Augmenting existing security infrastructure to mitigate information borne risks

Similar documents
PCI Compliance Best Practice:

Best Practice Guide. Encryption and Secure File Transfer

Clearswift Hosting Options

Clearswift & Sandbox Technology. Version 1.1

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

Office 365 Buyers Guide: Best Practices for Securing Office 365

Securing Office 365 with SecureCloud

PCI DSS Compliance. White Paper Parallels Remote Application Server

Essential Steps to Security. A Clearswift Best Practice Guide

Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro

CloudSOC and Security.cloud for Microsoft Office 365

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Securing Your Most Sensitive Data

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

FIREWALL BEST PRACTICES TO BLOCK

CipherCloud CASB+ Connector for ServiceNow

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

BEST PRACTICES FOR PERSONAL Security

Who s Snooping on Your ?

Business Strategy Theatre

Getting over Ransomware - Plan your Strategy for more Advanced Threats

SEG vs Office 365 Security Features. Feature outline

Office 365 Integration Guide Software Version 6.7

Simple and Powerful Security for PCI DSS

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Security Gap Analysis: Aggregrated Results

Complying with PCI DSS 3.0

Cybersecurity The Evolving Landscape

Copyright 2011 Trend Micro Inc.

Phishing in the Age of SaaS

10 FOCUS AREAS FOR BREACH PREVENTION

Symantec Protection Suite Add-On for Hosted Security

Reduce Your Network's Attack Surface

Protect your business in today s fast-changing security and risk environment.

Compliance in 5 Steps

Mitigating Risks with Cloud Computing Dan Reis

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

GLBA. The Gramm-Leach-Bliley Act

A Beginners Guide to DLP: The What, the Why and the How

Network Security Protection Alternatives for the Cloud

Security Policy (EN) v1.3

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Security Landscape Thorsten Stoeterau Security Systems Engineer - Barracuda Networks

trend micro smart Protection suites

Protecting from Attack in Office 365

ELIMINATING ZERO-DAY MALWARE ATTACKS IN DOCUMENTS DO NOT ASSUME OPENING A NORMAL BUSINESS DOCUMENT IS RISK FREE

June 2 nd, 2016 Security Awareness

Endpoint Protection : Last line of defense?

MaaS360 Secure Productivity Suite

Security. The DynaSis Education Series for C-Level Executives

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Have breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking?

Integrated Access Management Solutions. Access Televentures

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Agenda. Introduction & Drivers of Networks DLP. Requirements, Challenges of Network DLP. Addressing Network DLP with Fidelis XPS

University of Pittsburgh Security Assessment Questionnaire (v1.7)

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

SECURITY SERVICES SECURITY

IBM Security Network Protection Solutions

Total Threat Protection. Whitepaper

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Cloud Security & Advance Threat Protection. Cloud Security & Advance Threat Protection

BUFFERZONE Advanced Endpoint Security

Verizon Software Defined Perimeter (SDP).

Shortcut guide to Web application firewall deployment

>MESSAGELABS END USER IT SECURITY GUIDE >WHAT STEPS CAN YOU TAKE TO KEEP YOURSELF, YOUR COLLEAGUES AND YOUR COMPANY SAFE ONLINE?

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

IP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice

Security Awareness Training Courses

McAfee Total Protection for Data Loss Prevention

SONICWALL SECURITY HEALTH CHECK SERVICE

DIGITAL TRUST Making digital work by making digital secure

Cyber Security Stress Test SUMMARY REPORT

The 2017 State of Endpoint Security Risk

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Security industry overview December 2016

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

Server Protection Buyers Guide

MESSAGING SECURITY GATEWAY. Solution overview

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER

68 Insider Threat Red Flags

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

The Mimecast Security Risk Assessment Quarterly Report May 2017

Building a Smart Segmentation Strategy

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

TREND MICRO SMART PROTECTION SUITES

CIPHERPOST PRO. A Profitable, Essential Value-Add for Office 365

to Enhance Your Cyber Security Needs

Microsoft Office 365 TM & Zix Encryption

SONICWALL SECURITY HEALTH CHECK SERVICE

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Train employees to avoid inadvertent cyber security breaches

