss Prevention Where does your confidential data live? Discover Locate where your sensitive information resides across your cloud, mobile, network, endpoint and storage systems 12

13 Introduction Symantec Data Loss Prevention How is it being used? Monitor Understand how your sensitive information is being used, including what data is being handled and by whom 13

14 Introduction Symantec Data Loss Prevention How do you prevent data loss? Protect Stop sensitive information from being leaked or stolen by enforcing data loss policies and educating employees 14

15 Our approach Gives you comprehensive coverage across all channels Mobile Cloud On-premise Unified Policies, Management, and Reporting Copyright 2015 Symantec Corporation 15

16 Protects Your most important, high-value data Customer Information Credit Card Info Company Information Intellectual Property Medical Records M&A and Strategy SSNs and Government IDs Internal Auditing Financials HR Records

17 Manage easily With unified data loss policies Detection Response Content Context Action Notification Credit Cards SSNs Intellectual Property Who? What? Where? Notify Justify Encrypt Prevent User Manager Security Escalate 17

18 Catch more sensitive data With advanced content detection technologies Described Content Matching Exact Data Matching Indexed Document Matching Vector Machine Learning DESCRIBED DATA STRUCTURED DATA CUSTOMER DATA UNSTRUCTURED DATA IP UNSTRUCTURED DATA IP Non-indexable data Credit card, Government IDs, Pricing Designs, Source Code, Financials Designs, Source Code, Financials Lexicons Partial row matching Derivative match Derivative match Data Identifiers Near perfect accuracy Near perfect accuracy Very High Accuracy 18

19 Respond faster With sophisticated incident remediation workflow 90% of DLP is Incident Response Right Automation Resolution, Enforcement, Notification Right Person Route Incidents to Right Responder Right Order High Severity of Incidents First Right Information 5-Second Test Right Action 1-Click Response Right Metrics Prove Results to Execs and Auditors

20 Respond faster By knowing who owns the data Monitor file access and usage Identify true data owners Alert you to anomalous user activities Motivate users to self-remediate incidents Copyright 2015 Symantec Corporation 20

21 Protect Data In the cloud Symantec DLP FOR CLOUD STORAGE Symantec DLP Cloud Service FOR Symantec DLP Cloud Prevent FOR MICROSOFT OFFICE 365 Copyright 2015 Symantec Corporation 21

22 Protect cloud data in Box Scan Box Accounts TO DISCOVER SENSITIVE DATA Protect confidential files USING YOUR EXISTING DLP POLICIES Actively encourage self-remediation WITH VISUAL FILE TAGS, NOTIFICATIONS S, AND A SELF-SERVICE PORTAL Copyright 2015 Symantec Corporation 22

23 Protect cloud data In Office 365 and Gmail Single, convenient cloud-based protection solution Stop malware, spam and malicious links Protect against data breaches Combines industry-leading security and DLP 23

24 Comprehensive Content-Aware Data Loss Prevention DLP Enforce Platform DLP for Cloud DLP for Network DLP for Storage DLP for Endpoint DLP for Mobile Copyright 2015 Symantec Corporation 24

25 Comprehensive Content-Aware Data Loss Prevention DLP Enforce Platform As your data spreads across a wider range of applications and devices, the ability to consistently define and enforce policies becomes even more critical. Symantec s DLP solution delivers the broadest discovery, monitoring and protection across cloud, network, storage, endpoints and mobile devices all from a single, unified management console, DLP Enforce Platform, that gives you the ability to write policies once and then enforce them everywhere. Copyright 2015 Symantec Corporation 25

26 Comprehensive Content-Aware Data Loss Prevention DLP for Cloud - DLP CLOUD SERVICE FOR - DLP CLOUD PREVENT FOR OFFICE DLP FOR CLOUD STORAGE Copyright 2015 Symantec Corporation 26

27 Comprehensive Content-Aware Data Loss Prevention DLP for Network - DLP NETWORK MONITOR - DLP NETWORK PREVENT FOR - DLP NETWORK PREVENT FOR WEB Copyright 2015 Symantec Corporation 27

28 Comprehensive Content-Aware Data Loss Prevention DLP for Storage - DLP NETWORK DISCOVER - DLP NETWORK PROTECT - DLP DATA INSIGHT Copyright 2015 Symantec Corporation 28

29 Comprehensive Content-Aware Data Loss Prevention DLP for Endpoint - DLP ENDPOINT DISCOVER - DLP ENDPOINT PREVENT Copyright 2015 Symantec Corporation 29

30 Comprehensive Content-aware Data Loss Prevention DLP for Mobile - DLP MOBILE MONITOR - DLP MOBILE PREVENT Copyright 2015 Symantec Corporation 30

