Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Download as PPTX, PDF1 like875 views
The document provides an overview of Data Loss Prevention (DLP), highlighting its purpose in preventing unauthorized data disclosure and the methods to achieve this. It discusses the classification of data, the necessity for DLP solutions due to insider threats, and the benefits of DLP features such as monitoring channels and data at rest scanning. Additionally, it outlines case scenarios and the advantages of implementing DLP in organizations to safeguard confidential information.
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
- 2. www.Seqrite.com 2 Contents • Architects of Data Loss (Classification) • Classification of DATA • What is Data Loss Prevention (DLP)? • Why organizations need DLP solution? • Various Operating systems & channels supported under DLP • Data Transfer Channels and Data Settings (Exception and DLP License utilization) • What is Data at Rest and DAR Scan in DLP? • Case scenarios to identify customer expectations • Summary
- 3. www.Seqrite.com 3 Classification of DATA Active data stored in non- persistent digital sate - in RAM, CPU caches, registry entries etc. Stored physically in any digital form - databases, data warehouses, archives, spreadsheets, off-site backups, tapes etc. Data in use Data at rest Data in motion Data that traverses a network or temporarily reside in computer memory - emails, downloaded files, VPN data sharing etc.
- 4. www.Seqrite.com 4 Architects of Data Loss (Classification) Employees/Insiders who accidentally lose data. Employees/Insiders who deliberately leak data. Attacker/Outsiders who target specific silos of data.
- 5. www.Seqrite.com 5 Architects of Data Loss- Interesting Facts 59% of employees steal proprietary corporate data when they quit or are fired. 80% of analyzed breaches had a financial motive 60% reported cases analyzed that attackers are able to compromise an organization within minutes. 12.7mn records exposed in 454 data breaches reported during 2016 80% 4 out of 5 victims don’t realize they’ve been attacked for a week or longer.
- 6. www.Seqrite.com 6 Why companies need DLP solution when it comes to data loss? Employees or insiders are often the cause of deliberate or accidental data breaches in established industries all around the world. The common source of accidental data leakage by employees can be attributed to the following: • Employees under-estimates the risks of data leakage • Employees think that their IT policies are foolproof and secure • Employees don't actively think about security as an issue • Employees are not overly concerned with security protocols • Employees generally neglects the recommended IT policies
- 7. www.Seqrite.com 7 What is DLP? DLP is the methodology to identify and forestall the unauthorized communication or disclosure of confidential data. In order to ensure that sensitive information is utilized in its intended manner, DLP consolidates people, technology and processes. Reference: Seqrite Whitepaper on DLP
- 8. www.Seqrite.com 8 Windows Client and Network OS Mac OS X 10.6, 10.7, 10.8, 10.9, 10.10 Operating systems Channels Supported Print Screen Removable Devices Network Shared Clipboard Printer Activity Application/Online Services. Various Operating Systems & channels supported under DLP
- 9. www.Seqrite.com 9 Explaining Available Data Transfer Channels Print Screen Using the Print Screen option to save the screenshot. (On Windows only) Removable Devices Using Removable Devices to copy data (for Windows). For selected file types, the Removable Devices go to ‘Read Only’ mode when ‘Monitor Removable Devices’ option is selected. Network Shares Using Network Share accessed using UNC Path or Mapped Network Drive. (For Windows only) Clipboard Using the Clipboard to paste information from one application to another Printer Activity Using printer activity, printing through local and network printer. The file/data is not monitored. (Windows only) Application/ online Services Using online services of third-party application/services to send data such as email, file sharing apps, cloud services, Web browsers and other applications using social media
- 10. www.Seqrite.com 10 Disable Print Screen • Using the Print Screen option to save the screenshot • It works also for Alt + Print screen • Applicable only for Windows platform Benefits: • This is the easiest method if someone wants to capture some information from computer as it reduces the efforts of keyboard typing • Enabling this channel will minimize the risk of data leakage if the user is trying to take the snap of computer screen in order to capture some sensitive/confidential information
- 11. www.Seqrite.com 11 Removable Devices • If we block some specific file types from removable drives, users will not able to copy those files to PC or from PC to drive • Users will get an alert message & a report will be created for the same • File will be copied but it will be of 0 KB. So it is unusable • If we try to copy three files from which one is blocked, the blocked file will not be copied • Applicable only for Windows platform Benefits: Useful where users don’t want to block removable devices completely i.e. IT admins can configure DLP with important file types.