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

A practical guide to IT security

Transcription:

Augmenting existing security infrastructure to mitigate information borne risks Copyright Clearswift 2017 V1.0 www.clearswift.com

Contents Introduction 3 Advanced Information Borne Threats 3 Deep Content Inspection and Consistency 4 Adaptive Redaction 5 Security+ for Email 6 Security+ for Exchange 7 Security+ for Web 7 Security+ in the Cloud 8 Summary 9 About Clearswift 10 Figures Figure 1: Advanced threats lead to data loss and business risk 4 Figure 2: Deep Content Inspection in action 4 Figure 3: Security+ for Email augments existing security infrastructure 6 Figure 4: Security+ for Exchange enables additional internal security 7 Figure 4: Security+ for Web augments existing Internet security 8 2 Security+ Whitepaper www.clearswift.com

Introduction Today, all organizations have information security technology in place, but much of it is centered on traditional security applications. For example, anti-virus as part of an endpoint security solution, firewalls and intrusion detection / prevention systems on the network. Often there is additional security around email, in the form of an email gateway offering additional anti-virus and anti-spam detection, while another gateway on the web will also offer anti-virus scanning and URL filtering. Times have changed. Threats have evolved as has data protection legislation and organizations are being forced to reassess their information security strategy. Ransomware and advanced persistent threats are becoming increasingly commonplace. Threats are now cleverly hidden in innocuous documents which are then targeted at individuals in organizations and when opened, the malware is activated and the infection begins. Furthermore, the existing Payment Card Industry Data Security Standard (PCI DSS) and the introduction of the EU s General Data Protection Regulation (GDPR) are creating the need for increased information governance for organizations of all sizes and across all verticals. The scope of the legislation reaches further than the EU, with global organizations who deal with EU citizen data being required to comply or face significant fines. While new technology exists to mitigate against this next generation of threats and aid compliance, many organizations have investment in existing security solutions, so a rip-and-replace strategy is not an option. This is where Clearswift s Security+ is a real benefit. Security+ enables organizations to augment existing security infrastructure rather than replacing it, which effectively enhances infrastructure already in place with additional threat protection and data loss prevention features. Advanced Information Borne Threats Cyber-attacks today are not easy to spot as they are embedded into innocuous documents which can be distributed through many different communication channels, see Figure 1: Advanced threats lead to data loss and business risk. This might be malware which is targeted at specific individuals in a business, for example, it might be a CV sent to the HR department, or an invoice sent to the Finance department. Other information loss risks could be a simple cut and paste error from one document to another which results in confidential information being shared with unauthorized individuals. Or sensitive information in the form of document metadata and revision history inadvertently leaked outside an organization. This data can be harvested by cyber-criminals and used to create targeted phishing attacks. 3 Security+ Whitepaper www.clearswift.com

Websites & Apps Cloud Storage & Apps Documents (Metadata) Social Media Email Figure 1: Advanced threats lead to data loss and business risk Deep Content Inspection and Consistency Clearswift has spent more than twenty years developing its Deep Content Inspection (DCI) technology which takes documents and breaks them into their constituent parts. For example this might be an email with a zip file attachment. Inside the zip, see Figure 2: Deep Content Inspection in action, may be a number of documents, and the documents may have further embedded documents. DCI, continuously decomposes the items until there are only single items left. The DCI engine can then continue its inspection at the information level, for example to find a credit card number or other confidential information. ZIP DOC PDF TXT JPG TXT PNG XLS JPG EXE Figure 2: Deep Content Inspection in action Clearswift uses the same DCI in all its products which also share the same policy engine to ensure consistency, because when it comes to security, consistency is imperative. If there is a weak link in the IT environment, then this will be used by attackers to mount their attack. While the policy engine may be the same, the actions taken can be different and based on the context of the communication. Context consists of the originator, the recipient and the method of communication, for example email, through the web or copying to a USB stick. So, the same document being emailed could be encrypted, an upload to a website could result in redaction, while copying to a USB stick could be blocked. However, these actions can also vary based on the individual, so the CEO may be allowed more (or less) flexibility compared to someone working in Finance. 4 Security+ Whitepaper www.clearswift.com

Adaptive Redaction Adaptive Redaction (AR) was developed to overcome advanced information borne threats and to solve the fundamental challenge which most traditional Data Loss Prevention (DLP) solutions have; the false positive. AR works in conjunction with the DCI engine to modify the content of documents, including email, MS Office documents, Open Office documents, HTML, web pages and PDF, to ensure that policy is not breached, but the communication still occurs. There are three components to AR: Data Redaction Replaces sensitive visible information from a document with ***, for example Personally Identifiable Information (PII), or Credit Card data (PCI) which has been cut and pasted in error, or inadvertently left in a document or email. Document Sanitization Removes sensitive invisible information from a document, such as the author name in document properties or any other properties which could create a potential data leak. It can also remove revision history, fast save and comments. Structural Sanitization Removes active content, such as macros and embedded executables from a document. Deep Content Inspection can occur at all levels of embedded documents ensuring that critical information is protected at all times. The false positive is a problem which occurs in traditional Data Loss Prevention solutions whereby an overzealous (or inaccurate) policy stops communication from flowing when it is in fact a legitimate. The result is, while the information may have been protected, the blocked communication stops business. This causes frustration across the organization; the sender who thinks their communication has gone but it hasn t, the IT or other department who needs to deal with the blocked communication and re-write the policy, and for the recipient who was expecting something which hasn t been delivered. Adaptive Redaction, specifically the Data Redaction component, will remove that piece of the document but leave the rest to continue on. Furthermore, if there is a need for the original document to be sent on, then a very simple mechanism is used whereby the sender s manager (and/or a specific department or group) can authorize the release and sending of the original. This adaptive approach to DLP reduces the operational overheads which would otherwise occur. Distributed operations and ease of use are key to Clearswift solutions. 5 Security+ Whitepaper www.clearswift.com

Security+ for Email Email remains the most used business tool for organizations of all sizes and across all verticals, vital for both internal and external collaboration. However, it has also become the most significant threat vector for social engineering and the delivery of ransomware. Most organizations have an email security gateway where anti-virus and anti-spam technology is deployed to protect users. While these technologies are still relevant, there is now a need for further protection to be deployed. Email with Threats Protected Email (Threats removed) Internet Non-Clearswift Email Security Gateway SECURITY+ for Email Email Solution, e.g. Microsoft Exchange Users Figure 3: Security+ for email augments existing security infrastructure Security+ for Email enables existing IT security infrastructure to deploy the latest state of the art email security technology to augment any existing solutions, see Figure 3: Security+ for email augments existing security infrastructure. Clearswift s ARgon for Email is the cornerstone of Security+ for email and enables business to mitigate risk through the Adaptive Redaction functionality. A set of default polices are provided to protect against the most common threats at your perimeter: 1) Remove active content from email and documents. Protects against malware and ransomware. 2) Remove document properties, revision history and fast save data. Protects against information harvesting that can be used for targeted phishing. 3) Removal of credit card details. This example of data redaction will mitigate the risk of PCI DSS non-compliance. The default policies can be customized to cover organization specifics. Clearswift policies are direction agnostic, so can be applied in either direction. For example, data redaction can be used to remove credit card information from coming into the email system as well as preventing it from leaking out. This is useful if the email system is not PCI DSS compliant. Similarly, structural sanitization can be used to remove active content as it leaves the organization. One example of this is with financial institutions where macros in spreadsheets are part of their Intellectual Property (IP) and so shouldn t be shared. Automating the removal protects the IP and doesn t rely on users needing to remember to do it manually. 6 Security+ Whitepaper www.clearswift.com