31 Incidents Per Week Proven Methodology for risk reduction Visibility Remediation Notification Prevention Risk Reduction Over Time

32 Why Symantec Innovation and market leadership 9 Consecutive Years of Technology Leadership 32

33 Why Symantec Innovation and market leadership The Global Market Leader in DLP 33

34 Why Symantec Innovation and market leadership Used by Over Half of the Fortune

35 Symantec Data Loss Prevention A unified solution for all your data loss channels Cloud & Mobile Endpoint Network Storage Copyright 2015 Symantec Corporation 35

36 Next Steps Data Loss Prevention Copyright 2015 Symantec Corporation

37 Shrnutí Ochrana dat musí být cílená Potřebuji vědět kde data leží a jak se s nimi pracuje Potřebuji pokrýt všechna rizika, všechny vektory úniku Lepší je mít jedno řešení, které mi zajistí kompletní ochranu, než mít více oddělených Pozor na právní důsledky podrobného monitorování korespondence a činnosti uživatelů Pokud potřebujete pomoci s analýzou stávajícího stavu a navrhnout optimální řešení obraťte se na nás! Copyright 2015 Symantec Corporation 37

38 THANK YOU Ing. Petr Zahálka Avnet s.r.o

39 APPENDIX

40 Protect Sensitive Data over cloud Betty G. - Well Meaning Insider HR Manager Insurance Company Detection and Response Problem DLP Response Action Result Betty attempts to confidential employee data without knowing it Cloud: DLP inspects content and context for policy match as leaves Office 365 Endpoint: DLP inspects the mail when user hits send Cloud: Monitor, notify user, encrypt or block Endpoint: Display pop-up, justify, block , remove content Secure your most sensitive assets keep the malicious outsider from finding them Advantage Detection High-performance Off Network Coverage Flexible Response 40

41 Discover Data Spills and clean them up Charles N. - Well Meaning Insider Software Developer Investment Banking Firm Detection and Response Problem DLP Response Action Result Charles inadvertently stores source code on an unprotected share Network Discover scan finds the exposed source code, Data Insight IDs Charles as the file owner Network Protect can: Notify Charles Encrypt the data Move the file Apply rights management policies Secure your most sensitive assets keep the malicious outsider from finding them Advantage Broad Scan Coverage Data Owner ID Encryption Data Owner Remediation 41

42 Gain Visibility and Control of information in cloud storage Sanjay V. - Well Meaning Insider Assistant Controller Manufacturing Company Detection and Response Problem DLP Response Action Result Sanjay copies prereleased financial data to a cloud storage site Cloud Storage scans Box for sensitive files and tags them Endpoint: DLP detects sensitive files before upload to personal cloud storage Enable user selfremediation via Data Insight self service portal Block sensitive files Higher visibility into where data is going Change users behavior Advantage Lightweight Agent Cloud Storage Unified Policies 42

43 Prevent Information theft Mimi L. - Malicious Insider Soon-to-be-former Account Executive Staffing Firm Detection and Response Problem DLP Response Action Result Unhappy or departing employees copy or share client records and resumes via or removable storage DLP monitors desktop and network activity Notify (warn) the user of their actions Inform manager, security and/or HR Stop the transmission or copy Information assets don t leave with the employee People know they are being monitored Advantage Continuous Coverage on PCs Custom Pop-ups Incident Escalation Content Removal 43

44 Ochrana dat x ochrana soukromí Ochrana soukromí x ochrana majetku Jedná se o střet těchto práv Implementace monitoringu znamená splnit třístupňový test proporcionality Vhodnost Potřebnost Porovnání, vyvážení

45 Vhodnost Umožňuje opatření, kterým zasahujeme do práva na soukromí (nebo jej omezujeme) vůbec dosáhnout sledovaný cíl? Pokud podezříváme zaměstnance z toho, že odesílá data em konkurenci, je vhodné uchovávat i obsah soukromé korespondence neobsahující firemní data? Jak takové y poslouží k deklarovanému účelu?

46 Potřebnost Pokud jsme zvolili vhodné opatření, měli bychom jej porovnat s jinými v úvahu připadajícími opatřeními, umožňujícími dosáhnout stejného cíle, avšak nedotýkajícími se základních práv a svobod, respektive zasahujícími do konfliktních práv v menší míře.

47 Porovnání, vyvážení Zvážení zásahu do soukromí bude nutné často učinit až v konkrétních případech: paušalizované reakce na zjištěný problém (narušení pravidel, výskyt definovaného stavu) nemusí odpovídat adekvátní obraně práv zaměstnavatele Pokud se přesto nekvalifikovaně rozhodneme zásah do soukromí učinit, může být ve svém důsledku protiprávní