- 12. www.Seqrite.com 12 Monitor Network Share • Using Network Share accessed using UNC Path (192.168.x.x or PC-name) or Mapped Network Drive • PC having client agent & DLP applied for network sharing will not be able to access any files via sharing irrespective of the other PC having Seqrite installed or not • Applicable only for Windows platform Benefits: • With removable drives being controlled by DLP, employees/others try to break the company protocols by transferring data over the network. By enabling Monitor Network Share, if end-users try to copy confidential data from one network location to another, the data transfer will be blocked.
- 13. www.Seqrite.com 13 Clipboard • Using the Clipboard to paste information from one application to another. Benefits: • Applicable only to confidential data & user-defined dictionaries. • Data will not be copied even if you select full line or word containing blocked word. • E.g. Master card is blocked. So 5555555555554444 can't be copied. Also, Mastercard5555555555554444Visa will be blocked.
- 14. www.Seqrite.com 14 Printer Activity • Printer activity over local and network printer can now be monitored • Data will not be monitored while printing • It will either block or allow printing independent of the data being printed • Supported only on Windows platform Benefits: • IT admins can grant printer privileges on specific endpoints. Taking printouts of documents is only allowed on those endpoints where admins grant printing privileges. This ensures that even if the user is attempting data leakage using Print Channel it will be denied.
- 15. www.Seqrite.com 15 Latest Enhancements P DLP for specific group: Customer can buy DLP as per requirement i.e. less than or same as that of EPS license. This is flexible i.e. IT admins can add/remove clients from DLP list as per need. Custom Extension: IT admin can define custom file extension if in case it is not in default list. This helps to monitor/control almost all known/unknown file types through DLP. Domain Exception: Helpful to exclude certain domains while sharing DLP monitored data where customer wants to exclude internal or some trusted domains from DLP. Exclusion for File Share/Network Locations: Can exclude require (centralized data repository) mapped drives or folders to allow users to store the data at these locations. D L P
- 16. www.Seqrite.com 16 Data at Rest Scan Why DAR? 1. Usually most of the organizations are concerned about data transfer and not about the data stored in system which is not in motion 2. Organizations also expects that sensitive data should be kept at recommended location to avoid unauthorized access 3. In such cases DAR helps you to find sensitive/confidential data stored in your system 4. You can scan the desired location such as drive, folder, or removable devices on the endpoints and detect the confidential or sensitive information present 5. You can view the information related to the detected confidential data such as the file path, threat type, and matched text Benefits: • Based on this analysis IT admins/ owner of the organization take timely actions in order to make sure that the decided Data Storage Policy is being followed by his employees.
- 17. www.Seqrite.com 17 Case Scenario A customer is interested in Seqrite EPS with DLP and has certain expectations. CONDITION 1: Wants to restrict some of the file types through email clients but the same can be shared only within the organization under existing DLP policy. CONDITION 2: Has its own software to create some graphic files but that extension is not in default DLP list and wants to monitor it too. CONDITION 3: Wants to restrict all Instant Messengers (IMs) except Skype on specific user endpoints. What do we have in bucket? SOLUTION 1: To share files within the organization you can add your mail domain in Domain Exception. SOLUTION 2: If the required extension is unavailable in pre-defined extension then we have the facility to add Custom Extensions from EPS 7.1. SOLUTION 3: You can restrict IM tools through Online/Application services and can add Skype in Application exception list from Admin Settings.
- 18. www.Seqrite.com 18 Summary of Benefits • In today’s competitive world, many organizations are keen to keep their confidential data secure. Seqrite DLP helps the customer to achieve this goal. • If someone intentionally tries to transfer the data using certain data channels, in such cases, correct DLP configuration detects and denies such activities • In Government organizations/offices confidential data module plays a vital role to prevent any authorized and unauthorized user to leak such information to outsiders. Example: PAN CARD • Custom Extension helps to include other file types apart from default • DAR Scan helps you to make sure that your IT policies related to DATA are being properly followed by your employees • Most importantly, if you spend on a DLP solution in return, it decreases the restoration cost • No need to buy DLP for all endpoints. Need based requirement reduces the surplus investment • DLP reports keep IT admins/owner updated about violation incidents and to identify untrusted individuals (Internal/External).