Security+ for Exchange While many organizations are improving their security around collaboration solutions by restricting access, internal email still remains a risk as anybody can send anything to anyone internally. While all employees should be deemed as trustworthy, experience would indicate that this isn t always the case. The likes of Bradley Manning and Edward Snowden are high profile instances of malicious insiders, while the lower profile breach at Sage in 2016 is another more regular occurrence. Traditional Data Loss Prevention tackles information leaving an organization, but the Clearswift SECURE Exchange Gateway enables organizations to augment their Microsoft Exchange environment with internal DLP and Adaptive Redaction. As the solution is off-box and direction agnostic, the impact to the Exchange server performance is minimal and all email can be monitored and action taken if required, see Figure 4: Security+ for Exchange enables additional internal security. SECURITY+ for Exchange Blocked Interceptor Sent Micosoft Exchange Server Delivered Figure 4: Security+ for Exchange enables additional internal security As with all Clearswift products, the same Deep Content Inspection engine is used, so the policies can remain consistent with other deployed solutions. As this is about internal email, most deployments are around detection rather than blocking or redaction. Default redaction policies are available to prevent propagation of Credit Card numbers through the organization, but its primary use is to segregate business units from unauthorized sharing of critical information without the need for a complete segregated Exchange solution. 7 Security+ Whitepaper www.clearswift.com

Security+ for Web In the same way that most organizations have some email security, they also have some level of web security. Usually this is through a proxy which can carry out URL filtering and anti-virus scanning on downloaded files. Proxies, such as those from Blue Coat or F5 have the ability to add additional functionality through a standardized interface, ICAP. The Clearswift SECURE ICAP Gateway can be used in conjunction with any proxy to add another level of security to prevent information borne threats, see Figure 4: Security+ for Web augments existing Internet security. SECURITY+ for Web File / HTML Page with Threats Protected File / HTML Page (Threats removed) Users Non-Clearswift Web Security Gateway / Proxy Figure 4: Security+ for Web augments existing Internet security Security+ for the web can also be used in a reverse proxy configuration, whereby corporate websites can be protected both from the upload of documents with malware and ensure that document properties and other information which is frequently harvested to aid in phishing attacks is automatically removed from any documents which are downloaded. As with Security+ for Email, there are default polices which can be deployed to ensure consistent protection across both email and the web. Customized polices can be used to add additional controls, over specific web sites including social media and cloud collaboration sites. More than seventy percent of ransomware attacks are delivered through the web. The most popular documents are CVs and job offers. These can be delivered as an attachment to an email, but are often a URL from which the document can be downloaded. In many cases these are also accessed through an employee s personal web based email. Security+ in the Cloud Many organizations are moving their applications into the cloud. While some cloud application vendors offer rudimentary security around their solutions it is generally accepted that more is required, especially to address compliance needs and mitigate advanced threats. Security+ can be deployed on premise, or in the cloud, offering flexibility to support the organizations working practices and strategic direction. 8 Security+ Whitepaper www.clearswift.com

Summary Today s security threats are constantly evolving and the CIO needs to protect the organization from both attacks and data loss risks. However, changing IT infrastructure is not something which can be done quickly and simply, which leaves the organization at risk from the new threats. Security+ from Clearswift enables protection against the new threats by augmenting the existing IT security infrastructure rather than requiring it all to be replaced. Clearswift Security+ is available for both email and the web to ensure a consistent protection across all communication channels. 9 Security+ Whitepaper www.clearswift.com

Clearswift is trusted by organizations globally to protect their critical information, giving them the freedom to securely collaborate and drive business growth. Our unique technology supports a straightforward and adaptive data loss prevention solution, avoiding the risk of business interruption and enabling organizations to have 100% visibility of their critical information 100% of the time. For more information, please visit www.clearswift.com. United Kingdom Clearswift Ltd 1310 Waterside Arlington Business Park Theale, Reading RG7 4SA UK Germany Clearswift GmbH Im Mediapark 8 D-50670 Cologne GERMANY United States Clearswift Corporation 309 Fellowship Road Suite 200 Mount Laurel, NJ 08054 UNITED STATES Japan Clearswift K.K Shinjuku Park Tower N30th Floor 3-7-1 Nishi-Shinjuku Tokyo 163-1030 JAPAN Australia Clearswift (Asia/Pacific) Pty Ltd Level 17 Regus Coca Cola Place 40 Mount Street North Sydney NSW 2060 AUSTRALIA www.clearswift.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback