quick wins with data loss prevention how to make dlp work
play

Quick Wins with Data Loss Prevention How to Make DLP Work for You - PowerPoint PPT Presentation

Quick Wins with Data Loss Prevention How to Make DLP Work for You Mark Moroses, Assistant CIO, John Dasher, Senior Director, Rich Mogull, CEO & Analyst Continuum Health Partners Data Protection, McAfee Securosis, L.L.C. Agenda Rich


  1. Quick Wins with Data Loss Prevention How to Make DLP Work for You Mark Moroses, Assistant CIO, John Dasher, Senior Director, Rich Mogull, CEO & Analyst Continuum Health Partners Data Protection, McAfee Securosis, L.L.C.

  2. Agenda • Rich Mogull, CEO & Analyst, Securosis, L.L.C. – Low-Hanging Fruit: Quick Wins with DLP • Mark Moroses, Assistant CIO, Continuum Health Partners – How Continuum uses McAfee DLP to protect sensitive patient data • John Dasher, Senior Director, Data Protection, McAfee – McAfee DLP solution overview 2

  3. Quick Wins with Data Loss Prevention ! Rich Mogull ! Securosis, LLC !

  4. DLP Fears ! • Too complex to deploy. ! • Too many false positives. !

  5. The Quick Wins Process !

  6. "Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis." ! -Rich Mogull !

  7. What DLP Provides ! • Helps you identify where you store sensitive information. ! • Helps you understand how that information is used and moved throughout your organization. ! • Proactively protects your information, while limiting impact on legitimate business processes. !

  8. Defining Process !

  9. Process Workflow !

  10. Prepare Directory Servers ! • Why? DLP policies are typically user and group based. ! • Need to correlate activities back to warm bodies. ! • Poor directories are a leading obstacle to DLP deployments. ! • Email vs. Web vs. Endpoint !

  11. Integrate with Infrastructure ! • Passive sniffer • Software • Admin (SPAN/ deployment ! credentials ! Mirror) ! • Email (MTA) ! Network ! Endpoint ! Storage !

  12. Integration Recap ! • For all deployments: Directory services (usually your Active Directory and DHCP servers). ! • Network deployments: Network gateways and mail servers. ! • Endpoint deployments: Software distribution tools. ! • Discovery/storage deployments: File shares on the key storage repositories (you generally only need a username/password pair to connect). !

  13. Choose Flavor ! Single Data Type ! Information Usage !

  14. Choose Deployment Type ! Network ! Storage ! Endpoint !

  15. Define Policies ! Single Type ! Information Usage ! • • Leverage an existing category Turn on (nearly) everything. ! when possible. ! • Collect as much as possible to • Tune later. ! identify usage patterns. ! • False positives are good! !

  16. Monitor ! ID ! Time ! Policy ! Channel ! Severity ! User ! Action ! Status ! 1138 ! 1625 ! PII ! Email ! 1.2 M ! rmogull ! Blocked ! Open ! 1139 ! 1632 ! HIPAA ! IM ! 2 ! jsmith ! Notified ! Assigned ! 1140 ! 1702 ! PII ! HTTP ! 1 ! None ! Closed ! 192.168.0.213 ! 1141 ! 1712 ! R&D/Product X ! USB ! 4 ! bgates ! Notified ! Assigned ! 1142 ! 1730 ! Financials ! Storage ! 4 ! Encrypt ! Escalated ! 192.168.1.94 ! Source Code ! 12 ! sjobs ! Confirm ! Open ! Cut/Paste ! 1143 ! 12/1/08 !

  17. Analyze ! • Top violations by data type. ! • Top violations by business unit. ! • Top violations by volume. ! • False positive patterns. ! • Different violations from same source. ! • Unusual origins. !

  18. What Did We Accomplish? ! • Established a flexible incident management process. ! • Integrated with major infrastructure components. ! • Assessed broad information usage. ! • Set foundation for later. !

  19. Deployment Best Practices ! Evaluate results ! Integrate with Define Initial Baseline scan ! Tune policy ! Infrastructure ! Policy ! Expand scan Add scope ! protection !

  20. Rich Mogull ! Securosis, L.L.C. ! rmogull@securosis.com ! http://securosis.com ! AIM: securosis ! Skype: rmogull ! Twitter: rmogull !

  21. Continuum Health Partners Deploying Data Loss Prevention Mark Moroses, Assistant CIO, Continuum Health Partners

  22. Background • Who is Continuum Health Partners? • Drivers – Regulations - HIPAA – Joint commissions to certify best practices – Regular audits • Failure not an option • Policy – Must be able to ensure enforcement – Need to prove policies are being followed 22

  23. Solution • Business Enablement – IT supporting physician’s needs • Allow liberal web access while still having monitoring capabilities • Data Risk Assessment – Documented inappropriate data leakage, which helped secure budget • Investigative Support – McAfee DLP has become the starting point for investigations – Investigations now able to occur much faster • Passing Audits – Proving compliance with policies and demonstrating working controls – Predictable technology and process speed future audits, reduce manpower requirements 23

  24. Lessons Learned • Executive sponsorship – Physician with prior first-hand experience • Deployment – “Soft opening” – Communicated roll-out plan • Response Plan – No “ready, fire, aim” – Work closely with HR & Legal stakeholders 24

  25. McAfee Data Loss Prevention John Dasher, Senior Director, Data Protection, McAfee

  26. Static DLP Leaks Data Data Violations 26 McAfee Data Protection

  27. Static DLP Leaks Data Data Violations Bit Bucket 27 McAfee Data Protection

  28. McAfee DLP Leverages Data Data Violations 28 McAfee Data Protection

  29. McAfee DLP Leverages Data Data Violations Data Intelligence Capture Fast, accurate policy creation and rapid, in- depth investigations 29 McAfee Data Protection

  30. McAfee DLP 9 Advantages Tight Product Integration • Integrated technologies provide superior protection • Optimized oversight and control Deployment Velocity • Protected sensitive data more quickly • Drive down deployment and ongoing costs Data Analytics • Build better policy, conduct fast investigations • Anticipate risks before they become problems

  31. McAfee DLP Solution – What Others Say NetworkWorld found that McAfee has a “very practical understanding of the role of DLP in a modern organization” with “innovative features, excellent user interfaces, and a clear vision for the future of DLP.” SC Magazine finds McAfee Host DLP “to be a good value for customers looking for a lot of features and a lot of flexibility in both data leakage control and enterprise rights management.” 31

  32. McAfee DLP Resources • Optimized Security Architecture for Data Protection http://www.mcafee.com/us/enterprise/optimize/data_protection.html – 10 Steps to Protecting Your Data – Low Hanging Fruit: Quick Wins with DLP – Forrester Research Total Economic Impact of McAfee DLP – McAfee 48-hour Data Risk Assessment • http://dataprotection.mcafee.com/forms/RiskAssessment • Data Protection section of McAfee.com http://www.mcafee.com/us/enterprise/products/data_protection/ data_loss_prevention/index.html – Continuum and BCI customer case studies • Data Protection Blogs http://siblog.mcafee.com/category/data-protection/ 32

  33. Q&A

Recommend


More recommend