Symantec DLP: Detection Innovation and Expanded Coverage

Similar documents
Symantec Data Loss Preven2on 12.5 Demo Presenta2on

Administration of Symantec Data Loss Prevention 10.5 Study Guide

McAfee Total Protection for Data Loss Prevention

RSA Data Loss Prevention (DLP)

Intelligent Edge Protection

ForeScout Extended Module for VMware AirWatch MDM

Mission Defense via Information-Centric Security

Data Leak Prevention

Encryption Vision & Strategy

Protecting Health Information

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

McAfee MVISION Cloud. Data Security for the Cloud Era

To the Designer Where We Need Your Help

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

CounterACT Afaria MDM Plugin

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

CloudSOC and Security.cloud for Microsoft Office 365

McAfee MVISION Mobile Threat Detection Android App Product Guide

McAfee Skyhigh Security Cloud for Amazon Web Services

RSA pro VMware. David Matějů. RSA, The Security Division of EMC

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

Configuration Guide. BlackBerry UEM. Version 12.9

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

The Mobile Risk Management Company. Overview of Fixmo and Mobile Risk Management (MRM) Solutions

Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro

MaaS360 Secure Productivity Suite

Data Leak Prevention

Palo Alto Networks Stallion Spring Seminar -Tech Track. Peter Gustafsson, June 2010

BlackBerry UEM Configuration Guide

Securing Your Most Sensitive Data

Seqrite Endpoint Security

Certificate Enrollment for the Atlas Platform

ForeScout Extended Module for MobileIron

Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

SEPARATING WORK AND PERSONAL

Securing Office 365 with MobileIron

Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

Bring Your Own Device. Peter Silva Technical Marketing Manager

VMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment

Lotus Protector Interop Guide. Mail Encryption Mail Security Version 1.4

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0. Feature and Technical Overview

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

ForeScout Extended Module for MaaS360

MOBILE NETWORK ACCESS CONTROL

Cisco s Appliance-based Content Security: IronPort and Web Security

Quick Wins with Data Loss Prevention How to Make DLP Work for You

VMware Tunnel Guide for Windows

RHM Presentation. Maas 360 Mobile device management

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

SAP Security in a Hybrid World. Kiran Kola

VMware Tunnel Guide for Windows

VMware Tunnel on Windows. VMware Workspace ONE UEM 1810

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Connect the Appliance to a Cisco Cloud Web Security Proxy

CipherCloud CASB+ Connector for ServiceNow

IBM MaaS360 (SaaS) 1.1 IBM MaaS360 Mobile Device Management (SaaS) and IBM MaaS360 Mobile Device Management (SaaS) Step up for existing customers

Securing Office 365 with SecureCloud

Secure IT consumeration (BYOD), users will like you How to make secure access for smart mobile devices

CAN MICROSOFT HELP MEET THE GDPR

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

Sophos Mobile Control startup guide. Product version: 7

With Aruba Central, you get anywhere-anytime access to ensure that your network is up and performing efficiently.

Cisco ISR G2 Management Overview

OWA Security & Enhancements

Symantec Endpoint Protection Family Feature Comparison

Top. Reasons Legal Teams Select kiteworks by Accellion

Nexthink V5: What is New?

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Feature and Technical Overview

Sophos Mobile. startup guide. Product Version: 8.1

SearchInform DLP. Data Loss Prevention and Insider Threat Security

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

Secure Messaging Large File Sharing

Sophos Mobile Control SaaS startup guide. Product version: 7

CIS Controls Measures and Metrics for Version 7

Sentinet for BizTalk Server SENTINET

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

CIS Controls Measures and Metrics for Version 7

CLOUD REPORT LITTLE CHANGE IN GDPR-READINESS LEVELS WITH MAY 2018 DEADLINE LOOMING. 24.6% of cloud services rated high on GDPR-readiness

IBM Advantage: IBM Watson Compare and Comply Element Classification

Netwrix Auditor for SQL Server

AT&T Endpoint Security

Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence

SAS and F5 integration at F5 Networks. Updates for Version 11.6

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

2013 InterWorks, Page 1

Audience. Overview. Enterprise Protection Platform for PCI DSS & HIPAA Compliance

Security Assessment Checklist

BYOD: BRING YOUR OWN DEVICE.

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

IBM Lotus Notes Traveler

Beam Technologies Inc. Privacy Policy

Microsoft Exchange Online

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Technical Evaluation Best Practices Guide

Use EMS to protect your mobile data and mobile app

Transcription:

Symantec DLP: Detection Innovation and Expanded Coverage Ernie Simmons, Tory Gilbert IIP Technical Field Enablement DLP: Detection Innovation and Expanded Coverage 1

Topics DLP and Detection Overview Vector Machine Learning (VML) Email Prevent and VML Endpoint Prevent and VML DLP for Tablets and VML Summary 2

DLP and Detection Overview 3

Data Loss Prevention Threat Coverage USB/CD/DVD Email DLP for Tablets: New in V11.5 Print/Fax Webmail Untrusted networks Stored data DLP Policy Monitoring & Prevention Discovery & Protection Instant Message FTP File Servers SharePoint / Lotus Notes / Exchange Databases Web servers SYMANTEC VISION 2012 4

Data Loss Policies Data Loss Policy Build from scratch or 60+ policy templates Described Data (DCM) keywords, data identifiers, regular expressions, file type Fingerprinted Data Structured data (EDM) Unstructured data (IDM) Vector Machine Learning Group-based rules (AD user groups, senders/recipients) Additional detection features Match count threshold Boolean logic (and/or/if) Exceptions Detection Rules Introduced in V11.1 Response Rules Notification by email, onscreen notification, marker file, syslog alert Blocking SMTP, HTTP/S, FTP, IM, USB/CD/DVD, Print/fax, Copy/paste File Copy or Quarantine for Network Discover (quarantine also for Endpoint Discover) Modification (SMTP) for conditional encryption, for example FlexResponse (Storage, Endpoint) API for custom responses, such as applying digital rights, encrypting files in place, and so on DLP: Detection Innovation and Expanded Coverage SYMANTEC VISION 2012 5

Detection Innovation and Expanded Coverage Vector Machine Learning Lets you detect confidential documents that can proliferate across the enterprise. Such documents often are difficult to fingerprint or describe. DLP for Tablets Extends DLP coverage, providing the DLP suite s robust policy and reporting features for ipad security. 6

Vector Machine Learning (VML) 7

Vector Machine Learning: Overview Challenges of detecting unstructured data: Keywords IDM How to identify relevant keywords? How to tune policies? What if I can t access all confidential docs? How to I account for new docs? DLP: Detection Innovation and Expanded Coverage SYMANTEC VISION 2012 Symantec Proprietary & Confidential - This information is not a commitment, promise or legal obligation to deliver any material, code or functionality 8

Vector Machine Learning: Overview (cont d) The solution: Keywords Machine Learning IDM Automates policy creation using sample docs Improves accuracy with remediation Detects new or similar content DLP: Detection Innovation and Expanded Coverage SYMANTEC VISION 2012 Symantec Proprietary & Confidential - This information is not a commitment, promise or legal obligation to deliver any material, code or functionality 9

Top VML Use Cases Create highly accurate policies around Source Code wherever it resides Detect Insurance Claim Forms that reside outside the grasp of IT Security Automatically create policies based on VML feature extraction Improve accuracy for PII policies by using VML to tune out certain categories of data DLP: Detection Innovation and Expanded Coverage SYMANTEC VISION 2012 10

VML: Definition and Uses VML detects unstructured data by determining whether analyzed content is similar to docs in a training set (collection of example documents). VML represents a third type of detection learning in addition to describing (DCM) and fingerprinting (EDM / IDM). When to use: Yes No Unstructured and textual Data set highly distributed, difficult to collect Very difficult to describe Unstructured and binary Data set centralized and/or small Easy to describe 11

VML: Example Data Source code Reports and forms Legal contracts Protect proprietary source code for a product, trading models, or actuarial algorithms Monthly or weekly sales reports, loan applications, and resumes Licensing, partnerships, and sales agreements HIPAA and HITECH ITAR (International Traffic in Arms Regulations) Patient Health Information in the form of insurance claims, billing and procedure codes, emails to patients Intellectual Property and unstructured data that may be restricted 12

VML: Selecting Sample Docs (Training Sets) Narrow Category Positive Training Set represents narrow category (ex., Endpoint DLP source code) Broader Categories Negative Training Set represents related broader categories (ex., Open source C++ code or Endpoint DLP API Guides) Both training sets: Stored on Enforce host, minimum 50 docs each (minimum 250 recommended), roughly same size, docs in ZIP (recommended), no docs >30 MB. 13

VML: How It Works + Training? Detection Positive examples - Negative examples Select Features generate model calculate accuracy Profile Similarity Score 0.0 through 10.0 DLP: Detection Innovation and Expanded Coverage SYMANTEC VISION 2012 14

Vector Machine Learning: Demo Review Training Sets Configure Profile Train and Accept Profile Add Profile to Policy 15

Network Prevent for Email + VML 16

Network Prevent for Email + VML 4 Email inspected, then blocked or modified if in violation of policy Network Prevent (Email) 1 End user sends email 2 Email forwarded to MTA 3 MTA routes email to Prevent 5 Prevent sends email back to MTA Internet End Users Email Server 6 MTA If email is unmodified, MTA sends it downstream. If header is modified, MTA takes appropriate action (typically, rerouting). Corporate LAN DMZ The above diagram is for reflecting mode. DLP: Detection Innovation and Expanded Coverage SYMANTEC VISION 2012 17

Network Prevent for Email: Demo Send email with legal attachment (non-medicaid-related) Send email with Medicaid-related legal attachment Review email notifications Review incident snapshot and send manager notification 18

Endpoint Prevent + VML 19

Endpoint Prevent + VML Endpoint Server (Endpoint Prevent) 1 Agent inspects files/data to internal drives, USB, CD/DVD, supported email clients / IM clients / browsers, FTP, print/fax, clipboard, and network shares (Windows Explorer only) 3 Agent sends incident data to Endpoint Server Agent functions when disconnected and stores incident data 2 Any blocking, onscreen notification, or FlexResponse rules rules are initiated locally End Users Disconnected Corporate LAN DLP: Detection Innovation and Expanded Coverage SYMANTEC VISION 2012 20

Endpoint Prevent: Demo Copy non-medicaid-related file to USB Copy Medicaid-related file to USB 21

DLP for Tablets and VML 22

DLP for Tablets: Overview Comprehensive Coverage Corporate Email Personal Email Social Media Cloud Apps Most User Friendly Lowest TCO Works over Wi-Fi and 3G Enables full use & productivity of the device. Our approach does NOT o Require a restrictive sandbox approach, or o Break business processes by restricting what data can go to the ipad Symantec DLP for Tablets is tightly integrated w/ Symantec DLP Suite: Common, advanced technologies for detecting confidential information Consistent application of DLP policy, and Seamless, integrated reporting & analytics DLP: Detection Innovation and Expanded Coverage SYMANTEC VISION 2012 23

Data Loss Prevention for Tablets: Architecture Tablet Network Traffic Email Web Popular Apps Corporate Network Proxy VPN at all times Internet Direct access to Internet Symantec Data Loss Prevention Tablet Prevent Server Key Benefits Reduce risk of data loss from ipads, while giving users access to sensitive data Supports consumerization- coverage for personal and corporate use cases 24

Mobile Device Management + DLP for Tablets MDM not required, but it delivers VPN profile and may optionally enforce VPN profile MDM solution needs ability to: Set VPN profile Push certificates. Certificates required for DLP: User certificate (for VPN authentication) Proxy root certificate (to be added to ipad s list of trusted certs) Prevent tampering with VPN profile setting (optional) Enforce remediation/action if the user turns off VPN (optional) 25

Symantec Mobile Management (Optional) Symantec Mobile Management (SMM) enforces VPN settings. It is optional. Symantec Mobile Management 7.1 SP1 (DLP release) can be configured to monitor and alert if the user attempts to shut off VPN this is not done by most MDM solutions 26

DLP for Tablets: Demo Dropbox FTP Facebook Twitter Incident Review 27

DLP for Tablets: Benefits Balances protection with usability: Reduce data loss risk, preserve access to confidential data Supports consumerization: Coverage for personal and corporate use cases Preserves ipad app performance: Common apps work as expected Works with any Mobile Device Management (MDM) solution: Customer uses their preferred solution 28

Summary Vector Machine Learning (VML) lets you detect confidential documents that proliferate across the enterprise. DLP for Tablets extends coverage, providing the DLP suite s excellent policy and reporting features for ipad security. 29

Q & A 30

Thank you! Ernie Simmons, Tory Gilbert IIP Technical Field Enablement ernest_simmons@symantec.com tory_gilbert@symantec.com SYMANTEC PROPRIETARY/CONFIDENTIAL INTERNAL USE ONLY Copyright 2012 Symantec Corporation. All rights reserved. DLP: Detection Innovation and Expanded Coverage 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback