The business case for end-toend data protection

Similar documents
Choosing the Right Solution for Strategic Deployment of Encryption

CloudSOC and Security.cloud for Microsoft Office 365

Symantec Protection Suite Add-On for Hosted Security

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Cybersecurity The Evolving Landscape

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Symantec Document Retention and Discovery

Symantec Advanced Threat Protection: Endpoint

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Clearing the Path to PCI DSS Version 2.0 Compliance

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Carbon Black PCI Compliance Mapping Checklist

Cybersecurity Auditing in an Unsecure World

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

The Honest Advantage

Symantec Security Monitoring Services

Teradata and Protegrity High-Value Protection for High-Value Data

CipherCloud CASB+ Connector for ServiceNow

Compliance in 5 Steps

Symantec Network Access Control Starter Edition

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

SIEM: Five Requirements that Solve the Bigger Business Issues

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

SECURE DATA EXCHANGE

Archiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Symantec Network Access Control Starter Edition

Symantec Network Access Control Starter Edition

Reinvent Your 2013 Security Management Strategy

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Office 365 Buyers Guide: Best Practices for Securing Office 365

MESSAGING SECURITY GATEWAY. Solution overview

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing

01.0 Policy Responsibilities and Oversight

FOR FINANCIAL SERVICES ORGANIZATIONS

Securing Office 365 with SecureCloud

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

MITIGATE CYBER ATTACK RISK

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

Don t Be the Next Data Loss Story

Altitude Software. Data Protection Heading 2018

Comodo Certificate Manager

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

SMARTCRYPT CONTENTS POLICY MANAGEMENT DISCOVERY CLASSIFICATION DATA PROTECTION REPORTING COMPANIES USE SMARTCRYPT TO. Where does Smartcrypt Work?

McAfee epolicy Orchestrator

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

the SWIFT Customer Security

Symantec Enterprise Vault

ForeScout ControlFabric TM Architecture

Automating the Top 20 CIS Critical Security Controls

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

: Administration of Symantec Endpoint Protection 14 Exam

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

A Practical Guide to Efficient Security Response

Oracle Database Vault

locuz.com SOC Services

McAfee Total Protection for Data Loss Prevention

External Supplier Control Obligations. Cyber Security

Privileged Account Security: A Balanced Approach to Securing Unix Environments

SYMANTEC DATA CENTER SECURITY

Symantec Security.cloud

SECURITY & PRIVACY DOCUMENTATION

Symantec Small Business Solutions

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

CyberArk Privileged Threat Analytics

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

THE EVOLUTION OF SIEM

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Credit Card Data Compromise: Incident Response Plan

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Why you MUST protect your customer data

HIPAA Federal Security Rule H I P A A

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

What is HIPPA/PCI? Understanding HIPAA. Understanding PCI DSS

IBM BigFix Compliance

Mapping BeyondTrust Solutions to

Cyber Insurance: What is your bank doing to manage risk? presented by

GDPR Update and ENISA guidelines

Data Management and Security in the GDPR Era

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

GDPR: An Opportunity to Transform Your Security Operations

GUIDE. Navigating the General Data Protection Regulation Mini Guide

CYBERSECURITY RISK LOWERING CHECKLIST

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Best Practices for PCI DSS Version 3.2 Network Security Compliance

Have breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking?

GUIDE TO STAYING OUT OF PCI SCOPE

ALIENVAULT USM FOR AWS SOLUTION GUIDE

How to Create, Deploy, & Operate Secure IoT Applications

The Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels

Transcription:

Pillars of Enterprise Protection: Data Loss Prevention The business case for end-toend data protection

Technical Brief: Data Loss Prevention Pillars of Enterprise Protection: Data Loss Prevention Contents The business case for Data Loss Prevention................................................................ 1 Data loss: risks, origins, and regulations................................................................... 1 Causes.................................................................................................. 1 Changes in the threat environment.......................................................................... 2 Regulatory environment................................................................................... 2 Data Loss Prevention: technology......................................................................... 2 Data Loss Prevention: processes.......................................................................... 3 Discovery............................................................................................... 3 Monitoring.............................................................................................. 3 Protection............................................................................................... 4 Management............................................................................................ 4 Supporting technologies and processes.................................................................... 5 Symantec Data Loss Prevention.......................................................................... 6 Why Symantec?......................................................................................... 6

The business case for Data Loss Prevention Data loss is the unintentional release of sensitive information to non-trusted parties: scenarios include accidental disclosure, loss of physical assets like backup tapes or laptops, phishing email and other forms of fraud or outright theft of physical or electronic assets. It is the number one information-security concern of Fortune 1000 companies. 1 And no wonder much of a modern business s value is locked up in blueprints, customer records, source code, and other information assets. And the same technologies that accelerate the legitimate flow of business information lead to public embarrassment, regulatory penalties, customer defections, and financial loss when they are accidentally or criminally misused. Data Loss Prevention (DLP) is now and has always been a business problem, addressed through a combination of policies, physical controls, agreements, and business processes. New Data Loss Prevention technologies simply extend those traditional measures with security software designed to protect sensitive information assets in today's high-speed connected world. Data loss: risks, origins, and regulations The risks and costs of data-loss incidents are rising as fast as information itself grows in volume and value. Confidential information has become an attractive target for thieves operating out of remote jurisdictions. And local, national, and international regulations, remediation requirements, and lawsuits raise the costs of any breach, whether accidental or malicious. Causes Data breaches have multiple causes, but most of them depend on the actions, errors, or oversights of insiders: Insider negligence is a factor in 88% of data breaches, 2 including: data left exposed and unencrypted on servers, desktops, and laptops confidential information sent in or with e-mail or Web mail information left on removable media and devices information disclosed to and mishandled by third parties Insider malice is less common, but more costly 3, and includes instances of white-collar crime, data theft by disgruntled or terminated employees, 4 and industrial espionage Targeted attacks by organized criminals exploit weak or poorly-managed processes and technologies through the use of improper credentials, advanced persistent threats, or malicious code to steal customer and employee identity information, often for resale online 1-The Info Pro. Security Wave 11. (New York. July, 2009). 2-Ponemon Institute. 2008 Annual Study: Cost of a Data Breach. (US: 2008). 3-Ibid. 4-Ponemon Institute. Data Loss Risks During Downsizing. (US: 2009). 1

Changes in the threat environment Incidence of data loss data breaches have grown more visible and widespread. Massive breaches at large retailers and payment-card processors make headlines, but cyber attacks now extend to 75% of all enterprises, not just a few large ones. And data breaches in 2009 exposed 285 million records more than in the previous four years combined. 5 The April, 2010 Symantec Internet Security Threat Report 6 documents a deteriorating situation. Regulatory environment There are hundreds of data-protection standards and regulations worldwide, including 38 state laws in the US alone. These examples convey their range and scope: European Union Data Protection Directive 95/46/EC creates a worldwide obligation to protect information that could identify individuals in the European Union Health Insurance Portability and Accountability Act Privacy Rule regulates the use and disclosure of Protected Health Information in the US Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard and processes to protect payment cardholders data US Federal Energy Regulatory Commision (FERC) and North American Electric Reliability Corporation (NERC) cyber security standards Data Loss Prevention: technology Data Loss Prevention technologies apply to both structured and unstructured data. Structured data follows a pattern such as NNN-NN-NNNN for a US Social Security number, or occupies a place in a structured record such as a database. Unstructured data includes text files, spreadsheets, and any other record for which its format is not an essential component of its meaning. Data loss prevention starts with discovery of information assets in areas of highest priority or risk across an organization, often starting from one of the regulatory or standards frameworks cited above. DLP technologies then apply and enforce data-protection policies in three important contexts: Data at rest data can live forever in servers, databases, desktops, laptops USB drives and other data repositories and all their backup copies and archives. Protection here starts with inventory of information discovery of so-called "data spills", followed by remediation and new controls to prevent reoccurrence. Data in use at network endpoints electronic information is "in use" when an end-user is working on it at a network endpoint: a laptop, desktop, or other computing platform. Protection here means restricting use at the endpoint, for example by blocking and reporting attempts to copy information to a USB drive or print it while connected outside the corporate network. Data in motion information moves instantaneously through e-mail, instant messages, peer-to-peertransactions, file transfers, Web postings, and other communications. Protection here includes implementing solutions at network gateways to monitor, encrypt, filter, and block sensitive information in outbound messages without restricting the flow of non-sensitive communications. 5-Verizon Business Risk Team. 2009 Data Breach Investigation Report. (New York: Verizon Communications Inc., 2009). 6-Symantec Corporation. Internet Security Threat Report XV. (Cupertino, CA: April, 2010). 2

Data Loss Prevention is a form of content-aware data protection, because it examines the information and applies policies to determine what protections are appropriate. Other technologies like encryption or digital-rights management (DRM) depend on human or automated decisions about whether to encrypt, and how to assign rights. Combining encryption or DRM with Data Loss Prevention creates powerful options for content-aware selective encryption for example delivering e-mail with sensitive content encrypted, to be unlocked when an administrator determines that the recipient and business context are legitimate. Data Loss Prevention: processes Data Loss Prevention technologies discover, monitor, and protect information in use at endpoint laptops, desktops and other devices, in motion across network gateways, or at rest in storage systems and devices. Just as important, DLP management capabilities work across technologies and contexts to assure a unified policy, coordinated action, and consistent reporting. Discovery Discovery technologies identify sensitive structured and unstructured data wherever it is stored. In evaluating discovery technologies, look for: Pre-written content-matching policies data patterns or content elements found to signal sensitive information in different industries, languages and regions, customizable to your organization's requirements Broad technology coverage across scan targets servers, endpoints, databases, e-mail servers and gateways, operating systems, virtualization platforms, groupware content management systems, and mobile computing devices Flexible deployment options that include agent-based DLP to protect data on endpoints even when disconnected from the network, and agentless options that protect data on third-party devices whenever they connect, without installing software on them Data owner/user identification this major advance integrates data protection into established business processes, by informing data owners and key users of risks to the data they are responsible for, or depend on Discovery gives an organization insight into the distribution of critical data assets across the organization including the unauthorized, personal, or "just-in-case" copies that account for a large number of embarrassing breaches. Discovery is often a wake-up call to organizations, energizing subsequent steps in loss prevention. Monitoring Monitoring technologies assess activities on endpoints and across networks to: Show how confidential information is used on endpoint devices, whether connected to corporate networks or roaming off-network Identify and remediate broken business processes by analyzing all traffic leaving your network, even using automated Web and FTP protocols Link DLP policies to security incident management workflows to identify and counteract external threats that target business information 3

One key to selecting effective monitoring technologies is scalability monitoring must cover all traffic crossing your entire network, so look for a solution that has been proven in busy global corporate networks. Protection Protection technologies keep confidential data from leaving the organization; ideally, they launch processes to change employee behavior by raising awareness of risks to confidential data and proper steps to protect it. Protection technologies use: Automatic quarantine or removal of inappropriately stored data, with notification of data owners or key users Real-time prevention that may include: User and manager notifications Quarantine, relocation, removal, or blocking Automated encryption or application of digital rights management Custom combination of alerts and actions Remediation according to organizational policies, pre-configured expert response rules, or a custom combination of both Protection technologies are a current innovation "hot spot", so it's unlikely that any single company will have all the technologies you wish to deploy. Look for tools and APIs that can link your DLP solution with third-party data-protection such as encryption and DRM, and make it ready to accommodate future solutions. Management As with IT security, the key to an effective data loss prevention program is efficient management. End users and managers will work around or disable any data-protection solution that gets in the way of productivity. An effective management solution: Unifies all DLP technologies under a single set of policies, from a single management console that integrates with an enterprise management platform Applies policies that consider the content of the protected information, the context in which it is used, the identity and actions of the users, and more Supports both pre-configured and custom policies that can be developed once and then shared throughout the enterprise, with partners, or with an extended user community Management tools such as workflow, open reporting, geographic localization, policy import/export help integrate across suppliers, so there's no longer any reason for DLP to be an "island" solution isolated from other IT security processes. 4

Supporting technologies and processes Not even the best security solution can work effectively in isolation. Data Loss Prevention technologies can be compromised by poor employee background checks, inconsistent supervision, inadequate physical security and access controls, and more. Putting an end to data breaches and their associated costs and embarrassment depends on a coordinated approach: Close system vulnerabilities to stop targeted attacks from outside Insist on---and enforce---strong password protection for key infrastructure and data Deploy multilevel security solutions that block suspicious behavior, even if the exploit itself has never been seen before Monitor threat levels by correlating real-time alerts and global security intelligence Use content-aware data protection policies at storage locations and endpoints as well as gateways Automate security using IT compliance controls to check password settings, server and firewall configurations, patches and updates Don't neglect low-tech: include copiers and fax machines in your data-protection plans Integrate DLP and response strategies into security operations to avoid gaps, fragmentation, and wasted effort Press coverage, fines, penalties, hearings, and lawsuits have raised data protection to a top enterprise priority. Industry standards and frameworks outline what needs to be done---and the technology is now available for an enterprise-wide approach. An organization-wide needs assessment and Discovery process is the next step to build momentum for dataloss prevention on an enterprise scale. 5

Symantec Data Loss Prevention Figure 1: Symantec Data Loss Prevention solutions protect confidential and sensitive information wherever it is stored, used, or transmitted, with powerful capabilities for enforcement, remediation, and integrated management. Why Symantec? Symantec, the world leader in Data Loss Prevention, delivers proven, content-aware solutions to discover, monitor and protect confidential data wherever it is stored or used. The solution set supports measurable reduction of data breach risks, helps demonstrate compliance with privacy regulations, and safeguards an organization s customers, brand equity and intellectual property. Unlike other solutions, Symantec Data Loss Prevention covers all data types and exit points, and has been proven in a long series of successful deployments. The solution helps organizations protect their information in advance of threats, respond quickly to changes in the external threat environment and make use of content awareness to improve the overall effectiveness of enterprise security. 6

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. For specific country offices and contact numbers, please visit our website. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Symantec helps organizations secure and manage their information-driven world with IT Compliance, discovery and retention management, data loss prevention, and messaging security solutions. Copyright 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 6/2010 21032641

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback